Uniloc 2017 LLCDownload PDFPatent Trials and Appeals BoardJan 15, 2021IPR2019-01337 (P.T.A.B. Jan. 15, 2021) Copy Citation Trials@uspto.gov Paper: 22 571-272-7822 Date: January 15, 2021 UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ APPLE INC., Petitioner, v. UNILOC 2017 LLC, Patent Owner. ____________ IPR2019-01337 Patent 7,136,999 B1 ____________ Before JENNIFER S. BISK, MIRIAM L. QUINN, and CHRISTOPHER C. KENNEDY, Administrative Patent Judges. BISK, Administrative Patent Judge. JUDGMENT Final Written Decision Determining Some Challenged Claims Unpatentable 35 U.S.C § 318(a) IPR2019-01337 Patent 7,136,999 B1 2 I. INTRODUCTION Apple Inc. (“Petitioner”) filed a Petition requesting an inter partes review of claims 1–17 of U.S. Patent No. 7,136,999 B1 (Ex. 1001, “the ’999 patent”). Paper 2 (“Pet.”). Uniloc 2017 LLC (“Patent Owner”), identified as a real party-in-interest to the ’999 patent (Paper 4, 1), filed a Preliminary Response to the Petition. Paper 6 (“Prelim. Resp.”). We instituted this review as to all challenged claims. Paper 7 (“Inst. Dec.”). Subsequent to institution, Patent Owner filed a Patent Owner Response. Paper 9 (“PO Resp.”). Petitioner filed a Reply. Paper 10 (“Reply”). And Patent Owner filed a Sur-Reply. Paper 11 (“Sur-Reply”). An oral hearing was held on October 21, 2020. Paper 21 (“Tr.”). This Final Written Decision is entered pursuant to 35 U.S.C. § 318(a). We have jurisdiction under 35 U.S.C. § 6. For the reasons that follow, Petitioner has demonstrated by a preponderance of the evidence that claims 1, 2, 4, 5, 7–10, 13–15, and 17 of the ’999 patent are unpatentable, but has not demonstrated that claims 3, 6, 11, 12, and 16 are unpatentable. II. BACKGROUND A. Related Matters The parties identify several district court cases involving the ’999 patent. Pet. 1–2; Prelim. Resp. 8.1 Institution was denied in IPR2020- 00117, which also challenged the ’999 patent. IPR2020-00117, Paper 11 (PTAB May 28, 2020). 1 The Preliminary Response does not have page numbers. IPR2019-01337 Patent 7,136,999 B1 3 B. The ’999 Patent The ’999 patent, titled Method and System for Electronic Device Authentication, issued November 14, 2006. Ex. 1001, codes (45), (54). In particular, the ’999 patent describes the process of authenticating devices using Bluetooth. Id. at 1:11–59. Specifically, according to the ’999 patent, to establish a link using Bluetooth when the devices are less than 100 meters apart, a user enters the same numerical code (key) in the two devices, the devices then communicate to verify that the numbers match, and, if so, each device stores the key and uses it to authenticate the two devices for any subsequent Bluetooth link between them. Id. at 1:39–53. The ’999 patent also describes basic authentication over wide area networks, including the Internet, which typically requires a user to enter a user ID and password combination. Id. at 1:60–67. The ’999 patent recognizes that once two devices are authenticated on a restricted network, using an authentication scheme such as Bluetooth, the two devices can be re-connected through another, unrestricted network, such as the Internet by, for example, reusing the stored restricted network authentication information. Id. at 2:24–30, 2:43–49, 4:40–55. According to the ’999 patent, security is maintained because the initial authentication and exchange of key information occurs in the secure system, for example, in a context where physical proximity is required. Id. at 4:56–64. IPR2019-01337 Patent 7,136,999 B1 4 C. Illustrative Claims Claims 1, 13, 14, and 17 are independent. Claims 1 and 13 are illustrative of the subject matter at issue and read as follows: 1. A method of authenticating first and second electronic devices, comprising: upon link set-up over a short-range wireless link, executing an authentication protocol by exchanging authentication information between the first and second electronic devices to initially authenticate communication between the first and second devices; later, when the first and second electronic devices are beyond the short-range wireless link, executing the authentication protocol by exchanging the authentication information between the first and second electronic devices over an alternate communications link, then only allowing communication between the first and second devices if the first and second devices had initially been successfully authenticated. 13. A method of authenticating first and second electronic devices, comprising: upon link set-up over a first link, executing an authentication protocol by exchanging authentication information between the first and second electronic devices to initially authenticate communication between the first and second devices; later, when the first and second electronic devices are connected using a second link, executing the authentication protocol by exchanging the authentication information between the first and second electronic devices over the second link, then only allowing communication between the first and second devices if the first and second devices had initially been successfully authenticated. IPR2019-01337 Patent 7,136,999 B1 5 Ex. 1001, 5:17–31, 6:1–14 (emphases added to disputed limitation). Claims 14 and 17—and, therefore, all challenged claims—contain a limitation substantially similar to that emphasized above. See id. at 6:22–23, 6:47. D. Proposed Grounds of Unpatentability Claim(s) Challenged 35 U.S.C. §2 Reference(s)/Basis 1–3, 6–8, 11–14, 16, 17 103 Varadharajan3 1, 2, 4, 5, 7–10, 13–15, 17 103 Varadharajan and BT Core4 13 103 Hind5 Pet. 4, 8–68. Petitioner also relies on two Declarations of Jon Weissman Ph.D. Ex. 1006; Ex. 1013 (Supplemental Declaration filed with the Reply). Petitioner asserts that Varadharajan is prior art to the ’999 patent under 35 U.S.C. § 102(b), BT Core is prior art under § 102(a), and Hind is prior art under § 102(e). Id. at 3, 30–31 (citing Ex. 1008 (the Declaration of Michael Foley) along with Exs. 1006, 1009, and 1010–12 to show the public accessibility of BT Core). Patent Owner does not challenge the prior art status of any cited reference. On this record, we determine the references 2 Because the application leading to the ’999 patent was filed before March 16, 2013, patentability is governed by the version of 35 U.S.C. § 103 preceding the Leahy-Smith America Invents Act (“AIA”), Pub L. No. 112– 29, 125 Stat. 284 (2011). 3 U.S. Patent No. 5,887,063 (filed July 29, 1996, issued March 23, 1999) (Ex. 1003). 4 Specification of the Bluetooth System, Wireless Connections Made Easy, Core, Volume 1, Version 1.0B, (December 1, 1999) (Ex. 1004). 5 U.S. Patent No. 6,772,331 B1 (filed May 21, 1999, issued Aug. 3, 2004) (Ex. 1005). IPR2019-01337 Patent 7,136,999 B1 6 asserted by Petitioner qualify as prior art to the challenged claims of the ’999 patent. III. ANALYSIS A. Level of Skill in the Art The level of skill in the art is a factual determination that provides a primary guarantee of objectivity in an obviousness analysis. See Al-Site Corp. v. VSI Int’l Inc., 174 F.3d 1308, 1323 (Fed. Cir. 1999) (citing Graham v. John Deere Co., 383 U.S. 1, 17–18 (1966)). The level of skill in the art also informs the claim construction analysis. See Teva Pharm. USA, Inc. v. Sandoz, Inc., 135 S. Ct. 831, 841 (2015) (explaining that claim construction seeks the meaning “a skilled artisan would ascribe” to the claim term “in the context of the specific patent claim”). Petitioner asserts that a person of ordinary skill in the art “would have had at least a bachelor’s degree in computer science, computer engineering, or a related subject, and two years of experience, including industry and graduate experience, working with security system, including encryption/decryption and authentication processes.” Pet. 5–6 (citing Ex. 1006 ¶¶ 31–32). Patent Owner does not dispute Petitioner’s characterization of the level of ordinary skill in the art. PO Resp. 7 (“For purposes of this Response only, Patent Owner does not dispute Petitioner’s definition of a [person having ordinary skill in the art (“POSITA”)].). Because we find Petitioner’s proposed definition generally consistent with the subject matter of the ’999 patent and cited references, we adopt it for purposes of this analysis. IPR2019-01337 Patent 7,136,999 B1 7 B. Claim Construction For petitions filed on or after November 13, 2018, such as the one in this case, we interpret claims in the same manner used in a civil action under 35 U.S.C. § 282(b) “including construing the claim in accordance with the ordinary and customary meaning of such claim as understood by one of ordinary skill in the art and the prosecution history pertaining to the patent.” 