Skip to main content

Full text of "USPTO Patents Application 09870801"

See other formats


I 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 


» FAX 415 387 7188 KEKER & VAN NEST Igl 003 


TABLE OF CONTENTS 


Page 

1 

3 


INTRODUCTION 

I. FACTS 

A. "Secure" Lacks a Clear Meaning in the Art • 3 

1. • To Give "Seciure" a Definite Meaning, a Number of Parameters 

Must Be Specified V 

a. What is to Be Protected? (Mitchell Questions 1 and 2) 5 

b. The Properties to be Protected. (Mitchell Question 3) 5 

c The Threats to be Protected Against (Against Whom, What 

Points of Attack, What Kind of Attack.) (Mitchell Questions 

4,5.and6)...„ - 

d The Duration and Degree of Protection. (Mitchell Questions 

7 and 8). ^ • -•" 

e. How Protection is Verified and Evidenced. (Mitchell 

Question 9) • - ^ 

f From Whose Perspective the System Is "Secure." (Mitchell 

Question 10) • • • 

B The InterTrufit Applicants Could Have Used the Claims or Specification to " 

Adequately Define "Secure" But Failed to Do So « 

I inteiTiust Has Not Defined "Secure" in the Claims or the 

Specification ° 

2. "Secure" Remains Indefinite Even When the Claim is Viewed in 

Light of the Specification -• ^ 

C. The Prosecution History Does Not Give Secure a Clear Meaning 1 1 

D. Indefiniteness of Certain Patent aaims is Highlighted by Errors Made In 

The Specifications ~ ■ 

1. The '683, '721 & '861 Patents Failed tp Properly Incorporate its 

"Big Book" by Reference. • 12 

2. None OfThe Patents Met The "hicorporationj By Reference" 
Requbements ••— J '■^ 

E. InterTnist Failed to Fulfill Its Obligation to Define the Claim Term 
"Secure" as Clearly as Possible - ; 

F JnterTrust's Proposed Markman Definition Confirms That "Secure" Is 

Indefinite 

G. Nor Is "Secure" Redeemed By The Terms It Modifies 1* 

H. ' foteiTrust's Coined Terms "Protected Processing Environment" And "Host 

Processing Environment" Are Also Indefinite 15 

1 The Terms "Protected Processing Environment" And "Ho st 
Processmg Enwonmenl" Have No Ordinary Computing Art 

Meaning • 

2 The Claims Do Not Provide Substance Or Context Sufficient To 
Provide Meaning To Either PPE Or HPE :- 


1 

2 

3' 

4 

5 

6 

7 

8 

9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 


k TAA oat I ±oo tvnr^iK at VAi> ncoi ity uufi 


TABLE OF CONTENTS 

: (continued) 

Page 

3 . The Specification Does Not Define The Term Protected Processing 
Environment 

4. The Term Host Processing Environment Is Not Defined In The 
Specification Either — 

m. ARGUMENT i 

A. Applicable Legal Staitdards ^ ^ 

1, Claim Indefini'teness Requires a Two-Part Test ^ .- 21 

2, "Secure" and Its Variants Are Indefinite Terms That Render flie 

Claims Containing Them Invalid,.. 21 

B. New Or Coined Terms Must B e Defined Or Otherwise Made Clear 23 

IV, CONCLUSION J - • 


I 

I 


•ii- 


■ 

1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


FAX 4^5 397 718 8 


KEKER & VAN NEST 


I^OOS 


TABLE OF AUTHORITIES 
FEDERAL CASES 

Advanced Display Systems, Inc. v. Kent State University, " 
212 F.3d 1272 ■• 

Amgen. Inc. v. Chugai Pharmaceutical Co., ^, 
927 F^d 1200. • - ^'■"^^ 

Amgen Inc. v. Hoechst Marion Roassel. Inc., 

314 F.3d 1313 

Application ofLechene, oo 
277 F2d 173 ■ • 

Ez parte Brummer, -» 
■ 12 U.S.P.Q.2d (BNA) 1653 • " 

InreCohn, _ i\ 
58 C.C.P.A. 996, 438 F.2d 989 21 

In re de Seversky, . _ 

474F.2d671 : • 

Exxon Research and Engineering Co. v. United States, 

265 F.3d 1371 

General Electric Co. v. Wabash Appliance Corp., 

304 U.S. 364,585.01 899 • 23 

J.T. Eaton & Co. V. Atlantic Paste & Glue Co., 

106 F.3d 1563 

LA. Gear, Inc. v. Thorn McAn Shoe Co., or 
988 F.2d 1117 .- • 

Morton International. Inc. V. Cardinal Chemical Co., 

5 F.3d 1464 • •■ - " 

Seattle Box Company, Inc., v. Industrial Crating & Packaging. Inc., 

731F.2d818 • ^' 

Shauerproof Glass Corp. v.Libbey-Oviens Ford Co., 

758F2d613 2. 

Tex. Digital System v. Telegenix. Inc., 

308 F.3dll93 " 

Union Pacific Resources Co. v. Chesapeake Energy Corp., 

236F.3d684 ^■ 

United Carbon Co. v. Binney & Smith Co., 

317U.S.228 ■ 


-Ill- 


0 3/17/03 17: 34 FAX 41 5 3a7 7188 lUiKhlK & VAN NBST IfflUOB 


1 
2 
3 

4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
•21 
22 
23 
24 
25 
26 
27 
■ 28 


TABLE OF CONTENTS 


FEDERAL STATUTES 


35 U.S.C.§ 112,^2. 


Page 

,1,20,24 


-IV- 


03/17/OJ 17:34, FAX 415 397 7188 


KEKKK & VAN NKST 


1 

2 
3- 
4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

Herrincton k 
SutcliffbLLP 

ATTVUttn AT La** 


I. TNTRODUCnON 

The InterTrust patent claims' use of the vague tem "secure" and its variants 
rr^ts them textbook illustrations of the danger of indefiiute claims. Without a definitioa of this 
malleable core tenn, persons of skill in the art cannot determine the scope of patent coverage. 
THs is precisely tlie situation prohibited by 35 U.S.C. § 112's requirement of ^particularly 
pointing out and distinctly claiming" the alleged invention. The purpose of the claims is to define 
the metes and bounds of the exclusive right that the public grants in exchange for the patentee's 
full disclosure. Where those boundaries are bluiry. others axe deterred from entering the field, 
allowing the patentee to exclude competition beyond the scope of the claimed invention. The 
InterTrust patent claims using "secure" and its variants violate the bargain vdth the pubUc in this 
fashion, and should be found fataUy indefinite and, therefore, invalid. 

InterTrust's testifying expert concedes that "security" is an "essential aspect" of 
the "invention." InterTrust's so-called "Virtual Distribution Enviromnenf ' ("VDE"). Declaration 
of Eric L. Wesenberg, Ex. A, Reiter Depo.. 23:21-24:9.' "Secure." or some close derivative 
thereof, appears in virtually every disputed claim. Reading Claim 1 of U.S. tatentNo. 5.892.891 
("the '891 patent") demonstrates the extensive use of the vague term "secure": 

A method for using at least one resource processed in a secure 
operating enviroomeat at a first appliance, said method 
comprising: securely receiving a first entity's control at sad first 
appliance, said first entity being located remotely firom said ^ ^ 
operating environment and said first appUance; securely receiving 
a second entity's control at said first appliance, said second entity 
being located remotely from said operating environment and said 
first appliance, said second entity being different firom said first 
entity and securely processing a data item at said first appliance, 
using at least one resource, including securely applying, at said 
first appliance, through use of said at least one resource said first 
entity's control and said second entity's control to govern use of • 
said data item. (Emphases added.) 

Ex. P, Claim 1. This claim uses four different, and five total, instances of this term or its variant 
Neither tlie claims nor the rest of the patents define what it means for something to be "secure" or 
to be done "securely." "Secure," in the art, is ahiglily general, relative and multifeceted tenn 

-Hereinafter, all cites to exhibits ("Ex.") are to e:diibits attached to Declar^on of&ic L. 
Wesenberg in support of Microsoft's Motion for Summary Judgment that Certain Mmi- 
Markman Claims are Invalid for Indefiniteness. 


DOCSSVl 224932.1 


MICROSOFT'S BJUEF W SUPPOM OF MOflOH FOR 
SUMMARY nroOMENT THAT CEMAIN "UM-tUIUMAI^' 
CLAIMS ARB INVAUD PCS. INDBFINTTB4EaS. COl-lWQ 


17: 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
2i 

i: 

2! 

