Unified Patents v. Grecia, IPR2016-00600,

7/24/2019 Unified Patents v. Grecia, IPR2016-00600,

1/65

IPR2016-00600 Petition

U.S. Patent 8,533,860

i

DOCKET NO.: 098173-0966641

Filed on behalf of Unified Patents Inc.

By: Paul C. Haughey, Reg. No. 31,836

Scott Kolassa, Reg. No. 55,337Kilpatrick Townsend & Stockton LLP

Two Embarcadero Center, Eighth Floor

San Francisco, CA 94111-3834

Tel: (415) 576-0200

Email: [email protected]

Jonathan Stroud, Reg. No. 72,518

Unified Patents Inc.

1875 Connecticut Av. NW, Floor 10

Washington D.C., 20009Tel: (202) 805-8931

Email: [email protected]

UNITED STATES PATENT AND TRADEMARK OFFICE

BEFORE THE PATENT TRIAL AND APPEAL BOARD

UNIFIED PATENTS INC.

Petitioner

v.

WILLIAM GRECIA

Patent Owner

IPR 2016-00600

Patent 8,533,860

PETITION FOR I NTER PARTESREVIEW OF

U.S. PATENT NO. 8,533,860

CHALLENGING CLAIMS 130

UNDER 35 U.S.C. 312 AND 37 C.F.R. 42.104


2/65


U.S. Patent 8,533,860

i

TABLE OF CONTENTS

I. MANDATORY NOTICES ........................................................................ - 1 -

A.

Real Party-in-Interest ....................................................................... - 1 -

B. Related Matters ................................................................................. - 1 -

C. Counsels ........................................................................................... - 2 -

D. Service Information, Email, Hand Delivery, and Postal .................. - 2 -

II. CERTIFICATION OF GROUNDS FOR STANDING ............................. - 2 -

III. OVERVIEW OF CHALLENGE AND RELIEF REQUESTED ............... - 2 -

A. Prior Art Patents and Printed Publications ....................................... - 3 -

1. U.S. Patent No. 6,891,953 (filed on June 27, 2000 and

issued on May 10, 2005) (DeMello (EX1006)), which

is prior art under 35 U.S.C. 102(b). .................................... - 3 -

2. U.S. Pub. No. 2008/0313264 (filed on Jun. 12, 2007 and

published on Dec. 18, 2008) (Pestoni (EX1007)),

which is prior art under 35 U.S.C. 102(b). ......................... - 3 -

3. U.S. Pat. 6,385,596 (filed Feb. 6, 1998 and issued May 7,

2002) (Wiser (EX1008)), which is prior art under 35

U.S.C. 102(b). Wiser is cited for the customization

module of claims 2130 and the royalty scheme of

claim 26. ................................................................................. - 3 -

4. U.S. Pub. No. 20090037388 (filed Aug. 1, 2008 and was

published Feb. 5, 2009) (Cooper (EX1009)), which is

prior art under 35 U.S.C. 102(b). Cooper is cited for the

remote operation of claim 17. ................................................ - 3 -

B. Grounds for Challenge ..................................................................... - 4 -

IV. OVERVIEW OF THE 860 PATENT ....................................................... - 4 -

A. Priority Date of the 860 Patent........................................................ - 4 -


3/65


U.S. Patent 8,533,860

ii

B. Summary of the 860 Patent ............................................................. - 5 -

C. Summary of Relevant Prosecution File History ............................ - 10 -

D.

Person of Ordinary Skill in the Art ................................................ - 11 -

V. CLAIM CONSTRUCTION ..................................................................... - 11 -

A. verified web service .................................................................... - 12 -

B. metadata of the digital content .................................................... - 13 -

C. two way data exchange session .................................................. - 13 -

D. a verification token corresponding to the digital content ..... - 14 -

VI. PROPOSED REJECTIONS SHOWING THAT PETITIONER HAS A

REASONABLE LIKELIHOOD OF PREVAILING ............................... - 15 -

A. Ground 1: Claims 120 are unpatentable as obvious over

DeMello (EX1006) in view of the admitted prior art. .................... - 15 -

B. Ground 2: Claims 120 are unpatentable as obvious over

Pestoni(EX1007) in view of the admitted prior art. ...................... - 15 -

C.

Ground 3: Claims 21-30 are unpatentable overDeMello(EX1006) in combination with Wiser(EX1008). .......................... - 48 -

D. Ground 4: Claims 21-30 are unpatentable overPestoniin

combination with Wiser(EX1008). ............................................... - 48 -

E. Ground 5: Claims 17 and 30 are unpatentable overDeMello

(EX1006)in combination with Wiser (EX1008) and Cooper

(EX1009)........................................................................................ - 58 -

VII.

CONCLUSION ......................................................................................... - 60 -


4/65


U.S. Patent 8,533,860

iii

EXHIBIT LIST

Exhibit No. Description

1001 U.S. Patent No. 8,533,860 to Grecia.



1004 Grecia v. Amazon.com, No. 2:14-cv-00530(W.D. Wash. Dec.

22, 2014) (Joint claim construction statement by Patent Owner

and Amazon), and Ex. C

1005 Sony Network Entertainment Intl v. Grecia, IPR2015-00422,Preliminary Response (PTAB Mar. 11, 2015)

1006 U.S. Patent No. 6,891,953 to DeMello et al., Prior Art under 35

U.S.C. 102(b)

1007 U.S. Pub. No. 20080313264 to Pestoni, Prior Art under 35

U.S.C. 102(b)

1008 U.S. Pat. 6,385,596 to Wiser, Prior Art under 35 U.S.C. 102(b)

1009 U.S. Pub. No. 20090037388 to Cooper, Prior Art under 35

U.S.C. 102(b)

1010 Declaration of Ravi S. Cherukuri & Exhibits AD

1011 Unified Patents Inc. Voluntary Interrogatories


5/65


U.S. Patent 8,533,860

- 1 -

I. MANDATORY NOTICES

A. Real Party-in-Interest

Pursuant to 37 C.F.R. 42.8(b)(1), Petitioner certifies that Unified is the real

party-in-interest, and further certifies that no other party exercised control or could

exercise control over Unifieds participation in this proceeding, the filing of this

petition, or the conduct of any ensuing trial. SeeUnified Patents Inc. Voluntary

Interrogatories (EX1011).

B.

Related Matters

U.S. Patent No. 8,533,860 ( 860 Patent (EX1001)) has a parent U.S.

Patent No. 8,402,555 ( 555 Patent (EX1002)) and a continuation U.S. Patent No.

8,887,308 ( 308 Patent (EX1003). On Dec. 6, 2013 Grecia sued Microsoft,

Google, Sony Network Entertainment International and Apple for infringement of

the 860 Patent. Between Feb. 20, 2014 and Nov. 30, 2015, Grecia has sued the

following for infringement of different combinations of the three patents: Adobe

Systems, American Express, Visa, MasterCard, Charter Communications, Time

Warner Cable, AT&T Services, DirecTV, WideOpenWest Finance, RCN Telecom

Services, Network L.C.C., Charter Communications, Time Warner Cable,

Comcast, DISH Network, Amazon.com, Samsung Telecommunications America

and Vudu.


6/65


U.S. Patent 8,533,860

- 2 -

A petition for inter partes review was filed by Sony Network Entertainment

International LLC, IPR2015-00422, on December 14, 2014, but was dismissed

prior to institution at the request of the parties.

C.

Counsels

Lead Counsel for Petitioner is Paul C. Haughey (Reg. No. 31,836), of

Kilpatrick Townsend & Stockton LLP. Back-up Counsel is Jonathan Stroud (Reg.

No. 72,518), of Unified, and Scott E. Kolassa (Reg. No. 55,337), of Kilpatrick

Townsend & Stockton LLP.

D.

Service Information, Email, Hand Delivery, and Postal

Unified consents to electronic service at

[email protected], [email protected], and

[email protected].

II. CERTIFICATION OF GROUNDS FOR STANDING

Petitioner certifies pursuant to Rule 42.104(a) that the patent for which

review is sought is available for inter partes review and that Petitioner is not

barred or estopped from requesting and inter partes review challenging the patent

claims on the grounds identified in this Petition.

III.

OVERVIEW OF CHALLENGE AND RELIEF REQUESTED

Pursuant to Rules 42.22(a)(1) and 42.104(b(1)-(2), Petitioner challenges

claims 1-30 of the 860 Patent.


