ZTE Corporationv.ContentGuard Holdings, Inc.Download PDFPatent Trial and Appeal BoardJul 1, 201410345390 (P.T.A.B. Jul. 1, 2014) Copy Citation Trials@uspto.gov Paper 58 571-272-7822 Entered: July 1, 2014 UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ ZTE CORPORATION and ZTE (USA) INC., Petitioners, v. CONTENTGUARD HOLDINGS, INC., Patent Owners. ____________ Case IPR2013-00137 Patent 6,963,859 ____________ Before JAMESON LEE, MICHAEL W. KIM, and MICHAEL R. ZECHER, Administrative Patent Judges. KIM, Administrative Patent Judge. FINAL WRITTEN DECISION 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73 IPR2013-00137 Patent 6,963,859 2 I. BACKGROUND A. Introduction Petitioners (“ZTE”) filed a corrected Petition for inter partes review of claims 1-84 of U.S. Patent No. 6,963,859 (“the ’859 patent”). Paper 12 (“Pet.”). The Patent Owner (“ContentGuard”) timely filed a Patent Owner Preliminary Response. Paper 16 (“Prel. Resp.”) On July 1, 2013, the Board instituted trial for claims 1-5, 9-11, 15-17, 19, 21-33, 37, 38, 42-44, 46, 48- 62, 66, 67, 71-73, 75, and 77-84, under 35 U.S.C. § 102(e), as anticipated by U.S. Patent No. 5,588,146 to Leroux (Ex. 1011). Paper 17 (“Dec.”). After institution of trial, Patent Owners (“ContentGuard”) 1 filed a Patent Owner Response (Paper 34, “PO Resp.”), but did not file a motion to amend. Petitioner subsequently filed a Reply. Paper 39 (“Reply”). A consolidated oral hearing for IPR2013-00133, IPR2013-00137, IPR2013-00138, and IPR2013-00139, each involving the same Petitioners and Patent Owners, was held on February 26 and 27, 2014. The transcript of the consolidated hearing has been entered into the record. Papers 55-57. We have jurisdiction under 35 U.S.C. § 6(c). This final written decision is issued pursuant to 35 U.S.C. § 318(a). Claims 1-5, 9-11, 15-17, 19, 21-33, 37, 38, 42-44, 46, 48-62, 66, 67, 71-73, 75, and 77-84 of the ’859 patent are not unpatentable. 1 The mandatory notices filed pursuant to 37 C.F.R. § 42.8(b)(1) indicate that both ContentGuard Holdings, Inc. and Pendrell Corporation are the real parties in interest. Paper 15, 2. IPR2013-00137 Patent 6,963,859 3 B. Related Proceedings ZTE indicates that the ’859 patent is involved in co-pending district court case titled ContentGuard Holdings Inc. v. ZTE Corp., No. 3:12-cv- 01226 (S.D. Cal.). Pet. 1. ZTE also filed five other Petitions seeking inter partes review of the following patents of ContentGuard: U.S. Patent No. 7,523,072 (IPR2013-00133); U.S. Patent No. 7,225,160 (IPR2013-00134); U.S. Patent No. 7,359,884 (IPR2013-00136); U.S. Patent No. 7,139,736 (IPR2013-00138); and U.S. Patent No. 7,269,576 (IPR2013-00139). Id. C. The ’859 patent The subject matter of the ’859 patent relates to distribution of and usage rights enforcement for digitally encoded works. Ex. 1001, 1:12-13. According to the ’859 patent, an issue facing the publishing and information industries is how to prevent the unauthorized and unaccounted distribution or usage of electronically published materials. Ex. 1001, 1:16-19. In particular, a major concern is the ease in which electronically published works can be “perfectly” reproduced and distributed. Ex. 1001, 1:30-31. One way to curb unaccounted distribution is to prevent unauthorized copying and transmission. Ex. 1001, 1:49-51. Another way is to distribute software, which requires a “key” to enable its use. Ex. 1001, 1:65-66. However, the ’859 patent discloses that, although such distribution and protection schemes prevent unauthorized distributions, it does so by sacrificing the potential for subsequent revenue bearing uses. Ex. 1001, 2:61-65. For example, the ’859 patent discloses that it may be desirable to allow the lending of a purchased work to permit exposure of the work to IPR2013-00137 Patent 6,963,859 4 potential buyers, permit the creation of a derivative work for a fee, or permit copying the work for a fee. Ex. 1001, 2:65-3:3. The ’859 patent discloses that it solves these problems by both permanently attaching usage rights to digital works, and by placing elements in repositories, which store and control the digital works, that enforce these usage rights. Ex. 1001, 6:11-21. D. Illustrative Claim Claims 1, 29, and 58 are independent claims. Independent claims 1, 29, and 58 are directed to a system, a method, and a computer readable medium, respectively. Claims 2-28 directly or indirectly depend from claim 1, claims 30-57 directly or indirectly depend from claim 29, and claims 59- 84 directly or indirectly depend from claim 58. Claims 1, 29, and 58 are exemplary of the claimed subject matter of the ’859 patent, and are reproduced as follows (emphasis added): 1. A rendering system adapted for use in a distributed system for managing use of content, said rendering system being operative to rendering content in accordance with usage rights associated with the content, said rendering system comprising: a rendering device configured to render the content; and a distributed repository coupled to said rendering device and including a requester mode of operation and server mode of operation, wherein the server mode of operation is operative to enforce usage rights associated with the content and permit the rendering device to render the content in accordance with a manner of use specified by the usage rights, IPR2013-00137 Patent 6,963,859 5 the requester mode of operation is operative to request access to content from another distributed repository, and said distributed repository is operative to receive a request to render the content and permit the content to be rendered only if a manner of use specified in the request corresponds to a manner of use specified in the usage rights. 29. A rendering method adapted for use in a distributed system for managing use of content, and operative to render content in accordance with usage rights associated with the content, said method comprising: configuring a rendering device to render the content; configuring a distributed repository coupled to said rendering device to include a requester mode of operation and server mode of operation; enforcing usage rights associated with the content and permitting the rendering device to render the content in accordance with a manner of use specified by the usage rights, when in the server mode of operation; requesting access to content from another distributed repository, when in the requester mode of operation; and receiving by said distributed repository a request to render the content and permitting the content to be rendered only if a manner of use specified in the request corresponds to a manner of use specified in the usage rights. 