Skip to main content

Full text of "USPTO Patents Application 09870801"

See other formats


Exhibit F 


Dr. Reiter is expected to testify as follows: 

1. Dr. Reiter will testify regarding the meaning of the disputed claim elements to 
one of ordinary skill in the art, taking into account the understood meaning of the terms 
in the art, the patent specifications and the file histories. He will testify as follows: 

a. InterTrust's proposed definitions, attached as Exhibit B to the Joint Claim 
Construction Statement ("JCCS") are consistent with the use of the terms or phrases in 
the specification and the relevant art. Those definitions are attached hereto. Citations to 
supporting specification text and relevant art can be found in Exhibit C to the JCCS. 

b. Microsoft has made repeated substantial changes to its proposed definitions, 
the changes continuing up to shortly before the present document was prepared. For this 
reason, it is impossible to include detailed responses to the issues raised by those 
definitions. 

In general, however, the Microsoft definitions incorporate restrictions that are 
inconsistent with specification use of the terms and/or inconsistent with the 
understanding of the terms in the art. Those inconsistencies are demonstrated by the 
attached supporting evidence. The following discussion lists one or more serious 
deficiencies in each Microsoft definition, but is not intended as a comprehensive 
description of all such deficiencies. 

Individual terms 

Access/Access to/Accessing/ Accessed 

The first sentence of Microsoft's definition is generally consistent with the 
InterTrust definition. The second sentence of the Microsoft definition is based on a 
specific disclosed embodiment, and is inconsistent with general use of the term in the 
specifications. 

Addressing 

The two parties' definitions are very close. Microsoft's definition is, however, 
improper in its apparent exclusion of indirect addressing. 

Allowing, allows 

Microsoft's definition is based on a specific disclosed embodiment and ignores 
other embodiments. See InterTrust's supporting evidence. 

Arrangement 


Microsoft's definition requires particular types of organizations and is therefore 
inconsistent with the patent specifications. 

Aspect 

Microsoft's definition is overly restrictive in its requirement that an aspect be 
"persistent" and that it "can be used to distinguish [an environment] from other 
environments." 

Associated with 

Microsoft's definition incorporates restrictions based on a particular embodiment 
and is inconsistent with other disclosed embodiments and with the general meaning of the 
term. 

Authentication 

Microsoft's definition requires multiple types of authentication, in a mariner not 
required by use of this term in the specification or the art. Moreover, some of these types 
cannot be applied (e.g., "origin integrity" applied to an organization). 

Authorization information, Authorized, Not authorized 

Microsoft's definitions are based on specific embodiments and contradicted by 
alternative embodiments disclosed in the specifications. 

Budget control; Budget 

Microsoft's definition improperly restricts "budget" to a particular type of 
method, and improperly restricts Budget Control in a manner inconsistent with the 
specification. 

Can be 

Microsoft's definition incorporates the language "which otherwise cannot be 
carried out." This language is inconsistent with the specifications. 

Capacity 

The Microsoft definition relates to hardware storage devices, a context that is 
irrelevant to use of the term in the relevant claim. 

Clearinghouse 

Microsoft's definition is inconsistent with use of this term in the specifications. 
See InterTrust's supporting evidence. 


Compares; Comparison 

Microsoft's definition is based on a particular type of processor operation, a 
context that is not discussed in the specification and not required by the claim. 

Component assembly 

Microsoft's definition incorporates a large number of restrictions based on 
specific embodiments and ignoring alternate embodiments. 

Contain, contained, containing 

Microsoft's definition requires "physically" or "directly" storing, and 
distinguishes Addressing. This is inconsistent with use of the term in the specification. 

Control (n.); Controls (n.) 

The Microsoft definition incorporates a large number of restrictions based on 
specific embodiments, and ignores alternate embodiments described in the specifications. 

Controlling; Control (v.) 

The Microsoft definition incorporates limitations that are not required by the 
specification, including limitations contradicted by use of the term in the specifications 
and by disclosed embodiments. 

Copied file 

The Microsoft definition improperly distinguishes "copied file" from "copy." 

Copy, copied, copying (v.) 

The Microsoft definition is internally inconsistent, since it both prohibits and 
allows changes in the reproduced file. That definition also incorporates examples that are 
inconsistent with use of the terms in the claims. 