Ntc 


FAX 415 397 7188 KKJtKK. jjt. VAN MibT . leiouo 


AThich. wilhoutmore specific definition, fails to have a clear or even useful meaning: In all tbeir 
hundreds of pages of single-spaced description, the patents never clearly or consistently define 
^secure;' nor the composite terms using secure (e.g.. "secure container"), nor the related coined 
terms deriving from tlie same concept; "protected processing environment" and "host processing 
environment" 

The extrinsic evidence - both testimonial and documentary, both Microsoft's and 
InterTrust's - is in complete agreement: "secure" corresponds to a general concept in lie 
computer field, which lacks specific meaning and standing alone may apply to numerous specific 
scenarios depending on the properties to be "secured." the particular threats posed, the means 
used, the degree of protection needed, the perspective from v/hich one views "security." and so 


on. 


Both parties' experts have testified that "secure" can take on a definite meaning 
within the context of a "security policy," which defines the parameters and sets objective criteria 
for determining whether they have been satisfied. Computer scientists have developed a number 
of models for objectively evaluating the security of different systems and architectures, at least 
one of which is mentioned (TCSEC), but not employed, in InterTrust's '193 p^tent.^ InterTnist 
could easily have defined a security poUcy using any of these models. Instead, it left "secure" 
inscrutable throughout the patents. 

The problem is not that it's difficult to discern the true meaning of these claim 
terms. It is impossible. For the reasons set forth herein. Microsoft asks that the Court find the 
claims containing "secure" (including its variants), "protected processing environment" or "host 
processing environment" invalid for indefiniteness. 
///. 
/// 
III 

> For efficiency all references to "the specification" are to the specification of U. S. Patent No. 
/•j -fi -193 natent") ffixQ) The '193 specification reproduces, nearly identically, the 

Si k-^rigii^ agffifc^tSi^ 900+Vge applica?on filed in 1995> Each of ti.e 
patents at issue hereiA either expressly reproduce the same text m &eir specifications, or attempt 
to incorporate it by reference (though not successfully, see infra § H. D.). ^^^^^ 

f J ^ ^nCHOSOFT'SBHET IN SUWOSTOT MOTION FOR 

. 2 - SUMMARY JUDflMEhfTTMATCERT/MN 'tma-MUXtwr 

D0CSSV1224S32.1 cUJMS AS£NVAUnFOKINDEFlMlIENESS- COl-1640 


03/17/O j; 17! 35 FAX 415 397 71 88 


KEKER & VAN NEST 


.1^009 


a FACTS 

^ " Secure" Lacks a Clear Meaniag i n the Art. 

■ ThemostpeivasiveindefimtetermintheInterTmtpatcntsis«secu^^^^ 

various forms. Indeed, the provision of "security" >vhile enabUng the flexible distribution. of 
digital information is the stated goal of the entire invention. To construe "secure," the Court must 
look to the ordinary meaning (if one exists) that v/ould be attributed to the term by a person of 
sidll in the art Tex. Daisys, v. Telegenix. Inc. 308 F.3d 1193. 1202 (Fed. Cir. 2002). The 
iixtrinsic and extrinsic evidence, including InterTiust's own statements "and those of its expert, 
estabUsh that while communicatine a general or conceptual meaning, the term "secure" laclcs a 
any precise, uniform definition to infomi a person of skill in the ait what it means unless a , 
number of questions are answered. Because InterTmst never provides the needed answers, it is 
impossible to determine the scope of the claims. 

"Secure memory" for instance, is no clearer a phrase than a "secure car." At first- 
blush, one hearing the phrase "secure car" might think of a car equipped with features that make 
it difficult or impossible to steal, such as a club, an alarm siren, and or an ignition «Tdll switch." 
Only later in the conversation, hearing the speaker refer to bulletproof glass, shielded wheels, and 
reinforced doors would the listener realize that "secure" means something entirely difEsrent: The 
car is in feet designed to protect passengers from attack (to transport diplomats aud heads of 
state). Even after the type of security is identified, different particular combinations of security 
measures wiU qualify the car as "secure" in the eyes of different customers. Simply referring to a 
car as "secure" feils to delineate the obj ective of that security, the t)!pe of security needed or the 
measures used to achieve it. Nor does the descriptor "secure" disclose the perspective from 
which "security" is being assessed. A parking enforcement officer might consider a booted 
vehicle "secure" {i.e.. ftom removal by its owner), while the owner might viewit as "insecure" 
since it allowed someone to tamper with its wheels. Another variable might be the length of time 
the car would have to withstand the measures it is designed to resist. From this simple metaphor, 
tlie relative, multifaceted and undefined character of "secure" is readUy apparent. 


HERftlN^N & 
SuTCLlPPfi LLP 

StUCOf V*UtY 


DOCSSVl:224932.1 


MICROSOFT'S BWBF £N SUPPORTOPMOnON FOB. 

. 3 - SUMMARY JUDOWarr THAT CE31T-AIK "MM-AWWCW^ 

CLAIiXS aMIMV ALIO FOE rNDErtSTrrH>JESS- C014640 


03/17/0 3 1 7 i 35 FAX 415 397 7188 


KEKER & VAN NEST 


I£|U1U 


1 
2 
3 
4 
5 

7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

.SUTO-IPPS 
ATTOIWCVS ATUw 
StLteOH VAtLTT 


What is true in the vernacular applies with even greater force in the computiDg arts 
- "secure" needs definition along multiple axes to have a precise meaning. Deponents skilled and 
experienced m the field have spoken on this point InterTrust's own expert, Dr. Michael Reiter. 
testified that "'secure' is a fairly general- term that's used in the art for - in several different . 
ways." EX.A. Reiter Depo..at30:ll-19. Asked to describe them. Dr. Reiter responded, "Oh. my 
gosh. Alltheways. I can enumerate several ways I can think of on the fly. I donltknowthatl 
canenumerate^verythinglwoulddoif lhadmoretime." /ti. at 31:10-17. Microsoft's expert, 
Prof. JohnMitchell, agrees, identi^g ten different variables (discussed below) that mustbe 
knowntodeterminewhatismeantby-secure." Declarationof JohnMitchell in Support of 
Microsoft's Motion Summary Judgment that Certain «Mini-Marfe«an" Claims are Invalid for 
Ixidefiniteness ("Mitchell Been at 8-11. Others involved in this industry, including some who 
have done, or do. business with InlerTrust have testified to similar effect: 

. MusicMatch; stated that in order to know whether a sy^ is ««^«>^^« 
woSd have to know what the content provider for that system mtended. 
and thus "security" as it applies to a particular system =^.fht ^leai 
something completely different from the same tsim apphed to a different . 
system. Ex. C. Jim McLauglilinDepo., p. 55:1 4-25. 

, Envivio; stated that "secure-; "doesn't mean anyt^^^^ 

a general concept" Ex. D, Julian Signes Dqjo at 40:22-41 .Z mai 
Xd whether '^t would be necessary ... ^ ^« '^'^f 'l^I^f 

implementation of . .. security to understand wheAer or not a system is 
secure," Mr. Signes answered, "yes, of course. Id, at 41 :3-U. 

. A leading authority in the field has written that "[w]ithDut a precise _ 
deSS of what security means an4 how a comput^ can b^^^^ 
meaningless to ask whether a particular computer ^stem is s««re. Ex. E, 
CarlE. Landwehr, "Formal Models for Computer Security, ACM 
Computing Surveys, v.l3 no. 3 (1981). 

. "When someone states that 'My computer is secure.' that slatem«it may 
very well mean distinctly different thmgs to different people, tx. 

Sm Model, ffiEB Symp. on Security & Privacy, 1984. pg. 195. 197. 
1. To give "Secure" a T)efmiteMeg "i"fi a T-Tamber of Parameters Must 
Be Specified . 

