Skip to main content

Full text of "USPTO Patents Application 09870801"

See other formats


WILLIAM L. ANTHONY (State Bar No. 106908) 
ERIC L. WESENBERG (State Bar No. 139696) 
HEIDI L. KEEFE, State Bar No. 178960 
MARK R. WEINSTEIN (State Bar No. 193043) 
ORRICK, HERRINGTON & SUTCLIFFE, LLP 
1000 Marsh Road 
Menlo Park, CA 94025 
Telephone: (650) 614-7400 
Facsimile: (650) 614-7401 

STEVEN ALEXANDER (admitted Pro Hac Vice) 

KRISTIN L. CLEVELAND (admitted Pro Hac Vice) 

JAMES E. GERINGER (admitted Pro Hac Vice) 

JOHN D. VANDENBERG 

KLARQUIST SPARKMAN, LLP 

One World Trade Center, Suite 1600 

121 S.W. Salmon Street 

Portland, OR 97204 

Telephone: (503)226-7391 

Facsimile: (503) 228-9446 

Attorneys for Defendant and Counterclaimant, 
MICROSOFT CORPORATION 


UNITED STATES DISTRICT COURT 
NORTHERN DISTRICT OF CALIFORNIA 
OAKLAND DIVISION 


INTERTRUST TECHNOLOGIES 
CORPORATION, a Delaware corporation, 

Plaintiff, 


v. 


MICROSOFT CORPORATION, a 
Washington corporation, 

Defendant. 


MICROSOFT CORPORATION, a 
Washington corporation, 

Counterclaimant, 


v. 


INTERTRUST TECHNOLOGIES 
CORPORATION, a Delaware corporation, 


CaseNo.COl-1640 SBA 
Consolidated with C02-0647 SBA 

MICROSOFT'S PRELIMINARY 
INVALIDITY CONTENTIONS 
REGARDING U.S. PATENTS 6,253,193 
& 6,185,683 PURSUANT TO PLR 3-3, 
3-4 


The Honorable Saundra B. Armstrong 


Counterclaim-Defendant. 


InterTrust and its agents have engaged in a long pattern of misconduct that extends to and 
includes false and unsupported allegations of patent infringement. By way of example, the 
following information and attached charts illustrate that InterTrust has made invalid assertions of 
patent claim infringement under 35 U.S.C. §§ 102, 103 and 112 (limited to indefiniteness, non- 
enablement, and written description). Additional grounds for invalidity and unenforceability lie 
outside the scope of PLR 3-3 and are expressly reserved. Microsoft further reserves the 
unrestricted right to assert its defenses (and seek declaratory judgments) that the claims asserted 
by InterTrust are not infringed. 

Microsoft has stated and preserves its objections and arguments as set forth in its motions 
on file and case management statements. Microsoft further notes and incorporates by reference 
its objections to InterTrust's improper attempts to modify its PLR 3-1 Statements without consent 
or leave of Court. Without limitation, Microsoft objects to InterTrust's refusal to provide a 
complete PLR 3-1 Statement for any of the InterTrust asserted patents, or to provide relevant 
information sought in discovery, including the identity of the alleged inventors of specific claims; 
conception or actual reduction to practice dates for specific claims; whether to its knowledge 
there has ever been any alleged embodiment(s) of asserted claims; and what if any specification 
support is alleged, including from any of the applications from which InterTrust claims priority. 
For example, InterTrust has failed to provide discovery regarding reduction to practice, including 
as set forth in Microsoft's motion to compel and the Court's rulings thereon. For another 
example, InterTrust has alleged that specific claims are entitled to rely on one or more earlier 
applications for priority, but has refused to state how. Microsoft expressly reserves the right to 
rely upon InterTrust's own activities, alone and in connection with others, as prior art, should 
InterTrust fully comply with relevant discovery. Microsoft further reserves the right to 
supplement this statement or otherwise further respond if InterTrust modifies its PLR 3-1 
allegations (including but not limited to providing proper initial PLR 3-1 Statements), whether 
through motion or consent, or if InterTrust contends (or the Court rules) that any earlier or later 
priority date(s) may apply. 
PLR 3-3(a, b) 

This Statement responds to InterTrust's initial PLR 3-1 Statement regarding U.S. Patents 
6,253,193 and 6,185,683 served on or about October 29, 2001. The identities of prior art 
references that anticipate claims as asserted in InterTrust's PLR 3-1 Statement or render them 

PAGE 2 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


obvious are set forth below and in the attached PLR 3 -3(c) charts. Please refer to the columns in 
the charts for further description of the references identified in abbreviated form below. 


Asserted Claims 

References That Anticipate 
and/or Render Obvious 

'683 - 2, 28-29 

Stefik, CUPID, CN1/IMA 94, Choudhuiy/Maxemchuk, 
Tygar/Yee, Neuman, Davies & Price, ATMs, Chaum, 
Telescript, NT, Bell-Lapadula, CUPID, Blaze, "secure" 
OODBs,Kerberos, Cox/Mori, Griswold, Cryptolopes, 
iOpener, iPower, Lampson 

'193-1-4, 11, 15, 19 

Stefik, Choudhury/Maxemchuk, Blaze, CNI/IMA 94, 
Hellman, CUPID, Chaum, Neuman 


See also the cited art in the manner applied by the Examiners. 

Each prior art reference identified herein and in the attached charts anticipates one or 
more asserted claims or renders them obvious. People having knowledge of this information prior 
to relevant priority dates include the authors/creators and recipients/users of each reference. 

Entities making/receiving offers or information regarding products referenced herein 
include the following: 


Item 

Date 

exemplary entities making offer 
and/or information known 

NT, OLE, COM 

1993 and continuing thru at 
least 2/12/95 and 2/24/97 

Microsoft Corp. 

Kerberos 

before 1994 and continuing 
thru at least 2/12/95 and 
2/24/97 

MIT; B. Clifford Neuman 

Strongbox, Dyad, 
Mach 

before 1994 and continuing 
thru at least 1995 

Carnegie Mellon Univ.; Doug 
Tygar; Bennet Yee, Rick Rashid 

Stefik 

at least by 1994 and continuing 
thru at least 2/12/95 and 
2/24/97 

Xerox; ContentGuard 

CUPID 

at least by 2/94 and continuing 
thru at least 2/12/95 and 
2/24/97 

See '683 chart 

PolicyMaker 

by 1996 

AT&T 

PersonaLink 

at least prior to 2/12/95 

AT&T 

Telescript 

at least by 1994 

General Magic, AT&T, RSA 

PGP 

at least by 2/94 and continuing 

Phil Zimmerman 


1 

PAGE 3 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




thru at least 2/12/95 and 
2/24/97 


RSA software 

at least before 2/12/95 and 
2/24/97 

RSA 

iPower, iOpener 

before 2/12/95 

National Semiconductor 

"secure" OODB 
systems (e.g., Orion, 
Itasca, Thor) 

at least by 2/13/94 and 
continuing thru at least 2/12/95 
and 2/24/97 

MCC, Itasca, MIT (see '683 
chart); IBEX 

Cryptolope & 
InfoMarket 

Before 2/12/95 and 2/24/97 

IBM 


From InterTrust's current document production, it appears that its employees' and 
consultants' activities, including offers for sale, public uses, derivations, and "inventions" (in the 
sense of Section 102(g)), and disclosures to Willis Ware, Drew Dean, and others not under any 
duty of confidentiality, constituted or created material and perhaps anticipatory prior art to many 
of the asserted claims, that was not cited to the Patent Office. Microsoft reserves the right to 
supplement this disclosure after Microsoft has had an opportunity to investigate this possible prior 
art in discovery. 

Suggestions to combine & motivations to combine 

Among the combinations obvious under § 103 are those set forth in each § 102 prior art 
reference cited herein, including D. Kahn, The Codebreakers (Macmillan 1967); L,D. Smith, 
Cryptography - the science of secret writing (Dover 1943, 1971); Bruce J. Walker and Ian F. 
Blake, Computer Security and Protection Structures (Dowden Hutchinson & Ross, Inc. 1977); D. 
Hsiao et al., Computer Security (Academic Press 1979); A. Konheim, Cryptography: A Primer 
(Wiley 1981); D. Denning, Cryptography and Data Security (Addison-Wesley 1982); Meyer, 
C.H., and Matyas, S.M., Cryptography - A New Dimension in Computer Data Security (Wiley 
1982); Wood, Unix System Security (Hayden 1985); Elliott Irving Organick, The Multics System 
(MIT 5th ed. 1985); C.J. Date, An Introduction to Database Systems . 4 th ed. (Addison-Wesley 
1986); J. Cooper, Computers & Communications (McGraw Hill 1989); S. Muftic, Security 
Mechanisms for Computer Networks (Ellis Horwood 1989); Davies & Price, Security For 
Computer Networks (Wiley 1989); W. LaLonde and J. Pugh, Inside Smalltalk (Prentice Hall 
1990); Computer Security (Time Life 1990); D. Russell et al, Computer Security Basics 
(O'Reilly 1991); S. GarfinkeL Practical Unix Security (O'Reilly 1991); CMU Computer Science: 
A 25 th Anniversary Commemorative , R. Rashid, ed. (ACM Press 1991); D. Curry, Unix System 

PAGE 4 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


Security (Addison-Wesley 1992); Custer, Inside NT (Microsoft Press 1993); B. Schneier, Applied 
Cryptography (Wiley 1994) (also 2d ed. 1996); D. Dougherty, The Mosaic Handbook (O'Reilly 
1994); Castano, Database Security (Addison-Wesley 1994); F. Cohen, Protection and Security on 
the Information Highway (Wiley 1995); A. Tanenbaum, Operating Systems, Design and 
Implementation (Prentice Hall 1987), Computer Networks , 2d ed. (Prentice Hall 1988), Modem 
Operating Systems (Prentice Hall 1992), and Distributed Operating Systems (Prentice Hall 1995); 
the work of Martin S. Olivier et al. cited in the attached '683 chart; the work of Morris Sloman, 
Jonathan Moffet, David Chaum, B. Clifford Neuman and Butler Lampson (see 
www.doc.ic.ac.uk/'-inss/MSSPubs.html; www-users.cs.york.ac.uk/~jdm/jdmpubs.htm ; 
www.chaum.com/articles/list_of_articles.htm; http://www.isi.edu/people/bcn/publications.html; 
and research.microsoft.com/lampson/Publications.html); any single conference, meeting or 
proceedings, such as the January 1994 RSA Data Security Conference, 2 the April 1993 
conference at Harvard University described in the deposition of Richard J. Linn, or Proceedings. 
Technological Strategies for Protecting Intellectual Property in the Networked Multimedia 
Environment, Journal of the Interactive Multimedia Association Intellectual Property Project, vol. 
1 no. 1 (Jan. 1994) ("CNI/IMA 94"). Additional obvious combinations include the combinations 
indicated in the asserted patents' file histories, related RFCs, work on a common project or 
product, and the combinations of any given author or named inventor's cumulative prior art work. 
For example, by "Stefik" this document refers to the referenced patents, acts and publications 
attributed in whole or part to Mark Stefik, taken individually or together. These make obvious, 
for example, that using methods in additive, iterative or other combinations could enhance overall 
"security," as would variation in individual steps or methods, such as encrypting, signing, or 
building files, using objects, and/or distributing in such a manner as to help do or protect things of 
value against unauthorized access, threats, or adverse effects. Adding or subtracting rights, or 
adding or repeating steps or functions (such as adding Kerberos to access control lists or 
capabilities, or watermarking binaries before and/or after encrypting any part of them), were 
simple variations of this. (See, e.g., Davies, Denning, Hellman, Neuman, Chaum, Linn, Blaze, 
Lampson, Tygar/Yee, Stefik, Choudhury/Maxemchuk, Moffett, Curry, Garfinkel/Spafford, 
Muftic, Carroll, Hsiao et al). These further make obvious that one can automate any manual step 


2 See, e.g., Walker, Notes from RSA Data Security Conference, 
www.eff.org/Privacy/Crypto/Crypto misc/rsa conf.summary (Jan. 18, 1994); 
www.ddi.com/doc\iments/s=lQ05/ddi9454d/9454d.htm , (Dr. Dobbs Journal). 


PAGE 5 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


in the exchange of encrypted information, or vice versa. For example, one or more steps of a 
communication or transfer could be "out of band". 

The motivation for seeking "security," privacy, and integrity was widely recognized in the 
United States and elsewhere prior to February 13, 1994, and extends to any information or item of 
perceived value, including books, music, computer systems, and computer programs, as set forth 
in, e.g., Hellman, Stefik, Chaum, Choudhury, Date, Castano, Custer, Olivier, Russell, Muftic, 
Denning and/or Da vies. 3 Additional motivations include the desire to meet or exceed any 
applicable laws or industry or government standards, such as the Orange Book, Computer Fraud 
and Abuse Act of 1986, Computer Security Act of 1989 PL1 00-35, High Performance Computing 
Act (HPCA) of 1991 (P.L. 102-194), and Title 17 U.S.C. § 101 et seq. (including, for example, § 
1002). Industry standards include those for communication, such as X.509, TCP/IP, WWW, and 
WAIS, and those for encryption or transmission of encrypted information, e.g., DES, Triple DES, 
RSA, SSL, S/MIME, SHTTP, HTTPS, MD5, and PEM. Additional obviousness teachings to 
combine with such items or information include "security" levels, permissions, certificates, 
tickets, "secure" processors, "secure" storage, "smart" cards (including smart cards able to store 
data and perform computations such as encryption/decryption), tamper resistance techniques for 
hardware and software, physical "security," trusted time, authentication and authorization in 
trusted distributed systems, enabling software or features thereof to run only on particular 
machines, and treating binary information/data at varied levels of granularity. It was further 
obvious to combine any of these "security" features with any of the following software (or 
features thereof) and/or any of the following hardware (or features thereof) to provide any 
element or perform any step shown in the charts below: 

software: file and operating systems such as NT, NFS, Andrew, Netware, Mach, DT 
Mach, Multics, Unix, and in the Blaze and Tanenbaum and other references cited above; 
secure kernels; protocols, codes and systems such as WWW, SSL, SGML, hypertext, Oak, 
Telescript, OOP and other programming technologies or frameworks (e.g. Smalltalk, 
COM, OLE, Bento, Open Doc) 4 ; object-oriented databases; watermarking; obfuscation 
(see, e.g., Choudhury at 15); swIPe; SNMP; auditing; on-line transaction and 


3 Regarding digital music, see also, e.g., J. Ratcliff, "Examining PC Audio," Dr. Dobb's Journal 
(March 1993). 

4 For example, it was obvious to use the prior art OOP technologies or frameworks to implement 
the systems described in e.g. Fischer, Linn, Stefik, Choudhury, Telescript, and object-oriented 
databases. 


PAGE 6 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


subscription-based services and billing; electronic payment; on-line banking, 
entertainment and commercial and interactive commerce; encryption and authentication 
(including e.g., "something you are, something you know, something you have"); 
hardware: physical security tools and devices; physically secure locations, physically 
"secure" products such as tamper resistant computers or other devices, "secure" 
processors, "secure" memory, "smart" cards, set-top boxes, portable devices, "secure" 
communication facilities. 
See Stefik, CNI/IMA 94, Chaum, Tygar/Yee, Choudhury/Maxemchuk, Stefik, Denning, Davies, 
Moffett, Curry, Garfinkel/Spafford, Muftic, Carroll, Hsiao et al. and the other references cited 
above. 

Each of these suggestions and motivations to combine apply to each of the references set 
forth in the attached charts. 

PLR3-3(c) 

The attached charts identify, for each item of prior art, elements within the scope of 
InterTrust's October 29, 2001 PLR 3-1 allegations for the £ 683 and ' 193 patents. The structure, 
act or material for any such element if so construed is set forth in the references identified in the 
attached charts. 5 

PLR3-3fd) 

Each asserted claim is invalid as indefinite, for lack of enablement, and for lack of the 
written description required by statute. The present basis in each case is each applicable patent 
specification relied upon by InterTrust for the description required by paragraphs one and two of 
Section 1 12, and the prosecution histories of those applications and related applications as 
provided by law. Further basis may include, by way of example, any extrinsic evidence relevant 
to the construction of claim terms; InterTrust's own professed ignorance whether simple acts like 
playing music from a compact disc do not infringe asserted claims; and its difficulty, delay and/or 
inability to identify conception dates or actual reductions to practice of asserted claims. 


5 InterTrust has not identified any claim elements allegedly subject to § 1 12 f 6 under PLR 3. 
Should InterTrust do so (and reserving any objection thereto), Microsoft reserves the right to 
respond to that issue. 

PAGE 7 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


"Indefiniteness" of the Asserted InterTrust Patent Claims 6 

In prosecuting, marketing, and enforcing the asserted InterTrust Patents, InterTrust has 
engaged in a pattern of obfuscation as to the scope of the patents, the prior art to the patents, and 
the alleged "inventions" of the patents. For example, InterTrust has mechanically buried Patent 
Office Examiners with a collection of more than 400 references, many of which were not related 
to the claims, and has buried the Examiners with hundreds or thousands of pages of redundant, 
verbose, unclear text, effectively precluding a real comparison of the alleged "invention" versus 
the prior art, and accused non-infringing products of infringement. One result of InterTrust *s 
approach is that the asserted patent claims are indefinite in myriad ways. 

The asserted "claims" are unclear in scope and not nearly as precise as the subject matter 
allows. This indefiniteness arises from many causes, including: 

by use of terms that lacked any ordinary meaning in the art and are undefined in 

the specification; 

by use of terms that are used in the specification in a manner inconsistent with 
their ordinary meaning, but are not specifically defined in the specification; 

by a Section 1 12, U 6 "means (or step) plus function" element having no specific 
structure in the application's written description clearly linked to that claim element 
(examples denoted below by underlining) 7 ; 

by such excessive disclaimers of specificity of a term that the term becomes 
meaningless; 

by inconsistent uses of a term within a single specification; 
by inconsistent uses of a term between a specification and something allegedly 
incorporated into that specification; 

by inconsistencies within the language of a given claim; 
This lack of definiteness is exacerbated by InterTrust trying to apply these claims to the 
very different structures and techniques of (or that InterTrust mistakenly attributes to) Microsoft's 
accused software. Particularly in view of these untenable infringement accusations, the following 
bolded claim terms and phrases are indefinite under 35 U.S.C. § 1 12, ^ 2. Microsoft reserves the 

6 For ease of reference only, the accompanying claim listings use the clause numbering and 
lettering used by InterTrust in its PLR 3-1 Statements. 

7 Other undefined, indefinite claim terms are so ambiguous that one or more possible 
constructions are purely functional such that the term, as so construed, is a Section 1 12, ^ 6 
limitation. Microsoft, therefore, reserves the right to identify additional claim limitations as 


PAGE 8 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


right to modify this listing, e.g., if and when InterTrust clarifies its infringement and claim 
construction positions. 

'193 

1) A method comprising: 

a) receiving a digital file including music; 

b) storing said digital file in a first secure memory of a first device; 

c) storing information associated with said digital file in a secure database stored on said first 
device, said information including at least one budget control and at least one copy control, said 
at least one budget control including a budget specifying the number of copies which can be 
made of said digital file; and said at least one copy control controlling the copies made of said 
digital file; 

d) determining whether said digital file may be copied and stored on a second device based 
on at least said copy control; 

e) if said copy control allows at least a portion of said digital file to be copied and stored on a 
second device, 

f) copying at least a portion of said digital file; 

g) transferring at least a portion of said digital file to a second device including a memory and 
an audio and/or video output; 

h) storing said digital file in said memory of said second device; and 

i) including playing said music through said audio output. 


Following are some examples of the many ways in which this claim and these claim terms 
and phrases are indefinite on the face of the patent and/or as apparently construed by InterTrust: 


a) receiving a digital file 

- "receiving ... file" is indefinite, e.g., on what 

including music; 

processing, if any, is required to complete this 


"receiving" step, on what receives the "file," and on what 


or where it is received from. 


- "file" is indefinite, e.g., on whether it encompasses or 


excludes a duplicate or "copy" of the "file." 


- "including" is used inconsistently in the specification 


and is indefinite, e.g., on whether it encompasses or 


Section 1 12, ^ 6, limitations. 

PAGE 9 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




excludes merely holding a reference. 

b) storing said digital file in a 
first secure memory of a first 
device; 

see above 

- "storing ... in" is used inconsistently in the 
specification and is indefinite, e.g., on whether it 
encompasses or excludes merely holding a reference. 

- if "secure memory" is not at least limited to the 
disclosed internal RAM and/or ROM (directly 
addressable by a SPU processor instruction) located 
within the physically protected, "tamper-resistant" 8 SPU, 
the term "secure memory" would be indefinite. 

- "secure" is indefinite. It is an amorphous term that 
the specification both fails to define and uses 
inconsistently. For example, it is indefinite on what sort 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 
those threats that separate(s) "secure" from "not secure." 

c) storing information associated 
with said digital file in a secure 
database stored on said first 
device, 

- see above 

- if "associated with said digital file" is not at least 
limited to use of the disclosed "component assembly," 
"secure container," "protected processing environment," 
"object registration," and other mechanisms of the 
purported "VDE" "invention" for allegedly individually 
ensuring the "access control" "handcuffs" between 
specific "controls," specific "objects" (and their content 
ax all di dhi dry grdiiuiax lcvci j 9 aiiu bpcunic us cis, uie 
phrase "associated with said digital file" would be 
indefinite. 

- if "secure database" is not at least limited to the 
disclosed "secure database" (including its "secure 


Indefinite claim terms, such as "tamper-resistant," used in describing the indefiniteness of 
other claim terms, are used in their narrowest possible sense. 


PAGE 10 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




database manager" and alleged access control "VDE" 
mechanisms), the term "secure database" would be 
indefinite. 

said information including at 
least one budget control 

- see above 

- "control" is used inconsistently in the specification. 
If "control" is not at least limited to the disclosed 
executable, modular "component assembly" component 

that intpr nlin nfrfnrmQ itc "VTYF" "apppcc rontrnl" IaqV*; 

at an arbitrary granular level, the term "control" would 
be indefinite. 

- "budget control" is not used in the specification and 
is indefinite. 

and at least one copy control, 

- see above 

- "copy control" is not used in the specification and is 
indefinite. For example, it is indefinite on whether 
"copy" is used as a verb or a noun. 

_ "pnnu" ie in Hp fin iff* p o nn whpfhpr it pnpotnnJiQQp<2 

tUUY ID liiUGliiilLw, v.g*, vll Wilt tilt' I 11 V11WJU1UCIDDVO 

or excludes something (or creating something) that is not 
an identical duplicate of the original; and, if it does 
encompass that, then how close that something must be 
to the original to constitute a "copy." 

said at least one budget control 
including a budget specifying 
the number of copies which can 
be made of said digital file; 

- see above 

- "budget" is used inconsistently in the specification 
and is indefinite. For example, apparently it is used to 
refer sometimes to a "method," sometimes to a 
"component assembly," sometimes to a value, and 
sometimes to a UDE data structure. 