Copy control 

The Microsoft definition is inconsistent with use of this term in the claim. 
Data item 

The Microsoft definition incorporates limitations not present in the InterTrust 
definition. These limitations are not required by the specification or normal use of the 
term in the art. 



Derive, Derives 

The Microsoft definition requires retrieval, a concept not required by the 
specifications or use of this term in the claim. 

Descriptive data structure 

Limitations in the last two sentences of the Microsoft definition are inconsistent 
with described embodiments and are not required by the specifications or use of the term 
in the claims. 

Designating 

The Microsoft definition does not apply to this term, but instead to the claim 
phrase in which the term is found. That claim phrase is separately defined. 

Device class 

The Microsoft definition is inconsistent with the definition given to this term 
during prosecution. 

Digital file 

The Microsoft definition is overly restrictive. The limitations is incorporates are 
not required by the specification, use of the term in the claims or general use in the 
relevant art. 

Digital signature; Digitally signing 

The Microsoft definition of digital signature requires that the string be 
"computationally unforgeable," a characteristic that is impossible to obtain. The 
Microsoft definition of digitally signing requires a secret key, and also includes 
significant background discussion not necessary for the definition. 

Entity's control 

Microsoft's definition improperly requires control of a "particular use of or access 
to particular protected information by a particular user(s)." No such requirements are 
imposed by the term, the claim or the specifications. 

Environment 

Microsoft does not appear to have provided any definition for this term. 


Executable programming; Executable 


Microsoft's requirement of "machine code instructions" is inconsistent with use 
of this term in the specifications. In addition, Microsoft's definition of "computer 
program" imposes limitations not required by these terms. 

Execution space; Execution space identifier 

Microsoft's definition of Execution Space is inconsistent with the explicit 
definition given to this term during prosecution. Microsoft's definition of Execution 
Space Identifier improperly requires "unique" identification. 

Governed item 

Microsoft's definition of Governed Item requires arbitrarily fine granularity and 
control of "access and use by any user, process, or device." Neither the term nor the 
specifications require such limitations. 

Halting 

The Microsoft definition requires execution be "unconditionally" stopped. The 
specification imposes no such requirement, and the Microsoft definition appears to be 
based on a particular type of instruction that is not mentioned in the patents. 

Host processing environment 

The Microsoft definition incorporates the term "VDE node," a term that is itself 
defined at great length, incorporating numerous improper limitations. The Microsoft 
definition also improperly incorporates restrictions based on privileged mode versus user 
mode, and "loaded" software. In addition, the Microsoft definition improperly excludes 
hardware. 

Identifier, Identify, Identifying 

The Microsoft definitions improperly restrict these terms to "particular instances." 
Including 

The definitions are consistent, except that the hardware portion of Microsoft's 
definition requires "physically present within." This is inconsistent with use of the term 
in the claims. 

Information previously stored 

Microsoft's definition would render the claim nonsensical, since it would require 
a comparison involving information that is no longer available for the comparison. 



Integrity programming 

The Microsoft definition is internally inconsistent, improperly incorporates the 
term Executable Programming and improperly defines integrity as excluding all 
alterations. 

Key 

Microsoft's exclusion of "key seed or other information from which the actual 
encryption and/or decryption key is constructed, derived, or otherwise identified" is 
inconsistent with the specification and general use of the term in the relevant art. 

Load module 

Microsoft's definition imposes numerous limitations beyond those identified in 
the InterTrust definition. Those additional limitations are not required by the term and 
are inconsistent with embodiments disclosed in the specifications. 

Machine check programming 

The Microsoft definition improperly requires Executable Programming and a 
"unique 'machine signature' which distinguishes the physical machine from all other 
machines." These limitations are not required by the term. 

Opening secure containers 

The Microsoft definition improperly distinguishes "opening" from decrypting, 
and improperly incorporates limitations based on a particular embodiment of opening. 

Operating environment 

See Processing Environment. 

Organization, Organization information, Organize 

The Microsoft definitions improperly incorporate concepts related to physical 
storage. 

Portion 

The Microsoft definition improperly implies that presence of a "portion" excludes 
presence of the whole. 


Prevents 


The Microsoft definition requires a level of certainty that is inconsistent with the 
specification and impossible to obtain. 

Processing Environment 

The Microsoft definition incorporates a specific embodiment and would exclude 
other embodiments disclosed for this term. 

