Skip to main content

Full text of "USPTO Patents Application 09870801"

See other formats


Exhibit B 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
II 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,892,900 


155. 


Products infringing: Any product using 
Microsoft Product Activation or Reader 
Activation feature. . 


A virtual distribution environment comprising 


(a) a first host processing environment 
comprising 


computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office XP,.Visio 
2002. Reader using its activation feature. ■ 


fl Ya central processing unit: ._ 

(2) main memory operatively connected 
to said central processing unit: 

(3) mass storage operatively connected 
to said central processing unit and said 
main memory: 


CPU of computer 


main memory of computer 


hard disk or other mass storage contained in 
computer - : 


To) said mass storage storing tamper resistant 
software designed to be loaded into said main 
memory and executed by said central 
processing unit, said tamper resistant software 
comprising 


Microsoft Product Activation software 


(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, : 


Product Activation software generates 
hardware information relating to the host 
processing environment as part of the 
activation process 


(2) one or more storage locations 
storing said information: 


integrity programming which 


hardware information is stored in the 
computer's storage 


(i) causes said machine check 
programming to derive said 
information, 


each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 


(ii) compares said information 
to information previously stored 
in said one or more storage 
locations, and 


each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
agiainst current hardware 


(iii) generates an indication 
based on the result of said 
comparison: and 


Product Activation software indicates whether 
the test has passed or failed 


(4) programming which takes one or 
more actions based on the state of said 
indication: : • 


(i) said one or more actions 
including at least temporarily 
halting farther processing. 


Product Activation software will allow system 
startup procedures to continue, if test succeeds, 
or discontinue startup and offer user 
opportunity to reactivate if the test fails 


Exhibit B "\\ 
1 


1 

2 
' 3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


) 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,892,900 


156. 


Product Infringing: Any product using 
Microsoft Product Activation or Reader 
Activation feature. 


A virtual distribution environment comprising 


(a) a first host processing environment 
comprising 


computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office XP, Visio 2002 
and Reader ; 


fn a central processing unit; 


(2) main memory operatively connected 
to said central processing unit: 


CPU of computer 


main memory of computer 


(3) mass storage operatively connected 
to said central processing unit and said 
main memory 


hard disk or other mass storage coniained in 
computer 


(b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said central 
processing unit, said tamper resistant 
software comprising: 


Microsoft Product Activation software 


(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment. . \ _. 


Product Activation software generates 
hardware information relating to the host 
processing environment as part of the 
activation process 


(2) one or more storage locations 
storing said information: 


hardware information is stored in the 
computer's storage ; 


(3) integrity programming which 


(i) causes said machine check 
programming to derive said 
information, 


each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 


(ii) compares said information 
to information previously stored 
in said one or more storage 
locations, and 


each time the Microsoft program starts up after 
initial activation^ Product Activation checks 
the originally derived hardware information 
against cun-ent hardware 


(iii) generates an indication 
based on the result of said 
comparison: and 


Product Activation software indicates whether 
the test has passed or failed 


(4) programming which takes one or 
more actions based on the state of said 
indication: 


(i) said one or more actions 
including at least temporarily 
disabling certain functions. 


Product Activation may disable the underlying 
software from generating new files or running 
user applications if the test fails 


Exhibit Bli 

2 .1 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


JNTERTRVST TECHNOLOGIES CORP. v. MICROSOFT CORR 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,892,900 


157. 


A virtual distribution environment comprising 


Product Infringing: Any product using 
Microsoft Product Activation or Reader 
Activation feature. 


(a) a first host processing environment 
comprising 


computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office XP, Visio 2002 
and Reader • •' ■* 


(1) a central processing unit: 

(2) main memory oper&tively connected 
to said central processing unit: 


CPU of computer 


main memory of computer 


(3) mass storage operatively connected 
to said central processing unit and said 
main memory: 


hard disk or other mass storage contained in 
computer 


(b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said central 
processing unit, said tamper resistant 
software comprising: 


Microsoft Product Activation software 


Product Activation software generates hash 
information relating to the host processing 
environment as part of the activation process 


(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment 


(2) one or more storage locations 
storing said information: 


hardware information is stored in the 
computer's storage . • 


(31 integrity programming which . 


(i) causes said machine check 
programming to derive said 
information, 


each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 


(ii) compares said information 
to information previously stored 
in said one or more storage 
locations, and 


(iii) generates an indication 
based on the result of said 
comparison: and 


each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 


Product Activation software indicates whether 
the test has passed or failed 


(4) programming which takes one or 
more actions based on the state of said 
indication: 


(i) said one or more actions 
including displaying a message 
to the user. 


Product Activation software displays a 
message to the user if the test fails 


293482.02 


Exhibit B ii 
3 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,892,900 


156 


Products infringing: Windows Media Player 


A virtual distribution environment comprising 


a first host processing environment comprising 


WMP with Individualized DRM client 
(referred to hereafter as the Individualized 
WMP) running on a client computer 


a central processing unit 


Client CPU 


main memory bperatively connected to said 
central processing unit 


Client memory 


mass storage operatively connected to said 
central processing unit and said main memory 


Local disk drive 


said mass storage storing tamper resistant 
software designed to be loaded into said main 
memory and executed by said central 
processing unit, said tamper resistant software 
:omprising: 


Individualized WMP (I-WMP) stored on disk 
and loaded into main memory upon execution. 
I-WMP is tamper resistant. 


nachine check programming which derives 
nformation from one or more aspects of said 
lost processing environment, 


Individualization module is generated by the 
MS individualization service either when the 
un-individualized WMP tries to open licensed 
content that requires a security upgrade (aka, 
Individualization) or when the user requests an 
upgrade un-provoked. The individualization 
module is unique and signed and is bound to a 
unique hardware ID using the MS machine 
activation process. 


>ne or more storage locations storing said 
nformation 


The aforementioned unique feature are located 
in multiple places or storage locations 


ntegritv programming which 


:auses said machine check programming to 
lerive said information, 


ompares said information to information 
ireviously stored in said one or more storage 
ocations. and ' 


The ID is regenerated by WMP/DRM client 
when first loading the Individualized DRM 
Client to access a piece of content requiring the 
security upgrade. 


The program checks the new copy against the 
one to which the individualized DRM client is 
bound. ■ ; 


;enerates an indication based on the result of 
aid comparison: and 


Program stores the result of this check. 


irogramming which takes one or more actions 
tased on the state of -said indication 


If these are not equal, the user is notified via a 
message stating that he/she must acquire a 
security upgrade (that is, the current security 
upgrade is invalid). If they are equal then 
processing of songs requiring Individualization 
continues. - 


aid one or more actions including at least 
smporarilv disabling certain functions. 


Songs targeted to this Individualization module 
cannot be accessed until the upgrade is correct. 