"copies" is indefinite (see "copy" above) 

- if the phrase "specifying the number of copies which 
can be made of said digital file" is not at least limited to 
meaning the total global number of "copies" that ever 
will have been made of that "file" at any time, by any 


PAGE 11 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




"user," by any device, and for any length of persistence, 
it would be indefinite. 

and said at least one copy control 
controlling the copies made of 
said digital file; 

- see above 

- if "controlling" is not at least limited to use of the 
disclosed "component assembly," "protected processing 
environment," "object registration," "secure container," 
and other mechanisms of the purported "VDE" 
"invention" for allegedly individually ensuring that 
specific "controls" are enforced vis-a-vis specific objects 
(and their content at an arbitrary granular level) and 
specific "users," the term "controlling" would be 

lllUCJllilllC 

- the phrase "controlling the copies made of said 
digital file" is indefinite, e.g., on whether it refers to 
"controlling" the process of "copying" the "file," or 
"controlling" all resulting "copies" of the "file," or both. 

d) determining whether said 
digital file may be copied and 
stored on a second device based 
on at least said copy control; 

- see above 

- "copied" is indefinite (see "copy" above) 

- "determining whether said digital file may be copied 
and stored on a second device" is indefinite, e.g., on 
whether this step determines whether the "file" may be 
"copied" on a second device, on whether one or more 
determinations are made. 

- "a second device" is indefinite, e.g., on whether it 
means "any" second device or a particular second device. 

denendint? on the construction of other claim 
limitations, such as "at least one copy control controlling 
the copies made of said digital file" the phrase "based on 
at least said copy control" may be inconsistent with other 
limitations of this claim and thus may be indefinite. 

e) if said copy control allows at 
least a portion of said digital file 

see above 

- "a portion of said digital file" is indefinite, e.g., on 


PAGE 12 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



to be copied and stored on a 
second device, 

whether it encompasses or excludes matter that is merely 
referenced within the "file." 

- depending on the construction of other claim 
limitations, such as "based on at least said copy control," 
the phrase "if said copy control allows" may be 
inconsistent with other limitations of this claim and thus 
may be indefinite. 

- depending on the construction of other claim 

limitations, SUCH aS at lcabl OUC COpy LUIIUUI CUUllUlilllg 

the copies made of said digital file," the phrase "if said 
copy control allows at least a portion of said digital file 
to be copied" may be inconsistent with other limitations 
of this claim, and thus may be indefinite. 

f) copying at least a portion of 

said digital file; 

- see above 

- "copying" is indefinite, e.g., on whether it 
encompasses or excludes creating something that is not 
an identical duplicate of the original; and, if it does 
encompass that, then how close that something must be 
lo uic original 10 con&uiuie a vupy. 

- "at least a portion" is indefinite and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "copy control." 

g) transferring at least a portion 
of said digital file to a second 
device 

- see above 

- "transferring" is indefinite, e.g., on how it differs, if 
at all, from "moving" or "copying." 

- "at least a portion" is indefinite and has an indefinite 
antpppHpnt Visqiq p o on whether it enconvnasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "copy control." 

- "at least a portion" is indefinite, and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 


PAGE 13 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




excludes a "portion" not "copied" in the preceding step. 

a second device is mdciinite, anu ndi> an mueimiic 
antecedent basis, e.g., on whether it is limited to the same 
particular second device referred to earlier in the claim 
(to tne extent inc cidun cdrnci icicio iu a paiLii/uiai 
second device). 

including a memory 

- "memory" is indefinite, e.g., on whether it 
encompasses or excludes storage mat is not airecuy 
addressable by the processor. 

and an audio and/or video 
output; 

- "audio and/or video output" is indefinite, e.g., it is 
inconsistent witn tne later ciaim rccnaiion 01 &diu duuiu 
output." 

h) storing said digital file in said 
memory or saiu second ucvi^e, 
and 

see above 

i) including playing said music 
through said audio output. 

- "said audio output" is indefinite, e.g., it is 
inconsistent with the earlier claim recitation of "audio 
and/or video output." 


2) A method as in claim 1 , further comprising: 

a) at a time substantially contemporaneous with said transferring step, recording in said first 
device information indicating that said transfer has occurred. 


Following are some examples of the additional ways in which this dependent claim and 
these claim terms and phrases are indefinite on the face of the patent and/or as apparently 
construed by InterTrust: 


at a time substantially 
contemporaneous with said 
transferring step, 

- see above 

- "a time substantially contemporaneous with" is not 
used in the specification, and is indefinite. 

recording in said first device 
information indicating that said 

- "transfer" is indefinite, e.g., on how it differs, if at 
all, from "move" or "copy " 


PAGE 14 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


transfer has occurred. 


- "information indicating that said transfer has 
occurred" is indefinite, e.g., on the extent to which the 
information identifies "said transfer," e.g., what was 
"transferred" and/or to what it was "transferred." 


3) A method as in claim 2, in which: 

a) said information indicating that said transfer has occurred includes an encumbrance on 
said budget. 


Following are some examples of the additional ways in which this dependent claim and 
these claim terms and phrases are indefinite on the face of the patent and/or as apparently 


construed by InterTrust: 

a) said information indicating 

- see above 

that said transfer has occurred 

- "an encumbrance on said budget" is indefinite, e.g., 

includes an encumbrance on 

for the same reasons that "budget" is indefinite, and, as 

said budget. 

to its function and structure, and on whether it must be 


uniquely identifiable with respect to the universe of 


"VDE" nodes. 


4) A method as in claim 3, in which: 

a) said encumbrance operates to reduce the number of copies of said digital file authorized 
by said budget. 


Following are some examples of the additional ways in which this dependent claim and 
these claim terms and phrases are indefinite on the face of the patent and/or as apparently 
construed by InterTrust: 


said encumbrance operates to 
reduce the number of copies of 
said digital file authorized by 
said budget. 


- see above 

- "operates to reduce the number of copies of said 
digital file authorized by said budget" is indefinite, e.g., 
on whether it reduces the total global number of "copies" 
that ever will have been made of that "file" at any time, 


PAGE 15 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



by any "user," by any device, and for any length of 


persistence, and on meaning of an "encumbrance" 


"operating." 


1 1) A method comprising: 
2. receiving a digital file; 

b) storing said digital file in a first secure memory of a first device; 

c) storing information associated with said digital file in a secure database stored on said first 
device, said information including a first control; 

d) determining whether said digital file may be copied and stored on a second device based 
on said first control, said determining step including identifying said second device and 
determining whether said first control allows transfer of said copied file to said second device, 
said determination based at least in part on the features present at the device to which said 
copied file is to be transferred; 

e) if said first control allows at least a portion of said digital file to be copied and stored on a 
second device, 

f) copying at least a portion of said digital file; 

g) transferring at least a portion of said digital file to a second device including a memory and 
an audio and/or video output; 

h) storing said digital file in said memory of said second device; and 
2. rendering said digital file through said output. 


Following are some examples of the many ways in which this claim and these claim terms 
and phrases are indefinite on the face of the patent and/or as apparently construed by InterTrust: 


a) receiving a digital file; 

- "receiving . . . file" is indefinite, e.g., on what 
processing, if any, is required to complete this 
"receiving" step, on what receives the "file," and on what 
or where it is received from. 

"file" is indefinite, e.g., on whether it encompasses or 
excludes a duplicate or "copy" of the "file." 

b) storing said digital file in a 
first secure memory of a first 

- see above 

- "storing ... in" is used inconsistently in the 


PAGE 16 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



device; 

specification and is indefinite, e.g., on whether it 
encompasses or excludes merely holding a reference. 

- if "secure memory" is not at least limited to the 
disclosed internal RAM and/or ROM (directly 
addressable by a SPU processor instruction) located 
within the physically protected, "tamper-resistant" SPU, 
the term "secure memory" would be indefinite. 

- "secure" is indefinite. It is an amorphous term that 
the specification both fails to define and uses 
mLonoibicnuy. ror example, u io muciiiuic on wiidi i>uri 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 
those threats that separate(s) "secure" from "not secure." 

c) storing information associated 
with said digital file in a secure 
database stored on said first 
device, 

see above 

- if "associated with said digital file" is not at least 
limited to use of the disclosed "component assembly," 
"secure container," "protected processing environment," 
"object registration," and other mechanisms of the 
purported "VDE" "invention" for allegedly individually 
ensuring the "access control" "handcuffs" between 
specific "controls," specific "objects" (and their content 
at an arbitrary granular level), and specific "users," the 
phrase "associated with said digital file" would be 
indefinite. 

_ if "cPHirp Hat5)l"*QCA" 1c not at lAact 1i*mii"P>H tri tViA 
11 bwlsUIC UalaUdDC Id 11UI a I ICaM 1111111CU IU 111C 

disclosed "secure database" (including its "secure 
database manager" and alleged access control "VDE" 
mechanisms), the term "secure database" would be 
indefinite. 

said information including a first 
control 

- see above 

- "including" is used inconsistently in the specification 


PAGE 17 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




and is indefinite, e.g., on whether it encompasses or 

excludes merely holding a reference. 

- "control" is used inconsistently in the specification. 

11 CUIlllUl lo I1LH a I ICaol llUlilCU LU L11C UloClUoCU 

executable, modular "component assembly" component 
that, inter alia, performs its "VDE" "access control" tasks 
at an arbitrary granular level, the term "control" would 
be indefinite. 

d) determining whether said 
digital file may be copied and 
stored on a second device based 
on said first control; 

- see above 

- "copied" is indefinite (see "copy" above) 

- "determining whether said digital file may be copied 
and stored on a second device" is indefinite, e.g., on 
whether this step determines whether the file may be 
"copied" on a second device. 

- "a second device" is indefinite, e.g., on whether it 
means "any" second device or a particular second device. 

- "determining whether said digital file may be copied 
auu stored on a seconu uevice uascu on i>diu iirsi conxroi 
is indefinite; e.g., it is inconsistent with the later claim 
limitation "if said first control allows at least a portion of 
said digital file to be copied and stored on a second 
device" 

said determining step including 
identifying said second device 
and determining whether said first 
control allows transfer of said 
copied file to said second device, 

- see above 

- "identifying said second device" is indefinite, e.g., on 
whether the identification is of the type of device or of 
the particular second device unit, and on whether it is a 
unique identification. 

_ *'troticfVr" iq iTiflp'fiT'litf* p O" r*n hnw it Hiffprc if at 

U&llold lo IHUvlllUlG, Cg., \Jll 11U W 11 Ulllda, 11 <*\ 

all, from "move" or "copy." 

- "said copied file" lacks antecedent basis, and is 
indefinite. For example, the preceding limitations do not 
recite the "copying" of any "file" that could be an 


PAGE 1 8 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




antecedent for " said copied file." 
- if "copied file" is not at least limited to a "file" that 
has been "copied" at least once, then "copied file" would 
be indefinite. 

said determination based at least 
in part on the features present at 
the device to which said copied 
file is to be transferred; 

- "said determination" is indefinite as to its antecedent 
basis (e.g., "determining whether said digital file may be 
copied and stored ..." or "determining whether said first 
control allows transfer . . . ."). 

- "the features present at the device" is indefinite, e.g., 
on whether "the features" means all or any particular 
type of features, on what has these "features," and on the 
relationship, if any, of "features present at the device" to 
features of the device. 

- "to which said copied filed is to be transferred" is 
iiiuciimic. rur cAdinpie, n ib iiicoiiMsiciii wim me ouier 
claim limitations reciting that "transfer" may not be 
allowed. 

- "transferred" is indefinite, e.g., on how it differs, if at 
all, from "moved." 

e) if said first control allows at 
least a portion of said digital file 
to be copied and stored on a 
second device, 

- see above 

- "a portion of said digital file" is indefinite, e.g., on 
whether it encompasses or excludes matter that is merely 
referenced within the "file." 

- "a second device" is indefinite, and has an indefinite 
antecedent basis, e.g., on whether it is limited to the "said 
second device" recited earlier in the claim. 

- depending on the construction of other claim 

limitation*; <mch as "determininc whpfhpr ^airi Hicrital filf* 

xiiiiiiairiv^iio, juvii u-kj .uviwiiiiiiiiiig wnvuivi juiu uigiicii lilt** 

may be copied and stored on a second device based on 
said first control," the phrase "if said first control allows 
at least a portion of said digital file to be copied and 
stored on a second device" may be inconsistent with 


PAGE 19 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




other limitations of this claim, and thus may be 
indefinite. 

f) copying at least a portion of 

said digital file; 

see above 

- "copying" is indefinite, e.g., on whether it 
encompasses or excludes creating something that is not 
an identical duplicate of the original; and, if it does 
encompass that, then how close that something must be 

to the ori Pinal to rnn^Htiitf* a "rnnv " 

- "at least a portion" is indefinite and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "first control." 

g) transferring at least a portion 
of said digital file to a second 
device 

- see above 

- "transferring" is indefinite, e.g., on how it differs, if 
at all, from "moving" or "copying." 

- "at least a portion" is indefinite and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "first control." 

- "at least a portion" is indefinite, and has an indefinite 
antecedent basis e p. on whether it encomna^es or 
excludes a "portion" not "copied" in the preceding step. 

- "a second device" is indefinite, and has an indefinite 
antecedent basis e e on whether it is limited to the "said 
second device" recited earlier in the claim. 

including a memory 

"memorv" is indefinite e ff on whether it 

111 VlllVl T ±.%J lllViVllJ.ll IV ^ v • C» • y V/ll r V liV UlVl it 

encompasses or excludes storage that is not directly 
addressable by the processor. 

and an audio and/or video 
output; 

- "audio and/or video output" is indefinite. 

h) storing said digital file in said 
memory of said second device; 

- see above 

- "storing said digital file" is indefinite and 


PAGE 20 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



and 

inconsistent with other claim limitations, e.g., 
"transferring at least a portion of said digital file to a 
second device." 

i) rendering said digital file 
through said output. 

see above 

- "rendering said digital file" is indefinite and 
inconsistent with other claim limitations, e.g., 
"transferring at least a portion of said digital file to a 
second device." 


1 5) A method comprising: 
2. receiving a digital file; 

b) an authentication step comprising: 

c) accessing at least one identifier associated with a first device; and 

d) determining whether said identifier is associated with a device and/or user authorized to 
store said digital file; 

e) storing said digital file in a first secure memory of said first device, but only if said device 
and/or user is so authorized, but not proceeding with said storing if said device and/or user 
is not authorized; 

f) storing information associated with said digital file in a secure database stored on said first 
device, said information including at least one control; 

g) determining whether said digital file may be copied and stored on a second device based 
on said at least one control; 

h) if said at least one control allows at least a portion of said digital file to be copied and 
stored on a second device, 

2. copying at least a portion of said digital file; 

j) transferring at least a portion of said digital file to a second device including a memory and 
an audio and/or video output; 

k) storing said digital file in said memory of said second device; and 
1) rendering said digital file through said output. 

Following are some examples of the many ways in which this claim and these claim terms 
and phrases are indefinite on the face of the patent and/or as apparently construed by InterTrust: 

PAGE 21 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



fpppivincr a Hicritnl flip* 
ay i cv^civiiig d uigiicu 111c, 

- "rpppivincr flip" ic inHpfinitp p o nn wtiat 

ICL'C'l Viilg ... 111C lo 1I1U.C111111C, C.g., Ull Wild I 

processing, if any, is required to complete this 

"rprpivinu" stpn on what tpppivp^; flip u fi1p " anH nn what 

or where it is received from. 

- "file'* is indefinite, e.g., on whether it encompasses or 
excludes a duplicate or "copy" of the "file." 

b) an authentication step 

comprising: 

"authentication step" is indefinite, e.g., for the 
reasons set forth below. 

c) accessing at least one 
identifier associated with a first 
device or with a user of said 
first device; and 

- "accessing" is indefinite, e.g., on whether it 
encompasses or excludes ascertaining the information 
content of what is "accessed" (e.g., decrypting any 
encrypted information). 

- if "identifier" is not at least limited to a value that 
uniquely identifies a particular device or "user," it would 
be indefinite. 

- "identifier associated with" is indefinite, e.g., on 
whether the "identifier" is uniquely "associated with." 

- "identifier associated with a first device or with a 

ncpr nf cqiH firct HpviVp" ic inHpfinitp cjnri ifir^r^Ti ci ctf»r>t 
UoCl Ul oalU. Ill a I U-CVlvC lo 111UC11111LC allu UlUUllololClll 

with the later claim recitation of "determining whether 
said identifier is associated with a device and/or user ...." 

- "a user of said first device" is indefinite, e.g., on 
whether the "user" is a current, past, or potential "user" 
of the device. 

d) determining whether said 
identifier is associated with a 

lUVUlUlVl M.i3 HJJVVllllvU TT 1111 M 

device and/or user authorized to 
store said digital file; 

- "determining whether said identifier is associated 
with a device and/or user" is indefinite and inconsistent 
with the preceding claim limitation of an "identifier 
associated with a first device or with a user of said first 
device." 

- "authorized to store said digital file" is indefinite, 
e.g., on whether such "authorization" is conditional or 


PAGE 22 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




unconditional. 

e) storing said digital file in a 
first secure memory of said first 
device, 

- see above 

- "storing ... in" is used inconsistently in the 
specification and is indefinite, e.g., on whether it 
encompasses or excludes merely holding a reference. 

- if "secure memory" is not at least limited to the 
disclosed internal RAM and/or ROM (directly 
addressable by a SPU processor instruction) located 
within the physically protected, "tamper-resistant" SPU, 
the term "secure memory" would be indefinite. 

- "secure" is indefinite. It is an amorphous term that 
the specification both fails to define and uses 
inconsistentlv For examnle it is indefinite on what cnrt 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 
those threats that separate(s) "secure" from "not secure." 

but only if said device and/or 
user is so authorized, but not 
proceeding with said storing if 
said device and/or user is not 
authorized; 

- "said device and/or user" is indefinite and has an 
indefinite antecedent basis (e.g., "a device and/or user 
authorized to store said digital file" or "at least one 
identifier associated with a first device or with a user of 
said first device"). 

- "so authorized" is indefinite and has an indefinite 
antecedent basis (e.g., "authorized" for "storing said 
digital file in a first secure memory of said first device" 
or "authorized to store said digital file"). 

- "but only if said device and/or user is so authorized" 
is inconsistent with "but not proceeding with said storing 
if said device and/or user is not authorized," rendering 
both phrases indefinite. 

f) storing information associated 
with said digital file in a secure 

- see above 

- if "associated with said digital file" is not at least 


PAGE 23 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



database stored on said first 
device, 

limited to use of the disclosed "component assembly," 
"secure container," "protected processing environment," 
"object registration," and other mechanisms of the 
purported "VDE" "invention" for allegedly individually 
ensuring the "access control" "handcuffs" between 
specific "controls," specific "objects" (and their content 
at an arbitrary granular level), and specific "users," the 
phrase "associated with said digital file" would be 
indefinite. 

if "secure database" is not at least limited to the 
disclosed "secure database" (including its "secure 
database manager" and alleged access control "VDE" 
mechanisms), the term "secure database" would be 
indefinite. 

said information including at 
least one control 

- see above 

- "including" is used inconsistently in the specification 
and is indefinite, e.g., on whether it encompasses or 
excludes merely holding a reference. 

- "control" is used inconsistently in the specification. 
11 control is noi ax leasi iinnieu to me disclosed 
executable, modular "component assembly" component 
that, inter alia, performs its "VDE" "access control" tasks 
at an arbitrary granular level, the term "control" would 
be indefinite. 

g) determining whether said 
digital file may be copied and 
stored on a second device based 
on said at leatf nnp rnntrnl* 

- see above 

- "copied" is indefinite (see "copy" above) 

- "determining whether said digital file may be copied 

unH QtnrpH nn ji cprotiH Hpvip^ ViqcaH r\t\ cqiH at Ipsict /ytia 
ailU olAJltU Ull a oCL-UHU. UaoCU UX1 oalCl al ICaol UI1C 

control" is indefinite, e.g., on whether this step 
determines whether the "file" may be "copied" on a 
second device. 

- "a second device" is indefinite, e.g., on whether it 


PAGE 24 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




means "any" second device or a particular second device. 

h) if said at least one control 
allows at least a portion of said 
digital file to be copied and 
stored on a second device, 

- see above 

"a portion of said digital file" is indefinite, e.g., on 
whether it encompasses or excludes matter that is merely 
referenced within the "file." 

- depending on the construction of other claim 
limitations, such as "determining whether said digital file 

mav Hp ponipfl and Qtnrpd ati a Qf*pnnH Hpvipp V*»cf*H nn 
illo-j w wupi^u a nil aiuiwu v/ii a Dvvuixu u^viuw uaowu Ull 

said at least one control," the phrase "if said at least one 
control allows at least a portion of said digital file to be 
copied" may be inconsistent with other limitations of this 
claim, and thus may be indefinite. 

i) copying at least a portion of 

said digital file; 

- see above 

- "copying" is indefinite, e.g., on whether it 
encompasses or excludes creating something that is not 
an identical duplicate of the original; and, if it does 
encompass that, then how close that something must be 

to the orioinal tn mnctitntf* n "mm/ M 

- "at least a portion" is indefinite and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "at least one control." 

j) transferring at least a portion 
of said digital file to a second 
device 

see above 

- "transferring" is indefinite, e.g., on how it differs, if 
at all, from "moving" or "copying." 

- "at least a portion" is indefinite and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "at least one control." 

- "at least a portion" is indefinite, and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "copied" in the preceding step. 


PAGE 25 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




"a second device" is indefinite, and has an indefinite 
antecedent basis, e.g., on whether it is limited to the same 
particular second device referred to earlier in the claim 
(to the extent the claim earlier refers to a particular 
second device). 

including a memory 

- "memory" is indefinite, e.g., on whether it 
encompasses or excludes storage that is not directly 
addressable by the processor. 

and an audio and/or video 
output; 

- "audio and/or video output" is indefinite. 

h) storing said digital file in said 
memory of said second device; 
and 

see above 

- "storing said digital file" is indefinite and 
inconsistent with other claim limitations, e.g., 
"transferring at least a portion of said digital file to a 
second device." 

i) rendering said digital file 
through said output. 

see above 

- "rendering said digital file" is indefinite and 
inconsistent with other claim limitations, e.g., 
"transferring at least a portion of said digital file to a 
second device." 


19) A method comprising: 

a) receiving a digital file at a first device; 

b) establishing communication between said first device and a clearinghouse located at a 
location remote from said first device; 

c) said first device obtaining authorization information including a key from said 
clearinghouse : 

d) said first device using said authorization information to gain access to or make at least one 
use of said first digital file, including using said key to decrypt at least a portion of said first 
digital file; and 

e) receiving a first control from said clearinghouse at said first device; 

PAGE 26- MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR3-3, 3-4 


f) storing said first digital file in a memory of said first device; 

g) using said first control to determine whether said first digital file may be copied and 
stored on a second device; 

h) if said first control allows at least a portion of said first digital file to be copied and stored 
on a second device, 

i) copying at least a portion of said first digital file; 

j) transferring at least a portion of said first digital file to a second device including a memory 
and an audio and/or video output; 

k) storing said first digital file portion in said memory of said second device; and 
1) rendering said first digital file portion through said output. 


Following are some examples of the many ways in which this claim and these claim terms 
and phrases are indefinite on the face of the patent and/or as apparently construed by InterTrust: 


a) receiving a digital file at a first 
device; 

- "receiving . . . at" is indefinite, e.g., on what 
processing, if any, is required to complete this 
"receiving" step, and on what or where it is received 
from. 

- "file" is indefinite, e.g., on whether it encompasses or 
excludes a duplicate or "copy" of the "file." 

b) establishing communication 
between said first device and a 
clearinghouse located at a 
location remote from said first 
device; 

- "establishing communication between" is indefinite, 
e.g., on whether this step requires one or more 
"communications," on whether two-way 
"communication" must be established, and on the nature 
of the "communication." 

