unified patents inc. v. william grecia, ipr2016-00789, paper 1 (ptab mar. 22, 2016)

8/19/2019 Unified Patents Inc. v. William Grecia, IPR2016-00789, Paper 1 (PTAB Mar. 22, 2016)

1/65


2/65


3/65

IPR2016–00789 PetitionU.S. Patent 8,402,555

ii

C. Summary of Relevant Prosecution File History ............................ - 10 -

D. Person of Ordinary Skill in the Art ................................................ - 11 -

V. CLAIM CONSTRUCTION ..................................................................... - 11 -

A. “verified web service” .................................................................... - 12 -

B. “metadata of the encrypted digital media” ..................................... - 13 -

C. “two way data exchange” ............................................................... - 13 -

VI. PROPOSED REJECTIONS SHOWING THAT PETITIONER HAS AREASONABLE LIKELIHOOD OF PREVAILING ............................... - 14 -

A. Ground 1: Claims 1–10, 12–15, and 17–24 are unpatentable asobvious over DeMello (EX1005) and Wieder (EX1007) in viewof the admitted prior art. ................................................................. - 14 -

B. Ground 2: Claims 1–10, 12–15, and 17–24 are unpatentable asobvious over Pestoni (EX1006) and Wieder (EX1007) in viewof the admitted prior art. ................................................................. - 14 -

C. Ground 3: Claims 11, 16, and 25-26 are unpatentable over DeMello (EX1005) in combination with Wieder (EX1007) andWiser (EX1008) and the admitted prior art. ................................... - 52 -

D. Ground 4: Claims 11, 16 and 25-26 are unpatentable over Pestoni (EX1006) and Wieder (EX1007) and the admitted priorart in combination with Wiser (EX1008). ...................................... - 52 -

VII. CONCLUSION ......................................................................................... - 60 -


4/65


iii

EXHIBIT LIST

Exhibit No. Description

1001 U.S. Patent No. 8,402,555 to Grecia.

1002 Grecia v. Amazon.com , No. 2:14–cv–00530 (W.D. Wash. Dec.22, 2014) (Joint claim construction statement by Patent Ownerand Amazon), and Ex. C

1003 Sony Network Entertainment Int’l v. Grecia , IPR2015–00422,Preliminary Response (PTAB Mar. 11, 2015)

1004 Notice of Allowability of U.S. Patent No. 8,402,555 to Grecia

1005 U.S. Patent No. 6,891,953 to DeMello et al. , Prior Art under 35U.S.C. § 102(b)

1006 U.S. Pub. No. 20080313264 to Pestoni, Prior Art under 35U.S.C. § 102(b)

1007 U.S. Pat. 8,001,612 to Wieder, Prior Art under 35 U.S.C. §102(e)

1008 U.S. Pat. 6,385,596 to Wiser, Prior Art under 35 U.S.C. § 102(b)

1009 Declaration of Ravi S. Cherukuri & Exhibits A–D

1010 Unified Patents LLC Voluntary Interrogatories


5/65


- 1 -

I. MANDATORY NOTICES

A. Real Party–in–Interest

Pursuant to 37 C.F.R. § 42.8(b)(1), Petitioner certifies that Unified is the real

party–in–interest, and further certifies that no other party exercised control or

could exercise control over Unified’s participation in this proceeding, the filing of

this petition, or the conduct of any ensuing trial. See EX1010, Unified Patents

LLC Voluntary Interrogatories.

B. Related Matters

U.S. Patent No. 8,402,555 (“ ’555 Patent (EX1001)) is a parent of a

continuation U.S. Patent No. 8,533,860 (“ ’860 Patent”), which has a continuation

U.S. Patent No. 8,887,308 (“ ’308 Patent”), against which IPR petitions are being

concurrently filed. On Dec. 6, 2013 Grecia sued Microsoft, Google, Sony Network

Entertainment International and Apple for infringement of the ’860 Patent.

Between Feb. 20, 2014 and Nov. 30, 2015, Grecia has sued the following for

infringement of different combinations of the three patents: Adobe Systems,

American Express, Visa, MasterCard, Charter Communications, Time Warner

Cable, AT&T Services, DirecTV, WideOpenWest Finance, RCN Telecom

Services, Network L.C.C., Charter Communications, Time Warner Cable,

Comcast, DISH Network, Amazon.com, Samsung Telecommunications America

and Vudu.


6/65


- 2 -

A Petition for Inter Partes review of the ’860 Patent was filed by Sony Network

Entertainment International LLC, IPR2015–00422, PTAB, December 14, 2014 and

dismissed by request of the parties. Petitioner filed IPR2016-00600 against the

’860 Patent on Feb. 17, 2016. Petitioner filed IPR2016-00602 against the ’308

Patent on March 3, 2016.

C. Counsels

Lead Counsel for Petitioner is Paul C. Haughey (Reg. No. 31,836), of

Kilpatrick Townsend & Stockton LLP. Back–up Counsel is Jonathan Stroud (Reg.

No. 72,518), of Unified, and Scott E. Kolassa (Reg. No. 55,337), of Kilpatrick

Townsend & Stockton LLP.

D. Service Information, Email, Hand Delivery, and Postal

Unified consents to electronic service at

[email protected] , [email protected] , and

[email protected] .

II. CERTIFICATION OF GROUNDS FOR STANDING

Petitioner certifies pursuant to Rule 42.104(a) that the patent for which

review is sought is available for inter partes review and that Petitioner is not

barred or estopped from requesting and inter partes review challenging the patent

claims on the grounds identified in this Petition.


7/65


- 3 -

III. OVERVIEW OF CHALLENGE AND RELIEF REQUESTED

Pursuant to Rules 42.22(a)(1) and 42.104(b(1)–(2), Petitioner challenges

claims 1–26 of the ’555 Patent.

A. Prior Art Patents and Printed Publications

The following references are pertinent to the grounds of unpatentability

explained below: 1

1. U.S. Patent No. 6,891,953 (filed on June 27, 2000 and issued on May 10,

2005) (“ DeMello” ( EX1005)), which is prior art under 35 U.S.C. § 102(b).

2. U.S. Pub. No. 2008/0313264 (filed on Jun. 12, 2007 and published on Dec.

18, 2008) (“ Pestoni ” (EX1006)), which is prior art under 35 U.S.C. §

102(b).

3. U.S. Pat. 8,001,612, filed Aug. 12, 2005 and issued Aug. 16, 2011

(“Wieder ” (EX1007)), which is prior art under 35 U.S.C. § 102(e). Wieder

is used to show the claimed token database.

1 The ’555 Patent issued from a patent application filed prior to enactment of

the America Invents Act (“AIA”). Accordingly, pre–AIA statutory framework

applies.


8/65


- 4 -

4. U.S. Pat. 6,385,596 (filed Feb. 6, 1998 and issued May 7) (“ Wiser ”

(EX1008)), which is prior art under 35 U.S.C. § 102(b). Wiser is used to

show the customization module and “royalty scheme” of claims 11, 16, 25

and 26.

B. Grounds for Challenge

This Petition, supported by the declaration of Ravi S. Cherukuri (“Cherukuri

Decl.” (EX1009)) requests cancellation of challenged claims 1–26 of the ’555

Patent as unpatentable under 35 U.S.C. §103. Two main references are used, with

additional references for dependent claims.

IV. OVERVIEW OF THE ’555 PATENT

A. Priority Date of the ’555 Patent

The ’555 Patent is a continuation of Application No. 12/985,351, filed on

Jan. 6, 2011, which is a continuation of Application No. 12/728,218, filed on Mar.

21, 2010, now abandoned. In the 11–27–2012 response in the prosecution history

of the ’555 Patent, Patent Owner claimed priority to his Provisional Application

No. 61/303,292 (filed Feb. 10, 2010) to swear behind Baiya U.S. Pub. No.

20110288946. Petitioner does not believe the ’555 Patent is entitled to the Feb. 10,

2010 priority date, but assumes that is the effective date for the purposes of this

petition since all the prior art is more than a year earlier than this date.