58. A computer readable medium including one or more computer readable instructions embedded therein for use in a distributed system for managing use of content, and operative IPR2013-00137 Patent 6,963,859 6 to render content in accordance with usage rights associated with the content, said computer readable instructions configured to cause one or more computer processors to perform the steps of: configuring a rendering device to render the content; configuring a distributed repository coupled to said rendering device to include a requester mode of operation and server mode of operation; enforcing usage rights associated with the content and permitting the rendering device to render the content in accordance with a manner of use specified by the usage rights, when in the server mode of operation; requesting access to content from another distributed repository, when in the requester mode of operation; and receiving by said distributed repository a request to render the content and permitting the content to be rendered only if a manner of use specified in the request corresponds to a manner of use specified in the usage rights. Ex. 1001, 51:16-38, 52:45-65, 54:6-28 (emphasis added). II. ANALYSIS The only ground instituted for trial is that of the alleged anticipation, under 35 U.S.C. § 102(e), of claims 1-5, 9-11, 15-17, 19, 21-33, 37, 38, 42- 44, 46, 48-62, 66, 67,71-73, 75, and 77-84 by Leroux. ZTE has to prove unpatentability by a preponderance of the evidence. 35 U.S.C. § 316(e). In patent law, “the name of the game is the claim.” In re Hiniker Co., 150 F.3d 1362, 1369 (Fed. Cir. 1998). Therefore, we begin with claim construction, and then follow with specific analysis of the prior art. IPR2013-00137 Patent 6,963,859 7 A. Claim Construction In an inter partes review, claim terms in an unexpired patent are interpreted according to their broadest reasonable construction in light of the specification of the patent in which they appear. 37 C.F.R. § 42.100(b); Office Patent Trial Practice Guide, 77 Fed. Reg. 48,756, 48,766 (Aug. 14, 2012). Under the broadest reasonable construction standard, claim terms are given their ordinary and customary meaning, as would be understood by one of ordinary skill in the art in the context of the disclosure. In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). If an inventor acts as his or her own lexicographer, the definition must be set forth in the specification with reasonable clarity, deliberateness, and precision. Renishaw PLC v. Marposs Societa’ per Azioni, 158 F.3d 1243, 1249 (Fed. Cir. 1998). An extraneous limitation should not be read into the claims from the specification. See e.g., E.I. du Pont de Nemours & Co. v. Phillips Petroleum Co., 849 F.2d 1430, 1433 (Fed. Cir. 1988). An extraneous limitation is one where its presence in a claim is unnecessary to make sense of the claim. See, e.g., In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994); Renishaw PLC, 158 F.3d at 1249. The construction that stays true to the claim language and most naturally aligns with the inventor’s description is likely the correct interpretation. See Renishaw PLC, 158 F.3d at 1250. The challenge is to interpret claims without unnecessarily importing limitations from the specification into the claims. See E-Pass Techs., Inc. v. 3Com Corp., 343 F.3d 1364, 1369 (Fed. Cir. 2003). IPR2013-00137 Patent 6,963,859 8 Repository (Claims 1, 29, and 58) In its Petition, ZTE did not provide an explicit construction for “repository.” In the Patent Owner Preliminary Response, ContentGuard contended that “repository” should be interpreted as “a trusted system for supporting usage rights.” Prelim. Resp. 17. When instituting trial, we construed “repository” as “a trusted system which maintains physical, communications and behavioral integrity, and supports usage rights.” Dec. 9. For reasons discussed below, we adhere to the same interpretation for this final written decision. The specification provides a glossary which recites the following meaning for “repository”: Conceptually a set of functional specifications defining core functionality in the support of usage rights. A repository is a trusted system in that it maintains physical, communications and behavioral integrity. Ex. 1001, 50:47-51 (emphasis added). By setting forth the term in a glossary and using the verb “is” following “repository” in the second sentence, the specification sets forth an explicit definition of “repository” as “a trusted system in that it maintains physical, communications and behavioral integrity.” The first sentence is relevant also to the definition of “repository” because it specifies that the repository supports usage rights. Accordingly, we construe “repository” as “a trusted system which maintains physical, communications and behavioral integrity, and supports usage rights.” IPR2013-00137 Patent 6,963,859 9 Our analysis does not end here. In order to understand “a trusted system,” it is necessary to construe “physical integrity,” “communications integrity,” and “behavioral integrity.” Those terms are described in a section of the specification labeled “[r]epositories.” For “physical integrity,” the specification describes: Physical integrity refers to the integrity of the physical devices themselves. Physical integrity applies both to the repositories and to the protected digital works. Thus, the higher security classes of repositories themselves may have sensors that detect when tampering is attempted on their secure cases. In addition to protection of the repository itself, the repository design protects access to the content of digital works. In contrast with the design of conventional magnetic and optical devices-such as floppy disks, CD-ROMs, and videotapes-repositories never allow non-trusted systems to access the works directly. A maker of generic computer systems cannot guarantee that their platform will not be used to make unauthorized copies. The manufacturer provides generic capabilities for reading and writing information, and the general nature of the functionality of the general computing device depends on it. Thus, a copy program can copy arbitrary data. This copying issue is not limited to general purpose computers. It also arises for the unauthorized duplication of entertainment “software” such as video and audio recordings by magnetic recorders. Again, the functionality of the recorders depends on their ability to copy and they have no means to check whether a copy is authorized. In contrast, repositories prevent access to the raw data by general devices and can test explicit rights and conditions before copying or otherwise granting access. Information is only accessed by protocol between trusted repositories. Ex. 1001, 11:62-12:20 (emphases added). Much of the above description makes use of permissive terms such as “may” and “can” and, thus, does not