Exhibit Bj 

' : 4 1 


I 


1 

2 
3 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR US. PATENT NO. 5,892,900 


II 157* A virtual distribution environment 
1! comprising 

Infringing products include: Windows -Media 
Plaver • 

II a first host processing environment comprising 

See 156 

II A ^1 * _ *A * 

II a central processing unit 

See 1 56 

II main memory operatively connected to said 

11 A 1- " * A- 

II central processing unit 

See 156 

j| mass storage operatively connected to said 
centra! processing unit and said main memory 

See 156 

|| said mass storage storing tamper resistant 
software designed to be loaded into said main 
memory and executed by said central 

II processing unit, said tamper resistant software 

J comprising: 

See 156 

• 

|| machine check programming which derives 
information from one or more aspects of said 
host processing environment 

See 156 

|| one or more storage locations storing said 
information 

See 156 

|| integrity programming which causes said 
machine check programming to derive said 
information compares said information to 
information previously stored in said one or 

| more storage locations, and 

See 156 

|| generates an indication based on the result of 
said comparison: and 

See 156 

|| programming which takes one or more actions 
|| based on the state of said indication 

See 156 

|| said one or more actions including displaying a 
message to the user. 

If these are not equal, the user is notified via a 
message stating that he/she must acquire a 
security upgrade (that is, the current security 
upgrade is invalid). 




293482.02 


Exhibit \ 

... 5 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


) 


157. 


JNTERTRVST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,892,900 


Infringing Product: Microsoft's Windows File 
Protection and System File Checker features, 
embodied in Microsoft's Windows 2000, 
Windows XP products, and Server 2003 


A virtual distribution environment comprising 


(a) a first host processing environment 
comprising 


computer running Microsoft Windows 2000 or 
Windows XP. 


(Y\ a central processing unit: 


CPU of computer 


(2) main memory operatively connected 
to said central processing unit: 


main memory of computer 


(3) mass storage operatively connected 
to said central processing unit and said 
main memory: 


hard disk or other mass storage contained in 
computer 


(b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said central 
processing unit, said tamper resistant 
software comprising: 


(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, 


Windows File Protection process/service 
("WFP") and System File Checker (SFC.exe) 
features of winlogon.exe. Winlogon.exe is 
treated as a "critical" service by the Windows 
operating system. Files supporting WFP 
(including winlogon.exe, sfc.exe, sfc.dll (2000 
only), sfcfiles.dll (2000 only) and sfc_os.dll 
(XP only)) are "protected" files and are signed 
using a signature verified by a hidden key. In 
Windows 2000, WFP uses hidden functions 
within the sfc.dll library. Functions are 
imported bv "ordinal" instead of "name/ r 


WinJogon either directly or using another dll 
(XP) or using SFC.dll (2000) determines if 
changed file was protected, computes the hash 
of protected files and, if necessary, computes 
the hash of the file in the dll cache before using 
it to replace a file overwritten by an incorrect 
version of the file. ' 


(2) one or more storage locations 
storing said information: 


hardware information is stored in the 
computer's memory 


(31 integrity programming which 


(i) causes said machine check 
programming to derive said 
information, 


Windows notifies Winlogon when there has 
been a system directory change or a change in 
the dll cache. 


(ii) compares said information 
to information previously stored 
in said one or more storage 
locations, and 


Winlogon either directly or using another dll 
(XP) or using SFC.dll (2000) compares 
computed hash with hash in the hash database 
created from the Catalog file(s), and, if there is 
a difference, compares the hash of the file in 
the dll cache to the hash database created from 


!! 

Exhibit B !! 
6 


7 
8 
9 

10 
11 
12 
13 
14 

.15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


the Catalog file(s) before using it to replace an 
overwritten file. 


(iii) generates an indication . 
based on the result of said 
comparison: arid 


An event is written to the Event Viewer if 
hashes do not agree. 


(4) programming which takes one or 
more actions based on the state of said 
indication; 


Depending on the circumstances, WFP 
displays several messages to the user, 
including prompting the user to contact the 
system administrator, and to insert a CD-ROM 


(i) said one or more actions 
including displaying a message 
to the user. 


See above. Messages also constitute viewable 
Event Property pop-ups. 


i 

Exhibit B 

7 :| 


■A 
5 
6 
7 
8 
9 
IP 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 


INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,917,912 


Product Infringing: XBox 


^ process comprising the following steps: 


The process constitutes assembly and use 
of components making up an XBox game. 


ccessing a first record containing 
iformation directly or indirectly 
dentifying one or more elements of a first 
omponent assembly, 


The first record consists of the second file 
table on an XBox DVD, This table* 
identifies the .x be file which includes the 
game information; 


t least one of said elements including at 
sast some executable programming, 


The xbe file includes executable 
programming. 


t least one of said elements constituting a 
>ad module. ■ : 


The xbe file is a load module. 


dd load module including executable 
rogramming and a header: 


The xbe file includes a header. 


least a portion of said header is a public 
:>rtion which is characterized by a 
ilatively lower level of security 
otection: and 


Most information the xbe header is not 
obfuscated. 


least a portion of said header is a private 
)rtion which is characterized, at least 
>me of the time, by a level of security 
otection which is relatively higher than 
id relatively lower level of security 
otection. 


The entry point address and the kernel 
image thunk address listed in the xbe 
header are obfuscated and therefore at a 
higher level of security protection. 


;ing said information to identify and 
cate said one or more elements; . 


The second file table identifies the .xbe 
file, including where that file is located. 


cessing said located one or more 
ements: 


The .xbe file is accessed by the XBox. 


curely assembling said one or more 
iments to form at least a portion of said 
st component assembly; 


At runtime, the .xbe file is assembled with 
certain services of the operating system to 
form a component assembly. Security 
associated with this assembling process 
includes verifying signatures associated 
with portions of the .xbe file, and replacing 
obfuscated calls to operating system 
services with actual addresses. 

The assembly may also include patch files 
downloaded from a remote server. 


gcuting at least some of said executable 


Game play requires execution of the 


1 

Exhibit Bjj 
8 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


programming: and 


assembled programming. 


checking said record for validity prior to 
performing said executing step. 


The second file table is protected by a 
digital signature, and is not loaded/used 
unless the digital signature is verified 
against the file. 


7. A process as in claim 6 in which: 


said relatively lower level of security 
protection comprises storing said public 
header portion in an unencrypted state; and 


The header is protected by the techniques 
protecting the xbe such as signing and 
security descriptors, but it is not encrypted 
except as noted below. 


said relatively higher level of security 
protection comprises storing said private 
header portion in an encrypted state. 


The entry point address and the kernel 
image tbunk address listed in the xbe : -' 
header are obfuscated. The Xbox SDK's 
(XDK}image build uses a key value shared 
with the retail XBox to perform Two XOR 
"operations against the addresses ' 


Exhibit B ! 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,917,912 


Infringing products: Microsoft CLR or CCLR 
and .NET Framework SDK and products that 
include one or both of these. 


\ process comprising the following steps: 


a) accessing a first record containing 
nformation directly or indirectly identifying 
>ne or more elements of a first component 
issembly, 


The first record is either an assembly manifest, 
or a whole assembly; the elements are otlier . 
assemblies that are referenced as external in 
the first record; the first component assembly 
is a '.NET application domain. . 