9/65


- 5 -

B. Summary of the ’555 Patent

The ’555 Patent is directed to Digital Rights Management (DRM). The prior

art was alleged to tie media to a particular user or limited number of devices:

“The current metadata writable DRM measures do not offer a

way to provide unlimited interoperability between different

machines. Therefore, a solution is needed to give consumers the

unlimited interoperability between devices ….” (’555 Patent at

2:67 – 3:4).

“DRM schemes for e–books include embedding credit card

information and other personal information inside the metadata

area of a delivered file format and restricting the compatibility

of the file with a limited number of reader devices and

computer applications.” Id. at 2:18–22.

The alleged innovation of the ’555 Patent is to obtain a membership

identification reference (e.g., Facebook ID) from a website providing membership

and write it into the metadata of the media. This allows anyone with the

membership reference ID to access the media on any device. The claim elements

of claim 1 and the other challenged claims correspond to the steps of Fig. 6 of the

’555 Patent, copied below:


10/65


- 6 -

Claim 1 of the ’555 Patent is simple but lengthy, and is summarized below

with the letters corresponding to the elements in the claim charts below, and the

numbers corresponding to Fig. 6 above:

[A] Preamble: Authorizing media access for plural data processing devices

(multiple user devices).

[B] (602) Receive user request, with membership verification token (e.g.,

Amazon password), for content access and branding. Patent Owner admits


11/65


- 7 -

that corresponding steps B and C of the ’860 Patent are in the prior art (as

discussed below).

[C] (604) The verification token is authenticated.

[D] (606) Establish a connection with user communication console (with

GUI and API for a verified web service, e.g., Facebook)

[E] (608) An identification reference (e.g., Facebook login) is requested

from the user.

[F] (610) The identification reference is received.

[G] (612)The membership verification token and identification reference are

written into the content metadata. Patent Owner admits the corresponding step in

the ’860 Patent is in the prior art.

With respect to the continuation ’860 Patent, the Patent Owner has

suggested that the particular order set forth above is required, and that all

corresponding 6 modules of Fig. 1 must be present and separate. See Sony Network

Entertainment Int’l v. Grecia , IPR2015–00422 at 3–4, 17–18 (PTAB Mar. 11,

2015) (Preliminary Response) (“Sony v. Grecia Preliminary Response” (EX1003)).

However, the Provisional Application never mentioned the word “module” as used

in the claims, and did not have the module diagram of Fig. 1. The “module” term

was added to claim 12, and the order of the modules (e.g., first and second receipt


12/65


- 8 -

modules in claim 12) and method steps (e.g., claim 1) is described in the ’555

Patent as not limiting:

“In this document, relational terms such as `first` and

second`, and the like may be used solely to distinguish

one entity or action from another entity or action without

necessarily requiring or implying any actual such

relationship or order between such entities or actions.”

’555 Patent, 4:60–64.

Fig. 3 of the ’555 Patent, copied below, shows an embodiment where a user

obtains content using GUI 301 on the left, using a “verification token” that is

authenticated (a “membership verification token” in the ’555 Patent claims,

described in the application as having a list of options). This corresponds to the

first two steps, 602 and 603, which are admitted prior art in the continuation ’860

Patent. Note the same described system performs both steps. Then, the user uses

GUI 307 on the right to contact a “verified web service” (e.g., Facebook) to verify

the user using an electronic ID (e.g., Facebook login). The same system performs

the last 3 steps.


13/65


- 9 -

Petitioner notes that the term “excelsior enabler” as used in the specification

simply means user. Patent Owner characterized it as follows: “authorized users

(excelsior enablers).” June 12, 2012 response to office action for the ’555 Patent.

The term “enabler” was also in the original claims of the ’555 Patent, but was

replaced with “user.” “Excelsior” refers to the main, or first user: “[T]he excelsior

enabler and secondary enablers defined comprises human beings or computerized

mechanisms programmed to process steps of the invention as would normally be

done manually by a human being.” ’555 Patent, 5:12–16.


14/65


- 10 -

C. Summary of Relevant Prosecution File History

The claims in the parent ’555 Patent were originally rejected as obvious

under §103 U.S. Pre-Grant Publication Number 2011/0288946 to Baiya (“ Baiya ”)

in view of U.S. Patent 7,526,650 to Wimmer (“ Wimmer ”). The Examiner’s

reasons for allowance (EX1004) noted that Baiya and Wimmer taught the first and

last elements of claim 1. Neither of them show a user’s membership used to brand

digital content so it could be used on multiple devices. Baiya describes a content

management system for a group or a business, where libraries for documents and

other media are established and authorized users are given keys to access those

libraries. Wimmer describes branding video content with an end user's personal

identity information as a deterrent against unauthorized redistribution. Thus, the

Examiner found no reference where a user’s membership was used to brand digital

content so it could be used on multiple devices. This feature, however, is clearly

present in the prior art references discussed herein.

In the Certificate of Correction, the claim language “obtained from a verified

web service” was changed to “related to a verified web service.”


15/65


- 11 -

D. Person of Ordinary Skill in the Art

One of ordinary skill in the art at time of the earliest claimed effective filing

date of the ’555 Patent (Feb. 10, 2010) would possess at least a university degree

or have equivalent professional experience related to electronics and/or software,

with some experience in digital rights management such as two years of work

experience. ( See Cherukuri Decl. (EX1009), ¶¶ 28–32, 59–61.) The claims of the

’555 Patent are directed to a DRM system used with standard computers

communicating over known network means. Thus, one of ordinary skill in the art

requires knowledge of DRM programs, generally. ( Id. , ¶ 22.)

V. CLAIM CONSTRUCTION

Claim terms of a patent in inter partes review are normally given the

“broadest reasonable construction in light of the specification.” See 37 C.F.R. §

42.100(b): see also In re Cuozzo Speed Techs., LLC, 778 F.3d 1271, 1279–81

(Fed. Cir. 2015).

The following discussion proposes constructions and support for those

constructions. Any claim terms not included in the following discussion should be

given their ordinary meaning in light of the specification, as commonly understood

by those of ordinary skill in the art. The broadest reasonable interpretation of a

claim term may be the same as or broader than the construction under the standard

set forth in Phillips v. AWH Corp, 415 F.3d 1303 (Fed. Cir. 2005), but it cannot be


16/65


- 12 -

narrower. See Facebook, Inc. v. Pramatus AV LLC , 2014 U.S. App. LEXIS 17678,

*11 (Fed. Cir. 2014). The constructions proposed below should be applied

regardless of whether the terms are interpreted under the Phillips standard or the

“broadest reasonable interpretation” standard.

There have been no claim construction orders yet in the District Court

litigations involving the ’555 Patent. There has been a joint claim construction

statement by Patent Owner and Amazon. ( See Grecia v. Amazon.com , No. 2:14–

cv–00530 (W.D. Wash. Dec. 22, 2014) (Joint claim construction statement by

Patent Owner and Amazon), and Ex. C (“ Grecia v. Amazon.com Claim

Construction” (EX1002)); see also 37 C.F.R. § 42.62 and F.R.E. 801(d)(2). See

also Cherukuri Decl. (EX1009) at ¶¶ 43–55.

A. “verified web service”Outside the claims, this term only appears once in the ’860 patent:

“The web service equipped with the API is usually a well–

known membership themed application in which the users must

use an authentic identification. Some example includes

Facebook …. Other verified web services in which real member

names are required such as the LinkedIn API and the PayPal

API …” (’555 Patent at 10:42–51, emphasis added.)

In the Grecia v. Amazon litigation, Patent Owner proposed “a web service

accessible with an authenticated credential” and Amazon proposed “a web service


17/65


- 13 -

that is used to authenticate the identity of a user or device.” See Grecia v.

Amazon.com Claim Construction (EX1002), Ex. C, p. 16. The Patent Owner term

of an “authenticated credential” does not appear in the ’860 Patent and the identical

specification of the continuation ’308 Patent, and the example is a Facebook login

name and password to authenticate the user, not authenticate the credential. Thus,

the Amazon proposal is correct: the proper construction is any web service that is

used to authenticate the identity of a user or a device, or, in other words, any web

service which verifies an identity, such as through a user name and password .