IPR2013-00137 Patent 6,963,859 10 reflect or indicate a required limitation for physical integrity. The specification also appears to use the terms or phrases in each of the following three groups interchangeably: 1. data, content, digital work, information; 2. non-trusted system, general device; and 3. “never allow access” and “prevent access.” When referring to the relationship between the repository and data, the specification uses absolute terms such as “never” and “only.” In light of the foregoing, we construe “physical integrity” as “preventing access to information by a non-trusted system.” For “communications integrity,” the specification describes the following: Communications integrity refers to the integrity of the communications channels between repositories. Roughly speaking, communications integrity means that repositories cannot be easily fooled by “telling them lies.” Integrity in this case refers to the property that repositories will only communicate with other devices that are able to present proof that they are certified repositories, and furthermore, that the repositories monitor the communications to detect “impostors” and malicious or accidental interference. Thus the security measures involving encryption, exchange of digital certificates, and nonces described below are all security measures aimed at reliable communication in a world known to contain active adversaries. Ex. 1001, 12:21-33 (emphases added). We construe “communications integrity” as “only communicates with other devices that are able to present proof that they are trusted systems, for example, by using security measures IPR2013-00137 Patent 6,963,859 11 such as encryption, exchange of digital certificates, and nonces.” The Encyclopedia of Cryptography defines “nonce” as “[a] number used in a cryptographic protocol to indicate the unique character of a message.” ENCYCLOPEDIA OF CRYPTOGRAPHY 197 (1997) (Ex. 3001). For “behavioral integrity,” the specification describes: Behavioral integrity refers to the integrity in what repositories do. What repositories do is determined by the software that they execute. The integrity of the software is generally assured only by knowledge of its source. Restated, a user will trust software purchased at a reputable computer store but not trust software obtained off a random (insecure) server on a network. Behavioral integrity is maintained by requiring that repository software be certified and be distributed with proof of such certification, i.e. a digital certificate. The purpose of the certificate is to authenticate that the software has been tested by an authorized organization, which attests that the software does what it is supposed to do and that it does not compromise the behavioral integrity of a repository. If the digital certificate cannot be found in the digital work or the master repository which generated the certificate is not known to the repository receiving the software, then the software cannot be installed. Ex. 1001, 12:34-50 (emphasis added). We construe “behavioral integrity” in the context of a repository as “requiring software to include a digital certificate in order to be installed in the repository.” We acknowledge that the record is not without evidence contrary to our interpretation. That is not unusual. The nature of interpretation is to come to the appropriate conclusion in light of all of the evidence. All of the evidence does not have to point uniformly in a single direction. IPR2013-00137 Patent 6,963,859 12 For example, the specification in Table 2 indicates ten different levels of security for repositories, and the lowest level, i.e., level “0,” is described as follows: Open system. Document transmission is unencrypted. No digital certificate is required for identification. The security of the system depends mostly on user honesty, since only modest knowledge may be needed to circumvent the security measures. The repository has no provisions for preventing unauthorized programs from running and accessing or copying files. The system does not prevent the use of removable storage and does not encrypt stored files. Ex. 1001, 14:58-64. Thus, according to Table 2, repositories are not all trusted systems. Level “0” security means having an open system lacking in physical, communications, and behavioral integrity, and without support for managing usage rights. That is directly contrary to the meaning of “repository” as defined in the glossary. For reasons discussed below, we adhere to the definition provided in the glossary. The contrary evidence based on level “0” security shown in Table 2 is insufficient to outweigh the rest of the evidence including, in particular, the explicit definition provided in the glossary. We make our determination based on the totality of the evidence. As noted above, the disclosed invention is about distribution of and usage rights enforcement of digital works. The problems described in the background portion of the specification concerns unauthorized and unaccounted distribution or usage of electronically published materials. See generally Ex. 1001, 1:30-48. The ’859 patent states that it solves preexisting problems by both permanently attaching usage rights to digital works and IPR2013-00137 Patent 6,963,859 13 placing elements in repositories which enforce those usage rights. Ex. 1001, 6:11-21. Here, the definition set forth in the glossary for “repository” is consistent fully with the description of the acknowledged prior art, and the objective or goal to be achieved by the invention of the ’859 patent. The specification also contains detailed preferred embodiments utilizing repositories which are trusted systems to provide usage control for digital works. Ex. 1001, 3:57-62, 6:66-7:37, 7:54-55, 13:1-9, 16-18; 14:3-15, 17:30-32; 25:62-28-56; 40:42-41:44. The bulk of the disclosure is directed to repositories which are trusted systems for providing usage control for digital works. For example, the specification states: The enforcement elements of the present invention are embodied in repositories. Among other things, repositories are used to store digital works, control access to digital works, bill for access to digital works and maintain the security and integrity of the system. Ex. 1001, 6:17-21 (emphasis added). Other references to “repository” in the specification that recite necessary features of repositories also support the definition in the glossary that a repository is a trusted system: The core repository services 1302 comprise a set of functions required by each and every repository. The core repository services 1302 include the session initiation transactions which are defined in greater detail below. This set of services also includes a generic ticket agent which