37 C.F.R. § 42.100(b) (2019). Only terms that are in controversy need to be construed, and then only to the extent necessary to resolve the controversy. Nidec Motor Corp. v. Zhongshan Broad Ocean Motor Co., 868 F.3d 1013, 1017 (Fed. Cir. 2017). In pre-institution briefing, neither party expressly offered a proposed construction for any claim term. Pet. 7; Prelim. Resp. 9. Based on Patent Owner’s validity arguments, however, the Institution Decision addressed the scope of the term “exchanging the authentication information.” Inst. Dec. 6–7. We also addressed claim 13, which, unlike claims 1 and 14, does not recite “beyond the short-range wireless link” when referring to a second communications link.6 Compare Ex. 1001, 6:1–14, with 5:24–31, 6:22–28. 1. “exchanging the authentication information” The Institution Decision adopted a construction of “exchanging the authentication information” 7 such that authentication information must be 6 Claim 17 also does not use the term “beyond the short-range wireless link,” but does specify that the “said first communications link and said second communications link are different types of links.” Ex. 1001 6:50–52. 7 Specifically, claim 1 recites “executing an authentication protocol by exchanging authentication information between the first and second electronic devices to initially authenticate communication between the first and second devices” (“the first exchange of authentication information” IPR2019-01337 Patent 7,136,999 B1 8 the same in both the first and second exchange of authentication information limitations. Inst. Dec. 6–8. This determination was made despite Patent Owner’s arguments that “because the claims recite first ‘exchanging authentication information’ over a first link and then ‘exchanging the authentication information’ over a second link, the claims all require exchanging ‘similar’ authentication information over both links.” Id. at 6–7. In particular, the Institution Decision states that although “the patentee’s mere use of a term with an antecedent does not require that both terms have the same meaning” (id. at 7 (citing Microprocessor Enhancement Corp. v. Texas Instruments Inc., 520 F.3d 1367, 1375 (Fed. Cir. 2008)), “Patent Owner does not further explain, nor is it clear based on the claim language or Specification, why the authentication information used by the two communication links must be ‘similar,’” as opposed to being identical (id.). In its Response Brief, Patent Owner maintains that the authentication information exchanged over the second link must have a “relationship with,” but “need not be identical” to the authentication information exchanged over the first link. PO Resp. 8–9. According to Patent Owner “[a]lthough the authentication information need not be identical, use of the antecedent ‘the’ to refer to the authentication information does indicate a relationship with the first-recited authentication information, whether the information be the limitation) and later, when the first and second electronic devices are beyond the short-range wireless link executing the authentication protocol by exchanging the authentication information between the first and second electronic devices over an alternate communications link” (the “second exchange of authentication information” limitation). Claims 13, 14, and 17 recite substantially similar limitations. IPR2019-01337 Patent 7,136,999 B1 9 same as or derived from the other recited authentication information, e.g., modified, enhanced, etc.” Id. at 9. Petitioner asserts that “there is no dispute as to whether the challenged grounds invalidate the asserted claims under a broad or narrow interpretation of this term” and, therefore, “the Board need not adopt a construction.” Reply 3 (citing PO Resp. 8–27). Although Patent Owner emphasizes that construction of the term is required (see PO Resp. 8; Sur-Reply 2), we agree with Petitioner that our analysis, below, does not depend on whether “exchanging the authentication information” requires that the first and second authentication information be exactly the same or merely similar. Thus, we decline to decide the exact relationship between the two recitations of “authentication information” in the claims other than to agree with both parties that they are not wholly unrelated. 2. Claim 13 The Institution Decision noted that during prosecution, the pending claims were rejected over Hind as an anticipatory reference and, in response, Patent Owner filed an amendment representing that the independent claims were not anticipated by Hind because they included the terms “beyond the short-range wireless link” and “over an alternate communications link.” Inst. Dec. 8 (citing Ex. 1002, 110–112, 122). Because claim 13 does not include these terms, the Institution Decision adopted a construction that “both the first and second link recited by claim 13 can be short-range.” Id. at 9. Patent Owner does not address claim 13 in the claim construction section of its Response. See PO Resp. 8–9. In its arguments regarding the IPR2019-01337 Patent 7,136,999 B1 10 validity of claim 13, however, Patent Owner asserts that “‘the second link’ as recited in Claim 13 at least refers to another link that is separate and distinct from ‘the first link’ as recited in Claim 13.” Id. at 25. Further, Patent Owner asserts that “the ’999 Patent understands that if ‘the first link’ recitation of Claim 13 is, for example, a Bluetooth link between two devices, then a second link would have to be something different than the Bluetooth link between those two devices.” Id. at 26. In its Sur-Reply, Patent Owner clarifies that it is not arguing that the two links must be of different types, but that the two links must be separate and distinct and cannot be “the same link at different points in time.” Sur-Reply 4. However, Patent Owner appears to rely on a construction that any Bluetooth connection between two devices that reuses an authentication key is not a second link, but is simply a reestablishment of the first link. PO Resp. 26. Patent Owner bases this assertion on certain language in the ’999 patent: “the key exchanged upon link initialization identifies a unique link and can be used reliably for subsequent authentication when the link is re-established.” Id. (citing Ex. 1001, 1:47–53) (emphasis added by Patent Owner). According to Petitioner, Patent Owner’s construction is incorrect. Reply 3–6. Instead, Petitioner asserts that “the express language of claim 13 requires only that the first and second devices are connected using the second link ‘later,’ after the authentication protocol involving the exchange of authentication information is executed over the first link.” Id. at 5. Petitioner points out that unlike claim 13, claim 17 explicitly recites “wherein said first communication link and said second communication link are different types of links.” Id. at 4 (citing Ex. 1001, 6:50–52). IPR2019-01337 Patent 7,136,999 B1 11 We do not agree with Patent Owner that the quoted language of the ’999 patent requires a construction of the term “second link” that excludes any Bluetooth connection that reuses authentication information. Other than the one vaguely worded sentence in the ’999 patent, Patent Owner does not point to any supporting evidence for this interpretation. PO Resp. 25–26; Ex. 1001, 1:47–53). To the contrary, the evidence supports a finding that when two devices reestablish communication