- "location remote from" is indefinite, e.g., on how 
"remoteness" is determined. 

- "clearinghouse" is indefinite. For example, it 
vaguely suggests a function without suggesting any 
particular structure for performing such function. No 
particular corresponding structure is adequately 
described in the specification. 

c) said first device obtaining 

- if "authorization information" is not at least limited 


PAGE 27 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



authorization information 
including a key from said 
clearinghouse: 

to (1) the disclosed executable, modular "component 
assembly" component that, inter alia, performs its 
"VDE" "access control" tasks at an arbitrary granular 
level, and (2) the kev and other data used therebv the 
term "authorization information" would be indefinite. 
- "including" is used inconsistently in the specification 
and is indefinite, e.g., on whether it encompasses or 
excludes merely holding a reference. 

d) said first device using said 
authorization information to 
gain access to or make at least 
one use of said first digital file, 
including using said key to 
decrypt at least a portion of said 
first digital file; and 

- "gain access to" is indefinite, e.g., on whether it 
encompasses or excludes ascertaining the information 
content of what is "accessed" (e.g., decrypting any 
encrypted information). 

- "use" is indefinite and is used inconsistently in the 
specification, e.g., on whether or not it encompasses or 
excludes "distribution," "extraction," "manipulating," 
and/or "copying." 

e) receiving a first control from 
said clearinghouse at said first 
device; 

- see above 

- "control" is used inconsistently in the specification. 
If "control" is not at least limited to the disclosed 
executable, modular "component assembly" component 
that, inter aha, performs its "VDE" "access control" tasks 
at an arbitrary granular level, the term "control" would 
be indefinite. 

f) storing said first digital file in 
a memory of said first device; 

- see above 

- "storing ... in" is used inconsistently in the 
specification and is indefinite e e on whether it 
encompasses or excludes merely holding a reference. 

- "memory" is indefinite, e.g., on whether it 
encompasses or excludes storage that is not directly 
addressable by the processor. 

g) using said first control to 
determine whether said first 

see above 

- "copied" is indefinite, e.g., on whether it 


PAGE 28- MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING US PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



digital file may be copied and 
stored on a second device; 

encompasses or excludes creating something that is not 
an identical duplicate of the original; and if it does 
encompass that, then how clear that something must be 
to the original to constitute a "copy." 

- "determine whether said first digital file may be 
copied and stored on a second device" is indefinite, e.g., 
on whether this step determines whether the "file" may 
be "copied" on a second device. 

- "a second device" is indefinite, e.g., on whether it 
means "any" second device or a particular second device. 

- "using said first control to determine whether said 
first digital file may be copied and stored on a second 
device" is indefinite; e.g., it is inconsistent with the later 
claim limitation "if said first control allows at least a 
portion of said first digital file to be copied and stored on 
a second device" 

h) if said first control allows at 
least a portion of said first 
digital file to be copied and 
stored on a second device, 

- see above 

- "a portion of said digital file" is indefinite, e.g., on 
whether it encompasses or excludes matter that is merely 
referenced within the "file." 

- depending on the construction of other claim 
limitations, such as "using said first control to determine 
whether said first digital file may be copied and stored on 
a second device" the phrase "if said first control allows at 
least a portion of said first digital file to be copied" may 
be inconsistent with other limitations of this claim, and 
thus may be indefinite. 

i) copying at least a portion of 

said first digital file; 

- see above 

- "copying" is indefinite, e.g., on whether it 
encompasses or excludes creating something that is not 
an identical duplicate of the original; and, if it does 
encompass that, then how close that something must be 


PAGE 29 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




to the original to constitute a "copy." 
- "at least a portion" is indefinite and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "first control " 

j) transferring at least a portion 

of said first digital file to a 
second device 

see above 

- "transferring" is indefinite, e.g., on how it differs, if 
at all, from "moving" or "copying." 

- "at least a portion" is indefinite and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a "portion" not "allowed" "to be copied and 
stored on a second device" by the "first control." 

- "at least a portion" is indefinite, and has an indefinite 
antecedent basis, e.g., on whether it encompasses or 
excludes a portion not "copied" in the preceding step. 

"a second device" is indefinite, and has an indefinite 
antecedent basis, e.g., on whether it is limited to the same 
particular second device referred to earlier in the claim 
(to the extent the claim earlier refers to a particular 
second device). 

including a memory 

- see above 

and an audio and/or video 
output; 

- "audio and/or video output" is indefinite. 

k) storing said first digital file 
portion in said memory of said 
second device; and 

- see above 

1) rendering said first digital file 
portion through said output. 

- see above 


'683 

2. A system including: 

PAGE 30 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


a first apparatus including, 
user controls, 

a communications port, 

a processor, 

a memory storing: 

a first secure container containing a governed item, the first secure container governed item 
being at least in part encrypted; the first secure container having been received from a second 
apparatus; 

a first secure container rule at least in part governing an aspect of access to or use of said 
first secure container governed item, the first secure container rule, the first secure container 
rule having been received from a third apparatus different from said second apparatus; and 
hardware or software used for receiving and opening secure containers, said secure 
containers each including the capacity to contain a governed item, a secure container rule 
being associated with each of said secure containers ; 

a protected processing environment at least in part protecting information contained in said 
protected processing environment from tampering by a user of said first apparatus, said 
protected processing environment including hardware or software used for applying said 
first secure container rule and a second secure container rule in combination to at least in 
part govern at least one aspect of access to or use of a governed item contained in a secure 
container ; and 

hardware or software used for transmission of secure containers to other apparatuses or for 
the receipt of secure containers from other apparatuses . 


Following are some examples of the many ways in which this claim and these claim terms 
and phrases are indefinite on the face of the patent and/or as apparently construed by InterTrust: 


2. A system including: 


a first apparatus including, 

- the claim is indefinite on which of the recited 
elements are included in the "first apparatus." 

user controls, 

- "user controls" is indefinite. 

a communications port, 


a processor, 


a memory storing: 

"memory" is indefinite, e.g., on whether it 


PAGE 31 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




encompasses or excludes storage that is not directly 
addressable by the processor. 

- "storing" is used inconsistently in at least the 
allegedly incorporated specification and is indefinite, 
e.g., on whether it encompasses or excludes merely 
holding a reference. 

- the claim is indefinite on which of the recited 
elements are "stored" in the "memory." 

a first secure container 
containing a governed item, 

- "secure container" is indefinite, e.g., on its structure 
and certain of its functions, on whether it encompasses or 
excludes "virtual container." The specification does not 
disclose adequate corresponding structure under Section 
112 5 H6. 

- "container" is indefinite, e.g., on its structure and 
certain of its functions, and on what distinguishes a 
single "container" from two separate "containers." 

- "secure" is indefinite. It is an amorphous term that 
the specification both fails to define and uses 
inconsistently. For example, it is indefinite on what sort 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 
those threats that separate(s) "secure" from "not secure." 

- "storing . . . secure container" is indefinite, e.g., on 
what part, if any, of the "container" may merely be 
referenced from within the memory. 

- "containing" is indefinite and used inconsistently in 
at least the allegedly incorporated specification. For 
example, it is indefinite on whether it encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "containing." 


PAGE 32 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




- if "govern" is not at least limited to preventing 
unapproved user processing of a particular item on a per 
item basis by use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 
"handcuffs" between specific "controls," specific 
"objects" (and their content at an arbitrary granular 
level), and specific users, the term "governed" (and 
"governed item") would be indefinite. 

- "a governed item," is indefinite, e.g., on what 
distinguishes "a governed item" from two separate 
governed items. 

the first secure container 
governed item being at least in 
part encrypted; 

- see above 

the first secure container 
having been received from a 
second apparatus; 

see above 

- "received" is indefinite, e.g., on what processing, if 
any, is required to complete this "receipt " and on what 
"received" the "received" item. 

- "having been received from" recites the (possibly 
unknowable) history of a component (or something 
stored in a component) rather than the structure or 
function of the component, apparatus or system, thereby 
rendering this apparatus claim indefinite. 

- "received from a second apparatus" is indefinite, e.g., 
on whether this encompasses or excludes receipt from 
some intermediary between the second apparatus and 
first apparatus. 

a first secure container rule at 
least in part governing an 

- see above 

- "rule" is indefinite and is used inconsistently in the 


PAGE 33 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


aspect of access to or use of 

specification. For example, the relationship between a 

saia iirsi secure container 

rule ana a control is inaeiinite. 

governeu iiem, 

"secure container rule" is indefinite and not used in 


the specification. 


"at least in part" is indefinite, and, under some 


possible meanings, inconsistent with "governing." 


if "governing" is not at least limited to preventing 


unapproved user processing of a particular item on a per 


item basis by use of the disclosed "component 


assembly, secure container, protected processmg 


environment," "object registration," and other 


mechamsms of the purported "VDE invention for 


11 11*1**1 11 * * 1 C C 

allegedly individually ensuring the access control 


handcuffs between specific controls, specific 


"objects" (and their content at an arbitrary granular 


level), and specific users, the term "governing" would be 


indefinite. 


- "at least in part governing" is indefinite, e.g., on how 


to identify when this act of "governing" has begun, is 


ongoing, or has ended. 


"access" is indefinite, e.g., on whether it 


encompasses or excludes determining the information 


content of what is "accessed" (e.g., decrypting any 


encrypted information). 


«. "licp" iq inHpfinftf* unH iq iiqpH inr*rmcicfv»ntl\/ in tn** 
use lo JJJAJvJLiiiilw aim la UdCU lllOUIlalblCIlLiy 111 L11C 


allegedly incorporated specification, e.g., on whether or 


not it encompasses or excludes "distribution," 


"extraction," "manipulating," and/or "copying." 


- "an aspect of access to or use of is indefinite. 

the first secure container rule, 

- see above 


- the claim is indefinite on the significance of this 


repetition of the phrase "the first secure container rule." 


PAGE 34 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


the first secure container rule 
having been received from a 
third apparatus different from 
said second apparatus; and 

see above 

- "received from a third apparatus" is indefinite, e.g., 
on whether this encompasses or excludes receipt from 
some intermediary between the third apparatus and first 
apparatus. 

hardware or software used for 

see above 

- "receiving" is indefinite, e.g., on what processing, if 
any, is required to complete this "receiving" step, on 
what receives the "secure containers," and on what or 
where they are received from. 

- if "opening secure containers" is not at least limited 
to successful completion of the "OPEN method" 
expressly disclosed in the allegedly incorporated 
specification, the phrase "opening secure containers" 
would be indefinite. 

- "hardware or software used for receiving and opening 
secure containers " is indefinite e e on the stnirtiirp nf 
this "hardware or software," and on whether the same 
"hardware or software" performs both "receiving" and 
"opening." The specification does not disclose adequate 
corresponding structure. 

receiving and opening secure 

containers. 

said secure containers each 
including the capacity to 
contain a governed item, 

- see above 

- if "said secure containers" is not at least limited to all 
"secure containers" which the "hardware or software 
used for receiving and opening secure containers" is able 
to "receive and open" (regardless of whether it has done 
so), the phrase "said secure containers" would be 
indefinite. 

- "contain" is indefinite and used inconsistently in at 
least the allegedly incorporated specification. For 
example, it is indefinite on whether it encompasses or 
excludes merely holding a reference, and, if it does 


PAGE 35 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




encompass merely holding a reference, what type of 
reference suffices to constitute "contain." 
- "including the capacity to contain a governed item" is 
indefinite, e.g., on the manner in which a "capacity" is 
included in a "secure container," and on whether the 
"capacity to contain" must apply to some particular 
"governed item" or to every "governed item" without 
limitation. 

a secure container rule being 
associated with each of said 
secure containers: 

- see above 

- if "being associated with . . . secure containers" is not 
at least limited to use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 
"handcuffs" between specific "controls," specific 
"objects" (and their content at an arbitrary granular 
level), and specific users, the phrase "being associated 
with . . . secure containers" would be indefinite. 

if "said secure containers" is not at least limited to all 
"secure containers" which the "hardware or software 
used for receiving and opening secure containers" is able 
to "receive and open" (regardless of whether it has done 
so), the phrase "said secure containers" is indefinite. 


a protected processing 
environment at least in part 
protecting information 
contained in said protected 
processing environment from 
tampering by a user of said 
first apparatus, 

- "protected" is indefinite. It is an amorphous term 
that the specification both fails to define and uses 
inconsistently. For example, it is indefinite on what sort 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?), 
and on the nature and the level(s) of protection from 
those threats that separate(s) "protected" from "not 
protected." 




PAGE 36 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


- if "protected processing environment" is not at least 
limited to excluding the processor and "memory" recited 
earlier in the claim, and is not at least limited to 
executing software and/or hardware (if any) expressly 
disclosed in the specification and identified as a 
"protected processing environment," the term "protected 
processing environment" would be indefinite. 

- if "protecting" is not at least limited to preventing 
unauthorized "user" processing of a particular item on a 
per item basis by use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 
"handcuffs" between specific "controls," specific 
"objects" (and their content at an arbitrary granular 
level), and specific 4t users," the term "protecting" would 
be indefinite. 

- "at least in part" is indefinite, and, under some 
possible meanings, inconsistent with "protecting." 

- "information contained in said protected processing 
environment" is indefinite, e.g., on what aspects of a 
"protected processing environment" can "contain" 
information, and on whether "contain" encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "contain." 

- "protecting from . . . tampering" is indefinite, e.g., on 
the specific threat(s) being addressed, and on the level(s) 
and nature of protection from those threats. 

- "a user of said first apparatus" is indefinite, e.g., on 
whether "a user" means "any user" or a particular "user " 


PAGE 37 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


said protected processing 
environment including 
hardware or software used for 


applying said first secure 
container rule and a second 
secure container rule in 
combination to at least in part 
govern at least one aspect of 
access to or use of a governed 


item contained in a secure 
container : and 


- see above 

- "said first secure container rule and a second secure 
container rule" is indefinite, e.g., on what distinguishes a 
single "rule" from two separate "rules." 

- "hardware or software used for applying ... in a 
secure container" is indefinite, e.g., on the structure of 
this "hardware or software." The specification does not 
disclose adequate corresponding structure. 

- "applying ... in combination" is indefinite, e.g., on the 
manner in which the "rules" are merged and applied. 

- "contained in" is indefinite and used inconsistently in 
at least the allegedly incorporated specification. For 
example, it is indefinite on whether it encompasses or 
excludes merely holding a reference in, and, if it does 
encompass merely holding a reference in, what type of 
reference suffices to constitute "contained in." 

"at least in part" is indefinite, and, under some 
possible meanings, inconsistent with "govern." 

if "govern" is not at least limited to preventing 
unauthorized "user" processing of a particular item on a 
per item basis by use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 
handcuffs" between specific "controls," specific 
objects" (and their content at an arbitrary granular 
level), and specific "users," the term "govern" would be 
indefinite. 

"a governed item contained in a secure container" is 
indefinite and has no or an indefinite antecedent basis as 
both "a governed item" and "a secure container." 


PAGE 38- MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



llnl UTTalv Ul aUllTTal C U9CU iUI 

coo q rvT r/a 

oCC aUUVC 

transmission of secure 

- "hardware or software used for transmission ... or for 

containers to other 

the receipt ... from other apparatuses" is indefinite, e.g., 

apparatuses or for the receipt 

on the structure of this "hardware or software," and on its 

of secure containers from other 

relationship, if any, with the previously recited 

apparatuses. 

"hardware or software used for receiving and opening 
secure wunidincr&, anu on its reiauonsnip, 11 any, witn 

Ctrl'!/ rl PlPTYIAnt 1*1 fno nlnim 1 Un o-fv ani* -PI 

aiiy ouicr ciemeni recited in xne Claim, ine specincation 
does not disclose adequate corresponding structure. 

28. A system including; 


a first apparatus including; 


user controls, 


a communications port, 


a processor, 



a memory containing a first rule, 

hardware or software used for receiving and opening secure containers. said secure 
containers each including the capacity to contain a governed item, a secure container rule 
being associated with each of said secure containers : 

a protected processing environment at least in part protecting information contained in said 
protected processing environment from tampering by a user of said first apparatus, said 
protected processing environment including hardware or software used for applying said 
first rule and a secure container rule in combination to at least in part govern at least one 
aspect of access to or use of a governed item : and 

hardware or software used for transmission of secure containers to other apparatuses or for 
the receipt of secure containers from other apparatuses : and 
a second apparatus including: 
user controls, 

a communications port, 
a processor, 

a memory containing a second rule, 


PAGE 39 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


hardware or software used for receiving and opening secure containers, said secure 
containers each including the capacity to contain a governed item, a secure container rule 
being associated with each of said secure containers ; 

a protected processing environment at least in part protecting information contained in said 
protected processing environment from tampering by a user of said apparatus, said 
protected processing environment including hardware or software used for applying said 
second rule and a secure container rule in combination to at least in part govern at least one 
aspect of access to or use of a governed item : 

hardware or software used for transmission of secure containers to other apparatuses or for 

the receipt of secure containers from other apparatuses ; and 

an electronic intermediary , said intermediary including a user rights authority 

clearinghouse . 


Following are some examples of the many ways in which this claim and these claim terms 
and phrases are indefinite on the face of the patent and/or as apparently construed by InterTrust: 


28. A system including: 


a first apparatus including, 

- the claim is indefinite on which of the recited 
elements are included in the "first apparatus." 

user controls, 

- "user controls" is indefinite. 

a communications port, 


a processor, 


a memory containing a first 
rule, 

- "memory" is indefinite, e.g., on whether it 
encompasses or excludes storage that is not directly 
addressable by the processor. 

- "containing" is indefinite and used inconsistently in 
at least the allegedly incorporated specification. For 
example, it is indefinite on whether it encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "containing." 

- "rule" is indefinite and is used inconsistently in the 
specification. For example, the relationship between a 


PAGE 40 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR3-3,3-4 


'rule" and a "control" is indefinite. 


hardware or software used for 


see above 


receiving and opening secure 
containers . 


- "receiving" is indefinite, e.g., on what processing, if 
any, is required to complete this "receiving" step, on 


what receives the "secure containers," and on what or 
where they are received from. 

- if "opening secure containers" is not at least limited 
to successful completion of the "OPEN method" 
expressly disclosed in the allegedly incorporated 
specification, the phrase "opening secure containers" 
would be indefinite. 

- "secure container" is indefinite, e.g., on its structure 
and certain of its functions, and on whether it 
encompasses or excludes "virtual container." The 
specification does not disclose adequate corresponding 
structure under Section 1 1 2, K 6. 

- "container" is indefinite, e.g., on its structure and 
certain of its functions, and on what distinguishes a 
single "container" from two separate "containers." 

- "secure" is indefinite. It is an amorphous term that 
the specification both fails to define and uses 
inconsistently. For example, it is indefinite on what sort 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 
those threats that separate(s) "secure" from "not secure." 

"hardware or software used for receiving and opening 
secure containers," is indefinite, e.g., on the structure of 
this "hardware or software," and on whether the same 
"hardware or software" performs both "receiving" and 
"opening." The specification does not disclose adequate 
corresponding structure. 


PAGE 41 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


said secure containers each 
including the capacity to 
contain a governed item, 

see above 

- if "said secure containers" is not at least limited to all 
"secure containers" which the "hardware or software 
used for receiving and opening secure containers" is able 
to "receive and open" (regardless of whether it has done 
so), the phrase "said secure containers" would be 
indefinite. 

- "contain" is indefinite and used inconsistently in at 
least the allegedly incorporated specification. For 
example, it is indefinite on whether it encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "contain." 

- "a governed item," is indefinite, e.g., on what 
distinguishes "a governed item" from two separate 
"governed items." 

- "including the capacity to contain a governed item" is 
indefinite. 

a secure container rule being 
associated with each of said 
secure containers: 

- see above 

- if "associated with ... secure containers" is not at least 
limited to use of the disclosed "component assembly," 
"secure container," "protected processing environment," 
"object registration," and other mechanisms of the 
purported "VDE" "invention" for allegedly individually 
ensuring the "access control" "handcuffs" between 
specific "controls," specific "objects" (and their content 
at an arbitrary granular level), and specific "users," the 
phrase "associated with . . . secure containers" would be 
indefinite. 

- if "said secure containers" is not at least limited to all 
"secure containers" which the "hardware or software 
used for receiving and opening secure containers" is able 



PAGE 42 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


to "receive and open" (regardless of whether it has done 
so), the phrase "said secure containers" is indefinite. 


protected." 

- if "protected processing environment" is not at least 
limited to excluding the processor and "memory" recited 
earlier in the claim, and is not at least limited to 
executing software and/or hardware (if any) expressly 
disclosed in the specification and identified as a 
"protected processing environment," the term "protected 
processing environment" would be indefinite. 

- if "protecting" is not at least limited to preventing 
unauthorized "user" processing of a particular item on a 
per item basis by use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 
"handcuffs" between specific "controls," specific 
"objects" (and their content at an arbitrary granular 
level), and specific "users," the term "protecting" would 
be indefinite. 

- "at least in part" is indefinite, and, under some 
possible meanings, inconsistent with "protecting." 

- "information contained in said protected processing 
environment" is indefinite, e.g., on what aspects of a 


a protected processing 
environment at least in part 
protecting information 
contained in said protected 
processing environment from 
tampering by a user of said 
first apparatus, 


- "protected" is indefinite. It is an amorphous term 
that the specification both fails to define and uses 
inconsistently. For example, it is indefinite on what sort 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 
those threats that separate(s) "protected" from "not 


PAGE 43 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


"protected processing environment" can "contain" 
information, and on whether "contain" encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "contain." 

- "protecting from . . . tampering" is indefinite, e.g., on 
the specific threat(s) being addressed and on the level(s) 
and nature of protection from those threats. 

- "a user of said first apparatus" is indefinite, e.g., on 
whether "a user" means "any user" or a particular "user." 


said protected processing 
environment including 
hardware or software used for 


applying said first rule and a 
secure container rule in 
combination to at least in part 


govern at least one aspect of 
access to or use of a governed 
item: and 


see above 

- "said first rule and a secure container rule" is 
indefinite, e.g., on whether "a secure container rule" is 
separate from a "first rule," and on what distinguishes a 
single "rule" from two separate "rules." 

"hardware or software used for applying ... in a 
secure container," is indefinite, e.g., on the structure of 
this "hardware or software." The specification does not 
disclose adequate corresponding structure. 

- "applying ... in combination" is indefinite, e.g., on 
the manner in which the "rules" are merged and applied. 

- "at least in part" is indefinite, and, under some 
possible meanings, inconsistent with "govern." 

- if "govern" is not at least limited to preventing 
unapproved user processing of a particular item on a per 
item basis by use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 

handcuffs" between specific "controls," specific 
objects" (and their content at an arbitrary granular 


PAGE 44 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




level), and specific "users," the term "govern" would be 
indefinite. 

- "access" is indefinite, e.g., on whether it 
encompasses or excludes determining the information 
content of what is accessed (e.g., decrypting any 
encrypted information). 

- "use" is indefinite and is used inconsistently in the 
allegedly incorporated specification, e.g., on whether or 
not it encompasses or excludes "distribution," 
"extraction," "manipulating," and/or "copying." 

- "an aspect of access to or use of is indefinite. 