John Mitchell, a Professor of Computer Science at Stanford University, has 
identified ten parameters that persons of skill in the art would need to know m order to have a 
shared understanding of the meaning of "secure" in any given instance: (1) what types of things 

MICROSOFT'S flWEP IK SUPPORT OP MOTION FOR 
- 4 - SUMMARY JUDGMB^ THaTCERTAJN ^IINI-WXAAW/V 

DOCSS VI :12493Z I tNVAUD VO^ IND£nMTTE>iESS - C 01 -1 640 


1 
2 
3 
4 
5 
6 
7 
8 
9- 
10 
1.1 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

tc 

LP 


or actions are protected; (2) what specific things or actions are protected in the system in 
question; (3) what properties of those things are protected; (4) against whom; (5) against what 
points of attack; (6) against what kind of attack; (T) for how long; (8) to what degree of 
protection; (9) how is protection or the loss thereof evidenced; and (10) the perspective (or 
perspectives) from which "security" should be considered. Mitchell Dec!., 8-11 and /jo^ji/ti. To 
be able to evaluate whether an actual system is "secure," people of skUl in the art must first reach 
a common understanding of each of these variables, as discussed belbw. 

a. What is to Be Protected ? 
(Mitchell Questions 1 and 2) 

The first variable is, what is being protected? 3^6e Mitchell DecL, at 9. Is the user 
being protected from untrusted data, or is data being protected from untrusted users? Id, How 
"secure" is understood by people of skill in the ait is influenced in the first instance by what one 
is trying to protect, and here the claims force them to guess. InterTrust has at least partly 
admitted that this is true. InterTrust objected to answering a Request for Admission that "a 
password-protected file is secure," on the ground that it was not told, inter alia, *the value of the 
information in the file." See Ex. G, InterTrusf s Response to Microsoft Request for Admission 
101, In InterTrust's view, in other words, tlie presence or absence of "security" depends on the 
nature of the thing to be protected. For a high-value item, a password requirement alone might 
not be enough to make the item "secure," while the same barrier might suffice to ensure the 
"security" of a low-value item. 

b. The Properties to be Protected . 
(Mitchell Questions) 

The next crucial component of security is which attributes of the protected items 
are safeguarded. The different properties include: 

• secrecy (or. "confidentiality") - maintaining the secrecy o f dau so that its 
meaning is not learned by unauthorized parties; 

• integrity - ensuring that data may not be altered or destroyed by 
unauthorized parties; 

• availability - ensuring that authorized parties can use the computers' 

MTCaOSOPT'S BRIEF IN SUPPORT OF MOTION FOR. 

fSnr<:wi.l2d5311 -5- suM^^Y ^UPaME^^ TI^AT CERTAIN 

DOCSSVia24932,l cUOMS WALffi FOR INDEPlHimiESS - COM640 


in 

1 
2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
2S 
III 


systems and data when desifed; 

authenticity- ensuring accurate proof of the identity (or perhaps other 
characteristics) of the author or sender of a message or data; 


• non-repudiation -preventiiig denial offee origination or receipt of 
messages by parties. 

Mitchell Decl, 9-10. AOL and MusicMatch agree that security mcludes one or more of these 

components. AOL; Ex. H, Saccocio Depo., 30:8-31:16 (confidentiality, integrity, non- 

refutability. authentication); MusicMatch; Ex. C, McLaughlin Depo.. 34:16-35:14 Cmtegrity, 

authentication, non-repudiation, but not necessarily secrecy). So does InterTmst's expert, who 

testified that "secure" could be defined nairowly to include a smgle criterion, "secrecy." or in 

contrast, requiring satisfacti on of the "Common Criteria," a multi-criteria framework for 

identifying security requirements and evaluating systems and whether they meet those 

requirements. Ex. A, Reiter Depo., 31:22-25, 32:15-20; MitcheU Dec]., at 7, a. 1 {see also 

http://www.cominoncriteria.org). Any one of these feahires alone, or any coiribination of them 

might suffice to create a "secure" system, depending on the context The assurance of 

"avMlabUity" might be integral to the meaning of "secure" for one user, but not for another user 

with different priorities, as Dr. Reiter testified: 

Q: How about availability of information? Are you familiar 
wi th. the concept of availability in.. . 

A. Sure, sure. 

Q. Are there some senses ofthe word secure where ensuring 
availability is required and other senses of the word secure 
where ensuring availability is not required? 

A. Yes, I'd say that's true. 

Ex. A, Reiter Depo., 36:9-1 8 (objections and ofter non-substantive matter omitted). 

c. The Threats to be Protected Against (A gainst Whom. What 
Points of Attack. What Kind of Attack. ) 
(Mitchell Questions 4, 5, and 6) 

Further crucial variables in defining "secure" are the types of attackers, the 
different possible points of attack, and the types of threats posed. MitcheU Decl., at 10. A system 
billed as "secure" against attack by outsiders might not be "secure" for a customer requiring a 

MlCftOSOFT'SBBJEFIHSUIVOllTOFMOnONPOl . 
nnre<!Vt .11A<.« l - 6 - SUMMARY nJDOMEKTTXAT CERT AIH 'imil-UUUWAf/' 

DOCSSVia24932,l qaIMS Wl£ WVAUDFOROffiEFINnWNESa - C0W«O 


03/17/03 17:35 FAX 415 387 71 88 


KBKK K & VAN NKST 


ieiU13 


I 
2 
3 
4 
■ 5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 

" 

17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
• 27 
28 

HSKMNCTON & 
SUTCttrfs LLr 

Mtufciicti AT t**4 • 


system that even insiders cannotmisuse, or for a customer who requires protection not against its 
own employees but against a category of outsiders possessing certam identified information about 
the system or other special resources. See, e.g. Mitchell Dec!., at 10. 20. 31. 34 (regarding 
"secure memory" "secure container," "secure operating enviromnent" etc.). 

The types of threats one has in mind aie essential to defining "secure." As 
InterTrust itself argued in response to Miaosofl Request for Admission that "apassword- 
proiected file is secure." one must know, inter alia, "the threats against which the file is to be 
protected." Ex. G. lnterTmst's Re^onse to Microsoft Request for Admission 101. 
InterTrust's expert echoed this view, testifying that; 

"secure" is used as a general term to refer to protection against 
iSe an^ Sferenle, and to truly evaluate that security you 
often need to be more precise about the sorts of roMuse and 
in e?fSrence you are concerned with, the Areat models or the 
ihreats to which a system or primitive is likely to be subjected, 
and the mechanism by which you protect that system. 

Ex. A, ReiterDepo., 33:17-34:5 (emphasis added). 

d. The Duration and Degrft c of Protection. 
(MitcheJl Questions 7 and 8) 

The duration and degree of protection are also prerequisites to understanding the 
meaning of'secure" in the art Mitchell Decl., at 10-11. Withstanding an hour-long attack, or an 
attack employingacertain level of computing power might be sufficient in onecontext. but not 

another. Mitchell Decl.. at 10. As to degree of protection, America Online' s. Director of Rich 

Media agreed that some notion of degree is needed to understand "secure": 

0- But they [the criteria for "security"] can be met sufBcient so 
that it's meaningfiil within this industry to use the term 
"secure," can they not? 

A: It's a vague term. I know if s frustrating, but it is. Security 
is a vague term. How much security is a better question. 

Ex. H, Deposition of Damian Saccocio, 40:12-17. 

/// 


/// 

DOCSSVl:224Ml.l 


MICROSOFT' E BWEf (K SUPPOKTOF MOTION FOK. 
SUMMAJIV WDOMEKI THAT CHIT AW "MINl-MMAa««" 
CLAIMS miWVAtro FOR iMOSnN-ITENESS- C 01 -1640 


03/17/03 . 17:3eFAX 41 5 397 718 8 ... 


_KEKER » YAH l^feSI . 


1 

2 
3 
4 
5 
6 
7 

• 8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
■ 23 
24 
25 
26 
27 

• 28 

HERWNCrON tc 
SUVCUFfC ILP 

ATTOlMtTt atUaw 


c How Protectinn is VerifieH and Evidenced. 
(Mitchell Question 9) 

"S ecurity" also depeuds on the maimer in which continued protection, or the loss 
thereof, is or is not measured, tested, proven or evidenced analytically. Mitchell DecL, 11. 

f. From Whose Pr-rsnective thf System Is "Secure." 
(Mitchell Question 10) 

Finally, the perspective 6om which "security" is viewed-is crucial. A system can 
be "secure," or not, to a content ovmer, the system administotor, and or the authorized users. 
^4itchell Dec!., at 1 1 . Take for example, the case of a user who downloads a music file for a fee. 
which she pays electronicaDy. using her credit card. If a third party tries to intercept the credit 
card irrformation and make an additional, free copy of the dowijoaded file for himself, different 
outcomes could be viewed as "secure" by the different parties to the transaction. If the third party 
successfuUy copi es the file, but not the credit card informatioii, then the system might be 
considered "secure" from the perspective of the customer, but not the vendor. I£ on the other 
hand, the attacker fails to copy the file, but does obtain the credit card informatiox:, and the 
system merely detects the unauthorized intrusion, then the vendor might consider the system 
"secure" while, from the customer's perspective;, it is "insecure" - or at least the customer wiU 
see it that way, if she later learns of the theft. 