B. “metadata of the encrypted digital media”

In the Grecia v. Amazon litigation, Patent Owner proposed “data about the

digital content” and Amazon proposed “data that describes the digital content, in

the same media file as the digital content.” Id . (EX1002), Ex. C, p. 1. Petitioner

submits it is well known that metadata doesn’t just describe the digital content, and

thus Amazon’s construction is too narrow. Also, meta data is not necessarily in the

same media file. See Cherukuri Decl. ¶50. Petitioner, for the purposes of this

petition, submits the construction is data about the digital media .

C. “two way data exchange”

In the Grecia v. Amazon litigation related to the continuation ’860 Patent, a

similar term including “session” was construed (“two way data exchange session”).

Patent Owner proposed “requesting the at least one identification reference from


18/65


- 14 -

the at least one communications console and receiving the at least one

identification reference from the at least one communications console.” Amazon

proposed “transfer of information from a device to a server and from the server to

the device.” Grecia v. Amazon.com (EX1002), Ex. C, p. 19. The Patent Owner

proposal adds in other limitations from the claim and is thus too detailed, and

Amazon adds a server and device limitation. In any event, without the term

“session,” the plain meaning appears clear. Petitioner submits the construction is

an exchange of data .

VI. PROPOSED REJECTIONS SHOWING THAT PETITIONER HAS AREASONABLE LIKELIHOOD OF PREVAILING

The references addressed below anticipate and/or render obvious the claimed

subject matter, and are corroborated by the opinion in the Cherukuri Decl.

(EX1009).

A. Ground 1: Claims 1–10, 12–15, and 17–24 are unpatentable as obviousover DeMello (EX1005) and Wieder (EX1007) in view of the admittedprior art.

Grounds 1 and 2 are discussed together below in order use the same claim

charts and fit within the allowed page limits. Only independent claim 1 is

separately discussed.

B. Ground 2: Claims 1–10, 12–15, and 17–24 are unpatentable as obviousover Pestoni (EX1006) and Wieder (EX1007) in view of the admittedprior art.


19/65


- 15 -

Claim 1– DeM ell o . DeMello describes a system for delivery of electronic books or

other media. Id . at 4:41–49. A purchaser can link a book to a “persona” so that it

can be read on multiple user devices (readers) or shared with others associated

withthe same persona. The user provides PASSPORT credentials (a user ID and a

password – PASSPORT is Microsoft’s single sign–on service). An activation

server authenticates the user using the PASSPORT credentials in communication

with the PASSPORT servers. The PASSPORT ID is associated with the

purchaser’s persona and written to an activation certificate. Id . at 13: 21–35.

As shown in Fig. 4 of DeMello above, the user requests content at a retail

site 71 on the left, and there is “user authentication,” as noted below box 72. As

described below, user authentication can be performed by establishing a


20/65


- 16 -

membership using authentication credentials (e.g., Amazon.com log–on

credentials), which is a verification token. A separate HTTPS connection 70 on

the right is used to establish a connection with an Activation Site 75, where a

user’s PASSPORT ID is used to verify the user and brand the metadata of the

content.

[A] – Preamble. DeMello discloses a DRM system which monitors access to

encrypted content and facilitates interoperability between a plurality of processing

devices. The claim chart below shows the specific language from DeMello for

these limitations.

’555 Patent(emphasis

added)

Prior Art (emphasis added)

[A] 1. A methodfor monitoringaccess to anencrypteddigitalmedia , themethodfacilitatinginteroperabilitybetween a

pluralityof dataprocessingdevices , themethodcomprising:

DeMello (EX1005) “A server architecture for a digital rights management system that distributes and protects rights in content.” Id . atAbstract, ll. 1–2.

An encrypted digital media: “ “source sealed” and“individually sealed” content is encrypted.” Id . at 2:6–10.

Facilitating interoperability between a plurality of data processing devices: “The PASSPORT object 96 provides the

required interfaces into the PASSPORT.TM. servers thatauthenticate the end–users using, for example, their hotmailaccounts (or other PASSPORT credentials). In accordance withaspects of the present invention, this object advantageouslyassociates the activation certificate with a persona, insteadof a single PC , thus allowing each persona to utilize multiplereaders to read level 5 titles .” Id . at 13:17–24.


21/65


- 17 -

“activation ‘quotas’ that allow users to activate readers onmultiple devices … as well as allow them to activate newdevices as they upgrade their hardware, reformat their

hard disks, etc. Id. at 25:29–36. [B] This element (chart below) requires an encrypted digital media access

branding request (which eventually results in a metadata read/write) along with a

membership verification token [this was alleged vs. the Amazon Kindle logon, for

example] from a communications console (the user device). Patent Owner admits

the corresponding element in the continuation ’860 Patent, and the corresponding

following element [C] are shown in the prior art:

“…communicating access rights over the Internet to a

license server–the first and second steps of method claim

1 in the ‘860 patent–was well known in the digital rights

management field.” Sony v. Grecia Preliminary

Response at p. 14 (EX1003). See also p. 6, lines 6–7:

“Clearly, many prior art systems taught the verification

of a token through a GUI interface.”

Element [B] is nearly identical to the admitted prior art elements of the ’860

Patent, except a “membership” verification token is used instead of the list of

possible tokens in the ’860 Patent. That list includes items in claim 2 describing

types of membership tokens, such as a password or e–mail address. This claim

also uses “branding” instead of write, which means the same thing. Also, another

difference is that the last part of this element says “the request comprising a


22/65


- 18 -

membership verification token provided by a first user, corresponding to the

encrypted digital media.” This clearly means the request corresponds to the digital

media, since the membership verification token is not related to the media until the

branding is completed.

DeMello teaches “user authentication” and establishing a membership

relationship with a retailer (left of Fig. 4), which inherently would include

providing a token, such as a retailer password and/or email (e.g., Amazon log–on

credentials). User authentication and establishing a membership are obvious in

view of the admitted prior art. The admitted prior art steps are described in the

’555 Patent as verifying membership to a site to buy content, and DeMello recites

establishing such a membership relationship. It would be obvious to use the

verification token of the admitted prior art to establish a membership relationship.

See Cherukuri Decl. (EX1009) ¶74 and Ex. C.

[B] receiving an encrypteddigital media accessbrandingrequest from at least onecommunications console of

the plurality of data processingdevices, the branding requestbeing a read or writerequest of meta data of theencrypted digital media , therequest comprising a

The corresponding element in the ’860 Patent isadmitted prior art.

DeMello (EX1005) – Retail site (Fig. 4)

“Bookstore servers 72 may communicate withusers via web browsing software (e.g., by

providing web pages for viewing with aMICROSOFT INTERNET EXPLORER browseror a NETSCAPE NAVIGATOR browser).Through this communication [access request],

bookstore servers 72 may allow users to shop for


23/65


- 19 -

membershipverification token provided

by a first user, corresponding

to the encrypted digitalmedia ;

eBook titles, establish their membershiprelationship with the retailer [verification token],

pay for their transactions, and access proof–of

purchase pages (serve–side receipts).” Id . at 9:9– 16.

[C] As described above, the corresponding element in the ’860 Patent was

also admitted by Patent Owner to be in the prior art. The only differences is a

particular (membership) token is recited, and a token database is recited, which is

necessary to authenticate any token. DeMello shows authenticating the username

and other credentials (verification token) of this element as described in the chart

below. The authentication can be of the credit card or membership information by

the retail site (e.g., Amazon log–on). It is inherent that a database is used for such

an authentication. These all correspond to the admitted prior art.

Wieder (EX1007) describes a “usage–rights repository” 24 ( Wieder Fig. 1)

for storing “usage–rights tokens” (a token database) used for validation of user

ownership by different “experience providers” that allow custom playlists (e.g.,

Apple iTunes, Microsoft Windows Media). Wieder , 4:46–5:39; 8:24–28; 15:1–4.