- "a governed item" is indefinite and has no or an 
indefinite antecedent. 

hardware or software used for 

- see above 

- "hardware or software used for transmission ... or for 
the receipt . . . from other apparatuses" is indefinite, e.g., 
on the structure of this "hardware or software," on its 
relationship, if any, with the previously recited 
"hardware or software used for receiving and opening 
secure containers," on whether the same "hardware or 
software" performs both, and on its relationship, if any, 
with any other element recited in the claim. The 
specification does not disclose adequate corresponding 
structure. 

transmission of secure 

containers to other 

apparatuses or for the receipt 

of secure containers from other 

apparatuses: and 


a second apparatus including, 

the claim is indefinite on which of the recited 
elements are included in the "second apparatus." 
- the claim is indefinite for failing to link the first 
apparatus with the second apparatus in any manner. 

user controls, 

- "user controls" is indefinite. 

a communications port, 


a processor, 


a memory containing a second 

- "memory" is indefinite, e.g., on whether it 


PAGE 45 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


rule, 

encompasses or excludes storage that is not directly 
addressable by the processor. 

- "containing" is indefinite and used inconsistently in 
at least the allegedly incorporated specification. For 
example, it is indefinite on whether it encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "containing." 

- "rule" is indefinite and is used inconsistently in the 
specification. For example, it is indefinite on what 
distinguishes a single "rule" from two separate "rules." 

hardware or software used for 

- see above 

- "receiving" is indefinite, e.g., on what processing, if 
any, is required to complete this "receiving" step, on 
what receives the "secure containers," and on what or 
where they are received from. 

- if "opening secure containers" is not at least limited 
to successful completion of the "OPEN method" 
expressly disclosed in the allegedly incorporated 
specification, the phrase "opening secure containers" 
would be indefinite. 

- "secure container" is indefinite, e.g., on its structure 
and certain of its functions, and on whether it 
encompasses or excludes "virtual container." The 
specification does not disclose adequate corresponding 
structure under Section 1 12, U 6. 

- "secure" is indefinite. It is an amorphous term that 
the specification both fails to define and uses 
inconsistently. For example, it is indefinite on what sort 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 

receiving and opening secure 

containers. 


PAGE 46 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




those threats that separate(s) "secure" from "not secure." 
- "hardware or software used for receiving and opening 
secure containers," is indefinite, e.g., on the structure of 
this "hardware or software," and on whether the same 
hardware or software performs both "receiving" and 
"opening." The specification does not disclose adequate 
corresponding structure. 

said secure containers each 
including the capacity to 
contain a governed item, 

- see above 

- if "said secure containers" is not at least limited to all 
"secure containers" which the "hardware or software 
used for receiving and opening secure containers" is able 
to "receive and open" (regardless of whether it has done 
so), the phrase "said secure containers" would be 
indefinite. 

- "contain" is indefinite and used inconsistently in at 
least the allegedly incorporated specification. For 
example, it is indefinite on whether it encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "contain." 

"a governed item," is indefinite, e.g., on what 
distinguishes "a governed item" from two separate 
governed items. 

- "including the capacity to contain a governed item" is 
indefinite. 

a secure container rule being 
associated with each of said 
secure containers: 

- see above 

- if "associated with ... secure containers" is not at least 
limited to use of the disclosed "component assembly," 
"secure container," "protected processing environment," 
"object registration," and other mechanisms of the 
purported "VDE" "invention" for allegedly individually 
ensuring the "access control" "handcuffs" between 



PAGE 47 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




specific "controls," specific "objects" (and their content 
at an arbitrary granular level), and specific "users," the 
phrase "associated with . . . secure containers" would be 
indefinite. 

if "said secure containers" is not at least limited to all 
"secure containers" which the "hardware or software 
used for receiving and opening secure containers" is able 
to "receive and open" (regardless of whether it has done 
so), the phrase "said secure containers" is indefinite. 

a protected processing 
environment at least in part 
protecting information 
contained in said protected 
processing environment from 
tampering by a user of said 
apparatus, 

- "protected" is indefinite. It is an amorphous term 
that the specification both fails to define and uses 
inconsistently. For example, it is indefinite on what sort 
of threat(s) is (are) being addressed (e.g., confidentiality? 
integrity? authentication? non-repudiation? availability?) 
and on the nature and the level(s) of protection from 
those threats that separate(s) "protected" from "not 
protected." 

- if "protected processing environment" is not at least 
limited to excluding the processor and "memory" recited 
earlier in the claim, and is not at least limited to 
executing software and/or hardware (if any) expressly 
disclosed in the specification and identified as a 
"protected processing environment," the term "protected 
processing environment" would be indefinite. 

- if "protecting" is not at least limited to preventing 
unauthorized "user" processing of a particular item on a 
per item basis by use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 
"handcuffs" between specific "controls," specific 


PAGE 48 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



"objects" (and their content at an arbitrary granular 
level), and specific "users," the term "protecting" would 
be indefinite. 

- "at least in part" is indefinite, and, under some 
possible meanings, inconsistent with "protecting." 

- "information contained in said protected processing 
environment" is indefinite, e.g., on what aspects of a 
"protected processing environment" can "contain" 
information, and on whether "contain" encompasses or 
excludes merely holding a reference, and, if it does 
encompass merely holding a reference, what type of 
reference suffices to constitute "contain." 

- "protecting from . . . tampering" is indefinite, e.g., on 
the specific threat(s) being addressed and on the level(s) 
and nature of protection from those threats. 

- "a user of said apparatus" is indefinite, e.g., on 
whether "a user" means "any user" or a particular "user," 
and on whether "said apparatus" is the first or second 
apparatus. 

said protected processing 
environment including 
hardware or software used for 

see above 

- "said second rule and a secure container rule" is 
indefinite, e.g., on what distinguishes a single "rule" 
from two separate "rules." 

- "hardware or software used for applying ... in a 
secure container," is indefinite, e.g., on the structure of 
this "hardware or software." The specification does not 
disclose adequate corresponding structure. 

- "applying ... in combination" is indefinite, e.g., on 
the manner in which the rules are merged and applied. 

- "at least in part" is indefinite, and, under some 
possible meanings, inconsistent with "govern." 

- if "govern" is not at least limited to preventing 

applying said second rule and a 

secure container rule in 
combination to at least in part 
govern at least one aspect of 
access to or use of a governed 
item; and 


PAGE 49 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




unauthorized "user" processing of a particular item on a 
per item basis by use of the disclosed "component 
assembly," "secure container," "protected processing 
environment," "object registration," and other 
mechanisms of the purported "VDE" "invention" for 
allegedly individually ensuring the "access control" 
"handcuffs" between specific "controls," specific 
"objects" (and their content at an arbitrary granular 
level), and specific "users," the term "govern" would be 
indefinite. 

- "access" is indefinite, e.g., on whether it 
encompasses or excludes determining the information 
content of what is "accessed" (e.g., decrypting any 
encrypted information). 

- "use" is indefinite and is used inconsistently in the 
allegedly incorporated specification, e.g., on whether or 
not it encompasses or excludes "distribution," 
"extraction," "manipulating," and/or "copying." 

- "an aspect of access to or use of is indefinite. 

- "a governed item" is indefinite and has no or an 
indefinite antecedent. 

hardware or software used for 

- see above 

- "hardware or software used for transmission ... or for 
the receipt ... from other apparatuses" is indefinite, e.g., 
on the structure of this "hardware or software," and on its 
relationship, if any, with the previously recited 
"hardware or software used for receiving and opening 
secure containers," and on its relationship, if any, with 
any other element recited in the claim. The specification 
does not disclose adequate corresponding structure. 

transmission of secure 
containers to other 
apparatuses or for the receipt 
of secure containers from other 

apparatuses: and 

an electronic intermediary, said 
intermediary including a user 

- see above 

- "electronic intermediary" is indefinite, e.g., as to the 


PAGE 50 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


rights authority clearinghouse . 


nature of its structure and function, and its relationship, if 
any, to either the first apparatus or the second apparatus, 
or to any other element of the claim, and on whether it 
encompasses or excludes a "virtual intermediary" or 
"virtual go-between." The specification does not 
disclose adequate corresponding structure. 

- "rights" is indefinite. 

- "user rights authority clearinghouse" is indefinite, 
e.g., as to the nature of its structure and function, and its 
relationship, if any, to either the first apparatus or the 
second apparatus, or to any other element of the claim. 
The specification does not disclose adequate 
corresponding structure. 


29. A system as in claim 28, said user rights authority clearinghouse operatively connected to 
make rights available to users. 


Following are some examples of the additional ways in which this dependent claim and 
these claim terms and phrases are indefinite on the face of the patent and/or as apparently 
construed by InterTrust: 


A system as in claim 28, said user 

- see above 

rights authority clearinghouse 

- "operatively connected" is indefinite, e.g., as to what 

operatively connected to make 

it is connected. 

rights available to users. 

- "to make rights available to users" is indefinite, e.g., 


on which "users" it addresses and what it means for 


"rights" to be "available" to those "users." 


Enablement and Written Description 

Invalidity of the Asserted InterTrust Patent Claims 


Each of the asserted InterTrust patent claims is invalid for violating the written description 
and enablement requirements of 35 U.S.C. § 1 12, U 1, particularly as the claims are construed in 
the untenable manner apparently underlying InterTrust's infringement accusations in this action. 

PAGE 51 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


One way in which the claims of the ' 193 patent and the 6 683 patent (including but not 
limited to the extent the allegedly incorporated applications are considered) are not enabled is that 
the applications from which they issued are so rambling, unfocused, vague and internally 
inconsistent that they obfuscated any alleged teaching of the claimed subject matter and failed to 
enable one of skill in the art, without undue experimentation, to follow any alleged directions of 
the application to carry out the claimed subject matter. 

The claims are invalid for violating the written description requirement to the extent that 
they are construed so as to contradict and/or not require the essential, non-optional alleged 
attributes of the alleged "invention" that were identified in the application (as originally filed, 
disregarding all new matter) from which the claims issued. Those disclosed "invention" defining 
statements include descriptions of the "present invention" and/or "VDE" or "virtual distribution 
environment," statements distinguishing prior techniques or products, such statements in the 
Summary of the Invention or Objects of the Invention sections of the application, and non- 
optional attributes shared by the disclosed embodiments and/or initial application claims. They 
include, but are not limited to, such alleged attributes reflected in the below-listed exemplary 
statements in the applications filed on December 9, 1998 (the '193 Patent), December 28, 1998 
(the '683 Patent), and/or similar statements in the patents' Patent Office prosecution histories 
and/or any properly incorporated patent(s) or patent application(s), if any. 

The claims are further invalid under the enablement requirement as the applications did 
not enable those of skill in the art to build systems having these touted attributes, at least not 
without an unreasonable amount of experimentation. 

• "The present invention provides a new kind of "virtual distribution environment" (called 
"VDE" in this document) that secures, administers, and audits electronic information use. VDE 
also features fundamentally important capabilities for managing content that travels "across" the 
"information highway." These capabilities comprise a rights protection solution that serves all 
electronic community members. These members include content creators and distributors, 
financial service providers, end-users, and others. VDE is the first general purpose, configurable, 
transaction control/rights protection solution for users of computers, other electronic appliances, 
networks, and the information highway." 

• "The inability of conventional products to be shaped to the needs of electronic information 
providers and users is sharply in contrast to the present invention. Despite the attention devoted 


PAGE 52 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


by a cross-section of America's largest telecommunications, computer, entertainment and 
information provider companies to some of the problems addressed by the present invention, only 
the present invention provides commercially secure, effective solutions for configurable, general 
purpose electronic commerce transaction/distribution control systems." 

• "VDE may be used to provide basic usage control in several ways. First, it permits the 
"embedding" of multiple containers within a single object. Embedded objects permit the 
"nesting" of control structures within a container. VDE also extends usage control information to 
an arbitrary granular level (as opposed to a file based level provided by traditional operating 
systems) and provides flexible control information over any action associated with the 
information which can be described as a VDE controlled process." 

• "Providers of "electronic currency" have also created protections for their type of content. 
These systems are not sufficiently adaptable, efficient, nor flexible enough to support the 
generalized use of electronic currency. Furthermore, they do not provide sophisticated auditing 
and control configuration capabilities. This means that current electronic currency tools lack the 
sophistication needed for many real- world financial business models. VDE provides means for 
anonymous currency and for "conditionally" anonymous currency, wherein currency related 
activities remain anonymous except under special circumstances." 

• "Traditional content control mechanisms often require users to purchase more electronic 
information than the user needs or desires. For example, infrequent users of shrink-wrapped 
software are required to purchase a program at the same price as frequent users, even though they 
may receive much less value from their less frequent use. Traditional systems do not scale cost 
according to the extent or character of usage and traditional systems can not attract potential 
customers who find that a fixed price is too high. Systems using traditional mechanisms are also 
not normally particularly secure. For example, shrink-wrapping does not prevent the constant 
illegal pirating of software once removed from either its physical or electronic package." 

• "Traditional electronic information rights protection systems are often inflexible and 
inefficient and may cause a content provider to choose costly distribution channels that increase a 
product's price. In general these mechanisms restrict product pricing, configuration, and 
marketing flexibility. These compromises are the result of techniques for controlling information 
which cannot accommodate both different content models and content models which reflect the 
many, varied requirements, such as content delivery strategies, of the model participants. This can 


PAGE 53 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253 , 1 93 & 6, 1 85,683 PURSUANT TO PLR 3-3 , 3-4 


limit a provider's ability to deliver sufficient overall value to justify a given products cost in the 
eyes of many potential users. VDE allows content providers and distributors to create applications 
and distribution networks that reflect content providers 1 and users' preferred business models. It 
offers users a uniquely cost effective and feature rich system that supports the ways providers 
want to distribute information and the ways users want to use such information." 

• "VDE provides important enhancements for improving data security in organizations by 
providing "smart" transaction management features that can be far more effective than key and 
password based "go/no go" technology." 

• "A variety of capabilities are required to implement an electronic commerce environment. 
VDE is the first system that provides many of these capabilities and therefore solves fundamental 
problems related to electronic dissemination of information." 

• "The scalable transaction management/auditing technology of the present invention will result 
in more efficient and reliable interoperability amongst devices functioning in electronic 
commerce and/or data security environments." 

• "Templates, classes (including user groups employing an object under group access), and 
flexible control structures including object "independent" permissions records (permissions that 
can be associated with a plurality of objects) and structures that support budgeting and auditing as 
separate VDE processes, help focus the flexible and configurable capabilities inherent within 
authoring provided by the present invention in the context of specific industries and/or businesses 
and/or applications. ... The VDE templates, classes, and control structures are inherently flexible 
and configurable to reflect the breadth of information distribution and secure storage 
requirements, ... the present invention truly achieves a content control and auditing architecture 
that can be configured to most any commercial distribution embodiment." 

• "The design of the VDE foundation, VDE load modules, and VDE containers, are important 
features that enable the VDE node operating environment to be compatible with a very broad 
range of electronic appliances." 

• "Each logical object structure 800 may also include a "private body" 806 containing or 
referencing a set of methods 1000 (i.e., programs or procedures) that control use and distribution 
of the object 300. The ability to optionally incorporate different methods 1000 with each object is 
important to making VDE 100 highly configurable." 


PAGE 54 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


• "A significant facet of the present invention's ability to broadly support electronic commerce 
is its ability to securely manage independently delivered VDE component objects containing 
control information (normally in the form of VDE objects containing one or more methods, data, 
or load module VDE components). This independently delivered control information can be 
integrated with senior and other pre-existing content control information to securely form derived 
control information using the negotiation mechanisms of the present invention. All requirements 
specified by this derived control information must be satisfied before VDE controlled content can 
be accessed or otherwise used. This means that, for example, all load modules and any mediating 
data which are listed by the derived control information as required must be available and 
securely perform their required function." 

• "A significant feature of VDE accommodates the many, varying distribution and other 
transaction variables by, in part, decomposing electronic commerce and data security functions 
into generalized capability modules executable within a secure hardware SPU and/or 
corresponding software subsystem and further allowing extensive flexibility in assembling, 
modifying, and/or replacing, such modules (e.g. load modules and/or methods) in applications run 
on a VDE installation foundation. This configurability and reconfigurability allows electronic 
commerce and data security participants to reflect their priorities and requirements through a 
process of iteratively shaping an evolving extended electronic agreement (electronic control 
model). This shaping can occur as content control information passes from one VDE participant 
to another and to the extent allowed by "in place" content control information. This process 
allows users of VDE to recast existing control information and/or add new control information as 
necessary (including the elimination of no longer required elements)." 

• "VDE's fundamental configurability will allow a broad range of competitive electronic 
commerce business models to flourish." 

• "Adding new content to objects is an important aspect of authoring provided by the present 
invention. Providers may wish to allow one or more users to add, hide, modify, remove and/or 
extend content that they provide. In this way, other users may add value to, alter for a new 
purpose, maintain, and/or otherwise change, existing content. The ability to add content to an 
empty and/or newly created object is important as well." 

• "Importantly, VDE securely and flexibly supports editing the content in, extracting content 
from, embedding content into, and otherwise shaping the content composition of, VDE content 

PAGE 55 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


containers. Such capabilities allow VDE supported product models to evolve by progressively 
reflecting the requirements of "next" participants in an electronic commercial model." 

• "Some of the key factors contributing to the configurability intrinsic to the present invention 
include: (a) integration into the fundamental control environment of a broad range of electronic 
appliances through portable API and programming language tools that efficiently support 
merging of control and auditing capabilities in nearly any electronic appliance environment while 
maintaining overall system security;" 

• "Taken together, and employed at times with VDE administrative objects and VDE security 
arrangements and processes, the present invention truly achieves a content control and auditing 
architecture that can be configured to most any commercial distribution embodiment." 

• "Some of the key factors contributing to the configurability intrinsic to the present invention 
include: (c) generic content model;" 

• "Some of the key factors contributing to the configurability intrinsic to the present invention 
include: (b) modular data structures;" 

• "Some of the key factors contributing to the configurability intrinsic to the present invention 
include: (d) general modularity and independence of foundation architectural components;" 

• "Some of the key factors contributing to the configurability intrinsic to the present invention 
include: (e) modular security structures;" 

• "Some of the key factors contributing to the configurability intrinsic to the present invention 
include: (f) variable length and multiple branching chains of control; and" 

• "Some of the key factors contributing to the configurability intrinsic to the present invention 
include: (g) independent, modular control structures in the form of executable load modules that 
can be maintained in one or more libraries, and assembled into control methods and models, and 
where such model control schemes can "evolve" as control information passes through the VDE 
installations of participants of a pathway of VDE content control information handling." 

• "An important feature of VDE is that it can be used to assure the administration of, and 
adequacy of security and rights protection for, electronic agreements implemented through the 
use of the present invention." 


PAGE 56 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, VDE includes features that: . . . "sufficiently" 
impede unauthorized and/or uncompensated use of electronic information and/or appliances 
through the use of secure communication, storage, and transaction management technologies 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . support low-cost, efficient, and effective 
security architectures for transaction control, auditing, reporting, and related communications and 
information storage . . . ." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, ... support dynamic user selection of 
information subsets of a VDE electronic information product (VDE controlled content). This 
contrasts with the constraints of having to use a few high level individual, pre-defined content 
provider information increments such as being required to select a whole information product or 
product section in order to acquire or otherwise use a portion of such product or section," 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, ... securely store at a user's site potentially 
highly detailed information reflective of a user's usage of a variety of different content segment 
types. . . support trusted chain of handling capabilities for pathways of distributed electronic 
information and/or for content usage related information." 

PAGE 57 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . support flexible auditing mechanisms, 
such as employing "bitmap meters, ..." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . support "launchable" content, that is 
content that can be provided by a content provider to an end-user, who can then copy or pass 
along the content to other end-user parties without requiring the direct participation of a content 
provider to register and/or otherwise initialize the content for use 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . securely support electronic currency and 
credit usage control, storage, and communication at, and between, VDE installations." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, ... provide smart object agents that can cany 
requests, data, and/or methods, including budgets, authorizations, credit or currency, and content. 

. . . Smart objects can, for example, be transmitted to a remote location to perform a specified 
database search on behalf of a user 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 

PAGE 58 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . "employ "templates" to ease the process 
of configuring capabilities of the present invention as they relate to specific industries or 
businesses. . . .Given the very large range of capabilities and configurations supported by the 
present invention, reducing the range of configuration opportunities to a manageable subset 
particularly appropriate for a given business model allows the full configurable power of the 
present invention to be easily employed by "typical" users who would be otherwise burdened 
with complex programming and/or configuration design responsibilities template applications can 
also help ensure that VDE related processes are secure and optimally bug free by reducing the 
risks associated with the contribution of independently developed load modules, including 
unpredictable aspects of code interaction between independent modules and applications, as well 
as security risks associated with possible presence of viruses in such modules. ... As the context 
surrounding these templates changes or evolves, template applications provided under the present 
invention may be modified to meet these changes for broad use, or for more focused activities. 
Of course, templates may, under certain circumstances have fixed control information and not 
provide for user selections or parameter data entry." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . provide mechanisms to persistently 
maintain trusted content usage and reporting control information through both a sufficiently 
secure chain of handling of content and content control information and through various forms of 
usage of such content wherein said persistence of control may survive such use. Persistence of 
control includes the ability to extract information from a VDE container object by creating a new 
container whose contents are at least in part secured and that contains both the extracted content 
and at least a portion of the control information which control information of the original 
container and/or are at least in part produced by control information of the original container for 
this purpose and/or VDE installation control information stipulates should persist and/or control 
usage of content in the newly formed container. Such control information can continue to manage 
usage of container content if the container is "embedded" into another VDE managed object, such 

PAGE 59- MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


as an object which contains plural embedded VDE containers, each of which contains content 
derived (extracted) from a different source." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . enables users ... to specify preferences or 
requirements related to their use of electronic content and/or appliances. Content users, such as 
end-user customers using commercially distributed content ... can define, if allowed by senior 
control information, budgets, and/or other control information, to manage their own internal use 
of content. Uses include, for example, a user setting a limit on the price for electronic documents 
that the user is willing to pay without prior express user authorization, and the user establishing 
the character of metering information he or she is willing to allow to be collected (privacy 
protection)." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, ... provide mechanisms that allow control 
information to "evolve" and be modified according, at least in part, to independently, securely 
delivered further control information. ... Handlers in a pathway of handling of content control 
information, to the extent each is authorized, can establish, modify, and/or contribute to, 
permission, auditing, payment, and reporting control information related to controlling, analyzing, 
paying for, and/or reporting usage of, electronic content and/or appliances (for example, as 
related to usage of VDE controlled property content)." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . support multiple simultaneous control 
models for the same content property and/or property portion. This allows, for example, for 


PAGE 60 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


concurrent business activities which are dependent on electronic commercial product content 
distribution, such as acquiring detailed market survey information and/or supporting advertising, 
both of which can increase revenue and result in lower content costs to users and greater value to 
content providers." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, . . . enable a user to securely extract, through 
the use of the secure subsystem at the user's VDE installation, at least a portion of the content 
included within a VDE content container to produce a new, secure object (content container), 
such that the extracted information is maintained in a continually secure manner through the 
extraction process." 

• "it is important to provide a framework of operation and/or structure to allow existing 
industries and/or applications and/or businesses to manipulate familiar concepts related to content 
types, distribution approaches, pricing mechanisms, user interactions with content and/or related 
administrative activities, budgets, and the like." 