B The TnterTrust A p plirants Conid Have Used the aaims or Specification to 
Adeouatelv Define "Secure " ga^ed to Do So. 

1. TnterTrust H?" Nat Defined "Sccare" in t he Claims or the 
Specification. 

InterTrust could have chosen to define the term "secure" but didn't Ten of the 
twelve claims at issue employ the word "secure" in some form, yet none of them defines it. Ex. J. 
JCCS Ex. H. They estabUsh no security policy and no criteria that would answer the ten 
questions discussed above. 
//J 
III 
til 


DOCSSVl;?H932.l 


MUMSOFT'S BUEF IN SUPPOST OF MOTION TOR 
8 - SUMMARY WOCMENT THAT CERT AIH "USM-HMriWr 

CUIMS A*E INVALID FOR INOSTOJ^nH^ESS- COl-1640 


ua/i7/u3 iy;3b t/u 4ia • an fisi 


Hihtihu. 8i VAN nuifi: 


1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21. 
22 
23 
24 
25 
• 26 
27 
28 

OIRICK. 
HtRUNCTOlX k 
SUTCHm LLF 
ATTOMtn AT U«w 


i from which 
"Secure" to the 


2. » s>.«rp" Remaipp TnH^finiie Even m ^n tht Claim is Viewed in Light 
nffhP S pecification. 

Though "secure." and its variants, as used in the claims, lack requisite definiteness. 
the claims could still be saved from indefiniteness if "those skilled in the art would understand the 
scope of the claim when the claim is read in light of the rest of the spedficalion." Union Pac. 
Resources Co. v. Chesapeake Energy Corp., 236 F.3d 684 (Fed. Or. 2001). Far from curirg the 
problem, however, the patent specification compounds it It contains no uniform security policy, 
no uniform criteria for security, and no glossary. It uses "secure" and -security" in multiple, 
vague and incon^t senses, giving the potential entrant into the field no more clarity than do 
the claims alone. 

The Specification Describes Multiple Perspertives : 
«.Secure" Might Be Measured, and Indexes "Secun 

Unpredictable Needs of DifferentTJsers 
The specification uses "secure" in a feshion that is impossible for a person of skill 
in the art to understand beciuse it depends on the unpredictable and varying needs of potential 
customers. In other words, "secure" cannot be defined completely by looking at the patent 
documents in light of the art Initead. the ' 193 specification (Ex, Q) defines "secure" in terms of 
whatever the market may be seeking, which changes over time and has no fixed technological 
meaning: 

. THe level of security and tamper resistance required ^9' ^^^^^TO ^dmre 
processes depends on the ^n^f^^ «9"«»?«| of particular markets or 
market niches, and may vary widely. ('193 at 49:59-62) 
. "a "sufficiently" secure (for the intended appUcalions)cnvirorunent" 
('193 at 45:23-24) 

. "with sufficient security (sufficienUy tnisted) for the intended commercial 
purposes" ('193 at 45:43-45) 

. Development of such a standard has many obstacles, given the s^u^ 
requirements and related hardware and "^^'^^""^^S^i 
differine environments, information types, types of fnpnn^^'^^.'^Jf' •„ „r . 
bSf SSa security goals, varieties of participants, and properties of 
delivered information. ('193 at 15:67-16:5). 


OOCSSVI -.124932.1 


MlCROSOfT'S ^ W SUTPORT OTWTT^ WR 
CpUMSA«BIN)'AUDro!I.INDEF)hOTB<ESS- COl-lWB 


oo/i#/uo ii:oo rAA «io ovi iioo 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 

11 

12 
13 
14 
15 
• 16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

HEKftlNCTON flc 
SUTCUrFtLLP 
ATTOUiui AT Law . 
SIUCX3H Vi^LLll 


b) The Specification Mentions Different and Inconsistent Secure 
Properties 

The specification suggests several different security properties denoted by 
"secure" vvithout committing to any of them. For example, "secure'' could mean that an item or 
•process is simply encrypted ('193 at 126:6-7), or "encrypted and tagged" {id. at 22:18-19), or 
"encrypted and authenticated" (id at 45:39-40), or not encrypted but ^otherwise secured such 
as by employing authentication and/or enor-correction" (id at 63:37-39), 

c) The Specification Mentions Many Different and Inconsistent 
Degrees of Security 

The specification uses at least a dozen adjectives apparently identifying different 
"levels" of security - truly secure ('193 at 80:3 1, 81:14, 88:38); extremely secure (*193 at 67:21); 
highly secure C 193 at 22:16, 23:49, 36:9-10. 41:34, 67:19,77:30, 104:63, 132:63,203:66, 
232:47. 233:4); commercially secure (* 193 at 2:20, 47:6); adequately secure C 193 at 12:50); 
acceptably secure ('193 at 129:25); sufficiently secure ('193 at 9:12, 16:25, 21 :48, 28:47, 49:41, 
207:20. 249:51); appropriately secure ('193 at 77:16); physically secure ('193 at 13:20); 
sufBcienUy physically secure ('193 at 13:20); cryptographically secure (493 at 202:44); 
continually secure ('193 at 32:4); relatively secure C193 at 63:66); non-secure ('193 at 26:22, 
49:10. 62:44. 73:56, 78:16. 77:43, 80:13. 80:20, 81:19, 120:38. 139:59. 229:20); possibly less 
secure CI 93 at 80:33). 

Though the meaning of these different degrees of security is unclear, it is evident 
that the degree of security, like the type of security, is a function of unpredictable factors in the 
marketplace outside tlie "world" of the patent. For instance, tlie patent claims that "[d]irect attack 
on these [c^togr.aphic) algorithms is assumed to be beyond the capabilities of an attacker. For 
domestic versions of VDE 100 some of this is probably a safe assumption since the basic building 
blocks for control infonnation have sufficiently long keys and are sufficiently proven." '193 at 
221 :12-17. But what was "sufficiently long" in 1 995 may not be sufficiently long now or five 
years &om now - that is a function of changes in the larger security environment. Elsewhere, the 
specification promises that "the VDE 1 00 provided by the preferred embodiment has sufficient 


DOCSSVl'J2493^1 


^acROsoFT' s bkief in buppow of motion for 

10- SUMMARY nroCMENTr THAT CERT aJN '*MINI-W«/CA^* 

Cl^IMSAianaVAlJDPaRINDEFINnENESS- COl-1640 


1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

k 

'J" 


J6 FAX 415 397 7188 KEKER & VAN NEST 1^017 


security to help ensure that it cannot be compromised short of a successful *brute force attack.' 

and so that the time and cost to succeed in such a ''brute force ^k"' substantially exceeds ajiy 

value to be derived." Ex, Q/ 1 93 at 199:3 8-47. But the relationship between the cost of a "brute 

force attack*' (essentially an attack that tries all possible keys no matter how long it takes) and the . 

"value to be derived" by cracking a given system depends on the characteristics of tlie parties 

involved and changes in technology, which are "outside" the patent The patent describes 

"secure" not in terms of technological means but in terms of ever-changing marketplace factors. 

d) The Specification Mentions Different and Inconsistent Security 
Methods 

Throughout the patent, different measures are described as possibly sufficient for 
security, but no indication is given of which measures are necessary to security: 

• "a secure enclosure, such as a tamper resistant metal container or some form of 
a chip padc containing multiple integrated circuit components". ('193 at 1 69:7- 
10) 

• "In one example, tamper resistant security barrier 502 is formed by security 
features such as "encryption " and hardware that detects tampering and/or 
destroys sensitive information" 193 at 59:55t58) 

The attached declaration of Professor John MitcheU provides many more examples of the vague, 
multiple and inconsistent uses of "secure" and its variants in the patent specification. Mitchell 
DecL at 12-17. 

C, The Prosecution History Does Not Give Secure a C lear Meaning. 

There is nothing in the prosecution history of any of the seven patents that resolves 
any of die problems discussed above. The prosecution histories do not offer any definition, 
criteria, or aid of any kind to help one of skill in the art understand what is meant by the term 
"secure" and its variants in the claims. Moreover, to the extent the continuation-in-part patents 
criticize the "big book" application as NOT teaching how to defend against a given threat (for 
example, "bogus load modules" that can "wreak havoc," (Ex. R, U.sJ Patent No, 6,157,721 
("'721") 721 at 7:37, 8:16)), they raise even more questions about what "secure" could possibly 
mean in these claims. 