after being disconnected, the subsequent Bluetooth link is considered a different link. See Reply 18 (citing Ex. 1004, 151 (“Consequently, once a semi-permanent link key is defined, it may be used in the authentication of several subsequent connections between the Bluetooth units sharing it.”). This understanding is consistent with the ’999 patent, which refers to “initial Bluetooth link[s]” and “subsequent Bluetooth link[s]” (Ex. 1001, 1:49–50, 1:58, 4:40), and discloses that multiple links can be made between two Bluetooth compatible devices (id. at 1:17–20), without any clarification that such links are considered the same if authentication information is reused. Accordingly, we find that claim 13 requires two different links, one of which occurs later in time than the other, but that those links are not required to be of different types. And we do not agree with Patent Owner’s narrow reading, based on one sentence in the ’999 patent, that Bluetooth links that reuse authentication codes are considered the same link. C. Obviousness over Varadharajan Petitioner contends that claims 1–3, 6–8, 11–14, 16, and 17 of the ’999 patent are unpatentable because their subject matter would have been obvious over the disclosure of Varadharajan. Pet. 8–30. IPR2019-01337 Patent 7,136,999 B1 12 1. Overview of Varadharajan Varadharajan is titled “Communication System for Portable Appliances.” Ex. 1003, code (54). Varadharajan describes a host device and a portable device that are “capable of communicating both remotely, e.g. via a modem link, and directly, when the host and portable device are docked or otherwise locally associated.” Id. at 4:1–5. To ensure security, the portable device and host device “periodically exchange a security key via the direct communication link, and the key is then used to control or encrypt subsequent remote communications.” Id. at 4:8–12. According to Varadharajan, this security key may be created and exchanged by “any of a variety of ways known to those skilled in the art” and the direct or local communication may take place using “an I.R. transmitter/receiver unit.” Id. at 4:13–15, 4:26–34. In one embodiment, Varadharajan describes a process in which, “[e]ach time the portable computer 50 is in local or direct communication with the desk top computer 48, this is detected . . . and the identity of the portable computer 50 is authenticated by the desk top computer 48 by a suitable test such as a challenge/response routine.” Ex. 1003, 4:62–67. Only if the portable computer 50 passes this authentication test does the desk top computer initiate a process in which a “key generating device 28 generates a fresh security key which is stored in the encryption/decryption unit 30 of the host device 10 and transmitted via the local I.R. link to be stored in the encryption/decryption unit 38 of the portable device 12.” Id. at 4:62–5:8. Subsequently, when the two devices are in remote communication, for authentication, the host device issues a random challenge to the portable device, which in turn calculates a response IPR2019-01337 Patent 7,136,999 B1 13 including the “current security key” and transmits this to the host device. Id. at 5:32–40. 2. Analysis Petitioner asserts Varadharajan teaches or suggests each of the limitations of independent claims 1, 13, 14, and 17. Pet. 9–30. In particular, Petitioner contends that Varadharajan’s challenge/response routine over the I.R. link teaches the first exchange of authentication information limitation. Id. at 16–19 (citing Ex. 1003, 2:43–49, 4:13–21, 4:62–5:2, 5:33–40; Ex. 1006 ¶¶ 60–64). In addition, Petitioner contends that Varadharajan’s disclosure of the challenge/response routine over the remote communication link teaches the second exchange of authentication information limitation. Id. at 21–22 (citing Ex. 1003, 4:26–34, 4:62–67, 5:33–40; Ex. 1006 ¶¶ 71– 73). Patent Owner does not agree that Varadharajan teaches the first and second exchange of authentication information limitations. PO Resp. 10–13. In particular, Patent Owner emphasizes that Varadharajan describes creating “a fresh security key” every time the portable computer is in proximity to the desktop computer after first authenticating the portable computer. Id. at 10. According to Patent Owner, because this fresh security key is subsequently used to authenticate the remote communication, that key has “no particular relationship to” the key used to authenticate the local connection. Id. at 10– 11 (citing Ex. 1003, 5:4–8). Patent Owner also notes that Varadharajan discloses that frequent changes to the security key are used to enhance security. Id. at 11 (citing Ex. 1003, 2:51–58). The Institution Decision notes that “it is not clear that [Varadharajan] implies that the security key transmitted via the local I.R. Link is never IPR2019-01337 Patent 7,136,999 B1 14 stored and reused when a remote authentication between the two devices occurs” and pointed to language in Varadharajan that the key update is not allowed to occur over a modem link. Inst. Dec. 11–12 (citing Ex. 1003, 5:10–14). We, thus, concluded that we were not persuaded “a person of ordinary skill in the art would have understood Varadharajan to teach that the security key from the first, local, exchange is never stored and reused as the current security key in the second, remote, exchange.” Id. at 12. In Response, Patent Owner explains that Varadharajan does not affirmatively state that the security key is reused between a local and remote connection and that, in fact, the only detailed language in Varadharajan implies the opposite—that the security key is changed after every local authentication—and, thus, the disclosure of Varadharajan does not explicitly disclose reusing the same or similar authentication information in the second link. PO Resp. 11–12. Patent Owner also points out that Varadharajan’s language, noted in the Institution Decision, teaching that key updates cannot be done over the remote connection, does not support a finding that Varadharajan discloses using the same or similar authentication information over the two connections. Id. Petitioner argues that Varadharajan expressly describes using the same or similar authentication information between the two links. Reply 6– 7. As support, Petitioner asserts that Varadharajan discloses that the two devices “perform authentication ‘[e]ach time’ the two devices are in communication, including after they initially exchange a security key” and “Varadharajan further discloses the two devices then exchange the same key when they later authenticate over a different, alternate link, such as a modem link.” Id. at 7 (citing Ex. 1003 5:33–40; Ex. 1006 ¶¶ 60–62, 74–76). IPR2019-01337 Patent 7,136,999 B1 15 According to Petitioner, “[t]his is in part because the security key cannot be updated over the modem link, as noted in the Institution Decision and not disputed by [Patent Owner].” Id. We disagree with Petitioner that this description of Varadharajan’s disclosure is uncontested by Patent Owner. See Reply 7. To the contrary, Patent Owner argues that Varadharajan does not use the same or similar key during the remote authentication because a new key was already created before the second authentication when the two devices were in proximity, but after the local authentication. PO Resp. 10–12; Sur-Reply 6–10. Thus, according to Patent Owner, it is irrelevant that the key update cannot occur over the remote link. Moreover, despite our statement in the Institution Decision (see Inst. Dec. 12), upon further review of Varadharajan’s language, we agree with Patent Owner that whether the security key can be updated over a remote communication link is irrelevant to Patent Owner’s point that the security key is changed between the local authentication and the remote authentication. Patent Owner also argues that the language Petitioner relies on to show that the remote authentication uses the same key as the initial authentication does not support such a reading. Sur-Reply 7. We agree with Patent Owner. Petitioner relies on