• "The present invention allows content providers and users to formulate their transaction 
environment to accommodate: 

- (1) desired content models, content control models, and content usage information pathways, 

- (2) a complete range of electronic media and distribution means, 

- (3) a broad range of pricing, payment, and auditing strategies, 

- (4) very flexible privacy and/or reporting models, 

- (5) practical and effective security architectures, and 

- (6) other administrative procedures that together with steps (1) through (5) can enable most 
"real world" electronic commerce and data security models, including models unique to the 
electronic world." 

• "This ability of the present invention to support multiple pathway branches for the flow of 
both VDE content control information and VDE managed content enables an electronic 

PAGE 61 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


commerce marketplace which supports diverging, competitive business partnerships, agreements, 
and evolving overall business models which can employ the same content properties combined, 
for example, in differing collections of content representing differing at least in part competitive 
products." 

• "the present invention can help ensure, for example, that parties, will be paid for use of 
distributed information in a manner consistent with their agreement; ... the present invention can, 
for example, help ensure that data is used only in authorized ways; 

• "The VDE templates, classes, and control structures are inherently flexible and configurable 
to reflect the breadth of information distribution and secure storage requirements, to allow for 
efficient adaptation into new industries as they evolve, and to reflect the evolution and/or change 
of an existing industry and/or business, as well as to support one or more groups of users who 
may be associated with certain permissions and/or budgets and object types. The flexibility of 
VDE templates, classes, and basic control structures is enhanced through the use of VDE 
aggregate and control methods which have a compound, conditional process impact on object 
control. Taken together, and employed at times with VDE administrative objects and VDE 
security arrangements and processes, the present invention truly achieves a content control and 
auditing architecture that can be configured to most any commercial distribution embodiment. 
Thus, the present invention fully supports the requirements and biases of content providers 
without forcing them to fit a predefined application model. It allows them to define the rights, 
control information, and flow of their content (and the return of audit information) through 
distribution channels." 

• "a creator . . . may allow changes by an auditor for event trails, but not allow anyone but 
themselves to read those trails . ..." 

• "Since all secure communications are at least in part encrypted and the processing inside the 
secure subsystem is concealed from outside observation and interference, the present invention 
ensures that content control information can be enforced. As a result, the creator and/or 
distributor and/or client administrator and/or other contributor of secure control information for 
each property (for example, an end-user restricting the kind of audit information he or she will 
allow to be reported and/or a financial clearinghouse establishing certain criteria for use of its 
credit for payment for use of distributed content) can be confident that their contributed and 


PAGE 62 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


accepted control information will be enforced (within the security limitations of a given VDE 
security implementation design)." 

• "Since different groups of components can be put together for different applications, the 
present invention can provide electronic control information for a wide variety of different 
products and markets. This means the present invention can provide a "unified," efficient, secure, 
and cost-effective system for electronic commerce and data security. This allows VDE to serve as 
a single standard for electronic rights protection, data security, and electronic currency and 
banking." 

• "In a VDE, the separation between a rights application and its foundation permits the efficient 
selection of sets of control information that are appropriate for each of many different types of 
applications and uses." 

• "Due to its open design, VDE allows (normally under securely controlled circumstances) 
applications using technology independently created by users to be "added" to the system and 
used in conjunction with the foundation of the invention." 

• "In sum, the present invention allows information contained in electronic information 
products to be supplied according to user specification. Tailoring to user specification allows the 
present invention to provide the greatest value to users, which in turn will generate the greatest 
amount of electronic commerce activity." 

• "VDE permits multiple, separate electronic arrangements to be formed between subsets of 
parties in a VDE supported electronic value chain model. These multiple agreements together 
comprise a VDE value chain "extended" agreement. VDE allows such constituent electronic 
agreements, and therefore overall VDE extended agreements, to evolve and reshape over time as 
additional VDE participants become involved in VDE content and/or appliance control 
information handling. VDE electronic agreements may also be extended as new control 
information is submitted by existing participants. With VDE, electronic commerce participants 
are free to structure and restructure their electronic commerce business activities and 
relationships. As a result, the present invention allows a competitive electronic commerce 
marketplace to develop since the use of VDE enables different, widely varying business models 
using the same or shared content." 


PAGE 63 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


• "A feature of the present invention enables such flexibility of metering control mechanisms to 
accommodate a simultaneous, broad array of: (a) different parameters related to electronic 
information content use; (b) different increment units (bytes, documents, properties, paragraphs, 
images, etc.) and/or other organizations of such electronic content; and/or (c) different categories 
of user and/or VDE installation types, such as client organizations, departments, projects, 
networks, and/or individual users, etc. This feature of the present invention can be employed for 

• "A feature of the present invention provides for payment means supporting flexible electronic 
currency and credit mechanisms, including the ability to securely maintain audit trails reflecting 
information related to use of such currency or credit." 

• "Features of the present invention help ensure that a requirement that a clearinghouse report 
such usage information and payment content will be observed." 

• "A feature of the present invention is the use of portable VDEs as transaction cards at retail 
and other establishments, wherein such cards can "dock" with an establishment terminal that has a 
VDE secure sub-system and/or an online connection to a VDE secure and/or otherwise secure and 
compatible subsystem, such as a "trusted" financial clearinghouse (e.g., VISA, Mastercard)." 

• "A feature of VDE provided by the present invention is that certain one or more methods can 
be specified as required in order for a VDE installation and/or user to be able to use certain and/or 
all content. For example, a distributor of a certain type of content might be allowed by "senior" 
participants (by content creators, for example) to require a method which prohibits end-users 
from electronically saving decrypted content, a provider of credit for VDE transactions might 
require an audit method that records the time of an electronic purchase, and/or a user might 
require a method that summarizes usage information for reporting to a clearinghouse (e.g. billing 
information) in a way that does not convey confidential, personal information regarding detailed 
usage behavior. A further feature of VDE provided by the present invention is that creators, 
distributors, and users of content can select from among a set of predefined methods (if available) 
to control container content usage and distribution functions and/or they may have the right to 
provide new customized methods to control at least certain usage functions (such "new" methods 
may be required to be certified for trustedness and interoperability to the VDE installation and/or 
for of a group of VDE applications). As a result, VDE provides a very high degree of 


PAGE 64 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


• 


configurability with respect to how the distribution and other usage of each property or object (or 
one or more portions of objects or properties as desired and/or applicable) will be controlled/' 

• "the present invention's trusted/secure, universe wide, distributed transaction control and 
administration system." 

• "The configurability provided by the present invention is particularly critical for supporting 
electronic commerce, that is enabling businesses to create relationships and evolve strategies that 
offer competitive value. Electronic commerce tools that are not inherently configurable and 
interoperable will ultimately fail to produce products (and services) that meet both basic 
requirements and evolving needs of most commerce applications." 

• "Templates, classes (including user groups employing an object under group access), and 
flexible control structures including object "independent" permissions records (permissions that 
can be associated with a plurality of objects) and structures that support budgeting and auditing as 
separate VDE processes, help focus the flexible and configurable capabilities inherent within 
authoring provided by the present invention in the context of specific industries and/or businesses 
and/or applications. ... The VDE templates, classes, and control structures are inherently flexible 
and configurable to reflect the breadth of information distribution and secure storage 
requirements, ... the present invention truly achieves a content control and auditing architecture 
that can be configured to most any commercial distribution embodiment." 

• "As with the content control information for most VDE managed content, features of the 
present invention allows [sic] the content's control information to: (a) "evolve," for example, the 
extractor of content may add new control methods and/or modify control parameter data, such as 
VDE application compliant methods, to the extent allowed by the content's in-place control 
information. ...(b) allow a user to combine additional content with at least a portion of said 
extracted content, . . . (c) allow a user to securely edit at least a portion of said content while 
maintaining said content in a secure form within said VDE content container; . . . (d) append 
extracted content to a pre-existing VDE content container object and attach associated control 
information . . . (e) preserve VDE control over one or more portions of extracted content after 
various forms of usage of said portions ... Generally, the extraction features of the present 
invention allow users to aggregate and/or disseminate and/or otherwise use protected electronic 
content information extracted from content container sources while maintaining secure VDE 

PAGE 65 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


capabilities thus preserving the rights of providers in said content information after various 
content usage processes." 

• "For example, features of the present invention include: (a) VDE system software to in part 
extend and/or modify host operating systems such that they possesses VDE capabilities, such as 
enabling secure transaction processing and electronic information storage; (b) one or more 
application programs that in part represent tools associated with VDE operation; and/or (c) code 
to be integrated into application programs, wherein such code incorporates references into VDE 
system software to integrate VDE capabilities and makes such applications VDE aware . 

• "The distribution control information provided by the present invention allow flexible positive 
control. No provider is required to include any particular control, or use any particular strategy, 
except as required by senior control information. Rather, the present invention allows a provider 
to select from generic control components (which may be provided as a subset of components 
appropriate to a provider's specific market, for example, as included in and/or directly compatible 
with, a VDE application) to establish a structure appropriate for a given chain of 
handling/control." 

• "In part, security is enhanced by object methods employed by the present invention because 
the encryption schemes used to protect an object can efficiently be further used to protect the 
associated content control information (software control information and relevant data) from 
modification." 

• "Control methods are created primarily through the use of one or more of said executable, 
reusable load module code pieces (normally in the form of executable object components) and 
associated data. The component nature of control methods allows the present invention to 
efficiently operate as a highly configurable content control system. Under the present invention, 
content control models can be iteratively and asynchronously shaped, and otherwise updated to 
accommodate the needs of VDE participants to the extent that such shaping and otherwise 
updating conforms to constraints applied by a VDE application, if any (e.g., whether new 
component assemblies are accepted and, if so, what certification requirements exist for such 
component assemblies or whether any or certain participants may shape any or certain control 
information by selection amongst optional control information (permissions record) control 
methods. This iterative (or concurrent) multiple participant process occurs as a result of the 


PAGE 66 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


submission and use of secure, control information components (executable code such as load 
modules and/or methods, and/or associated data)." 

• "The special purpose secure circuitry provided by the present invention includes at least one 
of: a dedicated semiconductor arrangement known as a Secure Processing Unit (SPU) and/or a 
standard microprocessor, microcontroller, and/or other processing logic that accommodates the 
requirements of the present invention and functions as an SPU." 

• "VDE offers an architecture that avoids reflecting specific distribution biases, administrative 
and control perspectives, and content types. Instead, VDE provides a broad-spectrum, 
fundamentally configurable and portable, electronic transaction control, distributing, usage, 
auditing, reporting, and payment operating environment. VDE is not limited to being an 
application or application specific toolset that covers only a limited subset of electronic 
interaction activities and participants. Rather, VDE supports systems by which such applications 
can be created, modified, and/or reused. As a result, the present invention answers pressing, 
unsolved needs by offering a system that supports a standardized control environment which 
facilitates interoperability of electronic appliances, interoperability of content containers, and 
efficient creation of electronic commerce applications and models through the use of a 
programmable, secure electronic transactions management foundation and reusable and 
extensible executable components. VDE can support a single electronic "world" within which 
most forms of electronic transaction activities can be managed." 

• "A fundamental problem for electronic content providers is extending their ability to control 
the use of proprietary information. Content providers often need to limit use to authorized 
activities and amounts. Participants in a business model involving, for example, provision of 
movies and advertising on optical discs may include actors, directors, script and other writers, 
musicians, studios, publishers, distributors, retailers, advertisers, credit card services, and content 
end-users. These participants need the ability to embody their range of agreements and 
requirements, including use limitations, into an "extended" agreement comprising an overall 
electronic business model. This extended agreement is represented by electronic content control 
information that can automatically enforce agreed upon rights and obligations. Under VDE, such 
an extended agreement may comprise an electronic contract involving all business model 
participants. Such an agreement may alternatively, or in addition, be made up of electronic 
agreements between subsets of the business model participants. Through the use of VDE, 

PAGE 67 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


electronic commerce can function in the same way as traditional commerce-that is commercial 
relationships regarding products and services can be shaped through the negotiation of one or 
more agreements between a variety of parties." 

• "VDE allows the owners and distributors of electronic digital information to reliably bill for, 
and securely control, audit, and budget the use of, electronic information. It can reliably detect 
and monitor the use of commercial information products." 

• "VDE provides comprehensive and configurable transaction management, metering and 
monitoring technology." 

• "Protecting the rights of electronic community members involves a broad range of 
technologies. VDE combines these technologies in a way that creates a "distributed" electronic 
rights protection "environment." This environment secures and protects transactions and other 
processes important for rights protection. VDE, for example, provides the ability to prevent, or 
impede, interference with and/or observation of, important rights related transactions and 
processes." 

• "VDE is a cost-effective and efficient rights protection solution that provides a unified, 
consistent system for securing and managing transaction processing. VDE can: (a) audit and 
analyze the use of content, (b) ensure that content is used only in authorized ways, and (c) allow 
information regarding content usage to be used only in ways approved by content users." 

• "VDE provides a unified solution that allows all content creators, providers, and users to 
employ the same electronic rights protection solution. ... VDE can allow content to be exchanged 
"universally" and users of an implementation of the present invention can interact electronically 
without fear of incompatibilities in content control, violation of rights, or the need to get, install, 
or learn a new content control system." 

• "In addition, VDE: 

- (a) is very configurable, modifiable, and re-usable; 

- (b) supports a wide range of useful capabilities that may be combined in different ways to 
accommodate most potential applications; 

- (c) operates on a wide variety of electronic appliances ranging from hand-held inexpensive 
devices to large mainframe computers; 

PAGE 68 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



- (d) is able to ensure the various rights of a number of different parties, and a number of 
different rights protection schemes, simultaneously; 

- (e) is able to preserve the rights of parties through a series of transactions that may occur at 
different times and different locations; 

- (f) is able to flexibly accommodate different ways of securely delivering information and 
reporting usage; and 

- (g) provides for electronic analogues to "real" money and credit, including anonymous 
electronic cash, to pay for products and services and to support personal (including home) 
banking and other financial activities." 

• "Users of VDE will not require additional rights protection systems for different information 
highway products and rights problems-nor will they be required to install and learn a new system 
for each new information highway application. . . The content and control information supplied by 
one group can be used by people who normally use content and control information supplied by a 
different group. VDE can allow content to be exchanged "universally" and users of an 
implementation of the present invention can interact electronically without fear of 
incompatibilities in content control, violation of rights, or the need to get, install, or learn a new 
content control system." 

• "[VDE] can protect electronic rights including: (d) the privacy rights of users of content, ..." 

• "Secure VDE hardware (also known as SPUs for Secure Processing Units), or VDE 
installations that use software to substitute for, or complement, said hardware (provided by Host 
Processing Environments (HPEs)), operate in conjunction with secure communications, systems 
integration software, and distributed software control information and support structures, to 
achieve the electronic contract/rights protection environment of the present invention. Together, 
these VDE components comprise a secure, virtual, distributed content and/or appliance control, 
auditing (and other administration), reporting, and payment environment. In some embodiments 
and where commercially acceptable, certain VDE participants, such as clearinghouses that 
normally maintain sufficiently physically secure non-VDE processing environments, may be 
allowed to employ HPEs rather VDE hardware elements and interoperate, for example, with VDE 
end-users and content providers." 


PAGE 69 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


• "VDE provides generalized configurability. This results, in part, from decomposition of 
generalized requirements for supporting electronic commerce and data security into a broad range 
of constituent "atomic" and higher level components (such as load modules, data elements, and 
methods) that may be variously aggregated together to form control methods for electronic 
commerce applications, commercial electronic agreements, and data security arrangements." 

• "VDE provides a secure operating environment employing VDE foundation elements along 
with secure independently deliverable VDE components that enable electronic commerce models 
and relationships to develop." 

• "VDE specifically supports the unfolding of distribution models in which content providers, 
over time, can expressly agree to, or allow, subsequent content providers and/or users to 
participate in shaping the control information for, and consequences of, use of electronic content 
and/or appliances. A very broad range of the functional attributes important for supporting simple 
to very complex electronic commerce and data security activities are supported by capabilities of 
the present invention. As a result, VDE supports most types of electronic information and/or 
appliance: usage control (including distribution), security, usage auditing, reporting, other 
administration, and payment arrangements." 

• "VDE supports a general purpose foundation for secure transaction management, including 
usage control, auditing, reporting, and/or payment. This general purpose foundation is called 
"VDE Functions" ("VDEFs"). VDE also supports a collection of "atomic" application elements 
(e.g., load modules) that can be selectively aggregated together to form various VDEF 
capabilities called control methods and which serve as VDEF applications and operating system 
functions." 

• "VDE provides organization, community, and/or universe wide secure environments whose 
integrity is assured by processes securely controlled in VDE participant user installations 
(nodes)." 

• "the end-to-end nature of VDE applications, in which content 108 flows in one direction, 
generating reports and bills 1 1 8 in the other, makes it possible to perform "back-end" consistency 
checks." 

• "VDE can protect a collection of rights belonging to various parties having in rights in, or to, 
electronic information. This information may be at one location or dispersed across (and/or 

PAGE 70 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


moving between) multiple locations. The information may pass through a "chain" of distributors 
and a "chain" of users. Usage information may also be reported through one or more "chains" of 
parties. In general, VDE enables parties that (a) have rights in electronic information, and/or (b) 
act as direct or indirect agents for parties who have rights in electronic information, to ensure that 
the moving, accessing, modifying, or otherwise using of information can be securely controlled 
by rules regarding how, when, where, and by whom such activities can be performed." 

• "VDE is a secure system for regulating electronic conduct and commerce. Regulation is 
ensured by control information put in place by one or more parties. These parties may include 
content providers, electronic hardware manufacturers, financial service providers, or electronic 
"infrastructure" companies such as cable or telecommunications companies." 

• "A rights application under VDE is made up of special purpose pieces, each of which can 
correspond to one or more basic electronic processes needed for a rights protection environment. 
These processes can be combined together like building blocks to create electronic agreements 
that can protect the rights, and may enforce fulfillment of the obligations, of electronic 
information users and providers. One or more providers of electronic information can easily 
combine selected building blocks to create a rights application that is unique to a specific content 
distribution model. A group of these pieces can represent the capabilities needed to fulfill the 
agreement(s) between users and providers. These pieces accommodate many requirements of 
electronic commerce including: the distribution of permissions to use electronic information; the 
persistence of the control information and sets of control information managing these 
permissions; configurable control set information that can be selected by users for use with such 
information; data security and usage auditing of electronic information; and a secure system for 
currency, compensation and debit management." 

• "VDE allows electronic arrangements to be created involving two or more parties. These 
agreements can themselves comprise a collection of agreements between participants in a 
commercial value chain and/or a data security chain model for handling, auditing, reporting, and 
payment. It can provide efficient, reusable, modifiable, and consistent means for secure electronic 
content: distribution, usage control, usage payment, usage auditing, and usage reporting." 

• "The features of VDE allow it to function as the first trusted electronic information control 
environment that can conform to, and support, the bulk of conventional electronic commerce and 
data security requirements. In particular, VDE enables the participants in a business value chain 


PAGE 71 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


model to create an electronic version of traditional business agreement terms and conditions and 
further enables these participants to shape and evolve their electronic commerce models as they 
believe appropriate to their business requirements." 

• "VDE provides the widely varying secure control and administration capabilities required for: 
1 . Different types of electronic content, 

- 2. Differing electronic content delivery schemes, 

- 3. Differing electronic content usage schemes, 

- 4. Different content usage platforms, and 

- 5. Differing content marketing and model strategies." 

• "VDE controls auditing and reporting of electronic content and/or appliance usage." 

• "VDE also securely supports the payment of money owed (including money owed for content 
and/or appliance usage) by one or more parties to one or more other parties, in the form of 
electronic credit and/or currency." 

• "VDE can securely manage the integration of control information provided by two or more 
parties. As a result, VDE can construct an electronic agreement between VDE participants that 
represent a "negotiation" between, the control requirements of, two or more parties and enacts 
terms and conditions of a resulting agreement. VDE ensures the rights of each party to an 
electronic agreement regarding a wide range of electronic activities related to electronic 
information and/or appliance usage." 

• "VDE does not require electronic content providers and users to modify their business 
practices and personal preferences to conform to a metering and control application program that 
supports limited, largely fixed functionality. Furthermore, VDE permits participants to develop 
business models not feasible with non- electronic commerce, for example, involving detailed 
reporting of content usage information, large numbers of distinct transactions at hitherto 
infeasibly low price points, "pass-along" control information that is enforced without involvement 
or advance knowledge of the participants, etc." 

• "VDE can support "real" commerce in an electronic form, that is the progressive creation of 
commercial relationships that form, over time, a network of interrelated agreements representing 
a value chain business model. This is achieved in part by enabling content control information to 


PAGE 72 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



develop through the interaction of (negotiation between) securely created and independently 
submitted sets of content and/or appliance control information. Different sets of content and/or 
appliance control information can be submitted by different parties in an electronic business value 
chain enabled by the present invention. These parties create control information sets through the 
use of their respective VDE installations. Independently, securely deliverable, component based 
control information allows efficient interaction among control information sets supplied by 
different parties." 

• "Employing VDE as a general purpose electronic transaction/distribution control system 
allows users to maintain a single transaction management control arrangement on each of their 
computers, networks, communication nodes, and/or other electronic appliances. Such a general 
purpose system can serve the needs of many electronic transaction management applications 
without requiring distinct, different installations for different purposes. As a result, users of VDE 
can avoid the confusion and expense and other inefficiencies of different, limited purpose 
transaction control applications for each different content and/or business model. For example, 
VDE allows content creators to use the same VDE foundation control arrangement for both 
content authoring and for licensing content from other content creators for inclusion into their 
products or for other use. Clearinghouses, distributors, content creators, and other VDE users can 
all interact, both with the applications running on their VDE installations, and with each other, in 
an entirely consistent manner, using and reusing (largely transparently) the same distributed tools, 
mechanisms, and consistent user interfaces, regardless of the type of VDE activity." 

• "VDE prevents many forms of unauthorized use of electronic information, by controlling and 
auditing (and other administration of use) electronically stored and/or disseminated information." 

• "VDE can further be used to enable commercially provided electronic content to be made 
available to users in user defined portions, rather than constraining the user to use portions of 
content that were "predetermined" by a content creator and/or other provider for billing 
purposes." 

• "VDE supports a "universe wide" environment for electronic content delivery, broad 
dissemination, usage reporting, and usage related payment activities." 

• "VDE provides important mechanisms for both enforcing commercial agreements and 
enabling the protection of privacy rights. VDE can securely deliver information from one party to 
another concerning the use of commercially distributed electronic content. Even if parties are 

PAGE 73 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


separated by several "steps" in a chain (pathway) of handling for such content usage information, 
such information is protected by VDE through encryption and/or other secure processing. 
Because of that protection, the accuracy of such information is guaranteed by VDE, and the 
information can be trusted by all parties to whom it is delivered." 

• "VDE's security and metering secure subsystem core will be present at all physical locations 
where VDE related content is (a) assigned usage related control information (rules and mediating 
data), and/or (b) used. This core can perform security and auditing functions (including metering) 
that operate within a "virtual black box, " a collection of distributed, very secure VDE related 
hardware instances that are interconnected by secured information exchange (for example, 
telecommunication) processes and distributed database means." 

• "VDE supports multiple differing hierarchies of client organization control information 
wherein an organization client administrator distributes control information specifying the usage 
rights of departments, users, and/or projects." 