(1) at least one of said elements 
including at least some executable 
programming/ - 


Assembly contains executable programming. 


(2) at least one of said elements 
constituting a load module. 


This is an external assembly referenced in the 
first record. -• • 


(i) said load module including 
executable programming arid a 
header; 


Assemblies include executable programming, 
and the assembly manifest and CLS type 
metadata constitute a header. 


(ii) said header including an 
execution space identifier 
identifying at least one aspect of 
an execution space required for 
use and/or execution of the load 
module associated with said 
header . 


This feature is provided for in the .NET 
architecture through numerous mechanisms, 
for example, by demands for ZonelD 
permissions. 


(iii) said execution space 
identifier provides the capability 
for distinguishing between 
execution spaces providing a 
higher level of security and 
execution spaces providing a 
lower level of security: 


SecurityZone or other evidence provides this 
capability. 


)) using said information to identify and 
>cate said one or more elements; 


Manifest and type metadata information 
section is used to identify and locate files, code 
elements, resource elements, individual classes 
and methods. 


;) accessing said located one or more 
ements; ; 


Step earned out by the GLR or CCLR loader. 


I) securely assembling said one or more 
ements to form at least a portion of said first 
Dmponent assembly; 


CLR or CCLR carries out this step, including 
checking the integrity of the load module, 
checking the load module's permissions, 
placing the load module contents into an 
application domain, isolating it from malicious 
or badly behaved code, and from code that 
does not have the permission to call it 


j) executing at least some of said executable 
ropramming: and 


Step carried but by the CLR/CCLR and the 
CLR/CCLRhost. . 


4 


Exhibit B'| 
in 


1 

2 
3 
4 
5 
6 
7 
8 
9 
]0 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


(f) checking said record for validity prior to 

performing said executing step. 

9. A process as hi claim 8 in which said 
execution space providing a higher level of 
security comprises a secure processing 

environment. * 

|3. A process as in claim 8 further comprising: 

(a) comparing said execution space identifier 
against information identifying the execution 
space in which said executing step is to occur; 
and 

(b) taking an action if said execution space 
identifier requires an execution space with a 
security level higher than that of the execution 
space in which said executing step is to occur. 


14, A process as in claim 13 in which said 
action includes terminating said process prior 
to said executing step. 


The CLR/CCLR checks the authenticity and 
the integrity of the first .NET assembly. 
The GLR/CCLR constitutes a secure 
processing environment. 


In one example, the • 
ZoneldentityPermissionAttribute SeciirityZone 
yalue demanded by control in the assembly 
manifest is compared against the Security Zone 
attribute value corresponding to the calling 

method - 

CLR/CCLR will throw an exception and- 
transfer control to an exception handler in the 
calling routine, or it will shut down the 
application if there is no such exception 
handler, if the permissions do not include the ' 
permissions required by the 
ZoneldentityPermissionAttribute. The 
ZoneldentityPermissions are hierarchical, 

unless customized. 

CLR/CCLR may terminate the process or 
transfer control to an exception handler that 
may itself terminate the process. 


ii 

Exhibit B ij 
11 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
25 
27 
28 


IN TER TRUST TECHNOLOGIES CORP. V- MICROSOFT CORP. 

INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 5,917,912 



Products infringing include Windows Installer 
SDK, and products that include the Windows 
Installer technology. 


A process comprising the following steps: 


Scenario 1: use of Windows Installer packages 
(i.e. ,MSI files) to create Windows Installer- 
enabled applications, such as Office 2000 and 
used of the WI service to install them. 
Scenario 2: software distribution technologies 
that use the Windows Installer OS service for 
installation, such as Internet Component 
Download and products like Office Web 
Components. 

Either scenario can be used by SMS, 

IntelliMirror and third party tools like 

InstallShield and WISE. 

NT or later operating systems (because they 

use the subsystem identifier) 

using cabinet files, .CAB, (because they have a 

manifest and INF and/or OSD files), and 

have been signed with a digital signature and 

will be authenticated by Authenticode or 

WinVerifyTrust API and 

contain at least one PE (portable executables) 


(a) accessing a first record containing 
information directly or indirectly identifying 
one or more elements of a first component 
assembly, 


Scenario 1 : First record is the .MSI file that 
contains information on what goes in the 
assembly and how to install the assembly. 

Scenario 2: 

A. First record is the cabinet manifest 
(indirect instructipns) 

B. Or, First record can be INF and/or OSD 
files (direct instructions) 


(1) at least one of said elements 
"including at least some executable 
programming, 


Both scenarios: The PE (portable executable) 
in the cabinet file is the executable 
programming. 


(2) at least one of said elements 
constituting a load module. 


Both scenarios: PE is a load module: 


(i) said load module including 
executable programming and a 


Both scenarios: The PE has several headers. 


Exhibit Bit 


i 

2 
3 
.4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


header; 


(ii) said header including an 
execution space identifier 
identifying at least one aspect of 
an execution space required for 
use and/or execution of th? load 
module associated with said 
header: ■ 


(iii) said execution space 
identifier provides the capability 
for distinguishing between 
execution spaces providing a 
higher level of security and 
execution spaces providing a 
lower level of security; 


Both scenarios: SUBSYTEM is a field in the 
PE Optional Header that is an execution space 


Both scenarios: SUBSYSTEM distinguishes 
between programs that can run in kernel mode 
and those that can run in user mode.* This is a 
key security concept of process separation that 
was introduced with Windows NT. 

The Subsystem field in the PE header is used 
by the system to indicate whether the 
executable will run within Ring 3 (user mode)' 
or use Ring 0 (native or kernel mode). 
Anything running in Ring 3 is limited to its 
own processing space, Executables running in 
Ring 0 can reach out to other spaces and have 
security measure built around them. 


V) using said information to identify and 
ocate said one or more elements; 


Scenario 1: the MSI file identifies and locates 
the elements 

Scenario 2: 

.CAB manifest is used to identify Physical 
location 

OSD and/or INF is used to identify Logical 
location 


c) accessing said located one or more 
lements; 


Scenario 1 : Using the MSI file 

Scenario 2: Using INF and/or OSD in cabinet 
file. 


d) .securely assembling said one or more 
lements to form at least a portion of said first 
omponent assembly; 


Both scenarios: Using the Window Installer 
OS service with various properties and flags on 
the settings for higher protection. 

Windows Installer has numerous flags that the 
developer can set to indicate how the assembly 
will be installed, in what privilege level, with 
how much user interface, and how much ability 
the user has to watch or change what is 
occurring. These controls have been 
strengthened with each release of Windows 
Installer. Windows Installer 1.1 and later has 
the ability to limit the users capabilities during 
the installation. In a Windows 2000 


i! 