is used to “punch” a digital ticket and a generic authorization server for processing authorization specifications. IPR2013-00137 Patent 6,963,859 14 Ex. 1001, 14:3-9 (emphasis added). In yet another example, the specification discloses that “[a]s a prerequisite to operation, a repository will require possession of an identification certificate,” and that “identification certificates 1306 are required to enable the use of the repository.” Ex. 1001, 13:1-2, 14:14-15. Indeed, by using words such as “require” and “required,” such examples amply support the definition provided in the glossary that a repository is a trusted system. In summary, even applying the rule of broadest reasonable construction consistent with the specification, the weight of the evidence supports the definition provided in the glossary. We regard as significant that the definition states in an unequivocal manner that a repository “is a trusted system.” ContentGuard’s Contentions According to ContentGuard, our interpretation of “repository” is incorrect because it is too broad in one respect and too narrow in another. PO Resp. 8-11. For reasons discussed below, however, the specification of the ’859 patent does not support adequately either contention. On the record before us, we are unpersuaded by ContentGuard’s contentions. We first address ContentGuard’s contention that our construction is too broad, and then its contention that our construction is too narrow. 1. ContentGuard contends that our construction regarding “behavioral integrity” as “requiring software to include a digital certificate in order to be installed in the repository” is excessively broad, and should be limited to IPR2013-00137 Patent 6,963,859 15 software that makes the repository operative—that which ContentGuard believes is referred to in the specification as “repository software.” Id. at 8. We reproduce ContentGuard’s argument, in more detail, below: [The Board’s construction] is too broad because it is not restricted to what the ’859 patent refers to as “repository software”—that is, software that makes the repository operative. (See Ex. 1001, 12:34-50.) According to the ’859 patent specification, “[b]ehavioral integrity refers to the integrity in what repositories do.” (Id., 12:34-35.) What repositories do, in turn, “is determined by the software that they execute.” (Id., 12:35-36.) But not all software relates “to the integrity in what repositories do.” (Ex. 1001, 12:34-35.) Repositories, along with usage rights, are used to manage the use and distribution of digital content. (See, e.g., id., 50:48-52, 5:47-48, 14:3-15.) For example, part of a repository’s function is to permit the rendering of content in accordance with the usage rights associated with the content. (E.g., id., cl. 1.) But content itself does not necessarily supply that function to a repository. (Goodrich Dec[l]., Ex. 2013, ¶ 53.) Rather, repository software implements the repository functions that are used to manage the use and distribution of the content. (Ex. 1001, 14:3-15.) Thus, since “[b]ehavioral integrity refers to the integrity in what repositories do,” the relevant software is not any “software . . . to be installed in the repository,” but the software the repository uses to manage the use and distribution of content. PO Resp. 8-9. On what repositories “do,” ContentGuard’s argument overlooks and fails to discuss the portions of the specification which indicate that repositories themselves also can be rendering devices which run and execute the software type digital works the usage rights of which they control. For IPR2013-00137 Patent 6,963,859 16 instance, the ’859 patent states the following with regard to software runnable on a repository: An Install transaction is a request to install a digital work as runnable software on a repository. In a typical case, the requester repository is a rendering repository and the software would be a new kind or new version of a player. Ex. 1001, 41:28-31 (emphases added). This disclosure in the specification does not support ContentGuard’s contention that a repository merely manages the use and distribution of digital content, such as software, and does not perform, run, or execute that digital content. The above-quoted disclosure refers to a digital work that is “runnable software on a repository,” and states that, in a typical case, the repository asking for the digital work is itself a rendering repository that identifies the software digital work not as operating software, but application software. As such, the specification conveys information contrary to ContentGuard’s contention. ContentGuard does not explain such disclosure and does not point to any testimony of its expert witness that addresses such disclosure in light of its “excessively broad” contention. Because a repository, itself, may run and execute software the usage and distribution of which is managed by the repository, it is unpersuasive that the reference to “repository software” in that portion of the specification discussing “behavioral integrity” (Ex. 1001, 12:34-50) is restricted to software that only manages usage rights. Indeed, in the context of installing software identified as “a new kind or new version of a player,” which does not control usage rights, the specification discusses extracting a copy of the IPR2013-00137 Patent 6,963,859 17 digital certificate for that software (Ex. 1001, 41:41-44), in the same manner that the specification describes requiring a digital certificate in the digital work to ensure behavioral integrity of the repository (Ex. 1001, 12:40-43). Moreover, some repositories are rendering repositories. Ex. 1001, 41:29-31. “Repository software,” as used in the specification, is broad enough to cover application software, such as the “player” referenced in column 41, lines 29- 31, of the specification, as well as what ContentGuard refers to as “operating software” which enables the repository to regulate usage rights. We do not credit the testimony of the expert witness of ContentGuard, Dr. Michael T. Goodrich, in paragraphs 40 and 41 of his declaration (Ex. 2013). In those paragraphs, Dr. Goodrich testifies that, in his opinion, a person of ordinary skill in the art in 1994 would have understood that the term “repository software” in the ’859 patent identifies and refers to the operating software of the repository, and not the software digital works the usage rights of which are controlled by the repository. The testimony is unpersuasive, because it does not account for the disclosure of the specification, discussed above, which conveys that some repositories are themselves rendering depositories which run and execute the software digital works the rights of which they control, such as a new version of a “player.” 