Protected processing environment 

The Microsoft definition incorporates at least several dozen highly restrictive and 
unnecessary limitations, and appears to combine restrictions from multiple separate 
embodiments. 

Protecting 

The incorporation of Security into the Microsoft definition is improper, since that 
term is considerably more general than the manner in which Protecting is used in the 
claim. 

Record 

The Microsoft definition includes limitations beyond those incorporated in the 
InterTrust definition. These added limitations are not required by use of this term in the 
claims, specification, or art. 

Required 

The Microsoft definition implies a degree of absoluteness that is inconsistent with 
the specification. The second sentence of the Microsoft definition is unsupported by the 
specification or normal use of the term. 

Resource processed 

The Microsoft definition improperly requires a "shared facility," and that the 
resource be "required by a job or task." These are not required by the claim or 
specification. 

Rule 

The Microsoft definition improperly distinguishes Rules from Controls, and 
imposes an unsupported requirement that a Rule be a "lexical statement." 


Secure 


The Microsoft definition requires absolute protection against all possible threats, 
and is therefore inconsistent with use of the term in the specification, the claims, and the 
relevant art. 

Secure container 

The requirements imposed by the Microsoft definition are either inconsistent with 
the specification or ignore disclosed embodiments. 

Secure container governed item 

The Microsoft definition imposes a requirement of absolute security that is 
inconsistent with the specification and ignores alternate disclosed embodiments. 

Secure database 

The Microsoft definition improperly defines "database" in accordance with one 
particular type of database, and improperly imposes a requirement of absolute security 
that is inconsistent with the specification. 

Secure execution space 

The Microsoft definition is inconsistent with and excludes embodiments of Secure 
Execution Spaces described in the specification. 

Secure memory 

Microsoft's definition of "memory" improperly excludes virtual memory. 
Microsoft's definition of Secure Memory includes numerous restrictions not supported by 
the specification. 

Secure operating environment, Said operating environment 

See Secure Processing Environment. 

Securely applying 

Microsoft's definition of "securely" is inconsistent with and excludes 
embodiments described in the specification. 

Microsoft's definition of Securely Applying improperly includes limitations from 
specific embodiments, as well as limitations not required by the specification or claims. 

Securely assembling 


The Microsoft definition incorporates limitations from specific embodiments, and 
ignores alternate embodiments not requiring those limitations. 

Securely processing 

The Microsoft definition improperly incorporates a requirement of a secure 
execution space. This requirement is inconsistent with embodiments described in the 
specification. 

Securely receiving 

The Microsoft definition is based on limitations taken from a particular 
embodiment and ignores alternate embodiments. 

Security level, Level of security 

The Microsoft definition improperly requires an "ordered measure" and 
persistence. The second and third sentences from the Microsoft definition are 
unsupported by any disclosure in the specifications. 

Tamper resistance 

The Microsoft definition improperly requires a tamper resistant barrier. 

Tamper resistant barrier 

The Microsoft definition describes a specific embodiment, and is inconsistent 
with alternate embodiments described in the specifications. 

Tamper resistant software 

The Microsoft definition improperly requires a tamper resistant barrier. 

Use 

The second sentence of the Microsoft definition improperly incorporates 
limitations from a particular embodiment. 

User controls 

The Microsoft definition is inconsistent with the claim and the prosecution 

history. 
Validity 


The Microsoft definition improperly incorporates the concept of "authentication," 
and applies only to data. 

Virtual distribution environment 

See Global Construction of VDE. 
Claim phrases 
193.1 

receiving a digital file including music 

The Microsoft definition includes numerous unnecessary limitations, including 
secure container, authentication a recipient and use of controls. 

a budget specifying the number of copies which can be made of said digital file 

The Microsoft definition improperly includes "copies" that are not "long-lived, 
decrypted or accessible." The Microsoft definition also ignores embodiments involving 
alternative control structures. 

controlling the copies made of said digital file 

The Microsoft definition improperly incorporates limitations from particular 
embodiments, ignores embodiments describing alternative control structures and imposes 
numerous limitations that are not supported by the specification or claim language. 

determining whether said digital file may be copied and stored on a second device 
based on at least said copy control 