DOCSSVI '134932.1 


- 11- 


>4ICR0S0fT'S 8WEF IN SUJPOJIT OP MOTION FOR 
SUVatARY JUDCMEKT TlUT CHRT AlS "^attl-MAJlXI^Ajr 
CLAIMS AllEII^VAiJD PCS. D^EFINTrENESS- C 01-1640 


I 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
U 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

Is 



1), Indefiniteness of Certain Patent Claims is Highlighted by Errors Made la 
The Specifications 

1. The *683. '711 & '861 Patents Failed to Properly Incorporate the ^^Big 
Book" by Reference 

An outside publication can be made part of a patent by referring to it, rather than 
actually reproducing its text See In re de Seversky, 474 F.2d 671 (C,C.P.A. 1973), Whether 
material .has been "incorporated by reference" is a question of law. Advanced Display Systenxs^ 
Inc. V. Kent State University, 212 F.3d 1272, 1282 (Fed. Cir 2000). "Essential" naaterial (i.e., 
that which is necessary to describe the claimed invention) may only be incorporated by reference 
to an issued U.S. Patent or a published U.S. Patent Application. This requiremeat eases the 
burden on the public reviewing the patent, as it makes essential material readily available, 
whereas non-published material, like patent applications may not be available, or must be ordered 
at a considerable expense from the patent office. See e,g,, MPEP § 608.01 (p). 

"The big book" material is "essential" in U.S. Patent No. 6, 1 85,683 ("'683") 
(Ex. S) the *72l,andU,S. Patent No. 5,920,861 ("'861") (Ex. V). In each of the patents, the *lDig 
book" is relied on to explain fundamental portions of the claimed inventions. See *721 at 4:51- 
60\ *861 at 2:37-39; and ^683 at 27:1-16, 

2. None Of The Patents Met The "Incorporation Bv Reference" 
Requirements 

The '683, *721, and *861 patents all purport to incorporate the "big booi^' by 
reference to the unpublished patent application. '721 at 1:7-19; *683 at 1:11-23; *861 at 1:7-11. 
They never amended their specifications to properly reference the issued patent number. This 
failure means that the "big book" materials are not part of the '721, '683 or '861 patents. 
Therefore, any need for definitions therefrom renders the claims and patents indefinite and 
invalid, 

E. InterTrust Failed to Fulfill Its Obligation to Define the gaim Term "Secure^ 
as Clearly as Possible. 

The extrinsic evidence, including InterTrust's own documents, indicates that it had 
the opportunity to be more precise. In this regard, InterTrust not only failed to apprise what the 

. MICROSOFT'S BIOEFW SUPPORT OT MOTION FOR 
DOCS5Vl;224932,l - 12 - SUMMARY JUDGMEhTT THAT CERT/MN '"mSi-HAR/O^At^ 

CLAIVtS ARE IJWXUD FOR INDEFII^JITEWESS - C 01 -) 640 

I ■ 


1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 

16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

^k 
IP 


0 r/U. 4X3 •>()( 1X00 AXiIVCpA OS VA» IICOI 


)Ounds of the claim were, but also failed to be as precise as the subject matter peimits. It is 
mplicit in the lengthy discussion of parameters above that the term "secure" can be. used with 
:lear meaning in this field only after all the questions are answered. Typically this takes the form 
Df a "security poUcy" and "criteria" for measuring satisfaction of that policy. A "security policy" 
answers "secure for whom?" and "secure for what purposes?" The security policy defines what is 
being protected against what attacks or threats (questions 1-6 of Mitchell Dec!.). "Criteria" are 
designated as objective measurements for detennining whether a real system satisfies the security 
policy. (Questions 7-10 of MitchcU). Together, the security poUoy and criteria allow the word 
"secure," which otherwise is a general and merely conceptual term, to be used in a meaningful 
and definite manner. Tlie InterTrust patent claims and specification contain no uniform security 
policy, and no uniform definition of "secure." 

The need for a specific security policy and criteria is well known in the field: 

"A given system can only be said to be secure with respect to its 
enforcement of some specific policy." Ex. L, Trusted Computer 
System Evaluation Criteria (1 985), pg. 5 9. 

See abo Ex. M. Landwehr, Cari E. Haw far can you trust a 
computer^, SAFECOMP'93, Proc. of the 12th International Conf. 
on Compute Safety, Reliability, and Security, Poznan-Kiekrz, 
Poland, Oct, 1993. Janusz Gorski. ed.. ISBN 0-387-19838-5. 
Springer-Verlag, New York, 1993. 

As quoted above, InterTrust's expert. Dr. Reiter, afBrmcd tlie need to establish criteria to evaluate 
whether a real-world system is or is not. secure,^ and recognized the role of a security policy in 
providing such criteria: 

[I] fa system has been evaluated via the common criteria, for 
example, to a given protection profile, this would be an example. 
You know, someone might say that it's secure once it's been 
evaluated via that fimework. Ex. A, Reiter at 32: 1 5-20. 

F, InterTrust's Proposed Markman Defini tion Confirms That "Secure" Is 
Indefinite . 

Although the claim construction stage of Utigation is far too late to cure patent 

• i ■ 

' rsiecure* is used as a general lem to refer protection against misuke and interference, and to 
tmlv evaluate that security, you often need to be more precise about the sorts of misuse ana 
interference you are concerned with, thethreatmodeUorthetoeats to w^^^^ 
primitive is likely to be subjected, and the mechamsm by which you protect that system. Ex. A, 
Reiter at 33:23-34:5. 

MICBOSOFT'S BRIEP W SUPPORT OF MOTON iOi. 

t>ocssviaM932.i • " ^J^;jaDWAuopoRih©EronreHss. co^l^*^ 


17 
1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 

. 

20 
21 
22 
23 
24 
25 
26 
27 
28 



37 FAX 415 397 7188 KEKER & VAN NEST 1^020 


indisfmiteiiess, it is telling that InterTmst did not even try to clarify the term. On the contrary, 
InterTrust's proposed definition of "secure" confirms its utter vagueness. InterTmst asserts that 
"secure" means that "[o]ne or more mechanisms are employed to discourage misuse of or 
interference with information. . and can be achieved through "tamper resistance," elsewhere 
defined merely as "making tempering more difficult and/or allowing detection of tampering." 
Joint Claim Construction Statement filed in this Court on March 14, 2003. At the same time, 
InterTmst proposes that *'[s]ecurity is not absolute, but is designed to be sufficient for a particular 
purpose." Joint Claim Construction Statement, at 6, Defining a claim relative to an unspecified 
"particular purpose" gives rise to precisely the uncertainty that Section 1 12(2) seeks to avoid. 
Moreover, whose perspective is sufficiency to be determined fiom and how are the "particular 
purposes" of the different users to be identified? By proposing a definition of "secure" that leads 
to inconsistent results, depending, for example, on who gets to specify a product's purpose, or 
whether its design is suflScient, InterTrust's own proposed definition confirms that the term has 
no definite meaning, 

G. Nor Is "Secure^' Redeemed By The terms It Modifies , 

None of the following claim phrases has a commonly shared understanding or 
usage in the field: "secure operating environment," "secure container," "secure memory," "secure 
database," "secure execution space," "securely applying," "securely assembling," "securely 
processing," or "securely receiving." Mitchell Dech, at 19-5L None of these terms resembles 
"snlart card" or "hot dog," terms in which otherwise vague and subjective adjectives are made 
clear by that which they modify. In contrast, "secure" as it appears in the claims receives no 
assistance from the terms it modifies, A person of ordinary skill in the art would have to have 
answers to the questions discussed above to know in what sense each of these items is "secure." 
Intertrust's expert, Dr, Reiter, acknowledged that describing an item as "secure" does not, for 
instance, apprise one of whether it is protected against, say, denial of service attacks or attaclcs on 
causal logic, or whether the availability of information is ensured, to name just a few aspects of 
the concept Ex, A, Reiter Depo., at 30-32; Mitchell DecL, at 6-7. 