The database stores the tokens which include “Token–Owner,” “Usage–Rights,”

and “Purchase–Record.” Id . at Fig. 13, 7:30–31. It is inherent in DeMello that the

credit card data are authenticated using a database of membership records of


24/65


- 20 -

customers of an online book store. It is obvious to combine DeMello with Wieder ,

which shows authenticating a “Purchase–Record” (verification token).

Because Wieder and DeMello both relate to Digital Rights Management, and

both relate to supporting multiple users or user devices, it would be obvious to

combine Wieder with DeMello to implement a database of user personas associated

with multiple user readers. Also, DeMello specifically refers to “credit card

validation” and “requiring the users to authenticate themselves,” thus referencing

the many standard ways of doing this, of which Wieder is just one example.

Because DeMello describes linking content to a PASSPORT ID instead of a device

ID, it would be obvious to add the PASSPORT ID to the token contents shown in

Fig. 13 of Wieder , thus providing a database of PASSPORT IDs. Additionally, it

would be obvious to include in the record of the database other information, such

as the username and other credentials identified in DeMello . The Wieder database

is also described as including other information, and it would be obvious to include

the other data of DeMello , and it would be obvious to do this in a single database

or multiple databases. Wieder thus shows more details of actions specifically

described in DeMello . See Cherukuri Decl. (EX1009) ¶ ¶ 75-85.

[C]authenticating themembership

The corresponding element in the ’860 Patent is admittedprior art.

DeMello (EX1005) – Retail site authentication :


25/65


- 21 -

verificationtoken, theauthentication

beingperformed inconnectionwith atokendatabase ;

“ After the buying customer has selected the titles he/she wishesto purchase and decides to complete an order, the merchant will

process the order according to their existing methods (e.g., creditcard validation , billing, etc.). This may include requiring theusers to authenticate themselves (for those which require amembership record from their customers) … ” id. at 40:23–29.] Wieder (EX1007) :“There may also be one or more usage-rights repositories (usage-rights authorities) 24 [token database]. The usage-rightrepository utilizes a common "standard for usage-rights tokens"25 so that a user's collection of compositions, represented by theset of usage-rights tokens a user acquires, may be recognized andusable with all experience-providers. Each usage-rights token may be defined to limit use to only a specific individual user or agroup of specific users (e.g., a family).” Wieder at 8:37–47.

“A secure database of all issued tokens may be maintained inthe usage-rights repository.” Id . at 14:11–12.

“Usage-Rights Representations:

In one embodiment, the token may represent a receipt ofownership or allowable usage that may be understood andvalidated by any experience-provider 26.” Id . at 15:1–4.

Token applicable to multiple devices:“In one preferred embodiment, the token may be defined to bevalid for all available (network interface-able) user-devices and their corresponding formats. This is a major convenience foruser's since they no longer need to be concerned with the detailsof user-device formats, format translations and compatibility

problems. The user is guaranteed that their token will be good foruse with all their user-devices.” Id . at 15:13–19.


26/65


- 22 -

[D] This element is establishing a connection with user communication

module which has a GUI and an API related to a verified web service (e.g.,

Facebook). Patent Owner admitted that such GUIs and APIs for verified web

services are known in the prior art:

“The web service equipped with the API is usually a

well–known membership themed application in which

the users must use an authentic identification. Some

example includes Facebook in which as a rule, membersare required to use their legal name identities. A

reference number or name with the Facebook Platform

API represents this information. Other verified web

services in which real member names are required such

as the LinkedIn API and the PayPal API and even others

could be used ….” ’555 Patent at 10:42–50

DeMello discloses the “communications console” of this element as the

reader. The reader provides access to a bookstore feature, which is the required

GUI. The user is prompted at the reader (e.g., a prompt in a GUI) to login using

PASSPORT credentials to authenticate the user at the PASSPORT server. The

reader then sends the login credentials to the PASSPORT server via the API of the

PASSPORT server to authenticate the user at the PASSPORT server. Id . at 9:6–

14; 23:6–10, 23:19–23. It is obvious that the reader in DeMello would formulate

its request according to the protocol specified by the API of the verified web


27/65


- 23 -

service (the PASSPORT server). The PASSPORT server meets the claim

construction definition of a verified web service that authenticates the identity of a

user :

“The PASSPORT object 96 provides the required

interfaces into the PASSPORT.TM. servers that

authenticate the end–users using, for example, their

hotmail accounts (or other PASSPORT credentials).” Id.

at 13:31–35, 13:54–61

The PASSPORT web service facilitates a two way data exchange session to

complete a verification process. Id . at 23:6–10, 23:19–23; 24:33–35. The data

exchange can include the activation certificate, which contains the PASSPORT ID,

and which corresponds to the “account identifier” in the list of options for the

“electronic identification reference” in element [E].

In addition to being admitted prior art, it is obvious that the browser of the

reader mentioned in DeMello includes a GUI, since browsers provide a GUI (See

Cherukuri Decl. (EX1009) Ex. C, claim 1[D]), and the ’555 Patent acknowledges

the tie of a browser to a GUI:

“a web browser … interact with the API of a remote Internet

server system as desired. A Graphic User Interface ( GUI ) can

be installed for human interaction ….” Id. at 10:30–37,

emphasis added.


28/65


- 24 -

The PASSPORT API mentioned in DeMello facilitates communication of

PASSPORT credentials for authentication between the reader and the PASSPORT

server via the activation server. The data exchange session is shown by the

exchange of the user name and password for the activation certificate. See

Cherukuri Decl. Ex. C, claim 1[D].


29/65


- 25 -

[D]establishing aconnection with

the at least onecommunicationsconsole whereinthecommunicationsconsole is acombination ofa graphic userinterface (GUI)and anApplicationProgrammableInterface (API)

protocol,wherein the APIis related to averified webservice, theverified web

service capableof facilitating atwo way dataexchange tocomplete averification

process ;

DeMello (EX1005)

“At step 150, the reader client opens into the integrated

bookstore feature and connects, via secure sockets layer (SSL) [establishing a connection], to the activation servers 94, whereusers are prompted to login using, in this example, theirPASSPORT™ credentials (step 152).” Id. at 23:5–17

“Activation Server 94 includes a PASSPORT object 96 and anactivation server ISAPI Extension DLL 98. The PASSPORTobject 96 provides the required interfaces into thePASSPORT.TM. servers that authenticate the end–users using, for example, their hotmail accounts (or otherPASSPORT credentials ).” Id. at 13:30–35.

“Once user's PASSPORT.TM. credentials are authenticated(step 156), a PASSPORT.TM. API is queried for the useralias and e–mail address (step 158).

“The secure repository executable and activation certificate arethen downloaded [two way data exchange] to the client (steps188 and 190 ).” Id. at 24:33–35.

“ Moreover, the activation server arrangement preferablyprovides a given activation certificate [two way dataexchange] (that is, an activation certificate having a particularkey pair) only after authenticating credentials (e.g., ausername and password ) associated with a persona.” Id. at2:50–54.“the PASSPORT ID is contained in the activation certificate ,…” Id. at 15:67–16:49.


30/65


- 26 -

[E] DeMello shows the “electronic identification reference,” specified as “a

verified web service account identifier” of this element is communicated by the

reader (also client or user computing device – the “communications console”).

DeMello shows sending an activation certificate (which includes the account

identifier PASSPORT ID and other identifiers) by the activation server. The data

exchange is both explicitly described and is inherent, since the activation

certificate would not be communicated unless it was requested or understood to be

requested. See Cherukuri Decl. (EX1009) ¶ 64, Ex. C, claim 1[E].

[E] requesting at leastone electronicidentification referencefrom the at least onecommunicationsconsole wherein theelectronic identificationreference comprises averifiedweb service accountidentifier of the firstuser;

DeMello (EX1005)

“At step 150, the reader client opens into the integrated bookstore feature and connects, via secure sockets layer(SSL), to the activation servers 94, where users areprompted to login [requesting] using, in this example,their PASSPORT.TM. credentials (step 152).” Id . at23:6–11.

“PASSPORT ID -The persona ID associated with theuser, which is provided by the user during activation .…” Id. at 15:65–16:51.