The Microsoft definition incorporates numerous unnecessary limitations not 
required by the claim or the specification, improperly requires that "the" file, as opposed 
to a copy, be stored on a second device, excludes described alternative embodiments and 
requires an absolute degree of control that is inconsistent with the specification. 

if said copy control allows at least a portion of said digital file to be copied and 
stored on a second device 

The Microsoft definition's "explanation" of the branches makes no sense and is 
unsupported by the claim and , improperly requires that "the" file, as opposed to a copy, 
be stored on a second device. 

copying at least a portion of said digital file 



The Microsoft definition improperly distinguishes a "copy" and "the" file, and 
improperly excludes embodiments described in the specification. 

transferring at least a portion of said digital file to a second device 

The Microsoft definition improperly distinguishes a "copy" and "the" file, 
improperly requires that controls be executed and ignores alternative embodiments 
described in the specification. 

storing said digital file 

The Microsoft definition improperly distinguishes a "copy" and "the" file, and 
improperly requires storage of the entire file rather than a portion. 

193.11 

receiving a digital file 

The Microsoft definition includes numerous unnecessary limitations, including 
secure container, authentication a recipient and use of controls. 

determining whether said digital file may be copied and stored on a second device 
based on said first control 

The Microsoft definition incorporates numerous unnecessary limitations not 
required by the claim or the specification, improperly requires that "the" file, as opposed 
to a copy, be stored on a second device, excludes described alternative embodiments and 
requires an absolute degree of control that is inconsistent with the specification. 

identifying said second device 

The Microsoft definition improperly requires that the identification distinguish the 
device from all other devices, that controls be used and that a VDE Secure Processing 
Environment be used. 

whether said first control allows transfer of said copied file to said second device 

The Microsoft definition improperly distinguishes a "copy" from "the" file, and 
ignores embodiments describing alternative control structures. 

said determination based at least in part on the features present at the device 

The Microsoft definition improperly requires that all features be used, that these 
be "actual, current" features and improperly excludes device identifiers. 


if said first control allows at least a portion of said digital file to be copied and 
stored on a second device 

The Microsoft definition's "explanation" of the branches makes no sense and is 
unsupported by the claim and , improperly requires that "the" file, as opposed to a copy, 
be stored on a second device. 

copying at least a portion of said digital file 

The Microsoft definition improperly distinguishes a "copy" and "the" file, and 
improperly excludes embodiments described in the specification. 

transferring at least a portion of said digital file to a second device 

The Microsoft definition improperly distinguishes a "copy" and "the" file, 
improperly requires that controls be executed and ignores alternative embodiments 
described in the specification. 

storing said digital file 

The Microsoft definition improperly distinguishes a "copy" and "the" file, and 
improperly requires storage of the entire file rather than a portion. 

193.15 

receiving a digital file 

The Microsoft definition includes numerous unnecessary limitations, including 
secure container, authentication a recipient and use of controls, and the requirement that 
the step must proceed in both authentication branches is not supported in the claim. 

an authentication step comprising: 

The Microsoft definition improperly includes a requirement of an absence of trust, 
VDE controls and a VDE Secure Processing Environment. 

accessing at least one identifier associated with a first device or with a user of said 
first device 

The Microsoft definition improperly requires "securely" accessing, that an 
identifier identify a "single" user or device (but not "and"), VDE controls, and a VDE 
Secure Processing Environment. 

determining whether said identifier is associated with a device and/or user 
authorized to store said digital file 


The Microsoft definition improperly requires VDE controls and a VDE Secure 
Processing Environment. 

storing said digital file in a first secure memory of said first device, but only if said 
device and/or user is so authorized, but not proceeding with said storing if said 
device and/or user is not authorized 

The Microsoft definition ignores embodiments describing alternative control 
structures, and improperly requires that "the" file be stored, as opposed to a copy, VDE 
controls, and a VDE Secure Processing Environment. 

storing information associated with said digital file in a secure database stored on 
said first device, said information including at least one control 

Microsoft's definition improperly requires that the stored information be 
associated with the digital file but not the digital file's contents, VDE controls, a VDE 
Secure Processing Environment and that the step proceed regardless of the outcome of 
the authentication step. 

determining whether said digital file may be copied and stored on a second device 
based on said at least one control 