2. ContentGuard contends that our construction regarding “behavioral integrity” as “requiring software to include a digital certificate in order to be installed in the repository” is “excessively narrow,” because it unnecessarily requires the inclusion of a “digital certificate” to ensure behavioral integrity. IPR2013-00137 Patent 6,963,859 18 PO Resp. 9-10. According to ContentGuard, in order to maintain behavioral integrity, it is necessary only that the broader purpose of a repository doing what it is supposed to do is satisfied. Id. at 9. ContentGuard’s contention that our construction is too narrow is inconsequential to the outcome of this proceeding, because a broader interpretation of “behavioral integrity,” would not render inapplicable any teaching of the prior art which was applied under the narrower construction. We reproduce ContentGuard’s argument, here, in more detail: The Board’s construction is also too narrow because it requires “a digital certificate.” After explaining that “[b]ehavioral integrity refers to the integrity in what repositories do” and that “[w]hat repositories do is determined by the software that they execute,” the ’859 patent says that “[t]he integrity of the software is generally assured only by knowledge of its source.” (Ex. 1001, 12:36-37.) Although the specification does say that “behavioral integrity is maintained by requiring that repository software be certified and be distributed with proof of such certification, i.e., a digital certificate,” the specification continues by explaining the broader purpose of the certificate. (Id., 12:40-43.) “The purpose of the certificate is to authenticate that the software has been tested by an authorized organization, which attests that the software does what it is supposed to do and that it does not compromise the behavioral integrity of a repository.” (Id., 12:43-47 (emphasis added).) So, as long as there is some assurance “that the software does what it is supposed to do,” whether by source certification or otherwise, behavioral integrity can be maintained. PO Resp. 9 (emphasis in original). The breadth argued by ContentGuard is on the extreme end of a spectrum for the meaning of “repository”—whatever ensures a repository IPR2013-00137 Patent 6,963,859 19 does what it is supposed to do. ContentGuard would like to generalize the feature into a generic goal or purpose, entirely removed from any specific means for its implementation. There are several obstacles precluding such an interpretation. First, the restrictive language in the specification does not permit such an expansive construction. Although it is true that the broadest reasonable construction rule applies for claim interpretation, the construction must be reasonable in light of the specification. In that connection, the specification states: “Behavioral integrity is maintained by requiring that repository software be certified and be distributed with proof of such certification, i.e., a digital certificate.” Ex. 1001, 12:40-43 (emphasis added). Second, ContentGuard does not point to any other means, described in the specification, for ensuring behavioral integrity of a repository. The sole disclosure in that regard, as identified by ContentGuard, relates to the use of digital certificates. There is no basis to assume, on this record, that digital certificates are representative of all ways for ensuring that a digital work is authentic. Even ContentGuard does not make that assertion. Thus, the scope of disclosure is not commensurate with the breadth for the construction of “repository” desired by ContentGuard. Third, the general articulation that a repository “does what it is supposed to do” is not accompanied by any well-defined or otherwise recognized standard for making an objective determination in that regard. If that is the claim construction, the scope of the claims would be uncertain and indeterminable. IPR2013-00137 Patent 6,963,859 20 We do not credit the testimony of the expert witness of ContentGuard, Dr. Goodrich, that “a person of ordinary skill in the art of 1994 would [have understood] that the ’859 patent specification refers to the use of digital certificates as only an exemplary method of preserving the behavioral integrity of a repository.” Ex. 2013 ¶ 39. The testimony is unexplained and conclusory; it does not account for the various factors we have considered and discussed above. B. Alleged Anticipation by Leroux ZTE contends that claims 1-5, 9-11, 15-17, 19, 21-33, 37, 38, 42-44, 46, 48-62, 66, 67, 71-73, 75, and 77-84 are unpatentable under 35 U.S.C. § 102(e) as anticipated by Leroux. Pet. 40-46. ZTE relies on claim charts to explain how Leroux allegedly describes the claimed subject matter, and also on the Declaration of Dr. Vijay K. Madisetti to support its positions. Ex. 1005. To establish anticipation, each and every element in a claim, arranged as is recited in the claim, must be found in a single prior art reference. Net MoneyIN, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1369 (Fed. Cir. 2008); Karsten Mfg. Corp. v. Cleveland Golf Co., 242 F.3d 1376, 1383 (Fed. Cir. 2001). Leroux discloses a method of acquiring software programs by microcomputers. Ex. 1011, 1:8-9. Figure 1 of Leroux is set forth as follows: IPR2013-00137 Patent 6,963,859 21 Figure 1 illustrates a data-processing system. As shown in Figure 1, Leroux discloses data base service center 1 that stores application software programs 10, microcomputer 2 connected to service center 1 by interface 3, and removable electronic memory carrier 4. Ex. 1011, 3:42-46. Leroux discloses that memory carrier 4 includes interface 40 for connecting memory 41 to drive 24 of microcomputer 2. Ex. 1011, 3:53-55. Leroux discloses that microcomputer 2 is fitted with corresponding drives to read memory carrier 4. Ex. 1011, 4:60-64. Leroux discloses that memory 41 may comprise programmed security circuitry 410, which monitors access to memory 41 and manages external access to memory carrier 4. Ex. 1011, 4:64-5:3. Leroux discloses that to carry out acquisition of application software program 10, communication is set up between microcomputer 2 and data base service center 1. Ex. 1011, 3:61-66. Leroux discloses that after a user chooses which application software programs 10 that he/she wishes to acquire, service center 1 will check a right IPR2013-00137 Patent 6,963,859 22 of access to application software programs 10 by interrogating carrier 4 through microcomputer 2. Ex. 1011, 4:1-5. According to Leroux, the check is made by using security methods, such as with identification and authentication procedures that use enciphering and deciphering algorithms. Ex. 1011, 4:5-8. If the check is positive, service center 1 remotely loads application software program 10 in the internal memory of microcomputer 2. Ex. 1011, 4:13-16. As discussed above, “repository” is construed as “a trusted system which maintains physical, communications and behavioral integrity, and supports usage rights.” “Physical integrity” is construed as “preventing access to information by a non-trusted system.” “Communications integrity” is construed as “only communicates with other devices that are able to present proof that they are trusted systems, for example, by using security measures such as encryption, exchange of digital certificates, and nonces.” “Behavioral integrity” is construed as “requiring software to include a digital certificate in order to be installed in the repository.” ZTE relies on a combination of microcomputer 2 and removable carrier 4 as corresponding to the claimed “distributed repository,” and service center 1 as corresponding to the “another distributed repository” recited in each of independent claims 1, 29, and 58. Pet. 42-43. 