Exhibit Blj 


1 

2 
3 
.4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


environment and later, using the Group Policy- 
based Change and Configuration Management, 
the administrator has the most control 

Fields that can be set by the developer or 
administrator to control what users can do 
include the following; 

Transformssecure can be set to a value of 1 . 
to inform the installer that transforms are to be* 
cached locally on the user's computer in a 
location the user does not have write access. 
(Transforms create custom installations from a 
basic generic installation, for example to make 
the finance versions different from the 
Marketing version or English versions different 
from Japanese versions.) 

AllowLockdownBrowse and DisableBrowse 
can prevent users from browsing to the 
sources. 

SourceList can be used to specify the only 
allowable source to be used for the installation 
of a given component. 

Environment can be used to specify whether 
the installation can be done while the user is 
logged on or only when rib user is logged on. 

Security Summary Property conveys whether 
a package can be opened as read-only or with 
no restriction. 

Privileged Property is used by developers of 
installer packages to make the installation 
conditional upon system policy, the user being 
an administrator, or assignment by an 
administrator. 

Restricted Public Properties can be set as 
variables for an installation. "For managed 
installations, the package author may need to 
limit which public properties are passed to the 
server side and can be changed by a user that is 
not a system administrator. Some are 
commonly necessary to maintain a secure 
environment when the installation requires the 
installer use elevated privileges. ** 
SecureCustomProperties can be created by the 
author of an installation package to add 
controls beyond the default list 

MsiSetJnternalUI specifies the level of user 
interface from hone to full. 

A Sequence Table can be used to specify the 
required order of execution for the installation 
process. There are three modes, one of which is 
the Administrative Installation that is used by 
the nenvork administrator to assign and install 
applications. 

\nstallServicesAction registers a service for 
the svstem and it can onlv he used if the user is 


Exhibit B'i 
14 


1 

2 
3 
4 
5 
6 
7 
8 
9 
.10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



an administrator or has elevated privileges with 
permission to install services or that the 
application is part of a managed installation. 

DisableMedia system policy disables meidia 
sources and disables browsing to media 
sources. It can be used with DisableBrowse to 
secure installations version 1.1 that dpesn't 
have some; of the other capabilities. * s 

AlwaysInstallEIevated c&fi be set per user or 
per machine and is used to install managed 
applications with elevated privileges. 

AllowLockdownBrowse, 
AllowLockdownMedia and 
AllowLockdownPatch set these capabilities so 
they can only be performed by an administrator 
during an elevated installation. . 
[See article "HowTo: Configure Windows 
Installer for Maximum Security (Q247528). 

Windows XP Professional and .NET have the 
additional capability to set Software Restriction 
Policies and have these used by Windows 
Installer. 

In addition, most of the software distribution 
technologies that use Windows Installer also 
add a layer of their own controls. For example, 
SMS 2.0 enables the administrators to control 
the installation is optional or required and 
whether the user can affect the installation 
contents/features at all. . 


(e) executing at least some of said executable 
programming; and 


Both scenarios: Part of executable is called 
during installation in order to do self- 
registration or perform custom actions. The 
overall executable is used at runtime. 


(f) checking said record for validity prior to 
performing said executing step. 


Scenario 1 : Sign the overall package and the 
cabinet files. 

Scenario 2: The cabinet file is signed. 

For IE with the default security level or higher, 
the digital signature is verified by 
Authenticode or a similar utility before the 
component is allowed to be assembled. 


Exhibit B 
15 j 


1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 • 


JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,917,912 


35. 


A process comprising the following steps: 


Products infringing include all products that 
host the Microsoft .NET Common Language 
Runtime or Compact Common Language 
Runtime. 


(a) at a first processing environment receiving 
a first record from a second processing 
environment remote from said first processing 
environment: 


(1) said first record being received in a 
secure container: ■ 


Computer running the Microsoft CLR/CCLR 
receives, for example, a shared assembly 
header or a complete shared assembly from 
another computer, for example a server. 


The shared assembly is cryptographically 
hashed and signed. 


(2) said first record containing 
identification information directly or 
indirectly identifying one or more 
elements of a first component 
assembly: 


The first record is either an assembly manifest, 
or a whole assembly; the elements are other 
assemblies that are referenced as external in 
the first record; the first component assembly 
is a .NET application domain. 


(i) at least one of said elements 
including at least some 
executable programming: 


Assembly contains executable programming. 


(H) said component assembly 
allowing access to or use of 
specified information: 


The specified information can .include any kind 
of data file, stream, log, environment variables, 
etc. 


(3) said secure container also including 
a first of said elements: „ 


(b) accessing said first record 


SIC. ; . : : ~ 

The shared assembly includes at least some 
executable programming. 


CLR/CCLR accesses the assembly or 
assembly header 


(c) using said identification information to 
identify and locate said one or more elements; 


Manifest and type metadata information 
section is used to identify and locate files, code 
elements, resource elements, individual classes 
and methods. 


(1) said locating step including locating 
a second of said elements at a third 
processing environment located^ 
remotely from said first processing 
environment and said second 
processing environment; 


Met by a multifile assembly, with files 
distributed across a network, or by the second 
element constituting another referenced 
assembly located elsewhere; the CLR/CCLR 
uses probing to locate and access the file. 


(d) accessing said located one or more 
elements: 


Step carried out by the CLR/CCLR loader. 


(1) said element accessing step 
including retrieving said second 
element from said third processing 
environment: ' 


Siep.carried out by the CLR/CCLR loader. 


(e) securely assembling said one or more 
elements to form at least a portion of said first 
component assembly specified by said first 
record; and 


CLR/CCLR carries out this step, including 
checking the integrity of the load module, 
checking the load module's permissions, 
placing the load module contents into an 
application domain, isolating it from malicious 
or badly behaved code, and fro m code that 


i 

Exhibit B "jj 
16 i 


1 


2 I (f) executing at least some of said executable 
programming. 


3 

• 4 

5 

6 

7 

g 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19. 
20 
21 
22 
23 

24 ]| 

25 
26 
27 
28 


(1) said executing step taking place at 
said first processing environment 


does not have the permission to call it. 


Step carried out by the CLR/CCLR. 


CLR/CCLR is operating in the first processing 
environment specified above. 


•ii 


293482.02 


Exhibit Bil 
17 


1 

2 
3 
•4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
.24. 
25 
26 
27 
28 


• .) 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,920,861 


34. 

Product Infringing: Microsoft Operating 
Systems that support device driver 
signature technology 

A descriptive data structure embodied on a 
computer-readable medium or other logic 
device including the followine elements: 


a representation of the format of data 
contained in a first rights management data 
structure 

The driver package's INF is a data 
structure; The INF contains multiple types 
of sections, structured as hierarchy 
/branches," that the Windows operating 
system or its Plug and Play and/or Set-up 
installation services "branch" through 
based on the operating system information 
and device for which a driver is to be 
installed. The installation services use the 
branching" structure (format) to determine 
what files should be installed. The INF, 
further provides disk location information" 
and file directory path information for the 
files identified as necessary as a result of 
the "branching" process. 

The driver package is a "rights 
management" data structure based on the 
fact that it is governed and based on the- 
fact that it processes governed information. 