The Microsoft definition incorporates numerous unnecessary limitations not 
required by the claim or the specification, improperly requires that "the" file, as opposed 
to a copy, be stored on a second device, excludes described alternative embodiments, 
requires an absolute degree of control that is inconsistent with the specification, and 
requires that the step proceed regardless of the outcome of the authentication step. 

if said at least one control allows at least a portion of said digital file to be copied 
and stored on a second device, 

The Microsoft definition's "explanation" of the branches makes no sense and is 
unsupported by the claim and , improperly requires that "the" file, as opposed to a copy, 
be stored on a second device. 

copying at least a portion of said digital file 

The Microsoft definition improperly distinguishes a "copy" and "the" file, and 
improperly excludes embodiments described in the specification and improperly requires 
that the step proceed regardless of the outcome of the authentication step. 

transferring at least a portion of said digital file to a second device 

The Microsoft definition improperly distinguishes a "copy" and "the" file, 
improperly requires that controls be executed and ignores alternative embodiments 


described in the specification, and improperly requires that the step proceed regardless of 
the outcome of the authentication step. 

storing said digital file 

The Microsoft definition improperly distinguishes a "copy" and "the" file, and 
improperly requires storage of the entire file rather than a portion, and improperly 
requires that the step proceed regardless of the outcome of the authentication step. 

193.19 

receiving a digital file at a first device 

The Microsoft definition includes numerous unnecessary limitations, including 
secure container, authentication a recipient and use of controls. 

establishing communication between said first device and a clearinghouse located at 
a location remote from said first device 

The Microsoft definition improperly requires a communications channel and that 
the communications channel was "previously non-existent." 

using said authorization information to gain access to or make at least one use of 
said first digital file 

The Microsoft definition improperly requires that "all of the authorization 
information be used, VDE controls, a VDE Secure Processing Environment, and ignores 
embodiments describing alternative control structures. 

receiving a first control from said clearinghouse at said first device 

The Microsoft definition includes numerous unnecessary limitations, including 
secure container, authentication a recipient and use of controls. 

storing said first digital file in a memory of said first device 

The Microsoft definition improperly requires VDE controls and a VDE Secure 
Processing Environment. 

using said first control to determine whether said first digital file may be copied and 
stored on a second device 


The Microsoft definition incorporates numerous unnecessary limitations not 
required by the claim or the specification, improperly requires that "the" file, as opposed 



to a copy, be stored on a second device, excludes described alternative embodiments and 
requires an absolute degree of control that is inconsistent with the specification. 

if said first control allows at least a portion of said first digital file to be copied and 
stored on a second device 

The Microsoft definition's "explanation" of the branches makes no sense and is 
unsupported by the claim and , improperly requires that "the" file, as opposed to a copy, 
be stored on a second device. 

copying at least a portion of said first digital file 

The Microsoft definition improperly distinguishes a "copy" and "the" file, and 
improperly excludes embodiments described in the specification. 

transferring at least a portion of said first digital file to a second device including a 
memory and an audio and/or video output 

The Microsoft definition improperly distinguishes a "copy" and "the" file, 
improperly requires that controls be executed and ignores alternative embodiments 
described in the specification. 

storing said first digital file portion 

Microsoft's definition improperly distinguishes a "copy" and "the" file. 

683.2 

the first secure container having been received from a second apparatus 

Microsoft's definition improperly requires that the first secure container identify 
the apparatus from which it was received, and improperly argues that, in the absence of 
such jdentification, that container could not be distinguished from a container created at 
the site. Microsoft's definition includes numerous improper limitations, including 
authenticating a recipient and authentication occurring in accordance with VDE controls. 
The examples cited by Microsoft are misleading, since these are specific embodiments 
rather than general requirements. 

an aspect of access to or use of 

Microsoft's definition improperly excludes rules governing more than one aspect, 
improperly excludes access and use and improperly requires that the aspect be governed 
in relation to "any and all processes, users, and devices." 

the first secure container rule having been received from a third apparatus different 
from said second apparatus 


Microsoft's definition improperly requires that the first secure container identify 
the apparatus from which it was received, and improperly argues that, in the absence of 
such identification, that container could not be distinguished from a container created at 
the site. Microsoft's definition includes numerous improper limitations, including receipt 
in a secure container, authenticating a recipient and authentication occurring in 
accordance with VDE controls. 