the following language (Pet. 22; Reply 7): During a subsequent remote communication exchange via the modem link 53, the desk top computer 48 issues a random challenge to the portable computer 50. The portable computer 50 calculates a response as a function of the challenge and the current security key and transmits this to the desk top computer 48. The desk top computer checks the response and if it IPR2019-01337 Patent 7,136,999 B1 16 corresponds correctly to the challenge, allows [the] session to continue. Ex. 1003, 5:33–40 (emphasis added). According to Petitioner, this language implies that “the portable device sends a response including the same security key that is exchanged during execution of the authentication protocol over the short-range wireless link.” Pet. 22 (emphasis added). However, we read this language the same way Patent Owner does, that remote authentication uses the current security key, which was updated after the first authentication occurred and, therefore, is not the same or similar key used in the first authentication. Petitioner also asserts that Varadharajan discloses “the host device and the portable device may refresh the security key when the[y] communicate over a short-range link, but need not always do so.” Reply 8. However, we agree with Patent Owner (Sur-Reply 9–10) that the language Petitioner relies on for this statement does not, in fact, state that security keys need not be refreshed, but instead simply explains that “the described embodiments incorporate a secret key which is changed very frequently . . ., thus offering substantial extra protection.” Id. at 9 (citing Ex. 1003, 2:51– 58). Although we agree with Petitioner that this language does not explicitly state that “Varadharajan’s security key must always be changed when the two devices communicate over the short-range link,” we note that Petitioner does not point to any language in Varadharajan stating that it need not always be refreshed. Id. In fact, the only language in Varadharajan on this issue appears to be that “[e]ach time the portable computer 50 is in local or direct communication with the desktop computer 48,” authentication is performed and then, if the portable computer passes the test, a key update IPR2019-01337 Patent 7,136,999 B1 17 routine is initiated that changes the security key. Ex. 1003, 4:62–5:8. This language supports Patent Owner’s reading. Petitioner provides expert testimony supporting its position. Pet. 22 (citing Ex. 1006 ¶¶ 71–73); Reply 7–8 (citing Ex. 1006 ¶¶ 74–76; Ex. 1013 ¶¶ 12–13). We, however, do not credit Dr. Weissman’s testimony on this issue, as it relies solely on the same portions of Varadharajan discussed above, without addressing Varadharajan’s explicit language describing key updates. See Ex. 1006 ¶ 73 (relying on Ex. 1003, 4:62–67 and 5:33–40 as supporting, without elaboration, a reading that the remote authentication uses “the same security key” as the initial authentication); Ex. 1013 ¶ 12 (relying, again, on Ex. 1003, 5:33–40 to support a conclusion that “[w]hen the host device and the portable device later authenticate over a different, alternate link, such as a modem link, the two devices then exchange the same key to authenticate each other”); Ex. 1003, 4:62–5:8 (describing authentication followed by key update “[e]ach time” the two computers communicate over a local link). In his Supplemental Declaration, Dr. Weissman adds that “[a]s Varadharajan does not disclose a mechanism to update the security key over the modem link, it discloses using the same security key for authentication over the disclosed modem link.” Ex. 1013 ¶ 12. However, as noted above, we agree with Patent Owner that it is immaterial what link the key update is made through—what matters is whether the key update is done after the initial authentication such that a different key is used for the remote authentication. And Varadharajan explicitly states that the update is made after the initial authentication and before the remote authentication. Ex. 1003, 4:62–5:8. Dr. Weissman also states, in his Supplemental IPR2019-01337 Patent 7,136,999 B1 18 Declaration, that the key update “need not occur every time the host device and portable device are in communication over the short range link,” but, again, for this conclusion he relies solely on the portion of Varadharajan that states that keys are updated frequently. Ex. 1013 ¶ 13 (citing Ex. 1003, 2:52–58). Dr. Weissman adds that “[a] person of ordinary skill in the art would not interpret this disclosure, and other disclosures from Varadharajan generally, to require that a security key refresh always occurs when the host device and the portable device communicate over the short-range link.” Id. However, we do not credit this conclusory statement given Dr. Weissman does not take into account, or otherwise acknowledge, Varadharajan’s explicit language describing key updates in a paragraph that begins with the phrase “[e]ach time the portable computer 50 is in local or direct communication with the desk top computer 48 . . . .” Ex. 1003 4:62–5:8. Accordingly, based upon our review of the current record, we conclude that Petitioner has not demonstrated a reasonable likelihood of establishing that claims 1–3, 6–8, 11–14, 16, and 17 would have been obvious over Varadharajan. D. Obviousness over Varadharajan and BT Core Petitioner contends that claims 1, 2, 4, 5, 7–10, 13–15, and 17 of the ’999 patent are unpatentable because their subject matter would have been obvious over the combined disclosure of Varadharajan and BT Core. Pet. 30–56. 1. Overview of BT Core BT Core is titled “Specification of the Bluetooth System” and “defines the requirements for a Bluetooth transceiver operating in [the 2.4GHz ISM] band.” Ex. 1004, 1, 18. IPR2019-01337 Patent 7,136,999 B1 19 2. Analysis for Claim 1 a. a method of authenticating first and second electronic devices The preamble of claim 1 recites “a method of authenticating first and second electronic devices.” Ex. 1001, 5:17–18. Petitioner asserts that both Varadharajan and BT Core teach these features. Pet. 37–39. Specifically, Petitioner explains that “Varadharajan and BT Core disclose a method for authenticating a portable device (first electronic device) and a host device (second electronic device)” using “both a direct link (short-range communication link) and a modem link (alternate communication link).” Id. 37–38 (citing Ex. 1003, Abstract, 3:26–49, 4:8–21; Ex. 1006 ¶¶ 112–113). Petitioner explains that “[w]hen the portable device and the host device are configured to use Bluetooth and desire to communicate with each other, they initially perform an initialization process where the devices are paired to each other.” Id. at 38 (citing Ex. 1004, 153–154). Based on the record, we are persuaded by Petitioner’s showing that Varadharajan and BT Core teach or suggest a method of authenticating first and second electronic devices. Patent Owner does not dispute Petitioner’s contentions regarding this limitation. See PO Resp. 10–13. Accordingly, we determine that Petitioner has established by a preponderance of the evidence that Varadharajan and BT Core teach or suggest a method of authenticating first and second electronic devices as required by claim 1. b. upon link set-up over a short-range wireless link, executing an authentication protocol by exchanging authentication information between the first and second electronic devices to initially authenticate communication between the first and second devices later, when the first and second electronic devices are beyond the short-range wireless link executing the authentication protocol by exchanging the authentication information between the first and IPR2019-01337 Patent 7,136,999 B1 20 second electronic devices over an alternate communications link Claim 1 recites “upon link set-up over a short-range wireless link, executing an authentication protocol by exchanging authentication information between the first and second electronic devices to initially authenticate communication between the first and second