7/65


U.S. Patent 8,533,860

- 3 -

A. Prior Art Patents and Printed Publications

The following references are pertinent to the grounds of unpatentability

explained below:1

1.

U.S. Patent No. 6,891,953 (filed on June 27, 2000 and issued on May 10,

2005) (DeMello (EX1006)), which is prior art under 35 U.S.C. 102(b).

2. U.S. Pub. No. 2008/0313264 (filed on Jun. 12, 2007 and published on Dec.

18, 2008) (Pestoni (EX1007)), which is prior art under 35 U.S.C.

102(b).

3. U.S. Pat. 6,385,596 (filed Feb. 6, 1998 and issued May 7, 2002) (Wiser

(EX1008)), which is prior art under 35 U.S.C. 102(b). Wiser is cited for

the customization module of claims 2130 and the royalty scheme of

claim 26.

4. U.S. Pub. No. 20090037388 (filed Aug. 1, 2008 and was published Feb. 5,

2009) (Cooper (EX1009)), which is prior art under 35 U.S.C. 102(b).

Cooper is cited for the remote operation of claim 17.

1The 860 Patent issued from a patent application filed prior to enactment of

the America Invents Act (AIA). Accordingly, pre-AIA statutory framework

applies.


8/65


U.S. Patent 8,533,860

- 4 -

B. Grounds for Challenge

This Petition, supported by the declaration of Ravi S. Cherukuri (Cherukuri

Decl.) (EX1010) requests cancellation of challenged claims 130 of the 860

Patent as unpatentable under 35 U.S.C. 103. Two main references are used, with

additional references for dependent claims.

IV.

OVERVIEW OF THE 860 PATENT

A.

Priority Date of the 860 Patent

The 860 Patent is a continuation of Application No. 13/397,517, filed on

February 15, 2012, now Patent 8,402,555 (the 555 Patent), which is a

continuation of Application Number 12/985,351, filed on January 6, 2011, which is

a continuation of Application Number 12/728,218, filed on March 21, 2010, which

is now abandoned. Although not listed on the 860 Patent or Certificate of

Correction, in the November 27, 2012 response in the prosecution history of the

555 Patent, the Patent Owner claimed priority to his Provisional Application

Number 61/303,292 (filed Feb. 10, 2010) to swear behind U.S. Pre-Grant

Publication Number 2011/0288946 toBaiya. Petitioner does not believe the 860

Patent is entitled to the February 10, 2010 priority date, but assumes that is the

effective date for the purposes of this petition, since all the prior art presented here

has an effective date of more than a year earlier than this date.


9/65


U.S. Patent 8,533,860

- 5 -

B. Summary of the 860 Patent

The 860 Patent is directed to Digital Rights Management (DRM). The prior

art was alleged to tie media to a particular user or limited number of devices:

The current metadata writable DRM measures do not offer a

way to provide unlimited interoperability between different

machines. Therefore, a solution is needed to give consumers the

unlimited interoperability between devices . . . .

860 Patent (EX1001) at 2:13:7.

DRM schemes for e-books include embedding credit card

information and other personal information inside the metadata

area of a delivered file format and restricting the compatibility

of the file with a limited number of reader devices and

computer applications.

Id. at 2:1822. The alleged innovation of the 860 Patent is to obtain a

membership identification reference (e.g., Facebook ID) from a website providing

membership and write it into the metadata of the media. This allows anyone with

the membership reference ID to access the media on any device. The claim

elements of claim 1 and the other challenged claims correspond to the steps of

Figure 6 of the 860 Patent, copied below:


10/65


U.S. Patent 8,533,860

- 6 -

Claim 1 of the 860 Patent includes many alternative limitations, and is

summarized below with the letters corresponding to the elements in the claim

charts below, and the numbers corresponding to Fig. 6 above:

[A] Preamble: Authorizing access to plural data processing devices (multiple

user devices) using a cloud (Internet).

[B] (602) Receive user request, with verification token, for content access.

[C] (604) The verification token is authenticated. The claims of the parent 555


11/65


U.S. Patent 8,533,860

- 7 -

Patent limited step 604 to a membership verification token (e.g., Amazon

password), while the claims of the 860 Patent list a variety of tokens. Patent

Owner admits that steps B and C are in the prior art (as discussed below).

[D] (606) Establish a connection with user communication module (module

is a GUI and API related to a web service)

[E] (608) An identification reference (e.g., Facebook login) is requested

from the user.

[F] (610) The identification reference is received.

[G] (612) The verification token or identification reference is written into the

content metadata. Patent Owner admits this step is in the prior art.

Patent Owner has suggested that the particular order set forth above is

required, and that all corresponding 6 modules of Figure 1 must be present and

separate. SeeSony Network Entertainment Intl v. Grecia, IPR2015-00422 at 34,

1718 (PTAB Mar. 11, 2015) (Preliminary Response) (Sony v. Grecia

Preliminary Response (EX1005)). However, the Provisional Application never

mentioned the word module as used in the claims, and did not have the module

diagram of Fig. 1. The module term was added to described method steps in

claim 9, and the order of the method steps (claim 1) is described in the 860 Patent

as not limiting:


12/65


U.S. Patent 8,533,860

- 8 -

In this document, relational terms such as `first` and

second`, and the like may be used solely to distinguish

one entity or action from another entity or action withoutnecessarily requiring or implying any actual such

relationship or order between such entities or actions.

860 Patent (EX1001), at 4:6064. Figure 3 of the 860 Patent, copied below,

shows an embodiment where a user obtains content using GUI 301 on the left,

using a verification token that is authenticated (a membership verification

token in the 555 Patent claims, but a list of options in the 860 Patent claims).

This corresponds to the first two steps, 602 and 603, which are admitted prior art.

Note the same described system performs both steps. Then, the user uses GUI 307

on the right to contact a verified web service (e.g., Facebook) to verify the user

using an electronic ID (e.g., Facebook login). The same system performs the last

three steps.


13/65


U.S. Patent 8,533,860

- 9 -

Petitioner notes that the term excelsior enabler as used in the specification

simply means user. Patent Owner characterized it as follows: authorized users

(excelsior enablers). June 12, 2012 response to office action. The term enabler

was also originally in the parent 555 Patent claims, but was replaced with user.

Excelsior refers to the main, or first user: [T]he excelsior enabler and secondary

enablers defined comprises human beings or computerized mechanisms

programmed to process steps of the invention as would normally be done manually

by a human being. 860 Patent (EX1001), at 5:1216.


14/65


U.S. Patent 8,533,860

- 10 -

C. Summary of Relevant Prosecution File History

The claims in the parent 555 Patent were originally rejected as obvious

under 103 over U.S. Pre-Grant Publication Number 2011/0288946 to Baiya

(Baiya) in view of U.S. Patent 7,526,650 to Wimmer (Wimmer). The

Examiners reasons for allowance noted that Baiya and Wimmer taught the first

two elements of the claims, which correspond to the first two elements of the 860

Patent claims. The 860 Patent was allowed after an Examiners Amendment and

no rejection, and the reasons for allowance listed Baiyaand Wimmeras the closest

prior art. Neither of the references show a users membership used to brand digital

content so it could be used on multiple devices. Baiya describes a content

management system for a group or a business, where libraries for documents and

other media are established and authorized users are given keys to access those

libraries. Wimmer describes branding video content with an end user's personal

identity information as a deterrent against unauthorized redistribution. Thus, the

Examiner found no reference where a users membership was used to brand digital

content so it could be used on multiple devices. The prior art references discussed

herein, however, clearly teach this feature.

In the Certificate of Correction, the claim language obtained from a verified

web service was changed to related to a verified web service.


15/65


U.S. Patent 8,533,860

- 11 -

D. Person of Ordinary Skill in the Art

One of ordinary skill in the art at time of the earliest claimed effective filing

date of the 860 Patent (Feb. 10, 2010) would possess at least a university degree

or have equivalent professional experience related to electronics and/or software,

with some experience in digital rights management such as two years of work

experience. See Cherukuri Decl. (EX1010), at 2832, 5859. The claims of the

860 Patent are directed to a DRM system used with standard computers

communicating over known network means. Thus, one of ordinary skill in the art

requires knowledge of DRM programs, generally. Id.at 22.

V.