Riehts Management as Governed Item 

A driver manufacturer can include rules 
governing the driver's installation and/or 
use in the driver's INF file. For example: 

*sf»mritv entries snecifv an access control 
list for the driver. 

Driver developers can specify rules that 
determine behavior of the driver package 
based on; the user's operating system 
version, including product type and suite 
~and~ffie"device for wKch the driver is to be 
installed 

Rules specifying logging 

Local administrators can establish policy as 
to what action or notification should occur 
in the event that a driver being installed is 
not signed. . 


Exhibit B lj 
"18 i: 


1 

2 
3 
4 
5 
6 
7 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


The operating system installation services 
have a ranking criteria it follows when 
multiple drivers are available for a newly 
detected device. The criterion is used to 
determine the driver best suited for 
ensuring compatibility with the operating 
system and ensuring functionality of the 
device. 

Drivers have been certified to be 
compatible with specified operating system 
versions for their respective device classes. 
The catalog file protects the integrity of the 
driver. 

Microsoft distributes the Driver Protection 
List to prevent known bad deriver from 
being installed. 

Processing Rights Managed Items 


Certain drivers (SAP) have been explicitly 
certified to protect DRM content 

MSDN - DRM Overview 


A DRM-compliant driver must prevent 
unauthorized copying while digital content 
is being played. In addition, the driver must 
disable all digital outputs that can transmit 
the content over a standard interface (such 
as S/PDIF) through which the decrypted 
content can be captured. 


said representation including: 


element information contained within 
said first rights management data 
structure; and 


The elements of a driver package include: 
A driver that is typically a dynamic-link 
library with the .sys filename extension. 
An INF file containing information that the 
system Setup components use to install 
support for the device. 
A driver catalog file containing the digital 
signature. 

One or more optional co-installers which 
are a Win32® DLL that assists in device 
installation NT-based operating systems. 
Other files, such as a device installation 
application, a device icon, and so forth. 

XP DDK - INF Version Section 


The Layout File entry specifies one or more 
additional system-supplied INF files that 
contain layout information on the source 
media required for installing the software 


Exhibit B 
19 


organization information regarding 
the organization of said elements 
within said first rights management 
data structure; and 


described in this INF. All system-supplied 
INF files specify this entry. 

The CatalogFile entry specifies a catalog 
(.cat) file to be included on the distribution 
media of a device/driver. 


Within an INF is a hierarchy with the top 
being a list of manufacturers, and sub-lists* 
of models and at the bottom a list of install 
information by model. 

For Windows XP and later versions of NT- 
based operating systems, entries in the 
Manufacturer section can be decorated to 
specify operating system versions. The 
specified versions indicate OS versions 
with which the specified INF Models 
sections will be used. If no versions ere 
specified, Setup uses the specified Models 
section for all versions of all operating 
systems. 

INF's SourceDisksNames and 
SourceDisksFiles sections specify 
organization information. 
XP DDK - Source Media for INFs 


The methods you should use to specify 
source media for device files depend on " 
whether your INFs ship separately from the 
operating system or are included with the 
operating system. 
INFs for drivers that are delivered 
separately from the operating system 
specify where the files are located using 
SourceDisksNames and SourceDisksFiles 
sections. 

If the files to support the device are 
included with the operating system, the 
INF must specify a LayotitFile entry in the 
Version section of the file. Such an entry 
specifies where the files reside on the 
operating system media. An INF that 
specifies^ LayoutFile entry must not 
include SourceDisksNames and 
SourceDisksFiles sections, 
XP DDK - INF SourceDisksNames 


Section 


A SourceDisksNames section identifies 
the distribution disks or CD-ROM discs 
that contain the source files to be 
transferred to the target machine during 
installation. Relevant values of an entry in 
the INF include: 
diskid — Specifies a source disk. 
disk-description - Describes the contents 


293482.02 


Exhibit B i| 


1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


and/or purpose of the disk identified by 
diskid. 

tag-or-cab-file — This optional value 
specifies the name of a tag file or cabinet file 
supplied on the distribution disk, either in 
the installation root or in the subdirectory 
specified by path, if any. 
path*— This optional value specifies the 
path to the directory on the distribution 
disk containing source files. The path is 
relative to the installation root and is 
expressed as \dirnamel\dirname2.„ and so 
forth. : 

flags — For Windows XP and later, setting 
this to : Ox 10 forces Setup to use cab-or-tag- 
file as a cabinet file name, and to use tag- 
file as a tag file name. Otherwise,ytog,y is 
for internal use only. 
tag-file « For Windows XP and later, if 
flags is set to 0x1 0, this optional value 
specifies the name of a lag file supplied on 
the distribution medium, either in the 
installation root or in the subdirectory 
specified by path. The value should specify 
the file name and extension without path 
information. 

XP DDK - INF SourceDisksFiles Section 


A SourceDisksFiles section names the 
source files used during installation, 
identifies the source disks (or CD-ROM 
discs) that contain those files, and provides 
the path to the subdirectories, if any, on the 
distribution disks containing individual 
files. Relevant values in an entry in the 
INF would include: 

filename *- Specifies the name of the file on 
the source disk. ....... 

diskid-- Specifies the integer identifying 
the source disk that contains the file. This 
value and the initial path to the 
subdirectory), if any, containing the 
named file must be defined in a 
SourccDisksNames section of the same 
INF. 

subdir — This optional value specifies the 
subdirectory (relative to the 
SourccDisksNames path specification, if 
any) on the source disk where the named 
file resides. 


information relating to metadata, said 
metadata including: 


metadata rules used at least in pan to 
govern at least one aspect of use and/or 
display of content stored within a rights 
management data structure. 


The drivei manufacture can specify rules in 
the fNF thai govern the installation and/or 
use of the driver. For example, security 
entries. specify an access control list for the 


Exhibit flj 
91 


293482.02 



driver. Driver developers can specify rules 
in an INF file that determines behavior of 
the driver package based on the user's 
operating system version, including 
product type and suite. Also, rules related 
to logging can be specified as mentioned in 
next claim element 

For Example - Access Control List 
Rules 

XP DDK - Tightening File-Open 
Security in a Device INF File 
For Microsoft Windows 2000 and later, 
Microsoft tightened file-open security in 
the class installer INFs for certain device 
classes, including CDROM, DiskDrive, 
FDC, RoppyDisk, KDC, and 
SCSIAdapter. 

If you are unsure whether the class installer 
for your device has tightened security on 
file opens, you should tighten security by 
using the device's INF file to assign a value 
to the DeviceCh a ract eristics value name 
in the registry. Do this within an add- 
registry-section, which is specified using 
the INF AddReg directive. 
XP-DDK INF AddReg Directive 

An INF can also contain one or more, 
optional add-registry-section.security 
sections, each specifying a security 
descriptor that will be applied to all registry 
values described within a named add- 
registry-section. 