devices” and “later, when the first and second electronic devices are beyond the short- range wireless link executing the authentication protocol by exchanging the authentication information between the first and second electronic devices over an alternate communications link.” Ex. 1001, 5:19–28. Petitioner asserts that the combined teachings of Varadharajan and BT Core teach these features. Pet. 39–47. In particular, Petitioner relies on BT Core as showing a method of communicating between the portable and host devices over a short-range communication link. Pet. 32–36. Petitioner describes the Bluetooth pairing process, which begins “when an initialization key (Kinit) is created based on a PIN and a random number,” followed by authentication between the devices, “including generation of an authentication response based on Kinit.” Id. at 32 (citing Ex. 1004, 154, 169–170, 195–197). Moreover, “[u]pon successful authentication, a link key, which may be temporary or semi- permanent, is created, which is used for authentication between the two devices ‘for all subsequent connections until it is changed.’” Id. (citing Ex. 1004, 169–170, 195–196, 198). Petitioner concedes that “Varadharajan does not expressly disclose the short-range communication link may be a radio-based link, such as a Bluetooth link” (id. at 32), but asserts that “it would have been obvious to modify Varadharajan’s portable and host devices to implement Bluetooth as IPR2019-01337 Patent 7,136,999 B1 21 an alternative short-range wireless link for purposes of enabling short-range communications over Bluetooth” (id. at 32–33 (citing Ex. 1006 ¶ 101)). According to Petitioner, at the time of the invention, Bluetooth and its advantages over infrared technology were known to a person of ordinary skill in the art. Id. at 33 (citing Ex. 1001, 1:17–20), 34 (citing Ex. 1006 ¶¶ 103–104), 35–36 (citing Ex. 1006 ¶¶ 105–109). Moreover, using Bluetooth “would have required only the simple substitution of known techniques (Bluetooth for infrared) in similar devices, in a similar manner, to achieve predictable results” and a person of ordinary skill “would have appreciated that Bluetooth’s radio-frequency (‘RF’) link provides advantages over the infrared technology taught in Varadharajan.” Id. at 33– 34 (citing Ex. 1006 ¶¶ 103–104). Petitioner also notes that Varadharajan explicitly states that its system can use “any of a variety of ways known to those skilled in the art” to generate the first security key. Id. at 34 (citing Ex. 1003, 4:13–21). Petitioner concludes that a person of ordinary skill in the art “would have found it obvious to use Bluetooth’s well-known authentication protocol based on the similarities of the authentication protocols described in each of Varadharajan and BT Core, as well as to support a protocol that was well known as of the Critical Date” and “would have had a reasonable expectation of success in attempting to do as much.” Id. at 36 (citing Ex. 1006 ¶ 109). Specifically, Petitioner relies on BT Core for disclosing the recited “short-range wireless link” and the Bluetooth authentication protocol for disclosing “executing an authentication protocol by exchanging authentication information between the first and second electronic devices to initially authenticate communication between the first and second devices.” IPR2019-01337 Patent 7,136,999 B1 22 Pet. 39, 41–42 (citing Ex. 1004, 99, 108, 149–154, 169–178, 1043, 1045– 1047, 1053; Ex. 1006 ¶¶ 115–117, 123). Petitioner relies on Varadharajan’s modem link for disclosing the recited “later, when the first and second electronic devices are beyond the short-range wireless link.” Id. at 42–43 (citing Ex. 1003, 2:19–27, 5:33–40; Ex. 1006 ¶¶ 124–126). For “executing the authentication protocol by exchanging the authentication information between the first and second electronic devices over an alternate communications link,” Petitioner relies on Varadharajan’s disclosure of an attempt to communicate via a modem link and that it may use the Bluetooth authentication protocol’s challenge-response scheme using “the same link key . . . as exchanged over the short-range wireless link” to authenticate the two devices over that link. Id. at 45–47 (citing Ex. 1003, 4:26–34, 4:62–67, 5:33–40; Ex. 1004, 149–154, 170; Ex. 1006 ¶¶ 130–133). Patent Owner argues that Petitioner fails to show the combination of Varadharajan and BT Core teaches or suggests the first and second exchanging of authentication information limitations. PO Resp. 13–20; Sur- Reply 11–14. Initially, Patent Owner acknowledges that the “Petition asserts that the Bluetooth authentication protocol’s challenge-response scheme can be implemented in lieu of the authentication protocol’s challenge-response scheme used by Varadharajan.” PO Resp. 14. However, Patent Owner argues that there “exists no motivation to combine the Bluetooth authentication protocol’s challenge-response scheme with that of Varadharajan.” Id. at 15. According to Patent Owner, “Varadharajan would not have considered the system of BT Core to be a viable option because the authentication protocol used to enable the features of Varadharajan would be incompatible with those taught by BT Core.” Id. IPR2019-01337 Patent 7,136,999 B1 23 In support of this assertion, Patent Owner asserts that Varadharajan’s authentication protocol “is key to” its “overall inventive aspect” and “would not have functioned properly with the authentication protocol implemented in BT Core.” Id. at 16. Patent Owner explains that Varadharajan states that “the risk of security compromise when communicating directly is nil or relatively low” (id. (quoting Ex. 1003, 4:5–12)) and asserts that Varadharajan “clearly teaches that radio-based communication mediums are inherently insecure” (id. (citing Ex. 1003, 1:10–17)); Sur-Reply 11–12. Patent Owner adds, without pointing to any intrinsic or extrinsic evidence, that “it is well known to any POSITA” “that the challenges of maintaining security in an I.R. link are entirely different than those posed in a RF wireless link” (id. at 16) and “that other individuals that the user is not aware of and often times cannot know exist, are easily capable of intercepting RF- based communications between the devices being authenticated” (id. at 17). Moreover, according to Patent Owner, “[t]he core aspect of the authentication scheme taught by Varadharajan depends upon computer generated security keys that are very long and are changed frequently.” Id. at 17–18 (citing Ex. 1003, 1:42–45, 2:52–58, 4:35–38). Patent Owner concludes that “because BT Core teaches the use of a substantially shorter security key,” it “teaches away from a system that utilizes very long security keys for providing a sufficient level of security as proposed by Varadharajan” and “BT Core teaches away from a security key . . . which is changed frequently.” Id. at 19–20. Petitioner responds that a person of ordinary skill in the art would be motivated to use Bluetooth’s authentication mechanism with Varadharajan’s direct link. Reply 10–14. Specifically, Petitioner explains that “the relevant IPR2019-01337 Patent 7,136,999 B1 24 date to consider is June 2000,” the filing date of the ’999 patent, at which time, “a person of ordinary skill in the art would have considered Bluetooth’s radio-based authentication and security schemes as posing ‘relatively low’ risk of a security breach.” Reply 9–10. As evidence for this knowledge, Petitioner points to the statement in the ’999 patent’s background that Bluetooth includes an authentication mechanism that is “more robust than other systems” and claims 5 and 6 of the ’999 patent “indicate that the recited short-range wireless link can be either a ‘radio link’ (claim 5) or an ‘infra-red’ link (claim 6).’” Id. at 10 (quoting Ex. 1001, 1:26–27, 1:36–37).8 Petitioner also explains that Varadharajan “does not require that the risk of security of signal interception be ‘nil or zero,’ but rather that it be ‘relatively low.’” Id. at 10–11 (citing Ex. 1003, 4:7–8). According to Petitioner, a person