The problem with these compound terms is made intractable with InterTrust's 

MICStOS0FT*S BHIEF IN SUPPOST OF M0T70K FOR 
D0CSSVl:2i4932.1 - 14 - SUMMARY HMMENT THaT CERTaJK 'VinJI-A/^l/U^ 

CUaMSAAEI>JVAl-n3P0RINpEFINrrENESS- COl-1640 


03/17/03 17:37 FAX 415 397 7188 


KEKER & VAN NEST 


1^021 


1 

2 
3 
4 
5 
6 
7 
8 
9 

. 10 

n 

12 
13 
14 
15 
16 
17 
• 18 
19 
20 
21 
,22 
23 
24 
25 
26 
27 
28 

Herrincton k 

SUTCLIFrC LU" 
ATTOlHrtc AT Law 


argument that "secure" must have the same meaning everywhere it appears, hxits Marhnan 

statement, InterTmst proposed defining "secure" independently for Marhnan puiposes, and 
defining all other claim tenns that incorporate it by reference to "secure". Thus, for "secure 
container," InterTrust proposes the definition, "a container that is Secure." See eg.. JCCS. Ex. B. 
"Secure database," "secure execution space," "secure memory," and "secure operating 
enviromnent" are all to be defined in analogous fashion. Id. Within InterTmst's proposed 
definitions of the phrases "securely applying." "securely assembliag." "securely processing," and 
"securely receiving," the word "securely" is defined simply as "in a Secure manner." Id. 
InterTrust has bound itself to the position that aU of these phrases must share a common 
definition of "secure." AU claims containing that term, then, are indefmite and invalid, 
w TxmB-PTT>TTCT»g rnTN TTn TERMS '<PROTRCTED PR OCESSING 
AT5if)TNDEFINITE. 

In its patents, InterTmst introduces the terms "Protected Processing Environment" 
(or "PPE") and "Host Processing Environment" (or "HPE") - InterTrust coined these tenns. 
Recognizingthat they we new.proprietaryterins. InterTrust often provides initial capitalization 
to the phrases, or sets them ofFby quotation marks within the specification. {See. e.^. Ex.Q, ' 193 
at 9:29, 13:10. 50:40. 105:18-19, 283:46)). These coined terms also appear in several claims 
including some of the xiM-Marb,um claims ie.g. Ex. S. the '683 claiU 2, and Ex. R, '721 claim 
34.) It is the patentee's "duty to provide a precise definition" of terms unknown to those of 
ordinary skill in the art. J.L Eaton & Co. v. Atlantic Paste & Glue Co., 106 FlSd 1563. 1570 
(Fed. Cir. 1997). 

1. 


THE TERMS "PPnT F-rTED PROCESSP J^ VNVTRONMENr 

tuntr PROrRSSING EN V TRONMENT" HAVEJVQ 
ORDINARY cnMPUTlNG ART MEANING 


The terms "Protected Processing Enviromnenl" C'PPE") and "Host Processing 
Environment" C'HPE'O do not have an ordinary or customaiy meaning inside or outside of the 
computing world. They have not been found in any dictionaries that Microsoft has consulted. 
InterTrust has offered no dictionary or other extrinsic references to provide a meaning for these 
terms. 


DOCSSVld34932.1 


MTCROsorr'SBWcrtNswroicror.MCiTionroR _ 

15- SUMMARY nroOMEOT THAT CERT -^W'^-^WJU'*^ 

■ ajUlwlSAJl£lNVAUDK!R.nTOB=n-nTEKESS- COl-lWO 


03/17/03 17:37 FAX 415 397 7188 


ISJSKliK & VAN NEST 


I 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 

19 

20 

2'l 

•22 

23 

24 

25 

26 

27 

28 

KerkinCtON Ac 
SUTC1.IPF8 LLP 

ATTOMitrt AT Law 


Significantly, even InterTrust' s testifying expert confinned that the terms would 
not have a known meaning to one of ordinary sldli in the art in February 1 995, when InterTrust 
submitted the "big book" application. Regarding the term "Protected Processing Environment," 

Dr. Reiter testified: 

Q ...in February 1995, would the pKSon of ordinary skill in the 
art have heard of the phrase protected processing 
enviroranent? 

A. It's notatermintbeart One might assume certain things 
about that, but it's not a term in the Art 

(Ex. A, Reiter Depo!, 1 3 1 :22-132:2). He testified similarly that a person of ordinary skill would 
not be familiar vdth the term HPE. Jd. at 132:3-6. 

Not surprisingly, third party deponents, all of which had close dealings with 
InterTrust (most licensees" of the asserted patents) were at aloss to assign any meaning, ordinary 
or otherwise, to fiiese terms. See Ex. D. Envivio Depo. at 53:9-19 TQ: Have you ever heard the 
term "protected processing environment"? A: No."); Ex. H, AOL Depo at 82:21-92:3; 96:4- 
97:17. 

•> TWF ri AIMS DO NOT Pw nvmF. STJBSTANCE OR CONTEXT 

kVwm^KY TO PROVIDE MEA NTNC TO EIT H ER PPE OR HPE . 

These coined terms aie used in three of the "Mini-^flrfenflK" claims: PPE is 
found in two and HPE is found in one. The claims do not provide the necessary context to 
formulate a sufficiently definite meaning. 

The words of Claim 2 of the ' 193 patent . provide Utde information aboufw^iat is 
meant by PPE. While it does partially indicate what is being protected, "m part proteaing 
information contained", from v^hat, Jrom tampering" and by who, "by a user'', it stiU fails to 

i 

inform one of ordinary skill if it "protects" "part" of the information or is "part" of the 
"protection".' Also left open is what partial protection fioro tampering means. Does it merely 
detect that tampering has occmrcd, does it prevent tampering entirely or does it simply make 
tampering more difficult to achieve. It is mipossible to divine from the claim language itself what 
is being claimed. As to its sttucture, the claim language recites merely that "said protected 
processing environment including hardware or software,' 

DOCSSVl-Ja4932.l - 16 - 


MiCRDSorr's bsjet w swroRT or MonoN joa 

SUMM ARV lUDGMEhrr THAT CERT >MN "yfOn-MMKMAtf 
CUMMSAMDWAUDFORINDB'IWnENESS. COl-lW 


I 


I 

2 
3 
4 
5 
6 
7 
'8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

b 


I iXA •SAW V« 


Other deficiencies can be seen in Claim 34 of the *721 patent There, the open- 
ended identification of PPE as "comprising: a first tamper resistant barrier'^ which itself has a 
"first security level " a 'Tirst secure execution space," and "at least one arrangemenf' which 
prevents an identified operation. Conspicuously, this description relies on "secure" and 
"security." For the reasons noted above, this claim language lends no clarity to PPE but 
compounds its indefiniteness. Furthermore, one of ordinary skill cannot identify what is being 
'^protected." iJee Mitchell DecL at 35-37, 

In Claun 155 of the *900 patent (Ex. T) InterTrust mtroduces another coined term 
"Host Processing Environment (HPE), While Claim 155 attempts to provide an elaboration of 
what is meant by HPE through the use of the tiirm "comprising," the description which followed 
only serves to obscure the meaning and scope of this new term. 

While one of ordinary skill in the art reading Claim 155 could surmise that the 

HPE has at least a central processing unit, main memory and "mass storage " beyond this, the 

scope and reach of this temi is indefinite. The claim goes on to assert that the ''mass storage" of 

the HPE stores 'tamper resistant sofbvare." This passage feils to set forth with meaningful clarity 

whether the tamper resistant software is an aspect of the Host Processing Environment. The base 

description of what might ht parts of an HPE is insufficient to inform one of ordinary skill in this 

art as to what the meaningful boundaries and scope of this claim Ihnitation are. 

3. THE SPECIFICATION DOES NOT DEFINE THE TERM 
PROTECTED PROCESSING ENVIRONMENT . 

Lacking a context or definition in the claims, the specification must be reviewed 
for guidance as to the term's meanmg. The specification fails as well InterTrust's first use of the 
term PPE in the * 193 specification states merely that it is one component in a preferred 
embodiment ofaVDE "secure subsystem." Ex, Q, M 93 at 9:28. This provides neither 
infomiation about, nor explanation of, what a PPE is or does. General reference is then made to 
the PPE in the "Brief Description of the Drawings" but no meaningful discussion, and cert^ly 
no definition is provided '193 at 50:39-41. PPE is not again revisited until Col. 79, hi, 34. Here 
the patent states that a Host Event Processing Environment (HPE) 655 and Secure Event 

MICROSOH'S BpilSF W SUTPORT OF MOTION FOR 

OnrcsVl -lliMl 1 - 1 7 - SUMWAJLY JUDGMENTTHaT CERTAIN ^'MlNI'WW*^^^ 

uuwo ClJUMSARElNV>aJDF0RINDEFlKlT2NE3S. COM 640- 


X/ 

■ 

1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
U 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

Ik 


/ tAJL 4X0 oa/ lUSiUiK fiE VAiH nt^bi tfi!U24 


Processing Environment (SPE) 503 ''may be generically refened to as 'pTOtected Processing 
EnviromTients' 650". In Column 105 (at In, 17-22). the specification states simply that hereinafter 
in the specification, 'Sinless context indicates otherwise, references to any of 'PPE 650,' 'HPE 
655' and *SPE 503' may refer to each of them." There is no substantive discussion of PPE after 
this entry. 