• "Since VDE capabilities can be seamlessly integrated as extensions, additions, and/or 
modifications to fundamental capabilities of electronic appliances and host operating systems, 
VDE containers, content control information, and the VDE foundation will be able to work with 
many device types and these device types will be able to consistently and efficiently interpret and 
enforce VDE control information." 

• "Summary of Some Important Features Provided by VDE in Accordance With the Present 
Invention: VDE employs a variety of capabilities that serve as a foundation for a general purpose, 
sufficiently secure distributed electronic commerce solution. VDE enables an electronic 
commerce marketplace that supports divergent, competitive business partnerships, agreements, 
and evolving overall business models. For example, ... support, complete, modular separation of 
the control structures related to (1) content event triggering, (2) auditing, (3) budgeting (including 
specifying no right of use or unlimited right of use), (4) billing, and (5) user identity (VDE 
installation, client name, department, network, and/or user, etc.). ... Without such separation 
between these basic VDE capabilities, it would be more difficult to efficiently maintain separate 
metering, budgeting, identification, and/or billing activities which involve the same, differing 
(including overlapping), or entirely different, portions of content for metering, billing, budgeting, 
and user identification, for example, paying fees associated with usage of content, performing 
home banking, managing advertising services, etc. ... VDE modular separation of these basic 


PAGE 74 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


capabilities supports the programming of plural, "arbitrary" relationships between one or differing 
content portions (and/or portion units) and budgeting, auditing, and/or billing control 
information." 

• "A feature of VDE provided by the present invention is that certain one or more methods can 
be specified as required in order for a VDE installation and/or user to be able to use certain and/or 
all content." 

• "A further feature of VDE provided by the present invention is that creators, distributors, and 
users of content can select from among a set of predefined methods (if available) to control 
container content usage and distribution functions and/or they may have the right to provide new 
customized methods to control at least certain usage functions (such "new" methods may be 
required to be certified for trustedness and interoperability to the VDE installation and/or for of a 
group of VDE applications)." 

• "Each VDE participant in a VDE pathway of content control information may set methods for 
some or all of the content in a VDE container, so long as such control information does not 
conflict with senior control information already in place 

• "VDE supports commercially secure "extended" value chain electronic agreements. VDE can 
be configured to support the various underlying agreements between parties that comprise this 
extended agreement." 

• "VDE agreements support evolving ("living") electronic agreement arrangements that can be 
modified by current and/or new participants through very simple to sophisticated "negotiations" 
between newly proposed content control information interacting with control information already 
in place 

• "All participants of VDE 100 have the innate ability to participate in any role." 

• "any end-user may redistribute information received to other end-users." 

• "Any VDE user 1 12 may assign the right to process information or perform services on their 
behalf to the extend allowed by senior control information." 

• "As mentioned above, ROS 602 provides several layers of security to ensure the security of 
component assemblies 690. One important security layer involves ensuring that certain 


PAGE 75 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


component assemblies 690 are formed, loaded and executed only in secure execution space such 
as provided within an SPU 500." 

• "An important part of VDE provided by the present invention is the core secure transaction 
control arrangement, herein called an SPU (or SPUs), that typically must be present in each user's 
computer, other electronic appliance, or network." 

• "Moreover, when any new VDE object 300 arrives at an electronic appliance 600, the 
electronic appliance must "register" the object within object registry 450 so that it can be 
accessed." 

• "The present inventions also provide for the use of a trusted third party electronic go-between 
or intermediary in various forms, including the "virtual presence" of such go-between through the 
rules and controls it contributes for distributed governance of transactions described in the present 
invention, and further through the use of a distributed, go-between system operating in on-line 
and/or off-line modes at various user and/or go-between sites. Such a trusted third-party go- 
between can provide enhanced and automated functionality, features and other advantages such 
as, for example .... These and other features and advantages provided by the present invention 

• "The Virtual Distribution Environment provides comprehensive overall systems, and wide 
arrays of methods, techniques, structures and arrangements, that enable secure, efficient 
electronic commerce and rights management on the Internet and other information superhighways 
and on internal corporate networks such as "Intranets". The present inventions use (and in some 
cases, build upon and enhances) this fundamental Virtual Distribution Environment technology to 
provide still additional flexibility, capabilities, features and advantages. The present invention, in 
its preferred embodiment, is intended to be used in combination a broad array of the features 
described in Ginter, et al, including any combination of the following: 

• "parties using the Virtual Distribution Environment can participate in commerce and other 
transactions in accordance with a persistent set of rules they electronically define." 

• "The present inventions preferred embodiment make use of a digital Virtual Distribution 
Environment (VDE) as a major portion of its operating foundation, providing unique, powerful 
capabilities instrumental to the development of secure, distributed transaction-based electronic 
commerce and digital content handling, distribution, processing, and usage management." 

PAGE 76 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 



• "The Virtual Distribution Environment provides comprehensive overall systems, and wide 
arrays of methods, techniques, structures and arrangements, that enable secure, efficient 
electronic commerce and rights management on the Internet and other information superhighways 
and on internal corporate networks such as "Intranets". The present inventions use (and in some 
cases, build upon and enhances) this fundamental Virtual Distribution Environment technology to 
provide still additional flexibility, capabilities, features and advantages. The present invention, in 
its preferred embodiment, is intended to be used in combination a broad array of the features 
described in Ginter, et al, including any combination of the following: ..." 

• "The Present Invention Solve These and Other Problems 

As discussed above, a wide variety of techniques are currently being used to provide secure, 
trusted confidential delivery of documents and other items. Unfortunately, none of these 
previously existing mechanisms provide truly trusted, virtually instantaneous delivery on a cost- 
effective, convenient basis and none provide rights management and auditing through persistent, 
secure, digital information protection. 

In contrast, the present inventions provide the trustedness, confidentiality and security of a 
personal trusted courier on a virtually instantaneous and highly cost-effective basis. They provide 
techniques, systems and methods that can being to any form of electronic communications 
(including, but not limited to Internet and internal company electronic mail) an extremely high 
degree of trustedness, confidence and security approaching or exceeding that provided by a 
trusted personal courier. They also provide a wide variety of benefits that flow from rights 
management and secure chain of handling and control." 

• "The present inventions make use of these persistent electronic rules to provide secure, 
automated, cost-effective electronic control for electronic document and other digital item 
handling and/or delivery, and for the electronic formation and negotiation of legal contracts and 
other documents." 

• "By way of non-exhaustive summary, these present inventions provide a highly secure and 
trusted item delivery and agreement execution services providing the following features and 
functions: 

Trustedness and security approaching or exceeding that of a personal trusted courier. 
Optional delayed delivery ("store and forward"). 
Broadcasting to multiple parties. . . . 


PAGE 77 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


Trusted validation of item contents and delivery. 

Value Added Delivery and other features selectable by the sender and/or recipient. 

Provides electronic transmission trusted auditing and validating. 

Allows people to communicate quickly, securely, and confidentially. 

Communications can later be proved through reliable evidence of the communications 
transaction-providing non-repudiatable, certain, admissible proof that a particular 
communications transaction occurred. 

Provides non-repudiation of use and may record specific forms of use such as viewing, 
editing, extracting, copying, redistributing (including to what one or more parties), and/or saving. 

Supports persistent rights and rules based document workflow management at recipient 

sites. 

System may operate on the Internet, on internal organization and/or corporate networks 
("intranets" irrespective of whether they use or offer Internet services internally), private data 
networks and/or using any other form of electronic communications. 

System may operate in non-networked and/or intermittently networked environments. 

Legal contract execution can be performed in real time, with or without face to face or ear- 
to-ear personal interactions (such as audiovisual teleconferencing, automated electronic 
negotiations, or any combination of such interactions) for any number of distributed individuals 
and/or organizations using any mixture of interactions. 

The items delivered and/or processed may be any "object" in digital format, including, but 
not limited to, objects containing or representing data types such as text, images, video, linear 
motion pictures in digital format, sound recordings and other audio information, computer 
software, smart agents, multimedia, and/or objects any combination of two or more data types 
contained within or representing a single compound object. 

Content (executables for example) delivered with proof of delivery and/or execution or other 

use. 

Secure electronic containers can be delivered. The containers can maintain control, audit, 
receipt and other information and protection securely and persistently in association with one or 
more items. 

Trustedness provides non-repudiation for legal and other transactions. 
Can handle and send any digital information (for example, analog or digital information 
representing text, graphics, movies, animation, images, video, digital linear motion pictures, 

PAGE 78 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


sound and sound recordings, still images, software computer programs or program fragments, 
executables, data, and including multiple, independent pieces of text; sound clips, software for 
interpreting and presenting other elements of content, and anything else that is electronically 
representable). 

Provides automatic electronic mechanisms that associate transactions automatically with 
other transactions. 

System can automatically insert or embed a variety of visible or invisible "signatures" such 
as images of handwritten signatures, seals, and electronic "fingerprints" indicating who has 
"touched" (used or other interacted with in any monitorable manner) the item. 

System can affix visible seals on printed items such as documents for use both in encoding 
receipt and other receipt and/or usage related information and for establishing a visible presence 
and impact regarding the authenticity, and ease of checking the authenticity, of the item. 

Seals can indicate who originated, sent, received, previously received and redistributed, 
electronically view, and/or printed and/or otherwise used the item. 

Seals can encode digital signatures and validation information providing time, location, send 
and/or other information and/or providing means for item authentication and integrity check. 

Scanning and decoding of item seals can provide authenticity/integrity check of entire 
item(s) or part of an item (e.g., based on number of words, format, layout, image-picture and/or 
test—composition, etc.). 

Seals can be used to automatically associate electronic control sets for use in further item 
handling. 

System can hide additional information within the item using "stenanography" for later 
retrieval and analysis. 

Steganography can be used to encode electronic fingerprints and/or other information into 
an item to prevent deletion. 

Multiple steganographic storage of the same fingerprint information may be employed 
reflecting "more" public and "less" public modes so that a less restricted steganographic mode 
(different encryption algorithm, keys, and/or embedding techniques) can be used to assist easy 
recognition by an authorized party and a more private (confidential) mode may be readable by 
only a few parties (or only one party) and comprise of the less restricted mode may not affect the 
security of the more private mode. 

PAGE 79 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR3-3, 3-4 


# 


Items such as documents can be electronically, optically scanned at the sender's end-and 
printed out in original, printed form at the recipient's end. 

Document handlers and processors can integrate document scanning and delivery. 

Can be directly integrated into enterprise and Internet (and similar network) wide document 
workflow systems and applications. 

Secure, tamper-resistant electronic appliance, which may employ VDE SPUs, used to handle 
items at both sender and recipient ends. 

"Original" item(s) can automatically be destroyed at the sender's end and reconstituted at the 
recipient's end to prevent two originals from existing simultaneously. 

Secure, non-repudiable authentication of the identification of a recipient before delivery 
using any number of different authentication techniques including but not limited to biometric 
techniques (such as palm print scan, signature scan, voice scan, retina scan, iris scan, biometric 
fingerprint and/or handprint scan, and/or face profile) and/or presentation of a secure identity 
"token." 

Non-repudiation provided through secure authentication used to condition events (e.g., a 
signature is affixed onto a document only if the system securely authenticates the sender and her 
intention to agree to its contents). 

Variety of return receipt options including but not limited to a receipt indicating who opened 
a document, when, where, and the disposition of the document (stored, redistributed, copied, etc.). 
These receipts can later be used in legal proceedings and/or other contexts to prove item delivery, 
receipt and/or knowledge. 

Audit, receipt, and other information can be delivered independently from item delivery, and 
become securely associated with an item within a protected processing environment. 

Secure electronic controls can specify how an item is to be processed or otherwise handled 
(e.g., document can't be modified, can be distributed only to specified persons, collections of 
persons, organizations, can be edited only by certain persons and/or in certain manners, can only 
be viewed and will be "destroyed" after a certain elapse of time or real time or after a certain 
number of handlings, etc.) 

Persistent secure electronic controls can continue to supervise item workflow even after it 
has been received and "read." 

Use of secure electronic containers to transport items provides an unprecedented degree of 
security, trustedness and flexibility. 

PAGE 80 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


Secure controls can be used in conjunction with digital electronic certificates certifying as to 
identity, class (age, organization membership, jurisdiction, etc.) of the sender and/or receiver 
and/or user of communicated information. 

Efficiently handles payment and electronic addressing arrangements through use of support 
and administrative services such as a Distributed Commerce Utility as more fully described in the 
copending Shear, et al. application. 

Compatible with use of smart cards, including, for example, VDE enabled smart cards, for 
secure personal identification and/or for payment. 

Transactions may be one or more component transactions of any distributed chain of 
handling and control process including Electronic Data Interchange (EDI) system, electronic 
trading system, document workflow sequence, and banking and other financial communication 
sequences, etc." 

"All of these various coordination steps can be performed nearly simultaneously, efficiently, 
rapidly and with an extremely high degree of trustedness based on the user of electronic 
containers 302 and the secure communications, authentication, notarization and archiving 
techniques provided in accordance with the present inventions." The asserted claims also are 
invalid for violating the enablement and written description requirements to the extent that they 
are construed to recite subject matter that was not enabled by the application from which they 
issued, and/or not disclosed (e.g., the claims recite an element that was not disclosed in the 
written description, recite an element more broadly than was disclosed by the written description, 
recite subject matter for which there were no "blaze marks" in the written description pointing to 
such subject matter, combine elements from different embodiments that were not so combined in 
the written description, etc.) in that application. For example, at least the following bold-faced 
claim language was not so enabled and/or disclosed, at least not as the claims apparently are 
being "construed" by InterTrust to attempt to support its untenable infringement allegations: 
'193 

1 ) A method comprising: 

a) receiving a digital file including music; 

b) storing said digital file in a first secure memory of a first device; 

c) storing information associated with said digital file in a secure database stored on said 
first device, said information including at least one budget control and at least one copy 
control, said at least one budget control including a budget specifying the number of copies 

PAGE 81 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


which can be made of said digital file; and said at least one copy control controlling the 
copies made of said digital file; 

d) determining whether said digital file may be copied and stored on a second device based 
on at least said copy control; 

e) if said copy control allows at least a portion of said digital file to be copied and stored on 
a second device, 

f) copying at least a portion of said digital file; 

g) transferring at least a portion of said digital file to a second device including a memory and an 
audio and/or video output; 

h) storing said digital file in said memory of said second device; and 

i) including playing said music through said audio output. 

2) A method as in claim 1 , further comprising: 

a) at a time substantially contemporaneous with said transferring step, recording in said first 
device information indicating that said transfer has occurred. 

3) A method as in claim 2, in which: 

a) said information indicating that said transfer has occurred includes an encumbrance on 
said budget. 

4) A method as in claim 3, in which: 

a) said encumbrance operates to reduce the number of copies of said digital file authorized 
by said budget. 

1 1) A method comprising: 

a) receiving a digital file; 

b) storing said digital file in a first secure memory of a first device; 

c) storing information associated with said digital file in a secure database stored on said 
first device, said information including a first control; 

d) determining whether said digital file may be copied and stored on a second device based 
on said first control, said determining step including identifying said second device and 
determining whether said first control allows transfer of said copied file to said second 

PAGE 82 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


device, said determination based at least in part on the features present at the device to 
which said copied file is to be transferred; 

e) if said first control allows at least a portion of said digital file to be copied and stored on a 
second device, 

f) copying at least a portion of said digital file; 

g) transferring at least a portion of said digital file to a second device including a memory and an 
audio and/or video output; 

h) storing said digital file in said memory of said second device; and 

i) rendering said digital file through said output. 

15) A method comprising: 

a) receiving a digital file; 

b) an authentication step comprising: 

c) accessing at least one identifier associated with a first device or with a user of said first device; 
and 

d) determining whether said identifier is associated with a device and/or user authorized to 
store said digital file; 

e) storing said digital file in a first secure memory of said first device, but only if said device 
and/or user is so authorized, but not proceeding with said storing if said device and/or user 
is not authorized; 

f) storing information associated with said digital file in a secure database stored on said 
first device, said information including at least one control; 

g) determining whether said digital file may be copied and stored on a second device based 
on said at least one control; 

h) if said at least one control allows at least a portion of said digital file to be copied and 
stored on a second device, 

i) copying at least a portion of said digital file; 

j) transferring at least a portion of said digital file to a second device including a memory and an 
audio and/or video output; 

k) storing said digital file in said memory of said second device; and 
1) rendering said digital file through said output. 

PAGE 83 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


19) A method comprising: 

a) receiving a digital file at a first device; 

b) establishing communication between said first device and a clearinghouse located at a 
location remote from said first device; 

c) said first device obtaining authorization information including a key from said 
clearinghouse; 

d) said first device using said authorization information to gain access to or make at least 
one use of said first digital file, including using said key to decrypt at least a portion of said 
first digital file; and 

e) receiving a first control from said clearinghouse at said first device; 

f) storing said first digital file in a memory of said first device; 

g) using said first control to determine whether said first digital file may be copied and 
stored on a second device; 

h) if said first control allows at least a portion of said first digital file to be copied and stored 
on a second device, 

i) copying at least a portion of said first digital file; 

j) transferring at least a portion of said first digital file to a second device including a memory and 
an audio and/or video output; 

k) storing said first digital file portion in said memory of said second device; and 
1) rendering said first digital file portion through said output. 

'683 

2. A system including: 

a first apparatus including, 

user controls, 

a communications port, 

a processor, 

a memory storing: 

a first secure container containing a governed item, the first secure container governed item 
being at least in part encrypted; the first secure container having been received from a 
second apparatus; 

PAGE 84 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


a first secure container rule at least in part governing an aspect of access to or use of said 
first secure container governed item, the first secure container rule, the first secure 
container rule having been received from a third apparatus different from said second 
apparatus; and 

hardware or software used for receiving and opening secure containers, said secure 
containers each including the capacity to contain a governed item, a secure container rule 
being associated with each of said secure containers; 

a protected processing environment at least in part protecting information contained in said 
protected processing environment from tampering by a user of said first apparatus, said 
protected processing environment including hardware or software used for applying said 
first secure container rule and a second secure container rule in combination to at least in 
part govern at least one aspect of access to or use of a governed item contained in a secure 
container; and 

hardware or software used for transmission of secure containers to other apparatuses or for 
the receipt of secure containers from other apparatuses. 

28. A system including; 
a first apparatus including; 
user controls, 
a communications port, 
a processor, 

a memory containing a first rule, 

hardware or software used for receiving and opening secure containers, said secure 
containers each including the capacity to contain a governed item, a secure container rule 
being associated with each of said secure containers; 

a protected processing environment at least in part protecting information contained in said 
protected processing environment from tampering by a user of said first apparatus, said 
protected processing environment including hardware or software used for applying said 
first rule and a secure container rule in combination to at least in part govern at least one 
aspect of access to or use of a governed item; and 

hardware or software used for transmission of secure containers to other apparatuses or for 
the receipt of secure containers from other apparatuses; and 

PAGE 85 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 




a second apparatus including: 
user controls, 
a communications port, 
a processor, 

a memory containing a second rule, 

hardware or software used for receiving and opening secure containers, said secure 
containers each including the capacity to contain a governed item, a secure container rule 
being associated with each of said secure containers; 

a protected processing environment at least in part protecting information contained in said 
protected processing environment from tampering by a user of said apparatus, said 
protected processing environment including hardware or software used for applying said 
second rule and a secure container rule in combination to at least in part govern at least one 
aspect of access to or use of a governed item; 

hardware or software used for transmission of secure containers to other apparatuses or for 

the receipt of secure containers from other apparatuses; and 

an electronic intermediary, said intermediary including a user rights authority 

clearinghouse. 

29. A system as in claim 28, said user rights authority clearinghouse operatively connected to 
make rights available to users. 

PLR 3-4 Production 

Each reference identified pursuant to PLR 3-3(a) but not in the prosecution history, and 
the documents referenced in PLR 3-4 that are sufficient to show the operation of the accused 
features of the products specifically identified in InterTrust's PLR 3-1 Statements of October 29 
and November 5, 2001, and "Addendum" dated March 12, 2002, has been or is being produced, 
or is otherwise available for inspection and copying. 


Dated: August 16, 2002 


By: 


WILLIAM L. ANTHONY, State Bar No. 106908 
ERIC L. WESENBERG, State Bar No. 139696 



PAGE 86 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


Of Counsel: 

T. Andrew Culbert, Esq. 
One Microsoft Way 
Building 8 

Redmond, WA 98052-6399 
Phone: 425-882-8080 


HEIDI L. KEEFE, State Bar No. 178960 
MARK R. WEINSTEIN, State Bar No. 193043 
ORRICK HERRINGTON & SUTCLIFFE, LLP 
1000 Marsh Road 
Menlo Park, CA 94025 
Telephone: (650) 614-7400 

STEVEN ALEXANDER 
KRISTIN L. CLEVELAND 
JAMES E. GERINGER 
JOHN D. VANDENBERG 
KLARQUIST SPARKMAN, LLP 
One World Trade Center, Suite 1600 
121 S.W. Salmon Street 
Portland, OR 97204 
Telephone: (503)226-7391 

Attorneys for Defendant 
MICROSOFT CORPORATION 


PAGE 87 - MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. PATENTS 
6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


DECLARATION OF SERVICE BY MAIL 


I am more than eighteen years old and not a party to this action. My place of employment 
and business address is 121 S.W. Salmon St., Portland, Oregon 97204 


On August 16, 2002, 1 served: 


MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS REGARDING U.S. 
PATENTS 6,253,193 & 6,185,683 PURSUANT TO PLR 3-3, 3-4 


by e-mail and by placing true copies of these papers in each of separate envelopes addressed to: 


Michael Page, Esq. 

KEKER & VAN NEST, LLP 

710 Sansome Street 

San Francisco, CA 941 1 1 

mhpfSJkvn.com 

Steven H. Morrissett, Esq. 
Finnegan Henderson Farabow 

Garrett & Dunner 
Stanford Research Park 
700 Hansen Way 
Palo Alto CA 94304-1016 
steven.momssett®finnegan.com 


Stephen E. Taylor, Esq. 
Taylor &Co. Law Offices 
1050 Marina Village Parkway 
Suite 101 

Alameda, CA 94501 
stavlor(S),tcolaw . com 


and sealing the envelope, affixing adequate first-class postage and depositing it in the U.S. mail at 
Portland, Oregon. 

I declare under penalty of perjury that the foregoing is true and correct. Executed on 
August 1 6, 2002, at Portland, Oregon. 


(SIGNATURE) 


(PRINT NAME) 


e 


a ceo 


OA .o 

3 -9 
n no 

E u 


Is 

u | 

* « 
O o 

r e 

§1 
il 

.2 u 

z a 

•3 M 

fit 

» S 
B « 

II 


to 
Oh 


O 


GA 
01 


e8 
> 


00 

vT 

00 

d 

z 

H 
Z 

H 

PL) 


S 


il 

Ed 
H 


5-- 


J B 

u ss 



1*1 


ill 


3 1 X 


I ^ 

eg 

u e 

w o 

§ o -S o E 


fiiiis 

i & Z 2 oo 


vf U o "3 O 

" 1 5 8 


•3 S f.§.E 
|2 2=3 

pill 
I J J 1 1 

aim 


> §< 

8 w •> 
a. < -n 

til 

2 □ c 

Ph - '"* 

8 2 * 
111 


^ C 

i Si 


S3 

if -2 
f S 

3 =3 


si's 
511 

QJ O — - 


si 


u a* 

8 3 


E 2 2 • 


(Q C 



a 

E 
B 

8 

& 
o 


o 
3 
8 

a 



60N 
4) © 


5 rrx 


Opt- 


I 


•3 
f 


I 
5 


ft, 
■ « 


I 

I 


s 


S coo 

?•§ 

» .5 
a .5 

s - 

e* .5 
n 

9\ © 

o w 
is v 


« .s 

£ >> 

w c 

e « 

© a 

| 6 

* § 

« g 

a 35 


8 

CO 


- 


s 

H 


bo 
8 
a 

"§1 


fc 3 


o 

£ Da 


si 







Mini 

"S S g B §* 

•s §> S .s 8 X 


^ 1 

> o ° £ 
o 5 c 

? is- 1 

Ea| I 
i if § 
Sill 


§ 

GO . 