CLAIM CONSTRUCTION

Claim terms of a patent in inter partes review are normally given the

broadest reasonable construction in light of the specification. See 37 C.F.R.

42.100(b): see also In re Cuozzo Speed Techs., LLC, 778 F.3d 1271, 1279-81

(Fed. Cir. 2015).

The following discussion proposes constructions and support for those

constructions. Any claim terms not included in the following discussion should be

given their ordinary meaning in light of the specification, as commonly understood

by those of ordinary skill in the art. The broadest reasonable interpretation of a

claim term may be the same as or broader than the construction under the standard

set forth inPhillips v. AWH Corp, 415 F.3d 1303 (Fed. Cir. 2005), but it cannot be


16/65


U.S. Patent 8,533,860

- 12 -

narrower. See Facebook, Inc. v. Pramatus AV LLC, 2014 U.S. App. LEXIS 17678,

*11 (Fed. Cir. 2014). The constructions proposed below should be applied

regardless of whether the terms are interpreted under the Phillipsstandard or the

broadest reasonable interpretation standard.

There have been no claim construction orders yet in the District Court

litigations involving the 860 Patent. There has been a joint claim construction

statement by Patent Owner and Amazon. SeeGrecia v. Amazon.com, No. 2:14-cv-

00530(W.D. Wash. Dec. 22, 2014) (Joint claim construction statement by Patent

Owner and Amazon), and Ex. C (EX1004); see also 37 C.F.R. 42.62 and F.R.E.

801(d)(2). See also SeeCherukuri Decl. (EX1010) at 4254.

A.

verified web service

Outside the claims, this term only appears once in the 860 patent:

The web service equipped with the API is usually a well-known

membership themed application in which the users must use an

authentic identification. Some example includes Facebook .

Other verif ied web services in which real member names are

required such as the LinkedIn API and the PayPal API

860 Patent (EX1001) at 10:4151 (emphasis added). In the Grecia v. Amazon

litigation, Patent Owner proposed a web service accessible with an authenticated

credential and Amazon proposed a web service that is used to authenticate the


17/65


U.S. Patent 8,533,860

- 13 -

identity of a user or device. Grecia v. Amazon.com, Ex. C at 16 (EX1004). The

Patent Owner term of an authenticated credential does not appear in the 860

Patent, and the example is a Facebook login name and password to authenticate the

user, not authenticate the credential. Thus, the Amazon proposal is correct: the

proper construction is any web service that is used to authenticate the identity of a

user or a device.

B.

metadata of the digital content

In the Grecia v. Amazonlitigation, Patent Owner proposed data about the

digital content and Amazon proposed data that describes the digital content, in

the same media file as the digital content. Id. (EX1004), Ex. C at 16. Petitioner

submits it is well known that metadata doesnt just describe the digital content, and

thus Amazons construction is too narrow. Also, meta data is not necessarily in the

same media file. SeeCherukuri Decl. (EX1010) at 4748. Petitioner, for the

purposes of this petition, submits the construction is data about the digital content.

C. two way data exchange session

In the Grecia v. Amazonlitigation, Patent Owner proposed requesting the at

least one identification reference from the at least one communications console and

receiving the at least one identification reference from the at least one

communications console. Amazon proposed transfer of information from a

device to a server and from the server to the device. Grecia v. Amazon.com


18/65


U.S. Patent 8,533,860

- 14 -

(EX1004), Ex. C at 19. The Patent Owner proposal adds in other limitations from

the claim and is thus too detailed, and Amazon adds a server and device limitation.

Petitioner submits the construction issession enabling an exchange of data.

D.

a verification token corresponding to the digital content

In the Grecia v. Amazon litigation, Patent Owner proposed the list of items

in the claim, and Amazon agreed, but added assigned to the digital content to

identify the content or access rights the user has to that content. Grecia v.

Amazon.com (EX1004), Ex. C at 12. The additions appear unnecessary, as the

term is defined in the claim. The password and email address options in the claim

list are discussed in the 860 Patent:

Examples of the token include, and are not limited to, a structured or

random password, e-mail address associated with an

e-commerce payment system used to make an authorization payment,

or other redeemable instrumentsof trade for access rights of digital

media. Examples of e-commerce systems are PayPal, Amazon

Payments, and other credit card services.

See 8:4551. Petitioner submits the construction is the list in the claim: one or

more of a password, e-mail address, payment system, credit card, authorize ready

device, rights token, or one or more redeemable instruments of trade.


19/65


U.S. Patent 8,533,860

- 15 -

VI. PROPOSED REJECTIONS SHOWING THAT PETITIONER HAS A

REASONABLE LIKELIHOOD OF PREVAILING

The references addressed below anticipate and/or render obvious the claimed

subject matter, and are corroborated by the opinion in the Cherukuri Declaration

(EX1010).

A.

Ground 1: Claims 120 are unpatentable as obvious over DeMello

(EX1006) in view of the admitted prior art.

Grounds 1 and 2 are discussed together below for claims 2-20 in order use

the same claim charts and fit within the allowed page limits. Only independent

claim 1 is separately discussed.

B.

Ground 2: Claims 120 are unpatentable as obvious over Pestoni

(EX1007) in view of the admitted prior art.

Claim 1DeMello. DeMellodescribes a system for delivery of electronic books

or other media. Id. at 4:4149. A purchaser can link a book to a persona so that

it can be read on multiple user devices (readers) or shared with others associated

with the same persona. The user provides PASSPORT credentials (a user ID and a

passwordPASSPORT is Microsofts single sign-on service). An activation

server authenticates the user using the PASSPORT credentials in communication

with the PASSPORT servers. The PASSPORT ID is associated with the


20/65


U.S. Patent 8,533,860

- 16 -

purchasers persona and written to an activation certificate. Id. at 13: 2135.

As shown in Fig. 4 of DeMelloabove, the user requests content at a retail

site 71 on the left, and there is user authentication, as noted below box 72. As

described below, user authentication can be performed by establishing a

membership using authentication credentials (e.g., Amazon.com log-on

credentials), which is a verification token. A separate HTTPS connection 70 on

the right is used to establish a connection with an Activation Site 75, where a

users PASSPORT ID is used to verify the user and brand the metadata of the

content.

[A] Preamble. DeMellodiscloses a DRM system which authorizes access

to content and contains the other limitations of the preamble, using a cloud


21/65


U.S. Patent 8,533,860

- 17 -

system (defined in claim 25 as the Internet), with content encrypted (since the

claim says or not, this is not a limitation), and with access for a plurality of

processing devices. The claim chart below shows the specific language from

DeMellofor these limitations.

860 Patent

(emphasis added)

DeMello (EX1006)(emphasis added)

[A] 1. A method for

authorizing access to

digital content using

a cloud system, the

cloud system

comprising connected

modules in operation

as one or more of a

cloud computing or a

cloud storage in

connection with

devices and users,

wherein the digitalcontent is at least

one of encrypted or

not encrypted, the

method facilitating

access rights

between a plurality

of data processing

devices, the method

comprising:

A server architecturefor a digital rights management

system that distributes and protects rights in content.Id.

at Abstract at ll. 12.

The digital content is at least one of encrypted or not

encrypted: source sealed and individually sealed

content is encrypted. Id. at 2:610.

using a cloud system : communications over the wide

area network 52, such as the Internet. Id. at 8:2425.

[Internet=cloud]

Facilitating access rights between a plurality of dataprocessing devices: The PASSPORT object 96 provides

the required interfaces into the PASSPORT.TM. servers

that authenticate the end-users using, for example, their

hotmail accounts (or other PASSPORT credentials). In

accordance with aspects of the present invention, this

object advantageously associates the activation

certificate with a persona, instead of a single PC, thus

allowing each persona to utilize multiple readers to

read level 5 titles. Id. at 13:1724.

[B] This element (chart below) requires an access request (which eventually

results in a metadata read/write) along with a verification token from a


22/65


U.S. Patent 8,533,860

- 18 -

communications console (the user device). Patent Owner admits this element, and

the following element [C] are shown in the prior art:

. . . communicating access rights over the Internet to a

license server-the first and second steps of method claim

1 in the 860 patent-was well known in the digital rights

management field.

Sony v. Grecia Preliminary Response (EX1005) at 14. See also id. at 6, ll. 67

(Clearly, many prior art systems taught the verification of a token through a GUI

interface.)