[F] The “identification reference” (PASSPORT ID in activation certificate)

is received from the communications console (the reader). This element is part of

element [E], since a requested element is clearly received.


31/65


- 27 -

[F] receiving theat least oneelectronic

identificationreference fromthe at least onecommunicationsconsole; and

DeMello (EX1005)

“At step 150, the reader client … connects, via secure sockets

layer (SSL), to the activation servers 94, where users areprompted to login [requesting] using, in this example, theirPASSPORT.TM. credentials (step 152).” Id . at 23:6–10.

“PASSPORT ID -The persona ID associated with the user,which is provided by the user during activation .…” Id. at 15:65–16:51.

[G] This element requires that the verification token and identification

reference be written into metadata. Patent Owner admits this was shown in the

prior art for the verification token in the ’860 Patent:

This disclosure corresponds to, for example, the first,

second, and sixth steps of claim 1 of the ‘860 patent as

illustrated in Figure 3 at 301, 303, and 305 (i.e., receiving

a write request and authentication) and 302 (i.e., writingthe verification token into the metadata). Wimmer stops

there, however, and critically lacks the third, fourth, and

fifth steps of claim 1 of the ‘860 patent ….

Sony v. Grecia Preliminary Response (EX1003) at p. 13. See also Cherukuri

Decl. (EX1009) at ¶23.

DeMello discloses the writing of the identification reference (verified web

service account identifier) to metadata in two different ways. The PASSPORT ID

(an identification reference) is part of the activation certificate, as described above,


32/65


- 28 -

and the public key of the user's activation certificate is cryptographic hashed with

meta–data. The PASSPORT ID is also written into (“stores” into) a registry ( Id . at

16:48–49), which constitutes additional metadata because it is associated with the

content. See Cherukuri Decl. ¶ 64, Ex. C, claim 1[G].

DeMello also discloses the writing of the membership verification token to

metadata. The purchaser credit card and name (a verification token) are written

into the eBook title metadata. Id . at 5:45–48. See Cherukuri Decl. at ¶ 68 and

Ex. C, claim 1[G].

[G] brandingmetadata oftheencrypteddigital media

by writingthemembershipverificationtoken and theelectronicidentificationreferenceinto the

metadata.

DeMello (EX1005)

PASSPORT ID as verification token written to metadata“… stores the PASSPORT ID in the registry [metadata] on theuser's computing device, …” Id . at 16:48–49.

“the PASSPORT ID is contained in the activation certificate , …” Id . at 15:65–16:51. “the key is a symmetric key 14A that is sealedwith a cryptographic hash of meta–data 12 or, in the case of level5 titles, with the public key of the user's activation certificate .” Id .at 6:42–45.

Purchaser name as verification token written to metadata:“An "individually sealed" title is an eBook whose meta–data includes information related to the legitimate purchaser (e.g., the

user's name or credit card number , the transaction ID …..” Id .at 5:45–48.

Claim 1– Pestoni (EX1006) . Pestoni discloses a networked system where a

user can obtain content from a content provider, which may refer the user to a


33/65


- 29 -

license server for a content license that is bound to the user’s domain membership

ID. Id . at Abstract; [0002]; [0012]. A separate domain administrator authenticates

the user, with a password, and provides the user’s device, as well as any another

other of the user’s devices, with a domain membership license to allow access to

the content based on the user’s domain membership. Id . The content license is

metadata with a domain membership ID. Id . Patent Owner admits that the

corresponding elements [B] and [C] of the ’860 Patent are in the prior art (as

discussed above). See Cherukuri Decl. (EX1009) ¶¶ 86-102 and Ex. D, claim 1.

[A] – Preamble. Pestoni discloses a method for facilitating digital–media

access rights between multiple user devices. Id . at [0013].

’555 Patent(emphasis added)

Pestoni (EX1006) (emphasis added)

[A] 1. A methodfor monitoringaccess to anencrypted digitalmedia, the methodfacilitatinginteroperability

between a plurality

of data processingdevices, themethodcomprising:

Pestoni (EX1006) :moni tori ng access to encrypted digi tal media by f aci l itatinginteroperabili ty between mul tiple devices . . .“. . . Management of a domain refers to . . . imposingrestrictions on members of the domain, including addingdevices to the domain, removing devices from the domain . ... When a device 112, 114 joins a domain, the device 112,114 is given a domain membership license . . . [that] allowsthe device to access and play back any protected content that

has been bound to that domain, as discussed in more detail below.” Pestoni at [0017]. The pieces of content provided todevices 112, 114 are typically protected . . . throughencryption . . ..” Id. at [0018].


34/65


- 30 -

[B] As noted, Patent Owner has admitted as prior art the corresponding

element, which requires an access branding request (which eventually results in a

metadata read/write) along with a membership verification token from a

communications console (the user device). Pestoni discloses this as a domain

membership license obtained with a join–domain request 220 which includes “user

credentials such as a user id and password.” Id. at [0041]. Pestoni discloses

concurrently submitting content and join–domain requests 240, 220. Id. at [0038].

The admitted prior art steps include the ’555 Patent’s verifying membership at a

site to buy content, and Pestoni recites establishing a domain membership

relationship. It would be obvious to use the verification token of the admitted prior

art to establish a membership relationship.

[B] receivingan encrypteddigital mediaaccessbrandingrequest from atleast onecommunications console of the

plurality ofdata processingdevices, the

brandingrequest being aread or writerequest of

The corresponding element in the ’860 Patent is admittedprior art.Pestoni (EX1006) : receiving an access request . . .“[0038] ….To join a domain, device 202 issues a join-domainrequest 220 to domain administrator 102.”“[0067] Device 202 communicates with content provider 104 toobtain pieces of protected content. Protected content can beobtained by device 202 before it joins a domain, after it joins a

domain, or concurrently with joining a domain. The protectedcontent is bound to a particular domain via its content license, asdiscussed in more detail below. Device 202 [apparatus withCPU] submits a content request 240 to content provider 104,requesting one or more pieces of protected content.”


35/65


- 31 -

meta data ofthe encrypted

digital media ,the request comprising amembershipverificationtoken provided

by a first user,correspondingto theencrypteddigital media ;

the access request compr ises verification data . . .In Pestoni , the request for domain membership license includes auser id and password , which constitutes “verification data” that

is “recognized by the apparatus as a verification token.” Id . at[0039], [0041].

“The join–domain request includes various parameters . . . [suchas] a device certificate, user credentials , and optionally a devicedescription.” Id . at [0039]. “The user credentials can take any ofa variety of different forms, such as a user id and password , adigital certificate attesting to the user’s identity and digitallysigned by a trust authority, and so forth.” Id . at [0041].

the branding request being a r ead or wr ite request of meta data . . .“The content license is . . . sent to the device . . . [which]maintains the content license in its content license store [210].”

Id . at [0096]; also see, id. at [0034].

[C] As noted, the corresponding element in the ’860 Patent was admitted by

Patent Owner to be in the prior art. Pestoni does a similar authentication, as in the

admitted prior art, and thus it is the part of Pestoni is admitted to be obvious. In

Pestoni , for example, the user id/password [verification token] included in the

access branding request is authenticated using domain administer 102, which

compares against stored passwords. Pestoni at [0038], [0041], [0045]. It is

obvious to combine Pestoni with the token database of Wieder , which shows

authenticating a “Purchase–Record” (verification token).

Because Wieder and Pestoni both relate to Digital Rights Management, and

both relate to supporting multiple users or user devices, it would be obvious to


36/65


- 32 -

combine Wieder with Pestoni to implement a database of user domains associated

with multiple user readers. The Wieder database is also described as including

other information, and it would be obvious to include the other data of Pestoni , and

it would be obvious to do this in a single database or multiple databases. Wieder

thus shows more details of actions specifically described in Pestoni .

[C]authenticating

themembershipverificationtoken, theauthenticationbeingperformed inconnectionwith atokendatabase ;

This element is admitted prior art Pestoni (EX1006) :

“The join–domain request includes various parameters . . . [suchas] a device certificate, user credentials, and optionally a devicedescription. Id. at [0039]. “The user credentials can take any of avariety of different forms, such as a user id and password , adigital certificate attesting to the user’s identity and digitallysigned by a trust authority, and so forth.” Id . at [0041].