A Security entry specifies a security 
descriptor for the device. The security- 
descriptor-string is a string with tokens to 
indicate the DACL (D:) security 
component. A class-installer INF can 
specify a security descriptor for a device 
class. A device INF can specify a security 
descriptor for an individual device, 
overriding the security for the class. If the 
class and/or device INF specifies a 
security-descriptor-string, the PnP 
Manager propagates the descriptor to all 
the device objects for a device, including 
the FDO, filter DOs, and the PDO. 

For Example - Operating System 
Versioning 

Operating-System Versioning for Drivers 


;! 

Exhibit Bl 
22 


) 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 


26 
27 
28 


293482.02 


said metadata rules including at least 
one rule specifying that information 
relating to at least one use or display of 
said content be recorded and/or 
reported. 


under Windows XP 

Setup selects the [Models] section to use 
based on the following rules: 

If the INF contains [Models] sections for 
several major or minor operating system 
version numbers, Setup uses the section 
with the highest version numbers that are" 
not higher than the operating system 
version on which the installation is taking 
place. 

If the INF [Models] sections that match the 
operating system version also include 
product -type decorations, product suite 
decorations, or both, then Setup selects the 
section that most closely matches the 
running operating svsteni. 


The AddService directive can set up event- 
logging services for drivers. 
INF AddService Directive 
An AddService directive is used to control 
how (and when) the services of particular 
Windows 2000 or later device's drivers are* 
loaded, any dependencies on other 
underlying legacy drivers or services, and 
so forth. Optionally, this directive sets up 
event-logging services by the 
devices/drivers as well. 
Relevant sections of the directive's entry 
include: 

event-log-install-section -Optionally 
references an INF- writer-defined section in 
which event-logging services for this 
device (or devices) are set up. 
EyentLogType Optionally specifies one 
of System, Security, or Application. If 
omitted, this defaults to System, which is 
almost always the appropriate value for the 
installation of device drivers. For example, 
an INF would specify Security only if the 
to-be-installed driver provides its own 
security support. 

EventName — Optionally specifies a name 
to use for the event log. If omitted, this 
defaults to the given ServiceName. 


1 35. A descriptive data structure as in claim 
34, in which: 


said first rights management data structure 
comprises a first secure container. 

The driver package is secured through a 
catalog file that is signed by Microsoft's 
Windows Hardware Oualitv Lab and 


Exhibit B!i 

" "23 •;: 


10 

11 

12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 



contains the hash of each file of the driver's 
package. The INF identifies the catalog 
file useid to sign the driver package. 


36. A descriptive data structure as in claim 
35 , in which: - 


said first secure container comprises: ■ 

The first secure container is the driver 
package secured bY a catalog file. 

said content; and 

The content is the driver aftd related files 
within the signed driver package. 

rules at least in part governing at least 
'. one use of said content 

The rules are within the INF, which is part 
of the signed driver Dackage. 


37. A descriptive data structure as in claim 
36, wherein the descriptive data structure is 
stored in said first secure container. 

The INF is stored within the signed driver 
package. 


44, A descriptive data structure as in claim 
34, further including: 

i 

a representation of the format of data 
contained in a second rights management 
data structure, 

The manufacture and models sections in 
the INF Version section are provided for 
the possibility of a single INF representing 
the format for multiple drivers. 

Operating system version "decorating** 
relating the architecture, major and minor 
operating systems versions, product and 
suit information all relate to the target 
environment and is used to identify the 
files necessary for the target environment 

An INF file, such as in the case of 
operating system targeting, can be used for 
more than one driver package since it can 
contain more than one catalog file. 

Further an INF can address the drives 
necessary for a multi-functional device. 

said second rights management data 
structure differing in at least one respect 
from said first rights management data 
structure. 

The files of the second data structure would 
vary from the files on the first data 
structure. 


45. A descriptive data structure as in claim 
44, in which: 


said information regarding elements 
contained within said first rights 
management data structure includes 
information relating to the location of at 
least one such element. 

INF specify where the driver files are 
located using the SourceDiskNames and 
SourceDiskFiles sections. 


46. A descriptive data structure as in claim 
44. further including: 


a first target data block including 
information relating to a first target 

Operating system version "decorating" 
relatingithe architecture, maior and minor 


-II 
ii 


Exhibit HI 
24 


1 

2 
3 
4 
5 
6 
7 

9 
10 
,11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


environment in which the descriptive data 
structure may be used. 


operating systems versions, product and 
suit information all relate to the first target 
environment. • ■__ 


47. A descriptive data structure as in claim 
46. further including: 


a second target data block including 
information relating to a second' target . 
environment in which the descriptive data 
s tructure may be used. 


Operating system version decorating will 
cover multiple operating systems.- 


said second target environment differing in 
at least one respect from said first target 
environment. 


This is the reason for version decorating. 


48. A descriptive data structure as in claim 
46. further including: 


a source message field containing 
information at least in part identifying the 
source for the descriptive data structure. 


The provider entry in the version section of 
the INF identifies the provider of the INF 
file: Also, the INF contains a manufacture 
section. . . 


-' 1! 

Exhibit B ;i 
25 


1 

2 
3 

. 4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR PATENT NO. 5,920,861 


>8. 


Product Infringing: Microsoft Reader SDK 
and Microsoft Digital Asset Server. 


\ method of creating a first secure 
container, said method including the 
fallowing steps: 


Method is carried out by Microsoft's 
Digital Asset Server and Microsoft's 
■Lhgen tools 


a) accessing a descriptive data structure, 
said descriptive data structure 
including or addressing 


opf file describing the file structure of a 
protected e-book including metadata, 
manifest, and "spine" information 


(1 ) organization information at least 
in part describing a required or 
desired organization of a content 
section of said first secure 
container, and 


Organisation information regarding 
organization of the ebook and the 
inscription as specified in the manifest and 
spine information in the .opf file 


Metadata constitutes rules specifying the 
degree of security to use and/or XrML 
rules 


(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container: 


i>) using said descriptive data structure to 
organize said first secure container 
contents 


e-book packaging carried out by Microsoft 
Litgen tool 


:) using said metadata information to at 
least in part deteimine specific 
information required to be included in 
said first secure container contents; 
and 


Step performed by Digital Asset Server; 
example of specific information is 
owner/purchaser information required in 
the inscription process 


I) generating or identifying at least one 
rule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. ; ' 


Analyzing the metadata and finally 
packaging the e-book using a particular 
security level specified through the 
metadata 


L A method as in claim 58. in which: 


i) said specific information required to 
be included includes information at 
least in part identifying at least one 
owner or creator of at least a portion of 
said first secure container contents. 


Owner purchaser information required in 
the inscription process; XrML rule 
requiring display of copyright notice 


i; 

Exhibit B jj 
26 


1 

2 
3 
•4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


I NTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
~ INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 5,920,861 


58, 

Product Infringing: All products that host 
the Microsoft Common Language Runtime 
or Cnmnact Common Language Runtime. 