Claim 1 of the parent 555 Patent describes a verification token as a

membership verification token [this was alleged vs. the Amazon Kindle logon, for

example]. The 860 Patent claim 1 recites a list of possible verification tokens

including a password and an email address, which can correspond to a

membership, but also a credit card, a rights token, etc. DeMello teaches user

authentication and establishing a membership relationship with a retailer (left of

Figure 4), which inherently would include providing a token, such as a retailer

password and/or email (e.g., Amazon log-on credentials). User authentication and

establishing a membership are obvious in view of the admitted prior art. The

admitted prior art steps are described in the parent 555 Patent as verifying

membership for site to buy content, and DeMello recites establishing such a


23/65


U.S. Patent 8,533,860

- 19 -

membership relationship. It would be obvious to use the verification token of the

admitted prior art to establish a membership relationship. SeealsoCherukuri Decl.

(EX1010) at 6169.

Other embodiments. DeMellodescribes a variety of DRM options, such as

individualized or fully individualized, and obtaining content before or after

activation (PASSBOOK verification). These DRM options contain various other

verifications or authentications that also meet various ones of the list of

verification token options in the claim. The list of options for the verification and

authentications could read on, for example, the fulfilment site 73 of Figure 4 and

other variations set forth in the Cherukuri Declaration (EX1010) at Ex. C, such as

the BookID, which is verified and written as metadata of content, similar to the

content code entered in the KODEKEY GUI of Figure 3 of the 860 Patent. As

described above in the Summary of the 860 Patent, the 860 Patent specifies that

other orders of steps are intended to be covered, and thus various combinations of

embodiments meet the claim. For example, activation (obtaining PASSPORT ID)

could be done, and is described as being done, before or after buying the content.

As described above, cloud is a synonym for Internet and the servers in

DeMello are accessed over the Internet, thus the cloud system combination is

shown. See alsoCherukuri Decl. (EX1010) at Ex. C.


24/65


U.S. Patent 8,533,860

- 20 -

[B] receiving a digital content access

request from at least one

communications console of the

plurality of data processing devices,the access requestbeing a read or

write request of metadata of the digital

content, wherein the read or write

request of metadata is performed in

connection with a combination of at

least one device and the cloud system,

the request comprising a verification

tokenprovided by a first user

corresponding to the digital content,

wherein the verification token is one

or more of a password, e-mail

address, payment system, credit

card,authorize ready device, rights

token, or one or more redeemable

instruments of trade;

This element is admitted prior art

DeMello(EX1006)- Retail site (Fig. 4)

Bookstore servers 72 may communicate

with users via web browsing software

(e.g., by providing web pages for viewing

with a MICROSOFT INTERNET

EXPLORER browser or a NETSCAPE

NAVIGATOR browser). Through this

communication [access request],

bookstore servers 72 may allow users to

shop for eBook titles, establish their

membership relationship with the

retailer[verification token], pay for their

transactions, and access proof-of purchase

pages (serve-side receipts). Id. at 9:9-16.

[C] As described above, this element was also admitted by Patent Owner to

be in the prior art. DeMello shows authenticating the username and other

credentials (verification token) of this element as described in the chart below, and

also in a variety of embodiments. Since various options for the authentication

token are claimed and shown inDeMello, various options for authentication of the

token are also shown. The authentication can be of the credit card or membership

information by the retail site (e.g., Amazon log-on). For devices already activated,

there can be authentication of the PASSPORT ID or other information as described

in more detail in the Cherukuri Declaration (EX1010) at Ex. C, Element C. Also,


25/65


U.S. Patent 8,533,860

- 21 -

the Book ID can be the verification token. These all correspond to the admitted

prior art.

[C]

authenticating

the

verification

token;


DeMello (EX1006) - Retail site authentication:

After the buying customer has selected the titles he/she wishes to

purchase and decides to complete an order, the merchant will

process the order according to their existing methods (e.g., credit

card validation, billing, etc.). This may include requiring the

users to authenticate themselves (for those which require a

membership recordfrom their customers) id. at 40:23-29.]

[D] This element is establishing a connection with user communication

module which has a GUI and an API related to a verified web service (e.g.,

Facebook). Patent Owner admitted that such GUIs and APIs for verified web

services are known in the prior art:

The web service equipped with the API is usually a well-

known membership themed application in which the

users must use an authentic identification. Some example

includes Facebook in which as a rule, members are

required to use their legal name identities. A reference

number or name with the Facebook Platform API

represents this information. Other verified web services

in which real member names are required such as the

LinkedIn API and the PayPal API and even others could

be used . . .


26/65


U.S. Patent 8,533,860

- 22 -

308 Patent (EX1003), at 10:4151. DeMello discloses the communications

console of this element as the reader. The reader provides access to a bookstore

feature, which is the required GUI. The user is prompted at the reader (e.g., a

prompt in a GUI) to login using PASSPORT credentials to authenticate the user at

the PASSPORT server. The reader then sends the login credentials to the

PASSPORT server via the API of the PASSPORT server to authenticate the user at

the PASSPORT server. See id. at 9:614; 23:610, 23:1923. It is obvious that

the reader in DeMello would formulate its request according to the protocol

specified by the API of the verified web service (the PASSPORT server). The

PASSPORT server meets the claim construction definition of a verified web

service that authenticates the identity of a user:

The PASSPORT object 96 provides the requiredinterfaces into the PASSPORT.TM. servers that

authenticate the end-users using, for example, their

hotmail accounts (or other PASSPORT credentials).

DeMello (EX1006) at 13:3135, 13:5461. The PASSPORT web service

facilitates a two-way data exchange session to complete a verification process. See

id. at 23:610, 23:1923; 24:3335. The data exchange can include the activation

certificate, which contains the PASSPORT ID, and which corresponds to the


27/65


U.S. Patent 8,533,860

- 23 -

account identifier in the list of options for the identification reference in

element [E].

In addition to being admitted prior art, it is obvious that the browser of the

reader mentioned in DeMello includes a GUI, since browsers provide a GUI (see

Cherukuri Decl. (EX1010), at Ex. C), and the 860 Patent acknowledges the tie of

a browser to a GUI: a web browser interact with the API of a remote Internet

server system as desired. A Graphic User Interface (GUI) can be installed for

human interaction . 860 Patent (EX1001) at 10:3037 (emphasis added).

The PASSPORT API mentioned in DeMello facilitates communication of

PASSPORT credentials for authentication between the reader and the PASSPORT

server via the activation server. The data exchange session is shown by the

exchange of the user name and password for the activation certificate.

AlternateDeMelloembodiments show the identification reference, such as

a hardware ID, which is a serial number or a manufacturer identification in the

list of possible identification references of element [E], and which is exchanged

along with the activation certificate (with the PASSPORT ID) based on exchange

of the PASSPORT credentials). See Cherukuri Decl. (EX1010) at Ex. C, Element

D.

[D] establishing a

connectionwithDeMello(EX1006)


28/65


U.S. Patent 8,533,860

- 24 -

the at least one

communications

console, wherein

thecommunications

console is a

combination of a

graphic user

interface (GUI)

and an Application

Programmable

Interface (API)

wherein the API is

related to averified web

service, the web

service capable of

facilitating a two

way data exchange

session to

complete a

verification

process, whereinthe data exchange

session comprises

at least one

identification

reference;

Establishing a connection: At step 150, the reader client

opens into the integrated bookstore feature and connects, via

secure sockets layer (SSL), to the activation servers 94,

where users are prompted to login using, in this example, theirPASSPORT credentials (step 152).Id. at 23:517.

The API is related to a verified web service [PASSPORT],

which is capable of facilitating a two way data exchange

session to complete a verification process [authentication of

PASSPORT credentials]:

Activation Server 94 includes a PASSPORT object 96 and

an activation server ISAPI Extension DLL 98. ThePASSPORT object 96 provides the required interfaces into

the PASSPORT.TM. serversthat authenticate the end-

usersusing, for example, their hotmail accounts (or other

PASSPORT credentials).Id. at 13:3035.

Once user's PASSPORT.TM. credentials are authenticated

(step 156), a PASSPORT.TM.API is queried for the user

alias and e-mail address (step 158). Id.at 23:1821.