InterTrust's treatment of PPE is fatally defective for multiple reasons. First, while 
being a coined term which refers to a feature central to InterTrust's VDE world (z.e., 'the 
invention"), it is never clearly described At best, InterTmst attempts to give examples of what 
the "generic" usage of PPE might refer to. Both Secure Event Processing Environments (SPE) 
and Host Event' Processing Environments (HPE).are "environments" which ''may be generically 
referred to as Trotected Processing Environments' 650". '193 at 79:30-35. In the first instance, 
InterTrust attempts to illuminate the meaning of a coined tenji with other coined terms, an 
unhelpful exercise. As InterTrust's expert identified, SPE and HPE are themselves tenns which 
would not have been known to one of ordinary skill in 4i6 art in February 1995, 

Q. Okay. In February 1995, would the person of ordinary skill 
in the art have been familiar with the term host processing 
environment? 

A. I think not. 

Q. In February of 1 995, would the person of ordinary skill in 
the art have b een famili ar with tibe phrase secure processing 
environment? 

A. So I have trouble putting my finger on specific us.ages of 
that of those three words that I would say were 
commonplace, but perhaps like protected processing 
environment, one might — ^who saw that might assume 
certain things, but — so I guess my answer would be no, it 
wasn't a well defined term in the field at the time, but put 
together they kind of make sense. 

Ex, A, Reiter Depo,, 134:6-16. Furthermore, there are marked differences between a HPE and ■ 
SPE rendering the "generic class" to which PPE refers undefined. See Mitchell Decl at 51-53. 

To compound the confusion, in many instances where a feature or component of a 
PPE is set forth, it is qualified with the term ' Wy" indicating that the described feature is 
optional, hence, may or may not be a part of PPE, This practice fiirther obscures the inherently 

MICROSOFT'S BRIEF IM SUPPOllTOP MOTION FOR 
DOCSSVl:224932 l "IS" SIWMARY WD0MErn'THATC£RrAJK'^-A6lAA>t<A'* 

cL^lMSARE^^^y>^UDTOR^Nr3£FIH^rreNESs- cOM640 ■ 

• i 


1 

1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



38 FAI 415 397 7188 KEKER & VAN NEST t^!025 

ambiguous nature of coined terms. For example, 'Trotected Processing Environment may refer 

generally to SPE and/or HPE . , (Ex, Q/193 at 105:18-21). This invariably leaves the relevant 

public guessing at what might infringe. Such an unconstrained explanation fails to provide 

sufficient precision. 

4. THE TERM HOST PROCESSING ENVIRONMENT IS NOT 
DEFINED IN THE SPEaFICATION EITHER 

The specification of the * 900 patent (Ex. T) does not clear up what the claims 
leave vague. **Host processing environment" appears initially in the *900 specification in CoL 12 
where it Is identified that in "some embodiments" certain functions described in the specifications 
"may be performed by software, for example, in host processing environments of electronic 
appliances" Ex. T, '900 at 12:27-29 (emphasis added). This introductory use of the term "host 
processing environment" sheds no light on what it is, what it does or what its parameters are. The 
term is first used with all initial caps, indicating its coined nature, ra Col. 3 at In. 7, with no 
accompanying elaboration or definition. Aside firom a passing reference in CoL 13, tiie term is 
not seen again until CoL 84, b. 39 where it appears in the simple statement that "another instance 
of ROS [Rights Operating System] 602 might perform the same task usmg a host processing 
environment nmning in protected memory that is emulating a SPU in software," Again, this 
section of the specification does not elaborate on what the details or constituents of a 'Tiost 
processing environment" are. 

As mentioned above with regards to **protected processing environment," the 
specifications suggest that "host processing environment," "protected processmg environment" 
and "secure processing enviroiunent" are terms used as synonjms or as subsets of the other. The 
mingling of definitions of these coined phrases further aggravates the inherent ambiguity of their 
use in these patents. 
HI. ARGUMENT 

. A- Applicable Legal Standards 

The patent statute requires that every patent include "one or more claims 
particularly pointing out and distinctly claiming the subject matter which the applicant regards 

MICROSOFT'S BMBF IN SUPPOaT OP MOTION TOR 
DOCSSVl;224932 1 - 1 9 - SUMMARY JiroOMENT THAT CERTAIN '*UTt^-MAJt/MAJ^ 

CLAIMS AJlHINVALm FOR INDEPINIT^>JESS- C01-164Q 


17; 

1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
u 


18 FAX 415 397 718« KtaUiK «e 'VArt NKST lfflU20 


as hi5 invention." 35 U,S.C, § 112. 12 (emphasis added). Patent claims that fail to provide such 

fair warning are invalid. Morton Int% Inc. v, Cardinal Ghent Co., 5 F.3d 1464, 1470 (Fed. Cir. 

1993) (affirming holding of patent invalidity because 'tlie claims at issue [were] not sufficiently. 

precise to permit a potential competitor to deteimine whether or not he is infringing"); The 

Supreme Court explained the "definiteness'* requirement and the "chilling'* effect that indefinite 

patents have on legitimate competition as follows: 

The statutory requirement of particularity and distinctness in claims 
is met only when dicy clearly distinguish what is claimed from 
\yhat went before in the art and clearly circumscribe what is ^ 
foreclosed from future enterprise. A zone of unccrtairity which 
enterprise and experimentation may enter only at the risk of 
infringement claims would discourage invention only a little leiss 
than unequivocal foreclosure of the field. 

United Carbon Co. v. Binney & Smith Co,, 317 U.S. 228, 236 (1942). Without abandoning that 

important principle^ the Federal Circuit has made clear that "'we have not held that a daim is 

indefinite merely because it poses a difl5cult issue of claiim construction." Exxon Research and 

Eng'g Co, V. United States, 265 F.3d 1371, 1375 (Fed. Cir. 2001). Summarizing its requirements, 

the Exxon court stated: 

. . . what we have asked is that the claims be amenable to ^ ^ 
construction, however difficult that task may be. If a claim is 
insolubly ambiguous, and no narrowing constmction can proporly 
be adopted, we have held the claim indefinite... By finding claims 
indefinite only if reasonable efforts at claim construction prove 
fiitile, we accord respect to the statutory presumption of patmt 
validity (citation omitted) and we protect the inventive contribution 
of patentees, even when the drafting of their patents- has been less 
than ideal. 

Id, Indefiniteness must be shown by clear and convincing evidence. LA. Gear, Inc. v. Thorn 
McAn Shoe Co,, 988 F.2d 1 1 17 (Fed. Cir. 1993). "The standard of indefiniteness is somewhat 
high; a claim is not indefinite merely because its scope is not ascertainable from the face of the 
claims." Amgenlnc. v, Hoechst Marlon Rousseljnc, 314? 3d UU, 1342 (Fed. Cir. 2003). 
While the standard is high, ''compliance with the written description requirement is essentially a 
fact-based inquiry that will '"necessarily vary depending on the nature of the invention claimed." 
Quoting Enzo Biochem v. Gen-Probe, Inc., 296 F.3d 1316, 1324 (Fed. Cir. 2002) (internal 
citation omitted). W. at 1330 (affirming finding of indefiniteness), Further, *Ht is not [the court's] 

MICROSOFT 'S BPJEF IN SUPPORT OF MOTION FOR 

Docssvi aMn l - 20 - suuulkjc^ nmauns^ that certain ^'y^-MAJuo^Lor 

ClJOMSAilEI>rvUlJDFORINDBFn>frrei«SS- COl-1640 


17 
1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


9 fAi. 41S 3a7 Vi«>« lUSKliK & VAN ^t;Sl i«i|U^/ 


function to revrite claims to preserve their validity." Anen Eng 'g Corp. v. Bartell Indus., 299 
F.3d 1336, 1349 (Fed, Cir. 2002). 

1. Claim Ibdefiniteness ReQ uirei a Two-Part Test 

The test for determining whether a daim is definite is "whether those skilled iu the 
art would understand tiie scope of the claim when the claim is read in light of the rest of the . 
specification." Union Pac. Resources Co. v. Chesapeake Energy Corp., 236 F.3d 684 (Fed. Cir. 
2001); Morton, 5 F.3d at 1470. The Federal Circuit has identified two parts to this test 1) the 
patent claim, read in light of the rest of the patent and its Patent Office file, must "'reasonably 
apprise those skiUed in the art'" as to its scope; and, 2) the patent claim must be "'as precise as 
the subject matter peimits.'" Amgen. Inc. v. Ckugai Pharmaceuiical Co., 927 F.2d 1200. 1217 . 
(Fed. Cir. 1991), quoting Shatterproof Glass Corp. vJLibbey-Owens Ford Co., 758 F.2d 613, 624 
(Fed. Cir. 1 985). InterTnist's patents fail both parts of the test, as demonstrated by both the 
intrinsic and extrinsic evidence. 