A method of creating a first secure 
container, said method including the 
following steps; 

Method is practiced by a user using the 
Common Language Runtime (CLR) or 
Compact Common Language Runtime 
(CCLR) to create a dynamic shared 
assembly of.NET Framework SDK to 
create a shared assemblv 

(a) accessing a descriptive data structure, 
saiu Qescnpiivc imut &uuviuic 
including or addressing 

.NET framework Assembly class and/or 
AssemblyBuiider class and/or . 
Assemblvlnfo file 

(1) organization information at least 
in part describing a required or 
desired organization of a content 

cf%rtinn r\f cairf flr^t secure 

container, and ' 

This information is specified in the classes 
named above and in the Assemblylnfo file. 

(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container; 

This information is addressed in the classes 
and the Assemblylnfo file, e.g., for a shared 
assembly metadata will be specified that 
the assembly is to be signed using specified 
kev 

(b) using said descriptive data structure to 
organize said first secure container 
contents; 

This step is earned out by applications and 
tools using the classes and assembly info 
file, including CLR (or CCLR) and .NET 
Framework SDK 

(c) using said metadata information to at 
least in part determine specific 
information required to be included in . 
said first secure container contents; 

and ] — 

This step is carried but by applications and 
tools using the assembly info file and 
classes that specify the metadata required 
in the target assembly 

(d) generating or identifying at least one 
rule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. 

User may specify rules, as specified in the 
.NET Framework SDK, to be placed in the 
assemojy maniiesi inciuuing mjch juic:> 
requiring that all code be managed (CLR or 
CCLR compliant), "Code Access Security" 
permissions be supplied for use- of code 
supplied in the assemblv. etc 

A method as in claim in which: 


(a) said creation of said first secure 
container occurs at a first data 
processing arrangement located at a 
first site- 

Can be a server, PC or workstation running 
CLR (or CCLR) to create a dynamic shared 
assembly or .NET Framework SDK to 
create a shared assemblv) 

(b) said first data processing arrangement 
including a communications port; and 

Included in virtually any computer 

(c) said method further includes: 

(1) prior to said step of accessing said 
descriptive data structure, said 

Download of the assemblyinfo file and/or a 
file containing a class calling -the 


I 

Exhibit B!i 
on 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


first data processing arrangement 
receiving said descriptive data 
structure from a second data 
processing arrangement located at 
a second site, _ 


DefineDynamicAssembly methods or 
download of SDK containing 
assemblybuilder class from a second site 


d) said receipt occurring through said first 
data processing arrangement 
communications port. 


Communications port is normally used for 
downloading 


17. A method as in claim 64, further 
comprising: 


t said first processing site, receiving said 
metadata through said communications 
port 


8. A method as in claim 67. in which. 


Download of the Assemblylnfo file and/or 
a file containing a class calling the 
DefineDynamicAssembly methods or 
download of SDK containing 
assembivbuilder class from a second site 


a) said metadata is received separately 
from said descriptive data structure. 


Method practiced when metadata nartes are 
addressed by the assembly class and a 
template for the Assemblylnfo file, and 
values corresponding to those names are 
received through a user interface such as 
provided by Microsoft Visual Studio or are 
provided from a separate file 


}. A method as in claim 58. in which: 


i) said specific information required to 
be included includes information at 
least in part identifying at least one 
owner or creator of at least a portion of 
said first secure container contents 


The Assembly class definition includes 
attributes for company name and trademark 
information, and these may be required 
attributes specified in the Assemblylnfo file 


2. A method as in claim 58. in which: 


i) said specific information required to 
be included includes a copyright 
notice. - 


The Assembly class definition includes an 
attribute for copyright field that may be 
required bv the Assemblylnfo file 


Exhibit Etii 
28 ! 


1 

2 
3 
4 
5 
6 
7 
S 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR US. PATENT NO. 5,920,861 




58. 

Product Infringing: Microsoft .NbT 
Framework, Visual Studio .NET, and tools 
that include the Assembly Generator tool 
AL.exe. 

A method of creating a first secure 
container, said method including the 
following steps; 

The Assembly Generation tool generates : 
a portable execution file with an assembly 
manifest from one or more files that are 
either Microsoft intermediate language 
(MSIL) modules or resource fijes. When 
using the tool's signing option, the 
assemblv becomes a secure container. 

(a) accessing a descriptive data structure, 
said descriptive data structure 
including or addressing 

The descriptive data structure is the text 
file used as input by the Assembly 
Generation tool. 

(1) organization information at least 
in part describing a required or 
desired organization of a content 
section of said first secure 
container, and 

The DDS specifies the link and or embed 
directives to indicate which source files 
should be included in the assembly, how 
the included resource will be tagged, and if 
the resource will be private. Private 
resources are not visible to other 
assemblies. 

These tags are used to organize the 
assembly into named sections. 
Private attributes are used to organize the 
assembly into both public and private 
sections. (Public sections are the default.! 

(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container; 

The text file can contain "options" relating 
to how the assembly should be built and 
additional information that should be 
included. 

Main - Specifies the method to use as 
an entry point when converting a 
module to an executable file. 
Algid- Specifies an algorithm to hash 
all files. 

Comp - Specifies string for the 

Company field* 

Conf - Specifies string for 

Configuration field 

Copy- Specifies string for Copyright 

field. 

Culture - Specifies the culture string to 
associate with the assembly. 
Delay Variation of this option 
jjsDecifies whether the assemblv will be 


. Exhibit & 

29 ;: 


fully or partially signed and whether the 
public key is placed in the assembly. 
description - Specifies the description 
field/ 

Evidence - Embeds file in the assembly 
with the resource name 
Security .Evidence. 

Fileversioh - Specifies the file version 
of the assembly. 

Flags- Specifies flags for such things 
as the assembly is side-by-side 
compatible, assembly cannot execute 
with other versions if either they are 
executing in the same application 
domain, process or computer. 
Keyf - Specifies a file that contains a 
key or key pair to sign an assembly. 
Keyn - Specifies the container that holds 
a key pair. 

Product - Specifies string for Product 
field. 

Productv - Specifies string for Product 
Version. 

Template - Specifies the assembly fro 
which to inherit all assembly metadata. 
Title - Specifies string for Title field. 
Trade - Specifics string for Trademark 
field. 

V- Specifies version information 


(b) using said descriptive data structure to 
organize said first secure container 
contents 


The following directives are used to specify 
which files are to be compiled into the 
assembly, how they will be tagged, and 
whether or not they will be visible to other 
assemblies, AKA private: 

Embedfname, private J - copies the 
content of the file into the assembly and 
applies an optional name tag, and 
optional private attribute. 
i/wA/hame, private]'— file becomes part 
of the assembly via a link and applies an 
optional name tag, and optional private 
attribute. " 


(c) using said metadata information to at 
least in part determine specific 
information required to be included in 
said first secure container contents; 
and 


The following are some of the "options" 
address what information should be 
included in the secure container 

Main - Specifies the method to use as 
an entry point when converting a 
module to an executable file. 
Comp - Specifies string for the 
Company field. 
Conf - Specifies string for 
Configuration field 

Com- Specifies string for Copyright . 


Exhibit B 
10 



field. 