The secure repository executable and activation certificate

are then downloadedto the client (steps 188 and 190). Id. at

24:3335. [the upload and download shows the two-way

data exchange]

Two-way data exchange session for PASSPORT ID:

Moreover, the activation server arrangement preferably

provides a given activation certificate(that is, an activation

certificate having a particular key pair) only after

authenticating credentials(e.g., a username and password)associated with a persona.Id. at 2:50-54.

the PASSPORT IDis contained in the activation

certificate, Id. at 16:4344.


29/65


U.S. Patent 8,533,860

- 25 -

[E] DeMello shows the identification reference of this element is

communicated by the reader (also client or user computing devicethe

communications console). As described above,DeMelloshows two options for

the identification references listed in element [D], a password or an account

identifier, and a serial number. For example, the identification reference is

shown in the form of both a hardware ID and an activation certificate (which

includes the account identifier PASSPORT ID and other identifiers) by the

activation server. The data exchange is both explicitly described and is inherent,

since the activation certificate would not be communicated unless it was requested

or understood to be requested. See Cherukuri Decl. (EX1010) at Ex. C, Element E.

[E] requesting the at least

one identification reference

from the at least onecommunications console,

wherein the identification

reference comprises one or

more of a verified web

service account identifier,

letter, number, rights token,

e-mail, password, access

time, serial number,

address, manufacturer

identification, checksum,operating system version,

browser version, credential,

cookie, or key;

DeMello(EX1006)The identification reference is requested from the

communications console, and comprises at least apassword or a serial number:

At step 150, the reader client opens into the

integrated bookstore feature and connects, via

secure sockets layer (SSL), to the activation servers

94, where users are prompted to login[requesting]

using, in this example, their PASSPORT.TM.

credentials(step 152). Id. at 23:610.

the activation servers 94 will request that the

client (via the ActiveX control) upload a unique

hardware ID.. Id. at 23:1826.

The user provides the activation certificate to the

content server:


30/65


U.S. Patent 8,533,860

- 26 -

For fully individualized copies (level 5), a client-

side script will populate the body of the POST

with the activation certificate, preferably using

COM object implemented by the reader whichobtains the necessary activation certificate or

relevant information therefrom.Id. at 26:1015.

[F] The identification reference (PASSPORT ID in activation certificate or

hardware ID) is received from the communications console (the reader). This

element is part of element [E], since a requested element is clearly received.

Receiving an identification reference is also shown in the quoted sections below.

[F] receiving the

at least one

identification

reference from

the at least one

communications

console; and

DeMello (EX1006)

the client (via the ActiveX control) upload a unique

hardware ID..Id. at 23:2122.

a client-side script will populate [receiving from user] the

body of the POST with the activation certificate [identification

reference], preferably using COM object implemented by the

reader which obtains the necessary activation certificate orrelevant information therefrom. Id. at 26:1015.

[G] This element requires that the verification token or identification

reference be written into the metadata. Patent Owner admits this was shown in the

prior art for the verification token:

This disclosure corresponds to, for example, the first,

second, and sixth steps of claim 1 of the 860 patent as

illustrated in Figure 3 at 301, 303, and 305 (i.e., receiving

a write request and authentication) and 302 (i.e., writing

the verification token into the metadata). Wimmer stops


31/65


U.S. Patent 8,533,860

- 27 -

there, however, and critically lacks the third, fourth, and

fifth steps of claim 1 of the 860 patent .

Sony v. Grecia Preliminary Response (EX1005) at p. 13. See alsoCherukuri Decl.

(EX1010) at 27.

DeMellodiscloses this element in two different ways. The PASSPORT ID

(an identification reference) is part of the activation certificate, as described above,

and the public key of the user's activation certificate is cryptographic hashed with

meta-data. The PASSPORT ID is also written into (stores into) a registry, id. at

16:4849, which constitutes additional metadata because it is associated with the

content. SeeCherukuri Decl. (EX1010) at 63 and Ex. C, Element G.

In other embodiments, the hardware ID is written to metadata and the

purchaser credit card and name (a verification token) are written into the eBook

title metadata. Id. at 5:4548. SeeCherukuri Decl. (EX1010) at 67 and Ex. C,

Element G.


32/65


U.S. Patent 8,533,860

- 28 -

[G] writing

at least one

of the

verificationtoken or the

identification

reference

into the

metadata.


DeMell o (EX1006)

PASSPORT ID as verification token written to metadata

stores the PASSPORT ID in the registry [metadata] on the

user's computing device, Id. at 16:4849.

[T]he PASSPORT ID is contained in the activation certificate,

Id. at 16:43-44. the key is a symmetric key 14A that is sealed

with a cryptographic hash of meta-data12 or, in the case of level 5

titles, with the public key of the user's activation certificate.Id. at

6:42-45.

Purchaser name as verification token written to metadata:

An "individually sealed" title is an eBook whose meta-data

includes information related to the legitimate purchaser (e.g., the

user's name or credit card number, the transaction ID .. Id.

at 5:4548.

Claim 1Pestoni (EX1007). Pestonidiscloses a networked system where

a user can obtain content from a content provider, which may refer the user to a

license server for a content license that is bound to the users domain membership

ID. Id.at Abstract, [0002], [0012]. A separate domain administrator authenticates

the user, with a password, and provides the users device, as well as any another

other of the users devices, with a domain membership license to allow access to

the content based on the users domain membership. Id. The content license is

metadata with a domain membership ID. Id. Patent Owner admits that elements

[A] and [B] are in the prior art (as discussed above).


33/65


U.S. Patent 8,533,860

- 29 -

[A]Preamble. Pestoni discloses a system of Internet-connected

components for authorizing and facilitating digital-media access rights between

multiple user devices [0013].

860 Patent

(emphasis added)

Pestoni(EX1007) (emphasis added)

[A] 1. A method for

authorizing access to

digital content using

a cloud system, the

cloud system

comprising connected

modules in operation

as one or more of a

cloud computing or a

cloud storage in

connection with

devices and users,

wherein the digital

content is at least

one of encrypted ornot encrypted, the

method facilitating

access rights

between a plurality

of data processing

devices, the method

comprising:

Using a cloud system: [0013] FIG. 1 illustrates an

example system 100 in which the domain management for

digital media can he employed. System 100 includes . . .

domain administrators 102, . . . content providers 104, . . .

license servers 106, [and] multiple (x) domains 108(1), . . .

, 108(x) . . .. Each of these components 102, 104, 106,

108, and 120 can communicate with one another over

network 110 . . . such as the Internet.

Encrypted digital content: [0018] . . . The pieces of

content provided to devices 112, 114 are typically

protected . . . through encryption.

Facilitating access rights: [0017] . . . Management of a

domain refers to . . . imposing restrictions on members ofthe domain, including adding devices to the domain,

removing devices from the domain . . .. When a device

112, 114 joins a domain, the device 112, 114 is given a

domain membership license . . . [that] allows the device

to access and play back any protected content that has

been bound to that domain, as discussed in more detail

below.

[B] As noted, Patent Owner has admitted as prior art this element, which

requires an access request (which eventually results in a metadata read/write) along

with a verification token from a communications console (the user device). See

Sony v. Grecia Preliminary Response (EX1005) at 6. Pestonidiscloses a domain


34/65


U.S. Patent 8,533,860

- 30 -

membership license obtained with a join-domain request 220 which includes user

credentials such as a user id and password. Id.at [0041].

[B] receiving a digital content

access request from at least

one communications console

of the plurality of data

processing devices, the access

requestbeing a read or

write request of metadataof

the digital content, wherein

the read or write request of

metadata is performed inconnection with a

combination of at least one

device and the cloud system,

the request comprising a

verification tokenprovided

by a first user corresponding

to the digital content, wherein

the verification token is one

or more of a password, e-mail address, payment

system, credit card, authorize

ready device, rights token, or

one or more redeemable

instruments of trade;


Pestoni(EX1007)- Receiving access request:

Device 202 communicateswith content provider

104 to obtainpieces of protected content[content

access request]. Protected content can be obtained

by device 202 before it joins a domain, after it

joins a domain, or concurrently with joining a

domain. Id. at 0067.

[0038] . . . To join a domain, [user] device 202issues a join-domain request 220 to domain

administrator 102.

[0044] Domain request approval module 224 [of

domain administrator 102] receives join-domain

request 220.

Verification token that is password, etc.: [0039]

The join-domain request includes various

parameters . . . [such as] a device certificate, usercredentials, and optionally a device description.

[0041] . . . The user credentialscan take any of a

variety of different forms, such as a user id and

password, a digital certificate attesting to the

users identity and digitally signed by a trust

authority, and so forth.