“Domain request approval module 224 [of domain administrator102] obtains and verifies that the user credentials fromrequest 220 are correct . This verification can take differentforms, such as comparing a password (or hash thereof) against astored password (or hash thereof), accessing a remote service(not shown) to verify that the received password matches thereceived user id, . . . and so forth.” Id. at [0045].

Wieder (EX1007) : See element C under Ground 1, claim 1above.

Elements [D]–[F], as described under Ground 1 above, set forth using a GUI

and an API to communicate with a verified web service to request [E] and receive

[F] a “verified web service account identifier.” As described above, the use of a

GUI and an API to access a verified web service is admitted prior art. In addition,


37/65


- 33 -

since both DeMello and Pestoni were assigned to Microsoft, and both relate to very

similar digital rights systems, the use of a GUI and API discussed in DeMello

above is evidence of the common practice of Microsoft programmers in

implementing these systems.

Element [D] requires a two way data exchange session to complete a

verification process. Pestoni describes completing the verification process by

establishing a connection with “license server 106.” To do so, the user device

sends to the license server “a content license request 252” that includes “a domain

certificate,” which is verified web service account identifier. Pestoni teaches that

the license server 106 is a verified web service because the license server 106 is

accessible only with a domain ID, which can only be obtained after domain

administrator 102 authenticates the user credential, such as the user id/password.

Pestoni at [0038], [0041], [0045], [0072], [0073]. This meets the verified web

service claim construction above of any web service that authenticates the identity

of a user or a device , or, in other words, any web service which verifies an

identity, such as through a user name and password .

[D] establishing aconnection with the atleast onecommunicationsconsole wherein thecommunications

Use of GUI & API are admitted prior art.

establishing a connection with the at least onecommunications console . . .Pestoni (EX1006): “Device 202 communicates withlicense server 106 to obtain content licenses for pieces


38/65


- 34 -

console is acombination of agraphic user interface

(GUI) and anApplicationProgrammable Interface(API) protocol, whereinthe API is related to averified web service, theverified web servicecapable of facilitating atwo way data exchangeto complete a verification

process ;

of protected content . . . Device 202 sends a contentlicense request 252 . . . [that] includes various

parameters . . . [such as] a key ID, a domain ID, and a

domain certificate.” Id . at [0072].the verified web service capable of facilitating a two– way data exchange to complete a verification process;“In response to content license request 252, licenseserver 106 validates the domain certificate included inrequest 252.” Id . at [0075]. “The content license 254,

bound to domain 204, is returned to device 202. Oncedevice 202 has the content license for a piece of

protected content, content playback module 214 is ableto access the protected content ….” Id . at [0084].

Element [E] sets forth requesting a verified web service account identifier,

while Pestoni describes the device 202 sending a domain ID [verified web service

account identifier] in content license request 252. Varying which side initiates the

request for the verified web service account identifier is an obvious matter of

design choice. One of skill in the art would recognize that the License Server

could request the domain ID in response to a license request, or the device could

simply supply the domain ID as part of the request.


39/65


- 35 -

[E] requesting at least oneelectronic identification referencefrom the at least one

communications console whereinthe electronic identificationreference comprises a verified webservice account identifier of thefirst user;

Pestoni (EX1006) : “Device 202communicates with license server 106 toobtain content licenses for pieces of

protected content . . . Device 202 sends acontent license request 252 . . . [that]includes various parameters . . . [such as] akey ID, a domain ID, and a domaincertificate .” Id . at [0072].

[F] The license server 106 receives from device 202 a content license

request 252, which includes various identification references, including a key ID, a

domain ID, and a domain certificate. This element is part of element [E], since a

requested element is clearly received.

[F] receiving the atleast one electronicidentification referencefrom the at least onecommunicationsconsole; and

Pestoni (EX1006) : “Device 202 communicates withlicense server 106 to obtain content licenses for pieces of

protected content . . . [License server 106 receives fromdevice 202] . . . a content license request 252 . . . [that]includes various parameters . . . [such as] a key ID, adomain ID, and a domain certificate .” Id . at [0072].

Element [G] is shown. Pestoni shows the verified web service as License

Server 106, which requests and receives “Domain ID” and “domain certificate.”

See id. at par. 0072–74. A “content license” is generated, and bound to the domain

associated with the “Domain ID.” Id . at par. 0079–82. The content license 254,

bound to domain 204, is returned to device 202, which stores the license in content

license store 210. Once device 202 has the content license, it is able to access the

protected content. Id . at par. 0084. The content license 254, bound to domain 204


40/65


- 36 -

and stored in content license store 210 of device 202, obviously constitutes

metadata, since this is data is about the content stored in device content store 208

of the device 202. Additionally, Pestoni refers to the content metadata (par. 0071)

as including a key ID which identifies the content, which associates the content

license, which contains the domain ID, as set forth in the below claim chart.

The ’555 Patent admits in the background that it was common to store credit

card and other personal information in metadata. It would be obvious to combine

this admitted prior art with Pestoni since both relate to DRM metadata, and one of

skill in the art would recognize that metadata would have many other components.

Pestoni mentions a “join–domain request includes various parameters . . . [such

as]… user credentials,” and user credentials would obviously be personal

information as described in the admitted prior art. Id . at [0041].

Other embodiments . The “verification token” is also shown by user

credentials, such as a user id and password, a digital certificate and other

parameters in Pestoni, with the “identification reference” being shown by the

Domain ID, Domain Certificate or other parameters. Not only does the ’555

Patent say the order of steps can be different, as noted above, but Pestoni says the

same in paragraph [0097].


41/65


- 37 -

[G] brandingmetadata of theencrypted digital

media by writingthe membershipverification token andthe electronicidentificationreference into themetadata.

Admitted prior ar t’ 555 Patent Background: “DRM schemes for e-booksinclude embedding credit card information and other

personal information [membership verification token]inside the metadata area of a delivered file format ….” Id .at 3:18-20.

Pestoni (EX1006): “Content license generator 260generates a content license for the requested pieces ofcontent. The content license includes a content key, adomain ID [identification reference], usage rights, [and]verification information.” Id . at [0079].

Claim 2. Claim 2 recites a list of possible verification tokens including a

email address, password or a redeemable instrument of trade which is equated with

a credit card (’555 Patent 8:45–51) and a credit card is listed as equivalent in claim

1 of the child ’860 Patent (“payment system, credit card, … redeemable

instruments of trade,” ’860 Patent 14:47-49). DeMello shows a UserName string

that includes a credit card number for verification by the retailer, and establishing a

membership relationship that one of skill in the art would recognize to mean

providing a log-on email and password. Pestoni shows that the verification token

can take “any of a variety of different forms, such as a user id and password, a

digital certificate attesting to the user’s identity and digitally signed by a trust

authority, and so forth.” Pestoni at [0041].

’555 Patent Prior Art (Emphasis added)2. The method See claim 1, element [B] above.


42/65


- 38 -

according toclaim 1,wherein the

membershipverificationtoken is one ormore of astructuredpassword, arandompassword , e– mail address ,

paymentsystem andone or moreredeemableinstruments oftrade foraccess rightsof theencrypteddigital media.

DeMello (EX1005) “Through this communication [access request], bookstore servers

72 may allow users to shop for eBook titles, establish theirmembership relationship with the retailer [email, password], pay for their transactions, and access proof–of purchase pages(serve–side receipts).” Id . at 9:9–16.

“UserName—a string containing ,,, credit card number ….” Id. at16:16-38.

“‘[I]ndividually sealed " content includes in the rights– management data information pertinent to the rightful owner(e.g., the owner's name , credit card number, receipt number ortransaction ID for the purchase transaction, etc. [verificationtoken]), such that this information cannot be removed from aworking copy of the content. . . .” Id. at 2:12–17.

Pestoni (EX1006) “The join–domain request includes various parameters . . . [suchas] a device certificate, user credentials, and optionally a devicedescription.” Pestoni at [0039]. “The user credentials can take any

of a variety of different forms, such as a user id and password, adigital certificate attesting to the user’s identity and digitallysigned by a trust authority, and so forth.” Id . at [0041].