hardware or software used for receiving and opening secure containers 

Microsoft's definition improperly requires a Secure Processing Environment and 
SPU, improperly requires "the same single logical piece of either hardware or software 
(as opposed to both), " and improperly requires authentication and VDE controls. 

said secure containers each including the capacity to contain a governed item, a 
secure container rule being associated with each of said secure containers 

The Microsoft definition improperly requires that rules be associated with secure 
containers, as opposed to governed items. 

protected processing environment at least in part protecting information contained 
in said protected processing environment from tampering by a user of said first 
apparatus 

The Microsoft definition is unsupported in the specification. It is contradicted by 
the claim and improperly requires numerous elements not required by the specification, 
including a Secure Processing Environment. 

hardware or software used for applying said first secure container rule and a second 
secure container rule in combination to at least in part govern at least one aspect of 
access to or use of a governed item contained in a secure container 

The Microsoft definition improperly requires a Secure Processing 
Environment/SPU, a "single" piece of hardware or software, assembly of a control and 
governance through VDE controls. 

hardware or software used for transmission of secure containers to other 
apparatuses or for the receipt of secure containers from other apparatuses. 

The Microsoft definition improperly requires a Secure Processing 
Environment/SPU, a "single" piece of hardware or software, assembly of a control and 
governance through VDE controls. The examples cited by Microsoft are misleading, 
since these are specific embodiments rather than general requirements. 


721.1 


digitally signing a first load module with a first digital signature designating the first 
load module for use by a first device class 

The Microsoft definition improperly requires that the digital signature be used as 
the signature key, that all load modules be signed and that certain devices not have keys. 

digitally signing a second load module with a second digital signature different from 
the first digital signature, the second digital signature designating the second load 
module for use by a second device class having at least one of tamper resistance and 
security level different from the at least one of tamper resistance and security level 
of the first device class 

The Microsoft definition improperly requires that the digital signature be used as 
the signature key, that all load modules be signed, that certain devices not have keys, that 
security levels be persistent and that security levels be greater or less than other security 
levels. 

distributing the first load module for use by at least one device in the first device 
class 

The Microsoft definition improperly requires transmission and that the digital 
signature accompany the first load module as distributed. 

distributing the second load module for use by at least one device in the second 
device class 

The Microsoft definition improperly requires transmission and that the digital 
signature accompany the first load module as distributed. 

721.34 

arrangement within the first tamper resistant barrier 

The Microsoft definition improperly requires that the arrangement be "executed 
wholly within the first tamper resistant barrier." 

prevents the first secure execution space from executing the same executable 
accessed by a second secure execution space having a second tamper resistant 
barrier with a second security level different from the first security level 

The Microsoft definition improperly requires that the second secure execution 
space be part of the protected processing environment, that security level differences be 
persistent and higher or lower than each other and that the "same" executable be 
executed. 


861.58 


creating a first secure container 

The Microsoft definition improperly requires a VDE Secure Processing 
Environment. 

including or addressing . . . organization information . . . desired organization of a 
content section. . . and metadata information at least in part specifying at least one 
step required or desired in creation of said first secure container 

The second paragraph from Microsoft's definition is inconsistent with the claim. 
The limitations imposed by the third paragraph are not required by the claim or 
specification. 

at least in part determine specific information required to be included in said first 
secure container contents 

The Microsoft definition improperly excludes other reasons for inclusion of the 
information and improperly requires specific values. 

rule designed to control at least one aspect of access to or use of at least a portion of 
said first secure container contents 

The Microsoft definition improperly requires that the rule be designed for 
particular contents, that the rule be used by VDE controls, the presence of a VDE Secure 
Processing Environment and that the rule is generated or identified based on the 
descriptive data structure. Microsoft's definition also excludes embodiments describing 
alternative control structures. 

891.1 

resource processed in a secure operating environment at a first appliance 

The Microsoft definition improperly requires a shared facility and a Secure 
Processing Unit with specific features. 

securely receiving a first entity's control at said first appliance 

The Microsoft definition includes numerous unnecessary limitations, including 
secure container, authentication, use of controls and encryption on the communications 
level. 

securely receiving a second entity's control at said first appliance 


The Microsoft definition includes numerous unnecessary limitations, including 
secure container, authentication, use of controls and encryption on the communications 
level. 

securely processing a data item at said first appliance, using at least one resource 

The Microsoft definition improperly requires a Secure Processing Unit including 
numerous limitations. 

securely applying, at said first appliance through use of said at least one resource 
said first entity's control and said second entity's control to govern use of said data 
item 

The Microsoft definition improperly requires a Secure Processing Environment 
consisting of a Secure Processing Unit and that the resource be a component part of a 
secure operating environment. 