[C] As noted, this element was admitted by Patent Owner to be in the prior

art. Pestonishows verifying that the domain that device 202 is requesting to join


35/65


U.S. Patent 8,533,860

- 31 -

is the domain of the user of device 202, as identified by the user credentials in the

request. Id. at [0044].

[C]

authenticating

the

verification

token;


Pestoni (EX1007)[0045] Domain request approval module 224 . . . verifies that

the user credentials from request 220 are correct. This

verification can take different forms, such as comparing a

password (or hash thereof) against a stored password (or hash

thereof), accessing a remote service (not shown) to verify that the

received password matches the received user id, . . . and so forth.

Elements [D][F], as described under Ground 1 above, set forth using a GUI

and an API to communicate with a verified web service to request [E] and receive

[F] an identification reference. As described above, the use of a GUI and an API

to access a verified web service is admitted prior art. In addition, since both

DeMello and Pestoniwere assigned to Microsoft, and both relate to very similar

digital rights systems, the use of a GUI and API discussed in DeMello above is

evidence of the common practice of Microsoft programmers in implementing these

systems. SeeCherukuri Decl. (EX1010) at 80 and Ex. D, Element D.

Element [D] requires a two-way data exchange session with a verified web

service to complete a verification process using an identification reference.Pestoni

describes completing the verification process by establishing a connection with

license server 106. To do so, the user device sends to the license server a

content license request 252 that includes a domain certificate, which is an


36/65


U.S. Patent 8,533,860

- 32 -

identification reference. Pestoni teaches that the license server 106 is a verified

web service because the license server 106 is accessible only if the domain

certificate is authenticated and, once authenticated, the domain certificate

authenticates the identity of the domain and its associated user and device. ([0075],

[0094]). This meets the verified web service claim construction above of any web

service accessible with an authenticated credential that authenticates the identity

of a user or a device.

[D] establishing a

connection with the at

least one communications

console, wherein the

communications console

is a combination of a

graphic user interface

(GUI) and an Application

Programmable Interface(API) wherein the API is

related to a verified web

service, the web service

capable of facilitating a

two way data exchange

session to complete a

verification process

wherein the data

exchange session

comprises at least oneidentification reference;

Use of GUI & API are admitted prior art.

Pestoni (EX1007)Establishing a connection having two-way exchange

comprising identification reference to complete

verification:

[0072] Device 202 communicates with license server

106 to obtain content licenses for pieces of protected

content . . . Device 202 sends a content licenserequest 252 . . . [that] includes various parameters . . .

[such as] a key ID, a domain ID, and a domain

certificate[identification reference].

[0075] In response to content license request 252,

license server 106 validates the domain certificate

included in request 252.

[0084] The content license 254, bound to domain

204, is returned to device 202. Once device 202 has

the content license for a piece of protected content,content playback module 214 is able to access the

protected content.


37/65


U.S. Patent 8,533,860

- 33 -

Element [E] sets forth requesting the at least one identification reference

from the at least one communications console, while Pestoni describes the device

202 sending a domain ID in content license request 252. Varying which side

initiates the request for the identification reference is an obvious matter of design

choice. One of skill in the art would recognize that the License Server could

request the domain ID in response to a license request, or the device could simply

supply the domain ID as part of the request. SeeCherukuri Decl. (EX1010) at 84

and Ex. D, Element E.

[E] requestingthe at least one identification

reference from the at least one communications

console, wherein the identification reference

comprises one or more of a verified web service

account identifier, letter, number, rights token,

e-mail, password, access time, serial number,

address, manufacturer identification, checksum,operating system version, browser version,

credential, cookie, or key;

Pestoni (EX1007)[0072] Device 202

communicates with license

server 106 to obtain content

licenses for pieces of protected

content . . . Device 202 sends a

content license request 252 . . .[that] includes various

parameters . . . [such as] a key

ID, a domain ID, and a

domain certificate.

[F] The license server 106 receives from device 202 a content license

request 252, which includes various identification references, including a key ID, a

domain ID, and a domain certificate. This element is part of element [E], since a

requested element is clearly received.

[F] receivingthe at

least one identificationPestoni (EX1007)

[0072] Device 202 communicates with license server


38/65


U.S. Patent 8,533,860

- 34 -

reference from the at

least one

communications

console; and

106 to obtain content licenses for pieces of protected

content . . . [License server 106 receives from device

202] . . . a content license request 252 . . . [that] includes

various parameters . . . [such as] a key ID, a domain ID,and a domain certificate.

Element [G] is shown. As noted above with respect to DeMello, this

element is admitted prior art. Pestonishows the verified web service as License

Server 106, which requests and receives Domain ID and domain certificate.

SeePestoni (EX1007), at [0072][0074]. A content license is generated, and

bound to the domain associated with the Domain ID. See id.at [0079][0082].

The content license 254, bound to domain 204, is returned to device 202, which

stores the license in content license store 210. Once device 202 has the content

license, it is able to access the protected content. See id.at [0084]. The content

license 254, bound to domain 204 and stored in content license store 210 of device

202, obviously constitutes metadata, since this is data is about the content stored in

device content store 208 of the device 202. SeeCherukuri Decl. (EX1010) at 76

and Ex. D, Element G. Additionally, Pestoni refers to the content metadata,

Pestoni [0071], as including a key ID which identifies the content, which

associates the content license, which contains the domain ID, as set forth in the

below claim chart.


39/65


U.S. Patent 8,533,860

- 35 -

Other embodiments. The verification token is also shown by user

credentials, such as a user id and password, a digital certificate and other

parameters in Pestoni, with the identification reference being shown by the

Domain ID, Domain Certificate or other parameters as set forth in the Cherukuri

Declaration (EX1010) at Ex. D, Element G. Not only does the 860 Patent say the

order of steps can be different, as noted above, but Pestoni says the same in

paragraph [0097].

[G] writing at

least one of the

verification

token or the

identification

referenceinto

the metadata.


Pestoni (EX1007)

[0082] Domain binding encryption module 258 binds [writes

to metadata] the content license generated by content license

generator 260 to the domain identified in request 252.

[0084] The content license 254, bound to domain 204, is

returned to device 202. Once device 202 has the content license

for a piece of protected content, content playback module 214

is able to access the protected content and play back the

protected content in decrypted form.

Claims 25. Claim 2 is directed to a second user, who is validated by a

membership web service. This is shown by DeMellosPASSPORT membership

service and Pestonis domain membership, which both provide for validating

multiple members. SeealsoCherukuri Decl. (EX1010) at Exs. C & D.

Claim 3 requires software or webpage content in the metadata. The 860

Patent does not describe any software as metadata, and the only reference to

webpage data is Web pages often include metadata in the form of Meta tags.Id.


40/65


U.S. Patent 8,533,860

- 36 -

at 13:2831. DeMello shows the book title and related information in the

metadata, which is also listed on the webpage where the book is sold. Thus, the

book title from the retailer web page ofDeMello, which is also in the meta tag, is

webpage content which satisfies this element. The content license ofPestoniis

specified as containing constraints which are from a web site, and are thus

webpage content.

Claim 4 merely recites the verification function of the verification token (the

function of representing verification). Thus, it doesnt add anything to claim 1 and

is invalid overDeMelloandPestonias shown in claim 1[C] above.

Claim 5 says the content is shared among multiple users with membership

status, similar to claim 2, but depending from claim 3, and is also shown by

DeMello and Pestoni. The validation is done in DeMello by authenticating the

user. Pestonisimilarly shows a validated domain. Thus, claims 25 are separately

invalid as obvious over bothDeMelloandPestoni.

860 Patent Prior Art (Emphasis added)

2. The method

according to claim 1,

wherein the access

request being a request

from the first user

through a data

processing device of the

plurality of data

processing devices;

DeMello (EX1006)

Thus, a user is unlikely to share his PASSPORT ID

and password with a large group of people, thereby

ensuring that the persona to which a reader is

activatedis genuinely associated witha particular user

(or, possibly, a family that shares a single

PASSPORT account).Id. at 13:4954.

The PASSPORT object 96 authenticate the end-


41/65


U.S. Patent 8,533,860

- 37 -

or wherein the access

request being a request

from one or moresecondary usersin

network to the first user;

wherein the secondary

users are validated by a

membership web

service.

users using, for example, their hotmail accounts (or

other PASSPORT credentials.Id. at 13:1724.