1. “distributed repository” (claims 1, 29, and 58) Independent claims 1, 29, and 58 each require a “distributed repository.” As discussed above, a “repository” is construed as “a trusted system which maintains physical, communications and behavioral integrity, IPR2013-00137 Patent 6,963,859 23 and supports usage rights.” “Physical integrity” is construed as “preventing access to information by a non-trusted system.” “Communications integrity” is construed as “only communicates with other devices that are able to present proof that they are trusted systems, for example, by using security measures such as encryption, exchange of digital certificates, and nonces.” “Behavioral integrity” is construed as “requiring software to include a digital certificate in order to be installed in the repository.” In its Petition, ZTE takes the position that the combination of Leroux’s microcomputer 2 and removable carrier 4 constitutes the claimed “distributed repository.” Pet. 43. In our analysis below, we determine whether the combination of Leroux’s microcomputer 2 and removable carrier 4 constitutes the claimed “distributed repository” that maintains “behavioral integrity.” ”behavioral integrity” ContentGuard contends that the combination of Leroux’s microcomputer 2 and removable carrier 4 does not amount to the claimed “distributed repository” because such a combination does not maintain “behavioral integrity.” PO Resp. 11-15. That contention has three layers of complexity. a. The first relates to ContentGuard’s contention that “behavioral integrity” of a repository is directed to and concerns only the operating software of the repository, i.e., the software that enables the repository to control the usage rights and distribution of digital works, and not the IPR2013-00137 Patent 6,963,859 24 software digital works managed by the repository, itself. PO Resp. 11-12. In our claim construction analysis, we already found that contention of ContentGuard unpersuasive. b. The second relates to ContentGuard’s contention that “behavioral integrity” of a repository does not require the presence and use of a digital certificate to authenticate the software digital work being installed in a repository. PO Resp. 12-15. Instead, ContentGuard argues that “behavioral integrity” of a repository merely requires checking that the software loaded onto the repository is authentic or unaltered prior to rendering the software. Id. at 14. In our claim construction analysis, we also found that contention of ContentGuard unpersuasive. c. The third relates to ContentGuard’s contention that interrogating the right of access disclosed in Leroux, which is associated with a particular software program stored on database service center 1, prior to installing the software on microcomputer 2, does not require a digital certificate. PO Resp. 14-15. According to ZTE, Leroux’s disclosure of interrogating the right of access includes the authentication of a “digital certificate” required for “behavioral integrity.” Reply 1-3. Taking into account the evidence presented by both parties, we determine that ZTE has not demonstrated by a preponderance of the evidence that, in the disclosed system of Leroux, the identification and authentication procedures used to interrogate the right of IPR2013-00137 Patent 6,963,859 25 access associated with a software program necessarily includes a digital certificate that authenticates the source of the software. In its Reply, ZTE contends that the identification and authentication procedures disclosed in Leroux ensure that software digital works stored on database service center 1 are authorized before such software is loaded remotely onto microcomputer 2. Reply 2. For instance, ZTE argues that Leroux discloses that removable carrier 4 authorizes database service center 1 to load remotely software digital works onto microcomputer 2 following a successful safety check that includes identification and authentication procedures using enciphering and deciphering algorithms. Id. (citing Ex. 1011, 4:1-16; see Ex. 1025 ¶¶ 10, 11). Based on that disclosure, ZTE argues that one with ordinary skill in the art would have recognized that the authorization of the software includes an authentication of a “digital certification” corresponding to the software on database service center 1. Id. As an initial matter, we note that the ground of unpatentability is based on anticipation by Leroux—not obviousness over Leroux. As such, the issue is not merely whether one with ordinary skill in the art would have recognized that Leroux’s identification and authentication procedures used to interrogate the right of access include using a digital certificate to authenticate the source of the software, but whether those procedures necessarily require a digital certificate. To establish inherency, the extrinsic evidence ‘must make clear that the missing descriptive matter is necessarily present in the thing described in the reference, and that it would be so recognized by persons of ordinary skill. Inherency, however, IPR2013-00137 Patent 6,963,859 26 may not be established by probabilities or possibilities. The mere fact that a certain thing may result from a given set of circumstances is not sufficient.’” In re Oelrich, 666 F.2d 578, 581-82 (CCPA 1981). Although Leroux’s identification and authentication procedures may include using a digital certificate to authenticate the source of the software, mere probabilities or possibilities fall short of demonstrating that those procedures necessarily require using a digital certificate. In our discussion of the construction of “behavioral integrity,” we were not persuaded by ContentGuard’s contention that a digital certificate is not required, or that anything which accomplishes a similar objective in substantially the same way is satisfactory. Insofar as “assurance” means a specifically expressed indication, we credit the testimony of ContentGuard’s expert, Dr. Goodrich, that “a person of ordinary skill in the art [in 1994] would [have understood] a digital certificate to be an assurance that downloaded software comes from a reputable source, including a measure of tamper resistance.” Ex. 2013 ¶ 39 (citing the definition of “digital certificate” from the MICROSOFT COMPUTER DICTIONARY (4th ed. 1999)). An unexpressed and subjective thought, on the other hand does not qualify. As discussed above, the identification and authentication procedures disclosed in Leroux that are used to interrogate the right of access do not include necessarily that requirement of that definition of “digital certificate.” 