2. " Secure" and Its Variants Are Indefin ite Terms That Render the 
Claim^s Containing Them Invalid 

The evidence is ovawhelmlng that "secure" lacks a definite meaiiing in the art It 
is a general term that both parties' experts and every thiid-party witness agree is vagne unless 
given substantial context. LiterTmst never provided the needed context in any part of its patents. 
Accordingly, persons of ordinary skUl in the art cannot tell what "secure" means when reviewing 
the claims. "A claim term is indefinite if it can have more than one meaning to a person of 
ordinary skill in the art, and the appropriate meaning of the term is not explained in the 
specification" See Union Pacific Resources Co. v. Chesapeake Energy Corp., 236 FJd 684, 692 
(Fed. Cir. 20.01) (finding the term "comparing" indefmite); In re Cdhn, 58 C.CP.A. 996, 438 F.2d 
989, 993 (CCPA 1971) (finding claim tenn indefinite where the patentee's conflicting use of the 
term rendered the scope of the claims uncertain)." VLT. Inc. v. Artes^ Techs. Inc. 238 F. Supp. 
2d 339. Here, those of skill in the ait, including InterTnist's own expert, have testified that secure 
can mean countless tMngs to countless different people. 


DOCSSVl:22A932,l 


.21 - 


MICROSOFT'S BRIEF IN SUPPORT O? M077QK FOB ^ 
SUMMARY aiDQWENT THAT COlT-*JN **>^'MAIUCMAh^ 
OjOMS /Jli tNVAUD FOR INDEnrCITENESa - C 01-16^ 


17 
1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
It 



» KAA 415 aar 718« KBJIKK & VAN MtlST ' iau2» 

Although words of "degree" and other "relative" terms are sometimes upheld, 
"when a word of degree is used, the district court must determine whether the patent's ■ 
specification provides some standard for measuring that degree." See Seattle Box Company, Inc., 
V. Industrial Crating & Packaging, Inc., 73 1 F.2d 818, 826 (Fei Cir. 1984). Here, as shovm 
above, the specification not only fnils to provide tlae necessary content, it adds to the ambiguity. 
Without some constraijiing parameters, subjective adjectives like "secure" are indefinite. A 
predecessor to the Federal Circuit, for example, affirmed the rejection of claims using the 
"relative" terms "stiff and **resilient" (describing brush bristles) because the patent provided no 
guidance as to how stiff or bow resilient. See Application ofLechene^ 277 F2d 173, 176 
(C.C,P.A. 1960), Stiff, unlike "secure;* is one-dimensional - the only question was 'Tiow stiff?" 
"Secure'' raises not only the question of ''how secure " but also, 'Vhat kind of security," "from . 
whom," and so on. 

Moreover, InterTnist's indexing of "secure" to customer preferences in the 
specification makes it comparable to a rejected claim brought before the Board of Patent Appeals 
and Interferences in Ex parte drummer, 12 USPQ2d (BNA) 1653 (BPAI 1989). In Brummer, the 
claim was directed to an improved recumbent bicycle having "a wheelbase that is between 58 
percent and 75 percent of the height of the rider that the bicycle was designed for." The Board 
held that '^whether the'bicycle was covered by the claim would be deteimined not on tlie basis of 
the stmctural elements and their interrelationsliips, as set forth in the claim, but by means of a 
label placed upon the bicycle at the discretion of the manufacturer.'' Id at **3-4. The Board 
noted that with such claim language, a claim may be infringed when ridden by one rider, but not 
when ridden by another. Similarly, because the "level of security and tamper resistance required 
for trusted SPU hardware processes depends on the commercial requirements of particular 
markets or market niches, and may vary widely," (Ex. Q, *193 at 49:59-62), the scope of the 
claims depends on unpredictable, ill defined and ever-changing marljet factors. Indeed, 
IntsrTrust's use of "secure" is more indefinite than the language at issue {nBrummer. In that 
case, the indefinite language allowed the patentee to vary the meaning of the claims as to one 
variable (size of the wheelbase); IntcrTrust's claims apparently seek leeway to shift and remold 

MICROSOFT'S BRJEP IN SUPPORT OF MOTION FOR 
DOCSSVl:224932.i -22- SUMMARY JUDQMa^ THAT CERTAJN"MrHl-WmW^>^ 

Ojoms Ai^ INVAUD FOR I^^EFI^T^re>^ES£ - c 01 - V 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

LP 

■A" 


tfUL 410 o»r titiisjiK ft vATi nt.ai leiuiiii 


themselves aloag all of the different axes of "security" discussed above. 

Finally, secure and its variants further fail the definiteness requirement in feiling lo 
be as' "precise as the subject matter allows." As demonstrated by its own documentation and by 
the widespread availability of model security policies, InterTrust had tlie ability to provide more 
definite meanings. It did not, and therefore the claim terms are not "as precise as the subject 
matter permits." Amgenjnc v. Chugai Pharmacetical Co., 927F.2d 1200 at 1217. 

Claim indefiniteness is particularly problematic where it derives from 
"conveniently fiinctional language at the exact point of novelty." General Electric Co. v. Wabash 
Appliance Corp., 304 U.S. 364, 371-372, 58 S. CL 899. 902-03 (1938). As InterTrust's own 
expert testified, "security" is an "essential aspect" of the alleged invention. Rsiter Depo., at 
23 :21-24:9. Accordingly, although no term should be ambiguous in a patent claijn, it is 
particularly mexcusable that this "core" term be left hopelessly vague. Exxon Research & 
Engineering Co. v. United States, 265 F.3d 1371. 1379 (Fed. Cir. 2odl) (fatal for limitations 
critical to patentability to be indefmite) . 

B. New Or Coined Terms Must Be Defined Or Otherwise Mad e Clear. 

If the patentee elects to use "a term with no previous meaning to those of ordinary 
skill in the ait . . . [i]ts meaning . . . must be found somewhere in the patent" /. T. Eaton & Co. v. 
Atlantic Paste & Glue Co., 106 F.3d 1563. 1568 (Fed. Cir. 1997) (emphasis added). In 
introducing the coined terms "protected processing environment" and 'host processing 
envirom-nent," InterTrust had a "duty to provide a precise definition" for them. It failed to do so. 
Accordingly, these terms are indefinite and the claims containing them, invalid. 
/// 
/// 
/// 
///■ 
III 
III 
III 

MICROSOH'S BWfl' W SUPPORT OP M07J0N FOR 
OOrSWllMMll -23- StM>WlYJW)<3:(ENTTHATCSRTA«"MINl-*£i««^ 


17 

1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 

<t 

.? 


S YKL 41S 9!j7 71t)« Kl^KUK U VAN NtiST IglUdU 


rv. CONCLUSION 

For the foregoing reasons, and those set forth in the accompanying Report and Declaration of 
Professor Mitchell, the Court should grant partial summary judgment that the following eleven 
claims.are indefinite and invalid under 35 U.S.C. § 1 12, p-. claims 1, 11, and 15 of the '193 
patoit; claim 2 of the U.S. Patent No. 6, 185,683; claims 1 and 34 of U.S. Patent No. 6,157,721; 
claim 58 of U.S. Patent No. 5, 920,861; claim 1 of U.S. Patent No. 5, 982,891; claim 155 of U.S. 
Patent No. 5,892,900; and claims 8 and 35 of U.S. Patent No. 5,917,912. 

Dated: March 17, 2003 WILLIAM L. ANTHONY 

ERICL.WESENBERG 
KJENNETHJ.HALPERN 
ORRICK. HERRJNGTON & SUTCLIFFE LLP 

-/a Z^^— ?^ 

Eric L. Wesenberg \l 
Attorneys for Defendant aud Counterclaimant 
MICROSOFT CORPORATION 


DOCSSVl:224932.l 


-24- 


MICROSOFT'S BRIEF W SUPPORT OF MOTtO>( FOR 
SUMMARY WDGMEKT THAT CERTAIN "MINl-A^l AKW^ 
CLAIWS AE£ IhTVAUD FOR rNDEFTNTTCNESS - C 01-1640