Pestoni (EX1007)[0016] Each domain 108 is associated with a

particular user or group of users [secondary users].

[0041] The user can have each devicethat he or she

ownsjoin his or her domain. Alternatively, domain

administrator could employ a domain policy that allows

multiple users [secondary users]to share a domain

.

3. The method

according to claim 2,

wherein the metadata

comprises one or more

of a software or contents

of a web page.

DeMello (EX1006)these servers host the commercial web site that

allow users to perform actions such as shopping for

eBook titles.Id. at 11:24.

the download server 76 adds the consumer's name to

the title meta-dataId. at 26:1920.

Pestoni (EX1007)[0029] The constraintson the use of the content are

typically as part of a content license.

Alternatively, the constraints could be made known inother manners, such as separate notification being

given of the constraints (e.g., obtaining the

constraints from a web site, etc.), and so forth.

Claims 68. Claim 6 sets forth that the users can be humans or

computerized mechanisms in a network, which is met by the user of DeMello

andPestoni. The 860 Patent doesnt describe any separate network of users, just

the cloud/internet, which is also shown in the below quoted sections of DeMello&

Pestoni.


42/65


U.S. Patent 8,533,860

- 38 -

Claim 7 says the user device is a computer or phone (with OS), which

DeMello&Pestonishow in the below quoted sections.

Claim 8 says the verification token represents a purchase, rental or

membership permission, as indicated by any one of the laundry list of a letter,

number, etc. TheDeMelloBookID is a purchase permission, which is verified and

written to metadata as described above under claim 1 [B]. This is similar to the

content code entered in the KODEKEY GUI of Fig. 3 of the 860 Patent. DeMello

also shows establishing a membership relationship, which is a membership

permission (see claim 1 [B] discussion). This is also shown by the Pestoni user

credentials for joining a domain with a domain membership license, which allows

access (e.g., purchase) of content. SeeCherukuri Decl. (EX1010) at Exs. C and D.

860 Patent Prior Art (emphasis added)6. The method according

to claim 5, wherein the

one or more users are a

network of recognized

human beings using

machines or recognized

automated computerized

mechanisms programmed

by human beings, the

recognition of the one or

more users being

validated by the

membership status of the

membership web service.

DeMello (EX1006)The personal computer or network server 20 may

operate in a networked environment Such

networking environments are commonplace in offices,

enterprise-wide computer networks, Intranets and the

Internet.Id. at 8:518.

Pestoni (EX1007)[0041] The user credentials are various credentials

that identify the user of device.

[0013]Network 110 can be any of a variety of

networks, such as the Internet, a local area network, a

cellular phone network, other public and/or proprietary

networks, combinations thereof, and so forth.

7. The method according DeMello (EX1006)


43/65


U.S. Patent 8,533,860

- 39 -

to claim 6, wherein the

digital content access

request is from a user

using at least one of acomputer or a phone

hosting an operating

system running an

application.

a "reader" (which, as more particularly discussed

below, is a user application that enables the reading

of eBooks on a computing device, such as a PC, a

laptop, a Personal Digital Assistant (PDA), PocketPC,or a purpose-built reading device).Id. at 5: 5963.

Pestoni (EX1007)[0001] Examples of such digital media playback

devices include portable music players, desktop and

laptop computers, cellular phones, and so forth.

8. The method of claim 7,

wherein the verification

token comprises at least

one token selected from

the group consisting of a

purchase permission, a

rental permission, and a

membership permission;

wherein the at least one of

purchase permission,

rental permission, and

membership permission isrepresented by one or

more of a letter, number,

combination of letters and

numbers, rights token,

successful payment

reference, phrase, name,

membership credentials,

image, logo, tag, service

name, authorization, list,

interface button,

downloadable program,

or an instrument of trade.

DeMello (EX1006)

Verification token:

Through this communication, bookstore servers 72

may allow users to shop for eBook titles, establish

their membership relationship with the retailer[verification token], pay for their transactions, and

access proof-of purchase pages (serve-side receipts).

Id. at 9:916.

As used herein, a "persona" is a unique identifier that

can be tied to a user and can be securely authenticated

by an out-of-band process--e.g., a username and

password form on a web browser for use over asecure socket layer (SSL) is an example embodiment

of such a process.Id. at 2: 4550.

It is also preferable that activation servers 94 rely on

the MICROSOFT.RTM. PASSPORT.TM.

membership system for associating activation

certificatesto end-user personas, as will be described

below (although PASSPORT is merely exemplary of a

namespace authority that may be used for this

purpose).Id. at 10: 5863.

Pestoni (EX1007)

Verification token that is password, etc.: [0039] The

join-domain request includes various parameters . . .

[such as] a device certificate, user credentials, and


44/65


U.S. Patent 8,533,860

- 40 -

optionally a device description.

[0041] . . . The user credentials can take any of a

variety of different forms, such as a user id andpassword, a digital certificate attesting to the users

identity and digitally signed by a trust authority, and

so forth.

Claim 9. This claim is nearly identical to claim 1, converting method

references to a system, and using synonyms for claim 1 limitations (The cloud is

the Internet, which is known to be a worldwide cloud; computing over the

cloud is known to be done by a server, and storage is known to mean a

database; a system is understood to be infrastructure.). The one addition is

that the system works as a front-end agent. The term front-end agent only

appears in claims 9 and 27. There is one relevant use of front-end in the body of

the 860 Patent: As explained earlier, the system we will discuss will work as a

front-end to encrypted files as an authorization agent for decrypted access. Id.at

5:3739. The term front-end is also used to describe the user GUI, which is a

different use. Id.at 11:1011. DeMellodescribes the activation process being on

front-end activation servers, and thus shows this.

Pestoni also shows a system accessed over the Internet, and Pestoni

discloses that the devices can interact with the domain management system


45/65


U.S. Patent 8,533,860

- 41 -

directly; that is, as a front-end agent. SeeCherukuri Decl. (EX1010) at 81 & Exs.

C and D, Cl. 9.

860 Patent Prior Art (Emphasis added)

Marked to show additions and

[deletions] compared to claim 1.

[A] [1]9. A system [method] for

authorizing access to digital

content using a worldwide cloud

system infrastructure, the

worldwide cloud system

infrastructure comprising

connected modules in operation as

[one or more of a cloud]

computing [or] and [cloud] storage

[in connection with], the

computing and storage comprising

a server, a database, devices and

users, wherein the digital content

is at least one of encrypted or not

encrypted, the [method] system

facilitating access rights between aplurality of data processing

devices,

[A1] the system working as a

front-end agent for access rights

authentication between the

plurality of data processing

devices, the system further

comprising:

Seeclaim 1, element [A]above.

[A1] DeMello (EX1006)

The activation server ISAPI Extension DLL

98 carries out tasks associated with the

activation process on the front-end

activation servers,. Id.at 13:6264.

Fully individualized content cannot be

accessed in the absence of a "activation

certificate," which are issued by the activation

server.Id.at 2:2228.

Moreover, the activation server

arrangement preferably provides a given

activation certificate (that is, an activation

certificate having a particular key pair) only

after authenticating credentials (e.g., ausername and password) associated with a

persona.Id.at 2:5054.

Pestoni (EX1007)

[0003] In accordance with one or more

aspects, a device accesses a domain

administrator in order to obtain a domain

membership license.

Element [B] is the same as claim 1, except saying the step is performed by a

module, and adding the software/webpage metadata limit already discussed under


46/65


U.S. Patent 8,533,860

- 42 -

dependent claim 3 above. The substance of elements [C][G] is the same as claim

1.

[B] a first receipt module, the first receipt module receiving a

digital content access request .. wherein the read or write

request of metadata is performed in connection with a

combination of a device, the server, the database and the cloud

system, the metadata further comprises one or more of a

software or contents of a web page, the request comprising a

verification token provided by a [first] user ;

Seeclaim 1,

element [B]

above and claim

3 (for the

metadata as

software/webpage

contents).

[C] an authentication module, the authentication module

authenticating the verification token;

Seeclaim 1,

element [C]

above.

[D] a connection module, the connection module establishing a

connection ;

Seeclaim 1,

element [D]

above.

[E] a request module, the request module requesting the at

least one identification reference ;

Seeclaim 1,

element [E]

above.