2. “another distributed repository” (claims, 1 29, and 58) Independent claims 1, 29, and 58 each recite “another distributed repository.” ContentGuard asserts that Leroux does not disclose the recited IPR2013-00137 Patent 6,963,859 27 “another distributed repository” because service center 1 does not exhibit “behavioral integrity.” PO Resp. 16-17. Specifically, ContentGuard asserts the following: Leroux does not discuss the software responsible for implementing the functions of the service center, nor the manner in which software is installed on the service center. Therefore, Leroux does not disclose that the service center possesses behavioral integrity. (Ex. 2013, ¶ 51.) Accordingly, Leroux does not disclose that the service center has the trust properties necessary to constitute the “another distributed repository” required by claim 1. PO Resp. 17. ZTE disagrees, and asserts the following: CG’s assertion ignores relevant disclosures of Leroux, for example, (1) the software uploaded to the service center 1 is known to be authentic software from a trusted system (e.g., vendor) (Ex. 1011, 2:43-48; see also supra), and (2) the software loaded onto the service center 1 in Leroux includes a “digital certificate” so that the software may later be identified by the microcomputer 2 when initiating the identification and authentication procedures to remote-load the software onto the microcomputer 2. (Ex. 1011, 4:1-12; See also Ex. 1025, ¶¶ 25- 26). Reply 5-6. We are persuaded that service center 1 does not exhibit “behavioral integrity,” and, thus, cannot correspond properly to the recited “another distributed repository.” As set forth above, “behavioral integrity” is construed as “requiring software to include a digital certificate in order to be installed in the repository.” Leroux discloses that software programs are uploaded into service center 1. Ex. 1011, 1:62-67, 2:43-44. Leroux also discloses that a right of access, corresponding to the aforementioned digital certificate, is IPR2013-00137 Patent 6,963,859 28 required to remote load software from service center 1 to the internal memory of microcomputer 2. Ex. 1011, 2:46-48, 3:19-22, 4:1-16. The aforementioned citations of Leroux, however, do not indicate that Leroux discloses that service center 1 has “behavioral integrity.” As an initial matter, we are not persuaded that the “uploading” of software to service center 1 disclosed in Leroux can correspond properly to the “installing” of software required for “behavioral integrity.” Moreover, even if “uploading” could be considered “installing,” Leroux is silent as to whether such “uploading” of software to service center 1 requires the software to include a digital certificate, as required for “behavioral integrity.” ZTE cites the Declaration of Dr. Madisetti to support its position. Specifically, Dr. Madisetti asserts the following: As for behavioral integrity, it is my opinion that the service center 1 requires software to include a digital certificate in order to be installed on the service center 1, in accordance with the Board’s construction. In my opinion, software installed on the service center 1 includes a digital certificate identifying the vendor source of the software because the vendor is responsible for installing the software onto the service center 1. (See supra ¶ 22). Also, in my opinion software installed on the service center 1 includes a digital certificate identifying the vendor source of the software so that later the software can be identified by the microcomputer 2 running the identification and authorization procedures to load the software from the service center 1 to the microcomputer 2. (Ex. 1011, 4:1-12). Ex. 1025, ¶ 25. We are not persuaded that Dr. Madisetti’s conclusion is credible, because, even though we agree with the underlying facts in the aforementioned portions of Leroux cited by Dr. Madisetti, those underlying IPR2013-00137 Patent 6,963,859 29 facts do not support adequately his conclusion. In particular, Dr. Madisetti asserts that software uploaded to service center 1 from the vendor will include a digital certificate, so that later the software can be identified by microcomputer 2 running the identification and authorization procedures to load the software from the service center 1 to the microcomputer 2. However, these facts are inapposite to Dr. Madisetti’s conclusion for several reasons. First, there is no indication that only a vendor is capable of uploading software to service center 1. Leroux is silent as to whether software uploaded into service center 1 by a non-vendor requires a digital certificate. Behavioral integrity requires that all software uploaded to service center 1 include a digital certificate, whether from a vendor or a non- vendor. Second, just because the uploaded software includes a digital certificate does not indicate that the digital certificate is required to upload the software. In other words, there is no indication in Leroux that the digital certificate has any relationship to the uploading process, itself, when it is uploaded with the software into service center 1, as would be required for “behavioral integrity.” Indeed, ZTE acknowledged at oral hearing that Leroux did not disclose expressly that service center 1 has “behavioral integrity” as follows: MS: SHIN: So, it is my -- it is our position that Leroux’s disclosure does not expressly, literally disclose what I just described, but it is implicit. And it must be present there, so that the identification done by the service center can be -- can identify the rights of access stored in the carrier. JUDGE LEE: So you are relying on inherency? IPR2013-00137 Patent 6,963,859 30 MS. SHIN: I would like to rely on inherency or implicit disclosure. JUDGE LEE: What is implicit disclosure? Do you have a case for something between express disclosure and inherent disclosure? . . . MS. SHIN: So, in light of your