of ordinary skill in the art at the relevant time “would have considered Bluetooth’s security scheme, including its 8 On August 18, 2020, the Director of the Patent & Trademark Office issued a Memorandum addressing the use of “applicant admitted prior art” as the basis for an inter partes review challenge. See USPTO Memorandum, Treatment of Statements of the Applicant in the Challenged Patent in Inter Partes Reviews Under § 311 (August 18, 2020), available at https://www.uspto.gov/sites/default/files/documents/signed_aapa_guidance_ memo.pdf. That Memorandum concludes that two permissible uses of admitted prior art in an inter partes review are to “support a motivation to combine particular disclosures” and “demonstrate the knowledge of the ordinarily-skilled artisan at the time of the invention.” Id. at 9. Petitioner’s citation to the description of Bluetooth’s authentication mechanism and the use of radio links in the ’999 patent fall within these categories. Notably, Patent Owner did not object to the reliance on “APA” in the Petition, and we see no obstacle under 35 U.S.C. § 311 to Petitioner relying on admitted prior art in this manner. IPR2019-01337 Patent 7,136,999 B1 25 ‘robust’ authentication protocols, as having a ‘relatively low’ risk of being compromised.” Id. at 11; Ex. 1006 ¶ 17. We find, based on the record, that a person of ordinary skill in the art would consider Bluetooth’s authentication mechanism to be robust with a relatively low risk of being compromised. This is based on both the intrinsic evidence and extrinsic evidence, which support such a finding, and a lack of evidence in the record to the contrary.9 See Ex. 1001, 1:11–59, 5:38–41; Ex. 1004, 99, 108, 149–154, 169–178, 1043, 1045–1047, 1053; Ex. 1006 ¶¶ 102–109; Ex. 1013 ¶¶ 17–18. Petitioner also disagrees with Patent Owner’s argument that Varadharajan would be incompatible with the authentication mechanism taught by BT Core. Reply 12–14. Petitioner explains that Varadharajan does not require long security keys that are changed frequently, but “discloses using a ‘secret key’ which ‘can be very long since it does not have to be remembered by the user,’ in place of using passwords that are ‘only a few characters long.’” Id. at 12 (quoting Ex. 1003, 1:42–45, 2:52– 58). According to Petitioner, even given Varadharajan’s disclosure of a typically long security key, “a person of ordinary skill in the art would have considered other options, such as Bluetooth’s 128-bit random number, as sufficiently suitable for purposes of security,” especially “when accounting for the frequency in which a security key changes.” Id. at 12–13 (citing Ex. 1013 ¶¶ 19–20). Petitioner notes that “BT Core indicates that it may be 9 Patent Owner does not support with evidence its attorney argument characterizing Varadharajan’s disclosure and Bluetooth’s authentication behavior and asserting what a person of ordinary skill in the art would understand at the relevant time. See PO Resp. 13–20. IPR2019-01337 Patent 7,136,999 B1 26 ‘desirable’ to change a link key” and “a person of ordinary skill in the art would have considered a 128-bit random number to be ‘very long.’” Id. (citing Ex. 1004, 151–152, 157; Ex. 1006 ¶ 100; Ex. 1013 ¶¶ 19–21). Petitioner also disagrees with Patent Owner’s assertion that Varadharajan would have to revamp its entire authentication scheme and mode of operation to achieve the desired level of security when using Bluetooth as the direct link authorization mechanism pointing to Varadharajan’s statement that any “‘suitable’ test” may be used for such authorization. Reply 13–14 (quoting Ex. 1003, 4:62–67). We find, based on the record, that a person of ordinary skill in the art would have understood using Bluetooth’s authentication mechanism in place of Varadharajan’s described “challenge/response routine,” to be a feasible option. This is based on both the intrinsic evidence and extrinsic evidence, which support such a finding, and a lack of evidence in the record to the contrary.7 See Ex. 1003, 4:62–67 (“Each time the portable computer 50 is in local or direct communication with the desk top computer 48 . . . the identity of the portable computer 50 is authenticated by the desk top computer 48 by a suitable test such as a challenge/response routine as outlined below.”); Ex. 1004, 99, 108, 149–154, 169–178, 1043, 1045–1047, 1053; Ex. 1006 ¶¶ 96–123; Ex. 1013 ¶¶ 14–22. We are not persuaded by Patent Owner’s argument that BT Core teaches away from a very long, frequently changed, security key. See PO Resp. 19–20. Nothing in Varadharajan or BT Core may be said to discourage a person of ordinary skill from using the Bluetooth authentication mechanism for the authentication over Varadharajan’s direct link. See In re Gurley, 27 F.3d 551, 553 (Fed. Cir. 1994). To the contrary, the facts suggest that a person of ordinary skill IPR2019-01337 Patent 7,136,999 B1 27 would have understood Varadharajan to encourage the use of any known, robust, authentication scheme (see Ex. 1003, 4:62–67), and the record shows that a person of ordinary skill would have understood Bluetooth’s authentication mechanism to be such a scheme (see Ex. 1001, 1:11–59, 5:38–41; Ex. 1004, 151–152, 157; Ex. 1006 ¶¶ 100–109; Ex. 1013 ¶¶ 17– 21). Finally, we find Petitioner has sufficiently shown that a person of ordinary skill in the art would have had reason to attempt to use Bluetooth’s authentication mechanism over Varadharajan’s direct link because it was a well-known method of implementing robust short-range communication and doing so would have required only the simple substitution of Bluetooth for infrared, in a similar manner, to achieve predictable results. Pet. 32–36; Reply 8–14; Ex. 1006 ¶¶ 96–123; see KSR v. Teleflex, 550 U.S. 398, 417 (2007). c. then only allowing communication between the first and second devices if the first and second devices had initially been successfully authenticated Claim 1 recites “then only allowing communication between the first and second devices if the first and second devices had initially been successfully authenticated.” Ex. 1001, 5:28–31. Petitioner asserts that Varadharajan teaches this feature. Pet. 47–48. Specifically, Petitioner explains that Varadharajan teaches a subsequent remote communication exchange via a modem link during which the desktop computer allows communication between the first and second devices only if the response corresponds correctly to the challenge. Id. 47 (citing Ex. 1003, 5:33–40; Ex. 1006 ¶¶ 134–136). According to Petitioner, “Varadharajan further discloses that if a security key is not exchanged over the short-range wireless IPR2019-01337 Patent 7,136,999 B1 28 link, then the portable device is not allowed to communicate with the host device over the modem link.” Id. at 48 (citing Ex. 1003, 1:20–25, 3:16–20, 5:32–55). Petitioner also explains that “when the host and portable devices are configured to support Bluetooth, if the portable device does not have the current link key, then the host and portable devices will not be allowed to communicate.” Id. (citing Ex. 1004, 194–195; Ex. 1006 ¶ 137). Based on the record, we are persuaded by Petitioner’s showing that the combination of Varadharajan and BT Core teaches or suggests “then only allowing communication between the first and second devices if the first and second devices had initially been successfully authenticated.” Patent Owner does not dispute Petitioner’s contentions regarding this limitation. See PO Resp. 10–13. Accordingly, we determine that Petitioner has established by a preponderance of the evidence that the combination of Varadharajan and BT Core teaches or suggests “then only allowing communication between the first and second devices if the first and second devices had initially been successfully authenticated” as recited by claim 1. d. Conclusion Claim 1 Based on the record, we determine that Petitioner has established by a preponderance of the evidence that claim 1 of the ’999 patent would have been obvious over the combined disclosures of Varadharajan and BT Core. 3. Analysis