Claims 3–6 . Claim 3 is directed to a second user, who is validated by a

membership web service. This is shown by DeMello’s PASSPORT membership

service and Pestoni’s domain membership, which both provide for validating

multiple members. See also Cherukuri Decl. (EX1009) Exhibits C & D.

Claim 4 is directed to users (e.g., a first user and a second user), who are

granted with access rights based on verification of the membership verification


43/65


- 39 -

token by a content provider (e.g., a bookstore). Claim 4 merely recites the

verification function of the verification token shown above by DeMello and

Pestoni with respect to claim 1.

Claim 5 says digital media is shared among multiple users with membership

status, similar to claim 3, but depending from claim 1, and is also shown by

DeMello and Pestoni . The validation of the membership is done in DeMello by

authenticating the user. Pestoni similarly shows a validated domain.

Claim 6 sets forth that the users can be humans or computerized

mechanisms in a network, which is met by the “user” of DeMello and Pestoni . The

’555 Patent doesn’t describe any separate network of users, just the cloud/internet,

which is also shown in the below quoted sections of DeMello & Pestoni . Thus,

claims 2–6 are separately invalid as obvious over both DeMello and Pestoni .

’555 Patent Prior Art (Emphasis added)3. The method according toclaim 1, wherein the brandingrequest being a request fromthe first user through a data

processing device of the plurality of data processingdevices, the first useracquiring access rights to theencrypted digital media;

or wherein the brandingrequest being a request fromone or more secondary users

DeMello (EX1005) “Thus, a user is unlikely to share his PASSPORTID and password with a large group of people,thereby ensuring that the persona to which areader is activated is genuinely associated with a particular user (or, possibly, a family thatshares a single PASSPORT account ).” Id . at13:49–54.

“The PASSPORT object 96 … authenticate theend–users using, for example, their hotmailaccounts (or other PASSPORT credentials.” Id . at13:30–35.


44/65


- 40 -

connected to the first user, theone or more secondary userscomprising one or more of

human beings or programmedcomputerized mechanisms innetwork of the first user;

wherein the one or moresecondary users are validatedby a membership webservice .

Pestoni (EX1006)“[0016] Each domain 108 is associated with a

particular user or group of users [secondaryusers].” Presoni at [0016]. “The user can haveeach device that he or she owns join his or herdomain …. Alternatively, domain administratorcould employ a domain policy that allowsmultiple users [secondary users] to share adomain ….” Id. at [0041].

Claim 7. This claim simply refers to an ID of the media being cross

referenced to the user (token) in a database. It is obvious to link purchased media

to the purchaser. DeMello describes a bookstore database with book IDs that are

inherently associated with user membership information (verification token) during

a book purchase.

Wieder (EX1007) describes a “usage–rights repository” 24 database that

stores the tokens which include “Token–Owner,” “Usage–Rights,” and “Purchase–

Record.” Id . at Fig. 13, 7:30–31. Thus, DeMello in combination with Wieder

teaches the limitations of claim 7. It is obvious to combine to provide the extra

items in the database listed in Wieder .

Pestoni discloses that the digital media is associated with domain

membership license ( Pestoni at 0049) and that the domain membership license is

cross referenced with user details such as user credentials. Pestoni at 0102.


45/65


- 41 -

Pestoni also discloses that the domain membership license is stored in Domain

license store, i.e., a database. Pestoni at 0034. In addition, one of skill in the art

would recognize that the user identity would be linked to the user credentials and

stored in a database. It would also be obvious to combine Pestoni with Wieder for

the reasons set forth above.

’555 Patent Prior Art (Emphasis added)7. The methodaccording toclaim 1,wherein theencrypteddigital mediais associatedwith anidentifierstored in a

database, theidentifier being cross– referencedwith acorrespondingtoken from alist ofassociatedtokens storedin the tokendatabase forverification.

DeMello (EX1005)

See claim 1, element [C] .

“A bookstore (retailer) database is populated with the Book IDs[identifier] generated by a tool for managing the LIT files of a

particular content provider's data center.” Id. at 28:34-36.

“It will be recalled that individualized titles (e.g., level 3 and level5) incorporate the user's name [verification token] into the LITfile and bind [cross-reference] that name to the decryption key, sothat the origin of unauthorized distribution of content can bedetected. Id. at 16:16-38.

Pestoni (EX1006)“Domain membership license 300 includes a device ID 302, adomain ID 304 [identifier], a domain private key 306, a domaincertificate 308, an integrity verification value 310, a certificaterevocation list 312, and a rights list 314 [digital media].” Id . at0049.

“[0080] …. The domain ID is the identifier of the domain towhich the content is to be bound, as identified by the domain IDin request 252. The usage rights describe the rights that are beinglicensed to device 202.”“A user [token] is associated with a particular domain, and eachof the user's media playback devices communicates with adomain administrator to obtain a domain membership license.”


46/65


- 42 -

Id . at 0012.“Content license generator 260 generates a content license for therequested pieces of content [digital media]. The content license

includes [cross-referenced] a content key, a domain ID [identifier], usage rights, verification information ….” Id . at[0079].

Claim 8 recites a list of possible digital media including a video file, audio

file, etc. which are explicitly described in both DeMello and Pestoni .

’555 Patent Prior Art (Emphasis added)8. The methodaccording to claim 1,wherein the encrypteddigital media is one ofa video file , audio file ,container format,document, metadata aspart of video gamesoftware and othercomputer basedapparatus in which

processed data isfacilitated.

DeMello (EX1005)

“A preferred embodiment of the invention is described,which is directed to the processing and delivery ofelectronic books, however, the invention is not limitedto electronic books and may include all digital contentsuch as video , audio , software executables , data , etc.”4:43–49.

Pestoni (EX1006) “The digital media can be any of a variety of types ofcontent, such as audio content , movie content, imagecontent, textual content, graphics content, and so forth,as well as combinations of one or more of thesedifferent types of content.” Pestoni at [0015].

Claim 9 recites that the “electronic identification reference” of claim 1 is a

“key file.” Claim 1 specifies that the “electronic identification reference” is a

“verified web service identifier.” Thus, the “key file” is either the “verified web

service identifier” already shown above, or a version encrypted with a key, which

is also shown. The claim further says that the key file is uploaded by at least one


47/65


- 43 -

communications console for branding encrypted digital media for giving access to

the encrypted digital media. This is shown by DeMello’s PASSPORT membership

service which exchanges an activation certificate including a key and a Passport ID

for credentials to authenticate a user at a reader. The reader stores [uploads] the

Passport ID to the registry on the reader. The activation certificate includes a key

which is used to protect the content (e.g., a key stored in an electronic Book file)

and to later enable the reader to open protected content. This is also shown by

Pestoni , which discloses that binding can be achieved by encrypting at least a

portion of the content license (e.g., at least the content key) with the public key

provided from the device 202 via request 252. Pestoni at [0082].


48/65


- 44 -

’555 Patent Prior Art (emphasis added)9. Themethod

according toclaim 1,wherein theelectronicidentificationreference is akey file , thekey file

beinguploaded bythe at leastonecommunications consolefor brandingtheencrypteddigitalmedia;

therebygiving accessto theencrypteddigitalmedia.

See claim 1, element [G] above.

DeMello (EX1005) “In a preferred embodiment, the key is a symmetric key 14A that issealed with a cryptographic hash of meta–data 12 or, in the case oflevel 5 titles, with the public key of the user's activationcertificate . This key is stored either as a separate stream in asub–storage section of the eBook file (DRM Storage 14 in thediagram) or, in the case of level 5 titles, in the license.” Id. at 6:42– 48.

“In one example, the “data” includes an activation certificate havinga public key and an encrypted private key , and the "code" is a

program ( e.g., a "secure repository") that accesses the private key inthe activation certificate by applying, in a secure manner, the keynecessary to decrypt the encrypted private key.” Id. at 2:35–40.