comment, the Judges’ comments, it is inherent in the disclosure of Leroux that -- supporting that another distributed repository maintains behavioral integrity. JUDGE LEE: We knew that. You were relying on inherency. Are you saying you no longer are relying on this so- called implicit disclosure theory, so we need only concern ourselves with express disclosure and inherent disclosure? Is that what you are trying to tell us? MS. SHIN: Yes, Your Honor. Paper 56, 14:17-15:2, 17:17-25. Accordingly, ZTE asserts alternatively that Leroux inherently discloses that a digital certificate is required in order to upload software into service center 1. Concerning whether service center 1 of Leroux inherently has “behavioral integrity,” Dr. Madisetti asserts the following: Under ContentGuard’s construction for behavioral integrity, it is my opinion that the service center 1 necessarily includes operational software analogous to the repository software in order for the service center to operate as described in Leroux. Such operational software running on the service center 1 serves to manage the use and distribution of the software content stored on the service center 1. This includes having software uploaded to the service center 1 by a trusted system (e.g., software vendor), who is trusted to upload authentic copies of the software. (See supra ¶ 22; see also Ex. 1011, 2:43- IPR2013-00137 Patent 6,963,859 31 48). The operational software running on the service center 1 also serves to manage the transfer of software to a trusted microcomputer 2 under the identification and authentication procedures described in Leroux. (Ex. 1011, 4:1-16). It also follows that software installed on the service center 1 includes a type of “digital certificate”, as still required under ContentGuard’s construction. (See [pages 22-32 of Dr. Madisetti’s Declaration). In this way, the service center 1 transfers the software to another trusted system. Therefore, in my opinion the service center 1 in Leroux satisfies behavioral integrity even under ContentGuard’s construction. Ex. 1025, ¶ 26. We are not persuaded by Dr. Madisetti’s testimony, because it is not explained adequately. Specifically, we are not persuaded that Leroux discloses that the software vendor is a trusted system. Via paragraphs 22 and 25 of his Declaration, Dr. Madisetti cites the following portions of Leroux (Ex. 1011) as supporting his factual basis that the software vendor is a trusted system: column 2, lines 14-20, 43-48; column 3, lines58-60; and column 4, lines 1-16. The aforementioned portions of Leroux disclose that software including a right of access is uploaded into service center 1 from a software vendor, and that an authentication procedure is required to install software from service center 1 to microcomputer 2. These disclosures do not support the fact that the software vendor of Leroux is a trusted system, as it does not disclose that the software vendor, itself, exhibits any physical, communications, or behavioral integrity, all of which are required in a trusted system. Accordingly, as Leroux does not disclose that a software vendor is a trusted system, we are not persuaded that Dr. Madisetti has expressed an adequate underlying factual basis to conclude that a digital certificate is required necessarily to IPR2013-00137 Patent 6,963,859 32 upload software into service center 1 from a software vendor, as required to show that service center 1 inherently has “behavioral integrity.” At oral hearing, ZTE asserted that, when the aforementioned portions of Leroux are considered as a whole, one of ordinary skill would have understood that Leroux discloses inherently that service center 1 has “behavioral integrity.” Paper 57, 20:1-21:25. For the reasons discussed previously, we are not persuaded that just because software is uploaded to service center 1 with a right of access, and the combination of microcomputer 2 and carrier 4 has “behavioral integrity,” it follows necessarily that service center 1 also has “behavioral integrity.” 3. Summary In summary, the combination of Leroux’s microcomputer 2 and removable carrier 4 does not constitute the “distributed repository,” as recited by each of independent claims 1, 29, and 58, because ZTE has not persuaded us that the identification and authentication procedures used to interrogate the right of access associated with the software stored on removable carrier 4 necessarily includes a digital certificate that authenticates the source of the software. In addition, Leroux’s database service center 1 does not constitute the “another distributed repository,” as recited by each of independent claims 1, 29, and 58, because ZTE has not persuaded us that a digital certificate is required necessarily to upload software from a software vendor into database service center 1. For the foregoing reasons, we conclude that ZTE has not demonstrated by a IPR2013-00137 Patent 6,963,859 33 preponderance of the evidence that independent claims 1, 29, and 58 are anticipated by Leroux. Claims 2-5, 9-11, 15-17, 19, 21-28, 30-33, 37, 38, 42-44, 46, 48-57, 59-62, 66, 67,71-73, 75, and 77-84 each depend directly or indirectly from one of independent claims 1, 29, and 58, and, thus, each recite the “distributed repository” and “additional distributed repository” of independent claims 1, 29, and 58. For the same reasons discussed above in the context of independent claims 1, 29, and 58, ZTE has not shown that either the recited “distributed repository” or “additional distributed repository” is disclosed in Leroux. III. CONCLUSION ZTE has not proved, by a preponderance of the evidence, that any of claims 1-5, 9-11, 15-17, 19, 21-33, 37, 38, 42-44, 46, 48-62, 66, 67, 71-73, 75, and 77-84 of the ’859 patent are unpatentable under 35 U.S.C. § 102(e) as anticipated by Leroux. IV. ORDER It is ORDERED that ZTE has not demonstrated by a preponderance of the evidence that claims 1-5, 9-11, 15-17, 19, 21-33, 37, 38, 42-44, 46, 48-62, 66, 67, 71-73, 75, and 77-84 of U.S. Patent No. 6,963,859 are unpatentable; and FURTHER ORDERED that, because this is a final written decision, parties to the proceeding seeking judicial review of the decision must comply with the notice and service requirements of 37 C.F.R. § 90.2. IPR2013-00137 Patent 6,963,859 34 For PETITIONER: Jon Beaupre Miyoung Shin Rickard DeMille David Bluestone Peter Lee Lawrence Chen BRINKS HOFER GILSON & LIONE jbeaupre@brinkshofer.com mshin@brinkshofer.com rdemille@brinkshofer.com dbluestone@brinkshofer.com plee@brinkshofer.com lchen@brinkshofer.com For PATENT OWNER: Robert Sterne Jon Wright Jason Eisenberg STERNE, KESSLER, GOLDSTEIN & FOX PLLC rsterne-PTAB@skgf.com jwright-PTAB@skgf.com jasone-PTAB@skgf.com Copy with citationCopy as parenthetical citation