1 




It 

-2 
2 2 



s.s s as 8£ a 


J2 


2 5 


3^ 

i 


8 2 


1 



.6 


T3 3 

S= 5 


s £ o 


8 S 


(5J 6J ofc JB 

■S 2 ts 

I 8 




E E 

5 


a 

© 

3 an 

H B 

U CO 

a - 
c 

IP I 

"3 w> 

cr, .S 

i - 


S 1 
s I 

r b 

4S 


o 3 

=3 ~ 

> £ 

« a 

*S ~ 

H 

« .5 

w a 

e a 

2 a 

£ E 

(U o 

•* 8 

£ a 


U t 


5 S3 


■ = K 


B8-: 


3t 


.S o 

= - 
E H 



X 

£ H 
* Z 

s 






8? 

1% 


del 



ni»'if|sl 




s 

u 


ll 

K CD > 




o £ 

ft- « 


trg-s 

k. to ^ 
O w 


"if 
j r s 


^"2 

jo x: So 

-8 §1? 

S> w C © 

1 S a 

w ^ o u 

S8f* 


III 

O +Z Lm 

rs-i 

V 4> 3 
" I 2 

§ 5 2 

ail 



'if 

f! 
•§1-1 

o u c 

§ ^"u 
J! ^ * 

ill 


I 


W 

e > 
o a « 
* 8.1 

in 

5-"-? 

s i i 


II 


8 


u G 

.15 


i 
! 

3 

! 



a, 

to 

i 

5 


i 


© 


3 GOO 


S 73 


r c 

il 

o g 

1* 

> c 

O u 

J3 « 
M 

W> « 
•3 &D 

(A S 

B « 
O Q. 

E E 


a> 
s 
s 

c 

o 


3 


B 

8 


O 

H 

W 
H 

as 

c*5 


4 

fe s 

o « 

ill 
II 

< w 


-1 

si 1 !* T » d 

™ « « c ^ 

- o w 


■a -s % r5 -s 



"3 

.2 w w 

8 18 

i < B 
a: etf O 


m • - 

© £ 


f2 S D « 


J ^ 2; 73 

^ = § 5 

•n a B- i 

I Jli 


.3 £ 

ii 

S .S 

» S I I 

S s B 1 


c f: « 

_o> ^ 

(2 ^ S 



ill 


O i 
E « 


™ < Ok P. UJ (J 

^ S IF c 


1 


il 

n to 


d 8" 


e>6 

8.tff 

ill 


o — 



E H w S 

a -a s *2 w ° = 

SS « S ° m> w O 


2: s. 



£i 73 


2 a 

O P 

^ 8 
II 

< <= 


I 

£ 
B 
o 



"2 


to 


s 


r 

es 
\* 
o 
u 

a 

In 

e 

-S 2 


u OS 

*s s 


-a .2 

if-g 

"3 or 

'i 

II 
I-s 

■O 

m 

« .£ 
o © 

r s 
8 S 

11 
£ ~ 

ex *> 


S 

o a 

E S 

w © 

T 3 « 

U i 


« 

A 

a. 

es 

and a memory 

a second apparatus 
operating at a particular 
security level may develop 
information (an object) 
classified at a particular 
security level, and store it at 
apparatus 1 

when a third apparatus seeks 
access to stored object, it 
must provide security level 
information (e.g. a security 
label) 

1 

system hardware or 
software (e.g., Apparatus 1 
applies BLP rules, which 
determines whether the third 
apparatus is granted access 
or not Permissions include 
but are not limited to write, 
read, copy, execute). 

processing has safeguards; 
see, e.g. (5) re BLP rules. It 
would also be obvious to 

H 
Z 

and a memory 

File with any "item" "at 
least in part encrypted" 
received from a second 
"apparatus" - e.g., a 
cryptographically signed 
and/or sealed or otherwise 
at least partly encrypted 
file received from another 
computer 

InterTrust*s 3- 1 Statement 
uses "rule** in so general a 
sense that it could beany 
password, key, ticket, 
permission, clearance, 
right, capability, or access 
control used in NT (see (6) 
below) 

system hardware or 
software 

'T' and 2 nd rules" as 
alleged by InterTrust could 
consist of any 1 or more of 

Telescript 

and a memory 

a first agent (object), or 
associated file, encrypted in 
whole or part, received from a 
2d "apparatus." 

a permit from a 3d apparatus 
(e.g. associated with a 2d 
agent meeting a 1st) 

system hardware or software, 
e.g. engine 

processing has safeguards; 
"rules" as InterTrust alleges 
the term would cover permits 

Chaum 

and a memory 

One or more enabling 
credentials or "container" 
thereof 

applying any "rule" obtained 
from a "shop" or "rule" for 
exposing credit info 

system hardware or software, 
e.g. to process credentials 

processing has safeguards; 
"rules" allow electronic 
commerce of varying 

ATMs and other 
examples in Davies & 
Price 

memory stores: 

encrypted files, messages, 
session keys and terminal 
keys; ATM card or wholly 
or partly encrypted 
instructions or data 
received from bank 
computer (e.g., balance) 

"rule" of any transaction, 
or PIN or watermark 
and/or user ID from card; 
"rights portion" of data 
sent from key distribution 
server 

system hardware or 
software for opening files, 
messages, deciphering 
session keys; ATM 
receives cards having keys 
or other "governed" data; 
receives data from bank 
computers 

second 4 *rule" could be, 
e.g., balance information, 
account limits, or any other 

Neuman 

See 2(a) 

so-called "secure 
container" as alleged by 
InterTrust would cover 
Kerberos tickets which 
may be received from a 
server, e.g. for a read 
capability. 
Alternatively, any 
partly encrypted file. 

so-called "rule" 
received from e.g. 
server or end server, or 
knowledge about the 
authorization received 
from another source; 
capabilities may be 
revocable and have 
expiration times; access 
control lists support 
compound principal 
identifiers 

passim; possible "rules" 
include for-use-by- 
group, accept-once, 
quota, authorized, limit* 
restriction 

"rules" as asserted by 
InterTrust may be any 
of multiple (e.g. 

INTERTRUST'S 
PLR 3-1 
STATEMENT 

Consumer's computer, 
as shown in WMRM 
SDK 

Secure container 
(packaged Windows 
Media file), received 
by consumer's 
computer from 
"Content provider** 
(WMRM SDK, Step 
3), which contains 
encrypted governed 
item ("Encrypted 
content**) 

Rights portion of 
signed license, 
received by 
consumer's computer 
from "License issuer'* 
(WMRM SDK, Step 
9) 

Windows Media 
Player and Windows 
Media Rights Manager 

1** and 2 nd rules consist 
of any two valid rules 
as specified in the 
Window Media Rights 

CLAIM LANGUAGE 
(InterTrust's version) 

(4) a memory storing: 

(i) a first secure container 
containing a governed 
item, the first secure 
container governed item 
being at least in part 
encrypted; the first 
secure container having 
been received from a 
second apparatus; 

(ii) a first secure 
container rule at least in 
part governing an aspect 
of access to or use of said 
first secure container 
governed item, the first 
secure container rule 
[sic], the first secure 
container rule having 
been received from a 
third apparatus different 
from said second 
apparatus; and 

(5) hardware or software 
used for receiving and 
opening secure containers, 
said secure containers each 
including the capacity to 
contain a governed item, a 
secure container rule being 
associated with each of said 
secure containers: 

(6) a protected processing 
environment at least in part 
protecting information 
contained in said protected 


e 


£"8 


£ 8 


"SI 


i s 




o 

« c 
— o o 


8 § S 

J2 c © 


J 


■a g a o 

§ I 8.3 


.2 w>£ 

ill *sil J i 


S 

i 1 1 1 1 1 i I 

a, o c 


8 


* § s 

ll!&8i S d 

liffitJJ- 

3 O ii C a a a . 




11 


o> *- £ 
| .B | 

J o o 
Sue; 



} "SB 




8 

CO 


5 i 

e c 

I! 
1 1 ! 


i 

1 


5* 


s 


1 

to 
i 


i 


© 

.52 

H IS 


1.1 


3| 

II 
« .5 

ON © 

r 1 a 
4 S 


« .3 
.5 u 


DC « 

a 

S B 


s s 

v e 

•O w 

£ S 

JS %0i 


« 

I 

=3 
BQ 


See 2(a) 

See 2(a)(6) 

1 

See 2(a)(7) 

NT 


See 2(a)(5) 

See 2(a)(6) 

See 2(a)(7) 

Telescript 


See 2(a)(5) 

See 2(a)(6) 

See 2(a)(7) 

Chaum 


See 2(a)(5) 

See 2(a)(6) 

See 2(a)(7) 

ATMs and other 
examples in Davies & 
Price 


See 2(a)(5) 

See 2(a)(6) 

See 2(a)(7) 

Neuman 


See 2(a)(5) 

See 2(a)(6) 

See 2(a)(7) 

INTERTRUST'S 
PLR3-1 
STATEMENT 

first rule is a right 
received as part of a 
signed license 
(WMRM SDK, Step9) 

Consumer's computer 
receives Windows 
Media file (secure 
container) via 
communications port 
(WMRM SDK, Step 
3) and applies secure 
container rule or rules 
via Windows Media 
Player and Windows 
Media Rights 
Manager. 

Processing 

environment includes 
Windows Media 
Rights Manager and 
Windows processes 
for protecting 
operation of Windows 
Media Rights Manager 

Hardware or software 
employed in 
transmitting Windows 
Media files, including 
for example 
consumer's 
computer's 
communication port 
and Windows Media 
Player (WMRM SDK, 
Step 3) 

CLAIM LANGUAGE 
(InterT rust's version) 


(5) hardware or software 
used for receiving and 
opening secure containers, 
said secure containers each 
including the capacity to 
contain a governed item, a 
secure container rule being 
associated with each of said 
secure containers; 

(6) a protected processing 
environment at least in part 
protecting information 
contained in said protected 
processing environment 
from tampering by a user of 
said first apparatus, said 
protected processing 
environment including 
hardware or software used 
for applying said first rule 
and a secure container rule 
in combination to at least in 
part govern at least one 
aspect of access to or use of 
a governed item; 

(7) hardware or software 
used for transmission of 
secure containers to other 
apparatuses or for the 
receipt of secure containers 
from other apparatuses; and 


•5 


to 
3 


I 


B f * 

w a 

c 03 

© a. 

a s 

U | 


e 


3 «*> 
s " 

Js a> 

>» CA 

* s 

TJ .2 

U > 

Jf-8 

75 u> 

o S 
a -o 

3 - 
a u 

S3 

* J 


4* 

i § 

O <u 


:* 

is- 


38 i 

H I 

§ « L 
« 5 

a a- «< 


4> " 


3 



a )(6); process in| 
nment may appi 
le rules in 
ination" accordi 
rTnist's usage 


s 

CN 
U 


V 
CO 

£ g 1 , u O 



11 


5 3 &*a .S § s i s 


bp 

GO .5 
c a -p 

w 9- o 

§ 8 


J> > 3 Q 


60 it* 


GO 

.s 


-si o ; 
S ! 2 1 5 






§ § SX Eg 83 f i J 1 

lllti 111 tiff 

£6* 3*5 8-2 2618 



IliUJlf! 


■a 


Q 

E 

e tS 


s 


a 

w 
O 

1 

b 

-fi S 
.2 

JP-8 

w .£ 

« -5 

B U 

'5 .5 
-a £ 

S.B 


r b 

hi ° 

s i 

e g 

-a -c 

I * 

.S t - 

CG B 

h ^ 

m a 

a « 

o a, 

E £ 

3 « 


I? 
D a, 


•c 3 


u 8 


QOOw 


c 'C 
Si t5 



l- 

It 

it 


a. 

II 


«3 O 


I* 


§ 3 

if 1 

58 


I* 


1! l-i 

I 

(S 

o 


w 2 - 


CO 



► 2 «* -S 

!51 1 1 

' « E E <S 

> M = * a 


1 if si 


2 i g 


o 8 


8 


0} jo 


1-1 

c B 2 £ a *r 


3 C 


|l 
ZZ w 

e & 

8 & 





: « 


IT 


0, 

« 


5 
s 


■o .2 


a m 

s - 

si 


si 

e g 

£ ** 
I ? 

W S 

B rt 
© Q. 

E £ 
« © 


4 

g -k: 




8 
is 

o 

° 2 

11 


8 T5 3 


s V 
0. £ 


3s 


lit 

g * O 


^ £ e: 
% % % 




J si | 

•f I 2 I 

mi 


0 


O 


3 

H 


>» 
■a 


3 


vo 

00 


O 

55 


13 


*S — S • 

5 6£ 


if 

■so 

8 < 



60 So — 



* E 6 


ttifflwU 


l! 


IS 
£ s 

fa 

c c 
tu " 

SP. 


I* 
'12 


•5.S 

H 

c °^ 


O < 

■a M i 


*1 

.2 S o 

B " *- 


sin 



o p o 


• 3 
J 


e 

e m 


* 5* 
<» .5 

§ - 

« .5 

si 

r a 



» « 2 o 

• - S.S 

- a, a. « 

2 jg.3 | 

- ? a) « 
i S ° § 

3 » g P. 

3 E 5 -I 

t i 


3 *o 

ui O 


' - o 


I** 

"D ij. C 4J 

a ^ S B S 




co e- 


|3B - 

S o „ | E I 

« o i3 -5 a 



&*5 e 
§8 8 

I ° 5 

g I-c 

iss '§ •■: 

jiff 


o 

c 
•c 

1 


I 1 


Is J 

£•§ i 

On £ Q 


2 »5 

o t *- 1 

111! 

i its 


3 «a 

3 S « 



I 

"3 

! 


■C = O 

Cu On 


I 

I 

I 

3- 


a. 


5 co> 



o 


o 

1 i 

SI 


& 


-- W) 

c .S 


9 

On 


* 5 

5b S 
£ c 

tfl .£ 

« ,3 

1 ~ 
a u 

* £ 

9s O 

r § 

s i 

S3 I 

5.5 
c u 

61) « 

a ** 

a c 
5 

C « 

o a 

€ B 
« o 

T3 U 




§1 


§4 



i 

it 
H 




§1 

3Q-0 


•is v 


" o 

II 

2 o 

|1 


3 E 


s e 


•SflSJ 




11*1 




cd -> -n 

II o| 
■23-1 8 1 

J 8 | J 

sill 


< -o 
•g 3 

u o 
t> 5 
<! w 


si 

■C V 


.w O 


« 5* 

•a S 


5 2 


S § c ' 

cu o o , 


■s 


. E 
c - 


o 


3 u» 

c s 

*§ 

Si 
M ■§ 

i - 
a .5 

* 3 
§1 

03 .3 

ov e 

-I 
SJ 

II 

Z 3 

e* « 
s 

M c 

C 03 

o o, 

E S 

•o 8 

a 3 

U | 


& 

el. 


Si 


a. bo 
" .S 


8 v 
.1 I 

o -a 

Si 



4=> «• V) 

.S .E ^ 



8 Stf 8 

*o E h 
W 6 U o 



111 Iff 


6* J 


IS 

1 i 


8 

5 s 


Si 


to 
3 
a. 

I-, 
II 


IS 

I * 

= E 


1 


a 

8 , 
I g 


3 * s a 
b e -a 

O K J W 

° 5 S c 

&8^| 

9 E S8 w 

C 3 a V 

*5 ms > a 


3 

I 
8 

li 


tri 


« -5 „ 

S § oi S 

Jill 

-a S « 
i € *fc S rf 



KB 


Is 

■8 8 


-2 a 


!3 


55 


bo E 


2 I a 1 

s § I -s 
sill 


IS 


a. 


I* 

13 WD 

« .5 
« -5 

3 - 

*3 o 


«i 

§1 

© a> 

* t 

.5 fc. 

J3 ^* 
~ H 

dd a> 

E 

OA 

* .5 

«ft S 
B 09 

© a 

Ji 

£ 03 

I 8 

US to 


■o e 
« c 

si 

O 





fills 

gala 
£ * -° 

73 


! s a I S 


O O « 



8-6 f«I 

^ o a o X 

u « a <g g 




Si 

0 c 

H 

rl 

1 & 

Be 

& Ji 


3 2i 

3 b 

f 


•fa u o p 

I .s : |B 

Q ° I" 

.a g "3 t> 
S "5.3 

if 8 * 

§ s -s :§ 


S 3 
« > 

fc -M Of 
o) bo 

63*1 

O c o 

Q :ll 
-21 

ii? 

o <a a 







1 %J g»l §i 8 

5 'w *S *5 u « o « 



1 




© 
a. 
o 


1! 

en .g 
S - 

« .5 


bo 


it 


SI 

.s >- 

OB E5 
£ *£, 
w B 

e « 
o a. 
E E 

T3 U 


CO 


U 

5* 


06 

co 
H 

CO U3 

W 
H 

2i 


•s 4 


5l 


81 

c o 
o « 


.»8 


8 B 


T3 

.S 

c 

o 
u 


CO 

3 

u 


C 


S3 

irf 


O 
Z 
H 

H 

c/i 


co -- 
H 

CO M 



to U to S 





E 


o 

3 
a. 



CO *> 


9 

i 


e3 tiO 


8. 


.2 


S5i 


• 

s 


s. 

£ 


•8 

II 


u 


3 CO> 

73 M 


a I 

^ © 
c 


SO ,2 
o w 


2h 



F 55 So 8 


» B 

C « 

O & 

6 B 

<u © 


o « 
t 5 
o a. 
a ^ 


O 5 


B « 
I | 


2 E 


E 8i 8 


S u. a 


So 2 


[> S v 


° 


511* 

O w tn 

pa s< 


>> o 

1 to 

: -a 



eg 



J8 


B J5 

|£ 

0 ° 

If 

1 8 
S g 


§2 

ea « 

2S 


M 3 


.2 .5 2 

1 

£ o ~ 


S2 « - 

2 « S 

a o » 

^ 3 o 


S> c 

^ 'S o 

"S .§> c 

S= 8 


2 
c 

S 

1 u 

si 



la 3 


I -s M 



El 


I 

if 


1 



u .2 
2 


! £ 


a 


i 


a 

o 

e m 


s ceo 

5 : 

\" a 

E» to 


-8 


8 


D. 

Q t 


a! 


•c 


JQ 

r 


£ © 

« .5 
S - 

Si 
m £ 

8*3 
r § 

*! 

o g 


•§ DA 

«3 S 

c « 

is 


1 s 




S 81 § 8 




I 



pg 


Si T3 

« p. 


IS 


I 


-1 

«P8 


CO 

= 1 
I i 


I 



f »5j 

1 ill 


? :s .s 




2 u 


i 


C IS 


(» .5 

il 



6 dj 


E 

il 

to 


1 


In 


in 

00 


O 

2 



ft) TJ 

■s £ 

0 "o 
« 8 

1 £ 

a 2 
§ £ 


5P 


I 1 
bo 


*o o o 

a" c & 

*~ to , 
3 : . 


a S3 H 



col 
28 


3 

1 


I .a 5 


* s 

rt O 

g s 


£5 


ea <N 


*1 

s « 

'« "O -- 


Sow 


E 


1 * 8 J 1 



U CO 


<5S 


to 

> 


ft, 

<5> 


25 

■a s 

.5 <- 

» £ 

2 - s 

tS c 

s cs 

o a 

E g 


U l 


11 
II 



a. 



lw at 
A 9 

■si 

a bp 

CO C 

1 - 


2 2 

si 


3 



si 

*! 

H L 




3^ 


i =1 
I -2 -S 

ill 

; a -8 


§■'5 


°P § 0 

v ecu 


E 


ills 


o 

C v 

« > 

o 8 

E £ 
oS 

S | 

o E 

§ Si m 


« TO 

w -° 

TO I- 

■8 | 

3 § 

TO^.S 

~ S >* 
J J ^ 


« i3 


c =1 

o. E 
■o g 
£ *3 


-liif 


1 


■iliia 

« J3 JD J3 W5 



<2 3 

Si 


1 


g 1 


» £ 


2 = o 



■s 


ill 

" S* 

■I 2>££ 

lis • 

lift 


•si 

sis.. 
« E e ° 

MOP" 

III 

bO'C 


> > ° „ 


ll 6 JB 


e" 


e i"S If 




S3 




*8 


J 


I 


.a 


i 

to 

i 

i 
s 

1 
I 


E 
X 


r 

« 

e 


9 coo 

« 3 

it* W 

■o .2 

»> .2 
8 -2 

B o 

*3 £ 

if 
il 

SI'S 


■8 


8 

(/J 



if 


cd -O 


is. 

Is 
8 8. 


S3 = 





es „g 

a § 

© a 


U t 


8 


1 
1 


O 

I 



Mil 

Mil 3 

g.S § 



-S3 



© 

a> 


H 5 


is 

st Ml 


E 

* .S 

s i 

9% o 

r e 

«! 

51 

© « 

■3 *- 


be v 

•S feu 

5 s 

* E 


e 

o 

E 

<u 

u 
a 

ja 

(J 


3 

H 


8 


S 


On 

in 

b 
z 

H 
Z 

c/5 


2 -= 
E U 


3 » & - 

5 o c c 


i g 


*5 j 

2aS 


r .35 

f I » "§ J - i .» 

L » 1 u . § 3 £ 5 

i a 1 3 J 1 3 Jl •: 


a* 

a is 

(J 6 


li 

4) oq 


Hi 


— > « 

« o c 

§ -8 § • 

w e a, ^ 





2 oo 

o 2r 


ca. » E 
.2 ^ij 

Piss 


*r> ^1 


3§ <N 


8 oh 

oo 6 


CO £ 

S £ 

© S3 


•SP s 

5-8 


= J2 
O is 




| J 

ell 


I 

55 


ft, 

! 


I? 


5 


3 CO? 

Hi 


* 3 

•o .2 

£ © 

w .5 


si 
r = 


« .s 

t£ s 

c « 

O Q. 

E E 

-8 S 

ea 2 

j= % 


f 1 


St 

Ik 



6 c 1 


5b J2 a 

si§ 


1*1 §1 

*n w ™ a* c 
8 3 o c S 


w J3 DO c c 

eH|:I1-* 
1 1 si g il I 


60 C 

, c c -n .2 

I 1 1 -E J S ° 

HfilsJg 

ri^Klf il 



I i 

u 6 


q a - 




00 4> 

■IS 


iiif 

nil 



§11.2 § s g 



i "8-e 
a 


It III 



» 1 2 ° S *5 

* S .2 g C 0> 


8-M 2 


; o E 


if a s J 

ill 3 -- 3 


§ Si 

8 « : 


lis 
iHll 


o S3 a> 

111 

'fi ta 2 

I** 

Hi 

if 1 


-SP o w> M § 


o 

t> .op 




I s|i g | §■■! sis i-if 

-o .5 .5 o 3 o a u -D ti u^-a 


E E 


C « 

^ c 

to 

£ 3 

TJ .2 

« © 


13 


ON O 

r 1 c 

la 

c ~ 

CD 

n = 


2 ■= 
E U 


a; 

is 

Ed - 


Ed » 

SW 1/1 

3 B 


o s. : 


S S S 8 3 


t3 g 



1 o U c ,£ £ E c 


*> 5. 