Pestoni (EX1006) “Domain binding encryption module 258 binds the content licensegenerated by content license generator 260 to the domain identifiedin request 252. This binding can be achieved in different manners.

In one or more embodiments, this binding is achieved byencrypting at least a portion of the content license (e.g., at least thecontent key) with the public key [key file] of the domain identifiedin request 252. The public key of the domain identified in request252 is included in request 252. Pestoni at [0082].

Claim 10. This claim spells out that the branding request of claim 1 is an

access request with a verification token and a rights token (which is a flag). This

claim also recites standard components of a system including a combination of

memory, CPU, server, database, and cloud system, all of which are disclosed by


49/65


- 45 -

DeMello. This claim simply recites more details of an element the Patent Owner

admitted element is shown in the prior art as discussed above.

DeMello describes the rights token/flag by the “establish their membership

relationship with the retailer … and access proof-of purchase pages (serve-side

receipts) [rights token].” One of skill in the art would recognize that it is obvious to

provide proof-of purchase only if the membership relationship is first successfully

implemented. Pestoni similarly shows authenticating a domain membership as

discussed above. Based on DeMello and Pestoni and the admitted prior art, it

would be obvious to send a verification token of the admitted prior art along with a

rights token (indicating that the verification token is successfully verified) in an

access request to establish a membership relationship. See Cherukuri Decl.

(EX1009) Exs. C & D, claim 10.


50/65


- 46 -

’555 Patent Prior Art (emphasis added)10. The method of claim 1,wherein the method facilitates

access rights authenticationfor the encrypted digitalmedia, the branding request isan access request, andwherein the read or writerequest of metadata is

performed in connection witha combination of a memory,CPU, server, database, andcloud system; the accessrequest is generated by eithera human user, a machine, or ahuman programmedcomputerized device; theaccess request furthercomprises a membershipverification token and a rightstoken wherein the rightstoken is a flag indicating the

verification token issuccessfully verified.

See claim 1, elements [A] and [B] above.

DeMello (EX1005)

“As shown in FIG. 2, an exemplary system forimplementing the invention includes a general

purpose computing device in the form of aconventional personal computer or network server 20 or the like, including a processing unit [CPU]21, a system memory 22 ….” Id. at 7:14-18.

a cloud system : “…communications over thewide area network 52, such as the Internet .” Id .at 8:24–25. [Internet=cloud]

“Through this communication, bookstoreservers 72 may allow users to shop for eBooktitles, establish their membership relationship withthe retailer, pay for their transactions, and access

proof-of purchase pages (serve-side receipts)[rights token flag].” Id. at 9:9-16.]

Pestoni (EX1006) : See claim 1, element [B]

Claim 12 . This claim is nearly identical to claim 1, converting method

references to a system. The one addition is that the system works as a “front–end

agent.” The term “front–end agent” only appears in claim 9. There is one relevant

use of “front–end” in the body of the ’555 Patent: “As explained earlier, the system

we will discuss will work as a front–end to encrypted files as an authorization

agent for decrypted access.” ’555 Patent, 5:37–39. The term “front–end” is also

used to describe the user GUI, which is a different use. Id ., 11:10–11. DeMello


51/65


- 47 -

describes the activation process being on “front–end activation servers,” and thus

shows this.

Pestoni also shows a system accessed over the Internet, and Pestoni

discloses that the devices can interact with the domain management system

directly; that is, as a front–end agent. See Cherukuri Decl. (EX1009) ¶¶86–102 &

Ex. D, claim 9.

’555 Patent Prior Art (Emphasis added)Marked to showadditions and[deletions] comparedto claim 1.[A] [1] 12. A system[method] for monitoringaccess to an encrypteddigital media, thesystem [method]

facilitatinginteroperability betweena plurality of data

processing devices,

[A1] the systemworking as a front–endagent for access rightsauthorization between a

plurality of data

processing devices, thesystem [method]comprising:

See claim 1, element [A] above.

[A1] DeMello (EX1005) “ The activation server ISAPI Extension DLL 98 carriesout tasks associated with the activation process on thefront–end activation servers ,… . Id. at 13:62–64.

“Fully individualized’ content …cannot be accessed inthe absence of a "activation certificate," which areissued by the activation server…. Id . at 2:22–28.

“Moreover, the activation server arrangement preferably provides a given activation certificate (that is,an activation certificate having a particular key pair)only after authenticating credentials (e.g., a usernameand password) associated with a persona.” Id . at 2:50– 54.

Pestoni (EX1006)“In accordance with one or more aspects, a device

accesses a domain administrator in order to obtain adomain membership license.” Pestoni at [0003].


52/65


- 48 -

Elements [B]–[G] are the same as claim 1 except as indicated by underlining

below.

[B] a first receipt module, the first receipt module receiving anencrypted digital media access branding request … ;

See claim 1,element [B] above

[C] an authentication module, the authentication moduleauthenticating the membership verification token … ;

See claim 1,element [C] above.

[D] a connection module, the connection module establishing aconnection …;

See claim 1,element [D]

above.[E] a request module, the request module requesting the at least oneidentification reference …;

See claim 1,element [E] above.

[F] a secondary receipt module, the secondary receipt modulereceiving the at least one identification reference … ; and

See claim 1,element [F] above.

[G] a branding module, the branding module writing at least one ofthe verification token or the identification reference into the

metadata.

See claim 1,element [G]

above.


references to a system, and is invalid for the same reasons.

’555 Patent Prior ArtMarked to show additions and [deletions] compared to claim 8. [8] 13. The system [method] according to claim 12 [1], wherein theencrypted digital media is …. ;

See claim 8.


53/65


- 49 -


references to a system, and changing “key file” to “key certificate file.” Claim 14

is invalid for the same reasons as claim 9.

’555 Patent Prior ArtMarked to show additions and [deletions] compared to claim 9. [9] 14. The system [method] according to claim [1] 12, wherein theelectronic identification reference is a key certificate file, the keycertificate file being uploaded by the at least one communicationsconsole for branding the encrypted digital media; thereby giving

access to the encrypted digital media

See claim 9.

Claim 15 . This is a program code claim corresponding to method claim 1,

converting method references of claim 1 to a program code for use with a

computer, where the computer program product comprises a non–transitory

computer usable medium having a computer readable program code stored therein

for performing the elements of claim 1. Elements [B]–[G] are the same as claim 1.

’555 Patent Prior ArtMarked to show additions and [deletions] compared to claim 1.[A] [1] 15. A [method] computer program product for use with acomputer, the computer program product comprising a non– transitory computer usable medium having a computer readable

program code stored therein for monitoring access to an encrypted

digital media, the method facilitating interoperability between a plurality of data processing devices, the computer program product performing the steps of [method comprising]:

See claim 1,element [A]above.

[B] receiving an encrypted digital media access branding request… ;

See claim 1,element [B].

[C] authenticating the membership verification token … ; See claim 1,element [C].


54/65


- 50 -

[D] establishing a connection …; See claim 1,element [D].

[E] requesting the at least one identification reference …; See claim 1,

element [E].[F] receiving the at least one identification reference … ; and See claim 1,

element [F].[G] writing at least one of the verification token or theidentification reference into the metadata.

See claim 1,element [G].


references to a computer program product, and is invalid for the same reasons.

’555 Patent Prior ArtMarked to show additions and [deletions] compared to claim 10. [10] 17. The [method] computer program product of claim [1] 15, …;

See claim10.

Claims 18–22 . These claims recite language similarly recited in claims 3–6,

respectively as shown below, with the method references converted to a computer

program product in each of the claims. Thus, each of claims 18–22 are invalid for

the same reasons as each of claims 3–6, respectively.

Claims 18 and 19 include a combination of the subject matter of claim 3,

reciting language similarly recited in claim 3. The method references are

converted to a computer program product in claims 18 and 19, and are invalid for

the same reasons as claim 3.


55/65


- 51 -

’555 Patent Prior ArtMarked to show additions and [deletions] compared to claim 3. [3] 18. The [method] computer program product according to

unified patents inc. v. william grecia, ipr2016-00789, paper 1 (ptab mar. 22, 2016)

Documents