for Claims 13, 14, and 17 Independent claims 13, 14, and 17 recite similar subject matter to independent claim 1. The differences between claim 13 and claim 1, as discussed above in the claim construction section (supra § III.B), include that the links are described as “first” and “second” “links” as opposed to “short-range wireless link” and “alternate communications link” that is IPR2019-01337 Patent 7,136,999 B1 29 “beyond the short-range wireless link.” Compare Ex. 1001, 5:17–31 (claim 1), with Ex. 1001, 6:1–14. Petitioner relies on the same analysis for these portions of claim 13 as it does for claim 1. Pet. 39, 41–48. Patent Owner does not argue that the differences in wording of claim 13 lead to additional issues. PO Resp. 13–20 (discussing primarily claim 1 and noting that “the remaining independent claims” have “similarly recited” limitations). Instead of reciting methods, like claims 1 and 13, claim 14 recites “[a]n electronic device” and claim 17 recites “[a] communications system.” Ex. 1001, 6:15, 6:35. The subject matter encompassed by claims 14 and 17, however, is very similar to that of claim 1 and, for the most part, Petitioner relies on the same analysis for the limitations of claims 1, 14, and 17. See Pet. 37–39, 41–48. For the “processor” recited by claim 14, Petitioner points to Varadharajan. Pet. 14–15 (citing Ex. 1003, Fig. 1, Abstract, 4:44– 46; Ex. 1006 ¶¶ 54–55), 40. For the “memory loaded with a software routine executed by the processor” recited by claim 14, Petitioner points to Varadharajan (Pet. 15–17 (citing Ex. 1003, 4:35–43, 5:2–9, 6:27; Ex. 1006 ¶¶ 56–59)) and BT Core (id. at 40 (citing Ex. 1004, 108–112, 194–198; Ex. 1006 ¶¶ 119–120). Patent Owner does not argue that the differences in wording of claim 13 lead to additional issues. PO Resp. 13–20 (discussing primarily claim 1 and noting that “the remaining independent claims” have “similarly recited” limitations). Based on the record, we determine that Petitioner has established by a preponderance of the evidence that claims 13, 14, and 17 of the ’999 patent would have been obvious over the combined disclosures of Varadharajan and BT Core. IPR2019-01337 Patent 7,136,999 B1 30 4. Analysis for Dependent Claims We have considered Petitioner’s argument and supporting evidence, including Dr. Weissman’s testimony, regarding dependent claims 2, 4, 5, 7– 10, and 15 of the ’999 patent. Pet. 49–56; Ex. 1006 ¶¶ 141–157. Patent Owner does not separately argue the limitations added in these dependent claims. See PO Resp. 27 (“The deficiencies of the Petition articulated above concerning the challenged independent claims also apply to the analysis of the challenged dependent claims.”). We find that Petitioner has shown, by a preponderance of the evidence, that these limitations are taught or suggested by Varadharajan and BT Core and has provided sufficiently “articulated reasoning,” with “rational underpinning” and evidentiary support, to combine the teachings of these references to predictably yield the recited systems and methods. See KSR, 550 U.S. at 418 (quoting Kahn, 441 F.3d at 988). Specifically, dependent claim 2 depends from claim 1 and adds a limitation “wherein the authentication information is an authentication key.” Ex. 1001, 5:32–33. Petitioner relies on BT Core’s discussion of the host and portable devices exchanging key information. Id. (citing Ex. 1004, 154, 169–170; Ex. 1006 ¶¶ 141–142). We determine that the Petition has shown, by a preponderance of the evidence, that claim 2 would have been obvious over Varadharajan and BT Core. Dependent claim 4 depends from claim 1 and recites: “wherein the first device is a master device and the second device is a slave device.” Ex. 1001, 5:36–37. Petitioner relies on BT Core’s statement that, in Bluetooth, one unit acts as a master and the other a slave. Pet. 50–51 (citing Ex. 1004, 41; Ex. 1006 ¶ 144). We determine that the Petition has shown, IPR2019-01337 Patent 7,136,999 B1 31 by a preponderance of the evidence, that claim 4 would have been obvious over Varadharajan and BT Core. Dependent claim 5 depends from claim 1 and recites: “wherein the short-range wireless link is a radio link.” Ex. 1001, 5:38–39. Petitioner relies on BT Core’s disclosure that Bluetooth is a short-range radio link. Pet. 51–52 (citing Ex. 1004, 41; Ex. 1006 ¶ 147). We determine that the Petition has shown, by a preponderance of the evidence, that claim 5 would have been obvious over Varadharajan and BT Core. Dependent claim 7 depends from claim 1 and recites: “wherein the link set-up occurs when the first and second devices are in physical proximity.” Ex. 1001, 5:42–43. Petitioner relies on both Varadharajan and BT Core’s disclose short-range communication when devices are in close proximity. Pet. 52–53 (citing Ex. 1003, Abstract, 6:7–8; Ex. 1004, 41, 149; Ex. 1006 ¶¶ 148–150). We determine that the Petition has shown, by a preponderance of the evidence, that claim 7 would have been obvious over Varadharajan and BT Core. Dependent claim 8 depends from claim 1 and recites: “wherein the short-range wireless link conforms to a given RF protocol.” Ex. 1001, 5:44– 45. Petitioner relies on BT Core’s disclosure of the Bluetooth protocol, a radio frequency protocol. Pet. 53–54 (citing Ex. 1004, 41, 250–251, 832; Ex. 1006 ¶¶ 151–152). We determine that the Petition has shown, by a preponderance of the evidence, that claim 8 would have been obvious over Varadharajan and BT Core. Dependent claim 9 depends from claim 8 and recites: “wherein the given RF protocol is Bluetooth.” Ex. 1001, 5:46–47. Petitioner relies on BT Core’s disclosure of the Bluetooth protocol, a radio frequency protocol. IPR2019-01337 Patent 7,136,999 B1 32 Pet. 54 (citing Ex. 1004, 41; Ex. 1006 ¶¶ 153–154). We determine that the Petition has shown, by a preponderance of the evidence, that claim 9 would have been obvious over Varadharajan and BT Core. Dependent claim 10 depends from claim 1 and dependent claim 15 depends from claim 14. Both claims recite: “wherein the link set-up step includes entry of a given personal identification number into each of the first and second electronic devices.” Ex. 1001, 5:48–50, 6:29–31. Petitioner relies on BT Core’s disclosure that a user may select a unique personal identification number (“PIN”) for purposes of setting up a Bluetooth connection. Pet. 54–56 (citing Ex. 1004, 152, 561; Ex. 1006 ¶¶ 156–157). We determine that the Petition has shown, by a preponderance of the evidence, that claims 10 and 15 would have been obvious over Varadharajan and BT Core. 5. Conclusion Accordingly, based upon our review of the current record, we conclude that Petitioner has shown, by a preponderance of the evidence, that claims 1, 2, 4, 5, 7–10, 13–15, and 17 of the ’999 patent would have been obvious over the combined disclosures of Varadharajan and BT Core. E. Obviousness over Hind Petitioner contends that claim 13 of the ’999 patent is unpatentable because its subject matter would have been obvious over the disclosure of Hind. Pet. 56–68. Specifically, Petitioner asserts that “Hind was considered during prosecution of the ’999 patent,” but Patent Owner “failed to incorporate limitations into claim 13 that it argued overcame the Hind reference,” and, thus, “Hind renders obvious claim 13.” Id. at 56. IPR2019-01337 Patent 7,136,999 B1 33 1. Overview of Hind Hind is titled “Method and Apparatus for Exclusively Pairing Wireless Devices.” Ex. 1005, code (54). Hind describes “creating a secure, short-range network for securely transmitting information among wireless devices and creating a secure communications mechanism for paired devices.” Id. at 1:17–21. For example, Hind discloses that a pair of devices may create a pairing relationship by each storing a key associated with the paired device.10 Id. at 2:55–3:1. That key can be “reused anytime the paired devices wish to communicate securely.” Id. at 3:3–5. Hind also discloses using digital certificates to connect in a secure manner.11 Id. at 6:10–12. Figure 6 of Hind is reproduced below. 