8J5'B 
,S >, = 
r: a> 

EES 

t! « -° * » 


. ^ o > ^ 
u £ S >p 


5 o 


• 1 

1 1 


g - 


8 


si I ^ 


1 o. 8 c 
: Z o 3 ^'C 

*T3 O O > O. 



Hill -I 


•2 l^-a 

D C3 J; y O 

-ft e 1 -22 ^ 

r r D u K 

U C U *a 73 U 



s.i s 

DPS 


5 6.3 

13'S 
> 2 e 




: I "5 -5 ' 


Hi 


.lis 

I J? 

Ill 

tN E § 


-ill 

2|S.S 
Hi 8 


: '5 ^ 
1 J -g 

Us 

hud a 


« g « 
t2s 


s — 


! o 5 


logoff 

i -81 1 § 


c cd 3 
— o 

8 

.8 i| 


■oils 


.5 ^ 
11 

1^1 


6 § i 

« o & 


. 8 


§ 3u 

^ > Cu 

i =| » 
E S e 


B U- J3 *0 
d n T3 w O 



^ o 
E E 

= 1 

to (N 


60 O -O C _^ 

IPflsfli 

£ £ E % I 


3 O 

P sl 

SI E 8 8 


B ^ 


il 

.si 


11 
l! 


e 


3 «» 


E " 

« .S 

s > 
* .s 

o\ o 

3 5 


.S 


« .s 

e « 

© a 

E £ 

v © 

U | 


E U 


si 


a; 

H S 

w fcd 

Q£ < 

05 W 
[z3 — 


'-.'riigv.' 


1^ § 


.11 

■m 

O -a ft. 



w c k 
c c! ** o 

*I§i 


SIM 

*<<r.;.V- • ■ 

ry 


*1 


8 

ob*0 ; 


■sis 
$2.1 & 


ill 


4': 


E 3 3 


£ 3 t-of I 

« w 5 j= 2 o 


fill: 


I: 


IS 
Si" 


2 o « 


■8. 


3 "2 




2 

B 

t- S3 E 


2 o 



II 


*0 o 

H 

If 

DO ° 

3 § 


an 


m 


IS 


m 


, -1' 


tj- o w G O w O T3 SJ X) 


I 


I 


^3 

1 
5 


1 
to 


3 «» 

Ml ™ 


pC S 

■o .2 

o > 

« © 

« .S 

£5 


-a x: 

1 1: 


** K 
DC « 

« .5 


o a 
E E 


.3 I 


Neuman andVor 
Chaum 

See 1(b) 

storing any of 
numerous positive 
or negative 
credentials, rights, 
or restrictions 
associated with file 

copy made or not 
depending on a 
"control" 

2d device may be 
identified and 
transferability 
determined based on 
one or more of its 
features 

CUPID 

See 1(b) 

Origination Server 
creates Printjob, uses 
Workflow 

Management Service, 
records requirements, 
tasks and prerequisites 
needed in order to 
process 

Origination Server 
checks copy controls 
to determine whether 
to transfer Printjob to 
Printshop 

Origination Server 
initiates contact with 
Notification Server 
running at Printshop 
and requests the PSP 
(Printshop 

Specification Record) 
containing information 
regarding the 
capabilities of the 
Printshop 

HeUman 

See 1(b) 

usage rights or 
access controls 

copy made or not 
depending on a 
"control" 

2d device may be 
identified and 
transferability 
determined based on 
one or more of its 
features 

CNI/IMA 94 

storing file in memory 
of a device 

storing "control" 
information in 
memory 

control may be used to 
determine whether file 
can be copied to 2d 
device using the 
rendering software 

based at least in part 
on features of 2d 
device (e.g., does user 
have 'Svrite" 
privileges to 2d 
device; or is the user 
identification a match; 
or is the 2d device able 
to receive data, e.g. 
using a given protocol) 

Blaze 

Stores in memory 
managed by Unbt/CFS 

Information associated 
with the file is stored 
in memory (e.g., a 
CFS directory) by 
Unix/CFS and 
includes a first 
"control" (e.g., a 
particular permission 
or right or key) 

Based on the 
"control," determines 
whether file can be 
copied to 2 nd device 

2d device may be 
identified and 
transferability 
determined based on 
one or more of its 
features 

Choudhury, 
Maxemchuck et al. 

See 1(b) 

rights and levels 
stored in memory 

copy made or not 
depending on a 
"control" 

checking 2d device 

Stefik 

See 1(b) 

See 1(c) 

E.g., "Certain communications and 
transactions may be conditioned on a 
repository being in a particular 
security class." 

No copy is stored on 2d repository (or 
the rendering hardware) if the usage 
rights and/or security level 
information and/or access controls 
don't allow it 

Usage rights, security level check 
and/or access control check may fail 
based on 2d device's identity 

INTERTRUST'S PLR 3- 
1 STATEMENT 

Windows Media file is stored 
in consumer's computer and 
all use of it is securely 
managed by the Secure 
Content Manager in Windows 
Media Plaver. 

License information is stored 
in the License Store (WMRM 
SDK, Step 10), license 
information includes Rights. 
License Rights may include 
AllowTransferToNonSDMI, 
AllowTransferToSDMl, 
LicenseCount 

WMRM determines whether 
transfer rights are included in 
license (WMRM SDK, Step 
5) 

Portable Device Service 
Provider Module identifies the 
portable device as either 
SDMI-compliant or non- 
SDMI -compliant and provides 
this information to Windows 
Media Device Manager, 
which allows the transfer 
based on whether the device 
identification matches the 
License Right. 

CLAIM 
LANGUAGE 
(InterTrust's 

version) 

(b) storing said 
digital file in a 
first secure 
memory of a first 
device; 

(c) storing 
information 
associated with 
said digital file in 
a secure database 
stored on said first 
device, said 
information 
including a first 
control: 

(d) determining 
whether said 
digital file may be 
copied and stored 

on a second device 

based on said first 
controL 

(I)said 
determining 
step including 
identifying said 
second device 
and determining 
whether said 
first control 
allows transfer 
of said copied 
file to said 
second device, 
said 

determination 
based at least in 
part on the 
features present 
at the device to 
which said 


I 

£ 


a 


s : 

= ss 

13 .2 

CD _q 

« WD 


E 73 


J- is 


o\ o 

O W 


.S >- 

« a 

w> *» 

« .S 
t 

w C 

C W 

o a. 

£ 5 

-8 5 

42 8 


U i 


s w 
2 ■= 

E U 

S 
2 


"2 •*= 

S y 


Of 

J H 
^ Z 

is 

a: «> 
w - 

Z 


3* 


^ I ° I 



s a- 
I 8 


? 

o u 

.5 U 
*° < 

II 


'1 


1=2-5 



- 2 


S-3 


.51 


8£ 
11 


3 S 


3 8.. 


1 



S"8 

s-g * 

w *o ^ u 


•a 


Ǥ3 

.f 1-SP 
£ 5.*° 


o o p. 

t ^ .o 
-5 '-a 


S 

o .2 ^ 

.« ■§ U 

» 3 « 


-a 3 
g > 


It 


2 --a 

u 


a o 

l! 


11 


C 00 
DO O T) C _ 

■1 I II 1 1 1 3 

ills-sell 


S-8 


ii 


3 * 6 ! 


I 


w rs 
o '-5 

i.ii- B 

w 5 6 5 

Coo — 


•■5 | 


.2 to 


> t3 


ill 


SI 


11 

■a « 

9 6 £ 


1 


I 


! 

i 

I 


9 cos 


•o .2 

OA K 
CQ Ml 

v> .5 

P - 


3 1 

r e 
<*£ 
S3 g 

SO * 


> w 
.S u 


e a. 

E E 

2 « 


Neumati and/or 
Chaum 

"identifier" accessed 
according to 
InterTnist 

authentication 
succeeds or fails 

file is "processed 
only if 

authentication 
succeeds 

See 11(c) I 

CUPID 

Order Name and 
authorization codes for 
documents 

Checks login, or 
authorization codes 
against valid system 
users via standard 
Unix login measures 
or through secure PKi 
authentication 
techniques 

If authorized as a valid 
document publisher, 
the Origination Server 
allows the files to be 
stored on the 
Origination Server; 
see 1(a) 

See 11(c) | 

Hellman 

or check e.g. 
password or ACL or 
key 

authentication 
succeeds or fails 

file is "processed" 
only if 

authentication 
succeeds 

rights include limits 

rr 

o\ 

5 

"identifier" accessed 
according to InterTrust 

authentication 
succeeds or fails 

file is "processed" 
only if authentication 
succeeds 

attributes are stored 

Blaze 

"identifier" accessed, 
e.g., login or password 
or signature or address 
or number 

authentication 
succeeds or fails 

"storing" occurs if 
authorized 

see 1 1(c) | 

Choudhury, 
Maxemchuck et al. 

"identifier" accessed 
according to 
InterTrust 

authentication 
succeeds or fails 

file is "processed" 
only if 

authentication 
succeeds 

license rights 

Stefik 

"identifiers" can be accessed. 

"A repository will have associated 
with it a repository identifier. 
Typically, the repository identifier 
would be a unique number assigned to 
the repository at the time of 
manufacture. ... As a prerequisite to 
operation, a repository will require 
possession of an identification 
certificate. Identification certificates 
are encrypted to prevent forgery and 
are issued by a Master repository." 

- Works can be signed 

- Passwords can be associated with 
users or devices 

- Physical security comprises known 
authentication steps 

authentication succeeds or fails 

Digital work is stored in repository 
only if authentication succeeds 

associated usage rights) or security 

INTERTRUST'S PLR 3- 
1 STATEMENT 

user's Windows Media Player 

Music file cannot be used 
unless identifier indicated in 
License matches user's 
Windows Media Player 
identifier 

Music file will not be 
processed through Windows 
Media Player, including 
protected rendering buffers, 
unless the identifiers match 

License includes Rights and is 

CLAIM 
LANGUAGE 
(InterTrust's 

version! 

least one 
identifier 
associated with 
a first device or 
with a user of 
said first device; 
and 

(2) determining 
whether said 
identifier is 
associated with 
a device and/or 
user authorized 
to store said 

Hicrital fill* - 

(c) storing said 
digital file in a 
first secure 
memory of said 
first device, but 
only if said device 
and/or user is so 
authorized, but not 
proceeding with 
said storing if said 
device and/or user 
is not authorized. 

| (d) storing | 


1 

.5 


I 

3 


a 


E 


H s 


■o .2 

jg-g 

« Of 

en .S 

a - 

* .5 


*2 


J5 

s 1 


r § 


■a £ 

> «s 
.S i- 

* a 

43 <- 
W 

M « 
•S WD 

m c 
a « 

O Q. 

E E 

* § 

J3 w 


s o 


■2 -== 

5l 


S.2 

4-1 
I 

r 8 


3 w (j 


s s 

c — 

.2 o 

l! 

.5 g 


Ed 



2 < < 'J 


IPllll! 
ill Sill! 


c 
u 

I- 

C/3 ii 


Q W 

1 s 


~.2 "B 
8 g.J 


1 

* I 

O =3 


II 
II 
111 

si B 


il 

it 


Is* «i 

5-g-g 3 8 

5118 8 
itrli 

T3 U O X> _ 


« ^ a. a, « » 

si 3*1 

So « oS§ 


C3 8 


1 


"2 *2 ^ o _ 
■S 1 8 J H 



.3 Si 


'I "J 

C ^ IT 

m c 3 

b a ^ 

o .2 


" a « u" ii — « w "> p rt i 


eg 


8 
"5 

__ -o 

s g. 


5 


11 


£ 
1 

to 

i 

s 


I 


2 "a E 


o 

* 

c rs 

— i-^ 

5 8 

£ s 

"3 WD 

« .s 

1 3 
B w 

3 .s 

-c £ 

2 € 


o g 

if 


« *2 


c « 

o a 

E E 

« o 

*9 u 


E U 


Ed *» 

- U « 
S < s 


f 1 


"8 


« ,a o o. bo : 


ill » jjii, 

"'a.sSs-gli 


i § .8 & 
HI § c 

«> = I a 
< O o s 



< O 


if ^ 

i & 

E 5 ° 


•a 


of -B 
- 1 

£ 2 



£ ° » o r 


e3 S > 


ra O 4) O C O 


3 a> < 


to a — 

1 Iv, 



2 £• 


•S s u 


IS 


g i 


0 « n C 

1 s .8 'I 

.S fit g 
« a x 

a * -g .8 

s *a *3 -5 

S J 3 ? 



Si 


fib S o 

f 3 S ~ 

5 t a w o 3 c 

*p|s s ill 


fl: 


£.2 
1 3 


'B 6 


> E 
Q £: 


o c 


DO 


_ 'GO. 

lUli 



?1 


o S 

fa 



1 8 

o zl 


a o 


3 3 



> 3 t 
i> « o 


e3 o 
8 


5£ 



III 


S o o g B « 8 ° 

JlllljllilSI 


^ 3 

ll 


•5* 


a\ e 

S3 1 

13 « 

o « 

> € 

ex « 

.5 m 
«.S 

cS s 

C ed 

o a. 

S S 

« o 

2 « 

eS £ 


Neuman anoVor 
Chaum 


a first "control' 
received 

File stored 

and used to 
determine whether 
file maybe copied 
and stored on 2d 
device 

if copy is allowed 

a copy maybe made 

transferred | 

CUPID 

Origination Server, 
decrypted and 
1 ultimately included 
into final Printjob by 
Document Assembly 
Service 

Right to reproduce 
authorization is 
received by 
Origination Server 

File stored, E.g. 
Workflow 

Management Service 
communicates with 
Document Assembly 
Service that creates 
printable materials by 
assembling 
subdocuments 
referenced during 
publishing step 

Authorization is 
checked prior to 
including files in 
Printjob 

If Authorization is 
granted then the file 
can be copied 

CUPID Client copies 

transfers 

Hellman 


a first "control'* 
received 

File stored 

and used to 
determine whether 
file maybe copied 
and stored on 2d 
device 

if copy is allowed 

a copy may be made 

transferred 1 

CN17IMA94 


a "control" comes with 
the file 

File stored 

"control" determines 
whether file can be 
copied to 2d device 

if the copying is 
allowed 

copy made 

transferred I 

Blaze 


Receives file 
permissions or key 

File stored 

Uses permissions or 
key to determine 
whether can copy to 
another device 

If permission key 
allows or signature 
works 

The file is copied 

Transferred to a 2 nd | 

Choudhury, 
Maxeinchuck et al. 


one or more 
"controls" received 
from 

"clearinghouse" 

File stored 

"control" determines 
whether file can be 
copied to 2d device 

if the copying is 
allowed 

copy made 

transferred 

Stefik 

i 


one or more "controls" is received 
from "clearinghouse" repository 

Digital work stored in a I w device's 
memory 

"control" determines whether file can 
be copied to 2d device 

if the copying is allowed 

copying occurs 

the work is transferred 

INTERTRUST'S PLR 3- 
1 STATEMENT 


WMRM SDK. Steps 8-9. 

WMRM SDK, Step 3. 

At least the following 
WMRMRights Object 
properties meet this 
limitation: 

AlIowTransferToNonSDMI, 

AllowTransferToSDMl 

TransferCbunt 

This and all subsequent claim 
steps occur when the 
condition specified in the 
WMRMRights Object 
property is met 

Transfer to the SDMI or non- 
SDMI portable device, if 
allowed by Windows Media 

Riohts Manaeer 

Portable device necessarily | 

CLAIM 
LANGUAGE 
(InterTrust's 

version) 

of said first digital 
file: and 

(e) receiving a first 
control from said 
clearinghouse at 
said first device; 

(f) storing said 
first digital file in 
a memory of said 
first device; 

(g) using said first 
control to 
determine whether 
said first digital 
file may be copied 
and stored on a 

(h) if said first 
control allows at 
least a portion of 
said first digital 
file to be copied 
and stored on a 
second device: 

(i) copying at least 
a portion of said 
first digital file; 

| 0) transferring at 


g u 

3 


u 


E 


o > 
E =3 


u 
9 

o 

s 


Pi 

s2! 

w ( 

Esi 
g! 
SI 


51 

«) o 

is 


b3 M 



~ o 
E 

£ 


1 


"•8 


3 "E 



"2 

so — 00 

Mil 


5. 2 1 -H 
8c ai 


to 
£5 


3> 


esc; 


1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


MAY 0 7 2002 

IN THE UNITED STATES DISTRICT COlfflK&RD W. WlEKING 

clerk, u.s. district court 

FOR THE NORTHERN DISTRICT OF CAW«K? Mf0 " K * 


INTERTRUST TECHNOLOGIES 
CORPORATION, a Delaware corporation, 

Plaintiff, 



v. 


MICROSOFT CORPORATION, 
a Washington corporation, 

Defendant. 


AND COUNTER ACTION. 


/ 


No.C 01-1640 SBA 

Consolidated with C 02-0647 SBA 

ORDER GRANTING DEFENDANT 
MICROSOFT CORPORATION'S 
RENEWED MOTION FOR PARTIAL 
SUMMARY JUDGMENT OF 
NONINFRINGEMENT OF THE 
GRISWOLD PATENT 

[Docket NoisWO]^ to ^ ^ 

Am l^rtibs ui Uiis actons. 


In vi.jw of plaintiffs statement of non-opposition to defendant's Renewed Motion for Partial 
Summary Judgment of Noninfringement of the Griswold Patent, 

IT IS HEREBY ORDERED THAT defendant's Renewed Motion for Partial Summary 
Judgment ©{'Noninfringement of the Griswold Patent is GRANTED. 

IT IS FURTHER ORDERED THAT the Case Management Conference scheduled for May 
7, 2002 is CONTINUED to May 23. 2002 at 3:00 p.m. Plaintiffs counsel is to set up the 
telephonic conference call with all the parties on the line and call chambers at (510) 637-3559 at the 
time designated above. NO PARTY SHALL CONTACT CHAMBERS DIRECTLY WITHOUT 
PRIOR AUTHORIZATION OF THE COURT. Since the parties filed a Joint Case Management 
Statement on April 26, 2002, the parties need not file a new Statement unless changed circumstances 
warrant the uling of an updated statement Any updated statement shall be filed at least five (5) 
days in advance of the new CMC date. 

IT IS SO ORDERED. 


Dated: May 3, 2002 



' SAUNDRA BROWN ARMSTRONC 
United States District Judge 


PATENT 
Customer Number 22,852 
Attorney Docket No. 0745 1 .000 1.10 
InterTrust Ref. No.: IT-5.0.2 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re Application of: 

Karl L. GINTER et al. 

Serial No.: 09/328,668 

Filed: June 9, 1999 

For: SYSTEMS AND METHODS FOR 
SECURE TRANSACTION 
MANAGEMENT AND 
ELECTRONIC RIGHTS 
PROTECTION 

Assistant Commissioner for Patents 
Washington, DC 20231 

Sir: 

NOTICE REGARDING RELATED LITIGATION 

Applicants hereby notify the U.S. Patent and Trademark Office that several patents 
assigned to InterTrust Technologies Corporation ("InterTrust") are involved in litigation. The 
present application, Serial No. 09/328,668, is a continuation of U.S. Patent No. 5,982,891, which 
is one of the patents at issue in the litigation, and shares a common parent with U.S. Patent Nos. 
6,389,402 Bl; 6,253,193 Bl; 6,185,683 Bl; 5,949,876; 5,917,912; 5,915,019; and 5,892,900, 
which are also at issue in the litigation. 

STATUS OF RELATED LITIGATION 

The status of the litigation is as follows. On April 26, 2001, InterTrust filed a Complaint 
alleging that Microsoft Corporation ("Microsoft") was infringing U.S. Patent No. 6,185,683 Bl, 


Group Art Unit: 2132 
Examiner: G. Barron, Jr. 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 

15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


DECLARATION OF SERVICE VIA ELECTRONIC MAIL AND U.S. MAIL 

I am more than eighteen years old and not a party to this action. My place of 

employment and business address is 1O00 Marsh Road, Menlo Park, California 94025. 

On May 14, 2002, 1 served: 

ORDER GRANTING DEFENDANT MICROSOFT CORPORATION'S RENEWED 
MOTION FOR PARTIAL SUMMARY JUDGMENT OF NONINFRINGEMENT OF THE 
GRISWOLD PATENT 

By transmitting a copy of the above-listed document(s) in PDF form via electronic mail Michael 
H. Page at mhp@kvn.com, Christopher P. Isaac at chris.isaac@finnegan.com, Stephen E. 
Taylor at stayIor@tcolaw.com and James E. Geringer atjames.geringer@klarquist.com and 
also by placing true and correct copies of the above documents in an envelope addressed to: 


John W. Keker, Esq. 
Michael H. Page, Esq. 
KEKER & VAN NEST, LLP 
710 Sansome Street 
San Francisco, California 941 1 1 
Tel. No. 415-391-5400 
Fax No. 415-397-7188 
Email: jwk@kvn.com 
Email: mhp@kvn.com 

Attorneys for Plaintiff INTERTRUST 
TECHNOLOGIES CORPORATION 

Stephen E. Taylor, Esq. 

TAYLOR & CO. LAW OFFICES 

1050 Marina Village Parkway, Suite 101 

Alameda, CA 94501 

Tel. No. 510-865-9401 

Fax No. 510-865-9408 

Email: staylor@tcolaw.com 

Attorneys for Plaintiff 
INTERTRUST TECHNOLOGIES 
CORPORATION 


Christopher P. Isaac, Esq. 

FINNEGAN, HENDERSON, FARABOW, 

GARRETT & DUNNER LLP 

1300 I. Street, N.W. 

Washington, DC 20005-3314 

Tel. No. 202-408-4000 

Fax No. 202-408-4400 

Email: chris.isaac@finnegan.com 

Attorneys for Plaintiff 
INTERTRUST TECHNOLOGIES 
CORPORATION 

John D. Vandenberg, Esq. 

James E. Geringer, Esq. 

KLARQUIST, SPARKMAN, LLP 

One World Trade Center 

121 S. W. Salmon Street, Suite 1600 

Portland, Oregon 97204 

Tel. No: 503-226-7391 

Fax No: 503-228-9446 

Email: john.vandenberg@klarquist.com 

Email: james.geringer@klarquist.com 

Attorneys for Defendant and Counterclaimant, 
MICROSOFT CORPORATION 


and sealing the envelope, affixing adequate first-class postage and depositing it in the U.S. mail 
at Menlo Park, California. 

Executed on May 14, 2002 at Menlo Park, California. 

I declare under penalty of perjury that the foregoing is true and correct. 


ANNA FREDDIE 

nnr<=Qvi i RQ9QQ 1 DECLARATION OF SERVICE VIA ELECTRONIC MAIL 

DOCSSV1 .1 892 J J. 1 ANJ) vs MAIL _ CASE NQ c 01 . 1640 SBA (MEJ) ); 

CONSOLIDATED WITH C 02-0647 SBA