[F] a secondary receipt module, the secondary receipt module

receiving the at least one identification reference from the at

least one communications console; and

Seeclaim 1,

element [F]

above.

[G] a branding module, the branding module writing at least

one of the verification token or the identification reference into

the metadata.

Seeclaim 1,

element [G]

above.

Claim 10. This claim is nearly identical to claim 8, converting method

references to a system, and is invalid for the same reasons.

860 Patent Prior Art

Marked to show additions and [deletions] compared to claim 8.[8] 10. The system [method] of claim 9 [7], wherein the verification

token comprises .

Seeclaim 8.


47/65


U.S. Patent 8,533,860

- 43 -

Claim 11. This is a program code claim corresponding to method claim 1,

with the addition that the code is either (1) part of an operating system or (2) is

downloaded in sections from a web server. Other than claim 11, the only mention

of sections in the 890 Patent is copied below, which equates sections with an

API or script:

A program apparatus, scripts, often calls these APIs or

sections of code residing on user computerized devices.

For example, a web browser running on a user computer,

cell phone, or other device can download a section of

JavaScript or other code from a web server, and then use

this code to in turn interact with the API of a remote

Internet server system as desired.

Id. at 10:2430. DeMello describes both an operating system as well as the

common technique of using scripts (sections) previously downloaded to a client

reader. Pestonidescribes downloading modules, which are the claimed sections or

would form part of an operating system. SeeCherukuri Decl. (EX1010) at 64

77 & Ex. D, Cl. 11.

860 Patent Prior Art (emphasis added)Marked to show additions and

[deletions] compared to claim 1.

[A][1] 11. [A method for

authorizing access to digital content

using a cloud system, the cloud

system comprising connected

DeMell o (EX1006)Seeclaim 1, element [A]above.

A number of program modules may be

stored on the hard disk, magnetic disk 29,

optical disk 31, ROM 24 or RAM 25,

including an operating system 35 (e.g.,


48/65


U.S. Patent 8,533,860

- 44 -

modules in operation as one or more

of a cloud computing or a cloud

storage in connection with devices

and users, wherein the digital contentis at least one of encrypted or not

encrypted, the method] A non-

transitory computer medium

comprising a program code, the

program code being a part of an

operating system software or

downloaded in sections from a web

server, the operating system software

program coupled with a user

executing a method for authorizingaccess to digital content wherein the

program code, when executed in a

processor for facilitating access

rights between a plurality of data

processing devices, performs the

following steps of:

Windows.RTM. 2000, Windows

NT.RTM., or Windows 95/98), one or

more application programs 36, other

program modules 37 and program data 38.Id.at 7:5257.

Using a browser or the "bookstore pages"

or reader 90 or 92, user chooses book(s) via

mechanisms that the retail site implements

(step 200). For fully individualized

copies (level 5), a client-side script will

populate the body of the POST with the

activation certificate .Id. at 26:1-15.

Pestoni (EX1007)

[0109] Generally, software includes

routines, programs, objects, components,

data structures,. An implementation of

these modules may be transmitted

.

[B]receiving a digital content

request , wherein the read or write

request of metadata is performed inconnection with a combination of [at

least one device] the operating

system software program and [the] a

cloud system, the request comprising

a verification token provided by [a

first] the user corresponding to the

digital content,;

Seeclaim 1, element [B]above.

[C]authenticating the verification

token;

Seeclaim 1, element [C]above.

[D]establishing a connection ; Seeclaim 1, element [D]above.

[E]requesting the at least one

identification reference from the at

least one communications console,

wherein the identification reference

[comprises] is one or more of ;

Seeclaim 1, element [E]above.


49/65


U.S. Patent 8,533,860

- 45 -

[F]receiving the at least one

identification reference from the at

least one communications console;

and

Seeclaim 1, element [F]above.

[G]writing at least one of the

verification token or the

identification reference into the

metadata.

Seeclaim 1, element [G]above.

Claims 1215. These claims correspond to claims 4-6 and 8, discussed

above, and are invalid for the same reasons.

860 Patent - Marked to show additions and [deletions]

12. The non-transitory computer medium according to claim 11,

wherein the access request is a request from the user providing a

credential to a membership web service through a data processing

device of the plurality of data processing devices, the user being a

human user establishing a permission to the digital content.

Seeclaim 6.

[8] 13. The [method] non-transitory computer medium of claim [7]

12, wherein the verification token comprises at least one [token

selected from the group consisting] of , logo, [tag] service name,

authorization, list, key, file, .

Seeclaim 8.

14. The non-transitory computer medium according to claim 13,

wherein the verification token represents verification from a

provider that a product was acquired.

Seeclaim 4.

[5] 15. The [method] non-transitory computer medium according to

claim [3] 13, wherein the digital content is accessed [shared among

one or more users] according to a membership status.

Seeclaim 5.

Claim 16. DeMelloshows the membership status connected to an API as in

claim 16. In Pestoni, it is inherent that the device uses the API associated with

joining the domain. For example, according to [0041] and [0058] of Pestoni, the

domain administrator server 102, after verifying the users credentials, establishes


50/65


U.S. Patent 8,533,860

- 46 -

secure connection by employing the secure key exchange protocol [i.e.,

application programmable interface (API) protocol] that the user device can access

to securely obtain the domain membership license 222/300. SeeCherukuri Decl.

(EX1010) at 72 & Ex. D, Cl. 16.

16. The non-

transitory

computer

medium

according to

claim 15,wherein the

membership

status is

connected to

an application

programmable

interface.

DeMello (EX1006)

It is also preferable that activation servers 94 rely on the

MICROSOFT.RTM. PASSPORT.TM. membership system for

associating activation certificates to end-user personas, as will be

described below (although PASSPORT is merely exemplary of a

namespace authority that may be used for this purpose). Id. at10:5863.

Once user's PASSPORT.TM. credentials are authenticated (step

156), a PASSPORT.TM.APIis queried for the user alias and e-

mail address (step 158).Id. at 23:1821.

Pestoni (EX1007)Seeclaim 1 [D] above.

Claim 17. Claim 17 simply says wherein a remote control operation exist

[sic]. The term remote control only appears in the claims. The term remote is

used to refer to a remote server (accessed over a network, such as the Internet) and

a remote procedure call. Id. at 10:2234. Thus, accessing a remote device,

through a remote procedure call or otherwise, satisfies this element. DeMello

describes such a remote API interaction for both IS and PASSPORT APIs, which

use calls (remote procedure call) just like the 860 Patent. Pestoni also shows

using remote communications, which would be understood by a person of ordinary


51/65


U.S. Patent 8,533,860

- 47 -

skill in the art (POSA) to involve remote procedure calls.See Cherukuri Decl.

(EX1010) at Ex. D, Cl. 17.

17. The

non-

transitory

computer

medium

according

to claim

15,

wherein a

remotecontrol

operation

exist.

DeMello (EX1006)

A download server ISAPIExtension 78 is provided, which is an IIS

extension DLL that preferably handles the incoming requests to the

content servers 76. Id.at 9:6710:3.

Once user's PASSPORT.TM. credentials are authenticated (step 156),

a PASSPORT.TM. APIis queried for the user alias and e-mail address

(step 158).Id. at 13:1724.

At step 7 the LIT file is downloaded by IIS to the end-user via HTTP.

When the download is complete, IIS will callback into the ISAPI DLL78 to notify that the pending request was fulfilled and the connection

closed. The ISAPI 78 will then purge all temporary memory used

during step 5. Id. at 27:45-48.

Pestoni (EX1007)

[0032] . Content provider 104 is typically a remote device or

service from which protected (e.g., encrypted) content can be

obtained.

[0045] Domain request approval module 224 obtains and verifies thatthe user credentials [by]accessing a remote service.

Claims 1820. Claim 18 says the API is connected to the GUI. As noted

above, Patent Owner admits the use of a GUI and API to access a web service is

well known. Also, DeMello teachesa reader that provides a prompt [a GUI] to

receive login credentials to authenticate the user with the PASSPORT server via an

API of the PASSPORT server (a verified web service). See Cherukuri Decl.

(EX1010) at Ex/ C. Pestoni also inherently uses a GUI, which would interface

with an API. SeeCherukuri Decl. (EX1010) at 80. Thus, the API is connected to


52/65

IPR2016-00600 Petitio

Documents

Unified Patents v. Grecia, IPR2016-00600,