10 Petitioner refers to this as the “secret/link key embodiment.” Pet. 63. 11 Petitioner refers to this as the “certificate embodiment.” Pet. 63–65. IPR2019-01337 Patent 7,136,999 B1 34 Figure 6 of Hind depicts the pairing of two devices, headset 6001 and mobile telephone 6003, using certificates. Id. at 6:58–59, 12:64–13:4. Each of the two devices is provided with a device certificate. Id. at 13:4–10. To pair the devices, they are brought into radio proximity and the user pushes a button 6020, which causes the device to transmit its certificate 6030 to the other device. Id. at 13:13–17. The other device verifies the certificate by displaying a device identifier using a previously generated public key, and if it matches the known device identifier, the user pushes a button 6060 to accept the pairing. Id. at 13:17–31. According to Hind, after this process, “the two devices are paired and can securely reauthenticate (using certificates or optionally the link keys as a shared secret) and establish encrypted communications at any time in the future.” Id. at 13:33–36. IPR2019-01337 Patent 7,136,999 B1 35 2. Analysis Petitioner asserts that Hind teaches or suggests each of limitations of claim 13. Pet. 56–68. In particular, Petitioner contends that both the secret/link key embodiment and the certificate embodiment disclosed by Hind disclose the first exchange of authentication information limitation. Pet. 63–65. Specifically, Petitioner explains that in the secret/link key embodiment, a PIN is used to generate the secret/link key, which is used for authentication and encryption and “then reused anytime the paired devices wish to communicate securely.” Id. at 61–62, 63. According to Petitioner, a person of ordinary skill in the art “would appreciate that when two electronic devices desire to authenticate communications with each other at a later time . . . the secret/link key would be ‘reused.’” Id. at 67 (citing Ex. 1006 ¶ 187); see also Reply 15–16 (citing Ex. 1013 ¶ 25). For the certificate embodiment, Petitioner asserts that certificates are generated as shown in Hind’s Figure 1A (Pet. 62) and authentication is performed using the exchange of certificate information as disclosed in Hind’s Figure 2 (id. at 63–64) and, later, the two devices exchange the certificate information for authentication over a second link (id. at 67–68). Patent Owner does not agree that Hind teaches the first and second exchange of authentication information limitations. PO Resp. 20–27. Patent Owner’s position is based on a construction of the term “second link” that excludes any Bluetooth link reusing an authentication code. See id. at 23–24 (pointing to Hind’s Figure 2 as describing a process flow that occurs after the first authentication, but is “substantially different” and does not require “entry or storage of secrets associated with each potential communication partner, such as user identifiers and passwords, PINs, or encryption keys”), IPR2019-01337 Patent 7,136,999 B1 36 24 (asserting that the portion of Hind that discusses reauthentication using certificates or link keys is a different embodiment that discusses “how two devices can reauthenticate to establish encrypted communications in the future on the same link”) (emphasis added); 25 (asserting that Hind’s statement that the stored key is then reused also “assumes re-establishing the same link rather than a ‘second link’”); Sur-Reply 14–17. As discussed in the claim construction section above (supra § III.B.2), we do not adopt Patent Owner’s narrow construction of the term “second link” as excluding all Bluetooth links that reuse authentication codes. Therefore, we find Petitioner has established by a preponderance of the evidence that Hind at least suggests the first and second exchange of authentication information limitations. We agree with Petitioner that both of Hind’s embodiments—secret/link key and certificate exchange—teach or suggest that authentication information is reused in second links, including subsequent Bluetooth connections, between the devices as recited in claim 13. Ex. 1005, Figs. 1A, 2, 2:55–66, 3:3–5, 9:16–61, 11:5–48, 13:33–36. We have reviewed Petitioner’s arguments and evidence concerning the claim limitations not specifically contested by Patent Owner, and we are likewise persuaded that Petitioner has established by a preponderance of the evidence that Hind teaches or suggests each of those limitations. Accordingly, based upon our review of the current record, we conclude that Petitioner has demonstrated a reasonable likelihood of establishing that claim 13 would have been obvious over Hind. F. Patent Owner’s Constitutional Challenge Patent Owner argues that Administrative Patent Judges (“APJs”) are unconstitutionally appointed principal officers. PO Resp. 27–31 (citing IPR2019-01337 Patent 7,136,999 B1 37 Arthrex, Inc. v. Smith & Nephew, Inc., 941 F.3d 1320 (Fed. Cir. 2019), cert. granted sub nom. United States v. Arthrex, Inc., 2020 WL 6037206 (Oct. 13, 2020)). According to Patent Owner, the Federal Circuit erred by remedying the constitutional violation, and thus, this case must be dismissed. Id. We are bound by the Federal Circuit’s decision in Arthrex, which addressed this issue. See 941 F.3d at 1337 (“This as-applied severance . . . cures the constitutional violation.”); see also Arthrex, Inc. v. Smith & Nephew, Inc., 953 F.3d 760, 764 (Fed. Cir. 2020) (Moore, J., concurring in denial of rehearing) (“Because the APJs were constitutionally appointed as of the implementation of the severance, inter partes review decisions going forward were no longer rendered by unconstitutional panels.”). Accordingly, we do not consider this issue any further. IV. CONCLUSION For the reasons expressed above, we determine that Petitioner has not demonstrated by a preponderance of the evidence that claims 1–3, 6–8, 11– 14, 16, and 17 of the ’999 patent would have been obvious over Varadharajan alone, but has demonstrated by a preponderance of the evidence that claims 1, 2, 4, 5, 7–10, 13–15, and 17 of the ’999 patent would IPR2019-01337 Patent 7,136,999 B1 38 have been obvious over Varadharajan combined with BT Core and that claim 13 would have been obvious over Hind.12 V. ORDER Accordingly, it is: ORDERED that claims 3, 6, 11, 12, and 16 of the ’999 patent have not been shown to be unpatentable; ORDERED that claims 1, 2, 4, 5, 7–10, 13–15, and 17 of the ’999 patent have been shown to be unpatentable; and FURTHER ORDERED that, because this is a Final Written Decision, 12 Should Patent Owner wish to pursue amendment of the challenged claims in a reissue or reexamination proceeding subsequent to the issuance of this decision, we draw Patent Owner’s attention to the April 2019 Notice Regarding Options for Amendments by Patent Owner Through Reissue or Reexamination During a Pending AIA Trial Proceeding. See 84 Fed. Reg. 16,654 (Apr. 22, 2019). If Patent Owner chooses to file a reissue application or a request for reexamination of the challenged patent, we remind Patent Owner of its continuing obligation to notify the Board of any such related matters in updated mandatory notices. See 37 C.F.R. § 42.8(a)(3), (b)(2). Claims 35 U.S.C. § Reference(s)/Basis Claims Shown Unpatentable Claims Not Shown Unpatentable 1–3, 6–8, 11–14, 16, 17 103 Varadharajan 1–3, 6–8, 11– 14, 16, 17 1, 2, 4, 5, 7–10, 13– 15, 17 103 Varadharajan, BT Core 1, 2, 4, 5, 7– 10, 13–15, 17 13 103 Hind 13 Overall Outcome 1, 2, 4, 5, 7– 10, 13–15, 17 3, 6, 11, 12, 16 IPR2019-01337 Patent 7,136,999 B1 39 parties to the proceeding seeking judicial review of the decision must comply with the notice and service requirements of 37 C.F.R. § 90.2. For PETITIONER: Larissa S. Bifano James M. Heintz Jonathan Hicks DLA PIPER, LLP larissa.bifano@dlapiper.com jim.heintz@dlapiper.com jonathan.hicks@dlapiper.com Apple-Uniloc-IPR@dlapiper.com For PATENT OWNER: Brett Mangrum Ryan Loveless James Etheridge Jeffrey Huang ETHERIDGE LAW GROUP brett@etheridgelaw.com ryan@etheridgelaw.com jim@etheridgelaw.com jeff@etheridgelaw.com Copy with citationCopy as parenthetical citation