900.155 

first host processing environment comprising 

The Microsoft definition incorporates limitations not required by the claim or the 
specifications, including limiting the host processing environment to only currently 
executing software. 

designed to be loaded into said main memory and executed by said central 
processing unit 

The Microsoft definition improperly requires that the software is capable of being 
loaded "only" in the main memory and executed "only" by the CPU. 

said tamper resistant software comprising: . . . one or more storage locations storing 
said information 

The Microsoft definition improperly requires that the storage locations be part of 
the machine check programming and that the storage locations must not store other 
information. 

derives information from one or more aspects of said host processing environment, 

The Microsoft definition improperly requires that information be derived from 
"hardware," and that the information "uniquely and persistently" identify the host 
processing environment. 

one or more storage locations storing said information 



The Microsoft definition improperly requires that the storage locations be part of 
the tamper resistant software and that the storage locations must not store other 
information. 

information previously stored in said one or more storage locations 

Microsoft's definition would render the claim nonsensical, since it would require 
a comparison involving information that is no longer available for the comparison. 

generates an indication based on the result of said comparison 

Microsoft's definition improperly requires that only two results be possible and 
that the indication is based solely on the result of the "compares" step. 

programming which takes one or more actions based on the state of said indication 

The Microsoft definition improperly requires executable programming, that the 
programming not be part of the host processing environment, that the programming must 
take an action regardless of the indicator state and that the action must be based solely on 
the state of the indication. 

at least temporarily halting further processing 

Microsoft's definition improperly requires that the host processing environment 
and all processes running in it be halted. 

912.8 

identifying at least one aspect of an execution space required for use and/or 
execution of the load module 

The Microsoft definition improperly requires that the identifier "define fully, 
without reference to any other information." 

said execution space identifier provides the capability for distinguishing between 
execution spaces providing a higher level of security and execution spaces providing 
a lower level of security 

The Microsoft definition improperly requires that the execution space identifier 
provides the load module with the ability to determine a level of security, and the 
presence of two higher and two lower levels of security. 

checking said record for validity prior to performing said executing step 


The Microsoft definition improperly requires that the record be checked before 
execution of any identified information, that evaluation occur within a VDE Secure 
Processing Environment, and that specific types of information be checked. 

912.35 

received in a secure container 

The Microsoft definition improperly requires "encapsulation" in a secure 
container, authentication in accordance with VDE controls and acceptance of the secured 
container. 

said component assembly allowing access to or use of specified information 

The Microsoft definition improperly requires that the component assembly 
operate by itself, that it execute in a VDE Secure Processing Environment and that the 
component assembly be dedicated to specific information. The Microsoft definition 
ignores embodiments describing alternative control structures and improperly 
distinguishes access and use. 

said first component assembly specified by said first record 

The first paragraph of Microsoft's definition defines this term in a restrictive 
manner with no support in the claim. Microsoft's second paragraph is devoted to a non- 
existent inconsistency created by Microsoft's restrictive definition. 

Claims as a Whole: 

In every case, Microsoft requires the system be a VDE or the method be 
performed in a VDE, This requirement is not supported by the language of any of the 
claims. 

Global Construction 

The language of the individual claims contains nothing to support the large 
number of restrictions imposed by Microsoft's "global construction." Those restrictions 
are unsupported by and in many cases contradicted by the specification. 

2. Digital Rights Management in general. Dr. Reiter will testify regarding Digital 
Rights Management technology, including encryption and tamper-resistance techniques. 
The nature and extent of such testimony will depend on the Court's decision as to the 
scope and format of tutorial presentations. 

3. InterTrust's patents and patent claims. Dr. Reiter will testify regarding the 
general nature of the InterTrust patents, and will summarize the claims at issue in the 
initial Joint Claim Construction hearing. The nature of that testimony will depend on the 


Court's decision as to ordering and format of testimony, but will be consistent with the 
testimony outlined above regarding claim terms and phrases.