Culture - Specifies the culture string to 
associate with the assembly!, 
Description - Specifies the description 
field. 

Evidence - Embeds file in the assembly 
with the resource name 
Security.Evidence. 

Fileversion - Specifies the file version 
of the assembly. 

Flags - Specifies flags for such things 
as the assembly is side-by-side 
compatible, assembly cannot execute 
with other versions if either they are . 
executing in the^same application 
domain, process or computer. • 
Keyf - Specifies a file that contains a 
key or key pair to sign an assembly. 
. Keyn - Specifies the contained that holds 
a key pair. 

Product - Specifies string for Product 
field. 

Productv - Specifies string for Product 
Version. 

Template - Specifies the assembly fro 
which to inherit all assembly metadata. 
Title - Specifies string for Title field. 
Trade - Specifics string for Trademark 
field. 

V- Specifies version information. 

(uj generating or laenuiying ai leasione 
rule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. 

User may specify rules, as specified in the 
.NET Framework SDK, to be placed in the 
assembly manifest including such rules 
requiring that all code be managed (CLR 
compliant), "Code Access Security" 
permissions be supplied for use of code 
supplied in the assembly, etc. 

71. A method as in claim 58, in which: 


(a) said specific information required to. 
be included includes information at 
least in nart identifvine at least one 
owner or creator of at least a portion of 
said first secure container contents. 

The following "options" specifies owner 
and creator information: 

Comp - Specifies string for the 
Company field. 

Copy - Specifies string for Copyright 
field. 

Trade - Specifics string for Trademark 
field. 

72. A method as in claim 58, in which; 


(a) said specific information required to 
be included includes a copyright 
notice. 

The copy "option" specifies the string for 
the for the Copyright field. 


j: 

Exhibit Bli 
"31 • 


1 

2 
3 
4 

5 
6 
7 
.8 
9 

10. 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


) 


j 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
1NTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 


Products infringing: AH products thatinclude 
the Common Language Runtime or Compact 
Common Language Runtime or Common 
Language Infrastructure. 


A method for using at least one resource 
processed in a secure operating environment at 
a first appliance, said method comprising: 


Resource may constitute a Microsoft Windows 
process or hardware element; secure operating 
environment is Microsoft Common Language 
Runtime ("CLR") environment, Common 
Language Infrastructure ("CLI") or Compact 
CLR ("CCLR"); first appliance is computer 
running CLR, CLI or Compact CLR- Two 
infringing scenarios are set forth herein: (1) 
For CLR, an administrator, using the .NET 
framework, caspol.exe tool remotely configures 
security policy in a .NET configuration file for 
a macWne, enterprise, user, or application and 
that security policy interacts with rules or 
evidence declared in a shared assembly 
provided by another entity ("1 st scenario**); and 
(2) for CLR, CLI and CCLR two assemblies 
are delivered to an appliance; the first 
assembly has a rule that demands permissions 
from a caller in the second assembly, and the 
second assembly includes a control that asserts 
such permissions or provides evidence that 
convinces the runtime that it has such 
permissions. ("2 nd scenario")- In each scenario 
Microsoft .NET "Code Access Security" 
framework or "Role Based Security" 
framework is used. 


(a) securely receiving a first entity's control at 
said first appliance, said first entity being 
located remotely from said operating 
environment and said first appliance; 


I s1 scenario: first entity is the administrator, 
and the policy that constitutes this entity's 
control is securely received at the first 
appliance through a session established 
between the administrator's computer and the 
first appliance, requiring security credentials 
such as the administrator's login and password 
or other secure session means. 
2 nd scenario: first entity is creator or distributor 
of the first assembly, assembly manifest 
includes a control demanding or refusing or 
otherwise asserting a security action on 
permissions from a caller; first assembly is 
intepritv-checked. 


(b) securely receiving a second entity's control 
at said first appliance, said second entity being 
located remotely from said operating, 
environment and said first appliance, said 
second entity being different fro m said first 


Second entity's control is contained in shared 
assembly manifest (and therefore integrity 
protected) that provides evidence for obtaining 
permissions, or asserts permissions; assembly 
creator/distributor is located remotely and is 


Exhibit B 
V) 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


,) 


entity; and 


not the administrator (1* scenario) or 
creator/distributor of the first container (2 nd 
scenario): 


(c) securely processing a data item at said first 
appliance, using at least one resource, 
including securely appiying,at said first 
appliance through use of said at least one 
resource said first entity's control and said 
second entity's control to govern use of said 
data item. 


Secure processing is carried out by CLR, CLI 
or CCLR, Data item constitutes an executable 
code element, an interface controlled by such 
an executable, a data collection or stream (such 
as media file or stream pr text file) or an. . 
environment variable! CLR, CLI or CCLR 
securely processes the rules, which will in both 
scenarios govern access to methods and data 
from the first assembly. The resource named in 
the claim is, e.g., a Windows process that is 
established by the runtime or hardware ejement 
on the computer, 


51* A method as in claim 1 wherein at least 
said secure processing step is performed at an 
end user electronic appliance. 


Consumer computer or appliance running 
Microsoft CLR, CLI or CCLR). 


58. A method as in claim 1 wherein the step of 
securely receiving a first entity's control 
comprises securely receiving said first entity's 
control from a remote location over a 
telecommunications link, and the step of 
securely receiving said second entity's control 
comprises securely receiving said second 
entity's control from the same or different 
-emote location over the same or different 
;elecommunications link. 


I s1 scenarib 1: link is LAN or WAN; 2 M 
scenario: link is any telecommunications link, 
including the internet. 


Secure processing environment is CLR, CLI or 
CCLR running on user's computer or 
appliance. 


55. A method as in claim 1 wherein the 
jrocessing step includes processing said first 
ind second controls within the same secure 
processing environment. 


11. A method as in claim 1 further including 
he step of securely combining said first 
sntity's control and said second entity's control 
o provide a combined control arrangement 


In scenario 2, arrangement consists of the stack 
frame, and the corresponding array of 
permission grants for assemblies on the stack, 
and the permission demanded by the first 
assembly. Secure combining performed by the 
CLR. CLI or CCLR. 


f6. A method as in claim 1 wherein said two 
lecurely receiving steps are independently 
)erformed at different times. 


Steps are performed at different times in both 
scenarios. 


14. A method as in claim 1 wherein at least one 
>f the first entity's control and the second 
entity's control comprises at least one 
;xecutable component and at least one data 
component. 


In both scenarios the second entity supplies an 
assembly with a demand procedure executed 
by the CLR, CLI or CCLR. The data 
component is a specific attribute value 
referenced by the assembly. 


[9. A method as in claim 1 wherein said first 
ippliance includes a protected processing 
:nvironment, and wherein: 


Microsoft Common Language Runtime (CLR), 
Common Language Infrastructure (CLI), or 
Compact Common Language Runtime (CCLR) 
environment. : 


a) said method further comprises a step of 
eceiving. at said first appliance, said data item 


Typically occurs in both scenarios. 


Exhibit B 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
.27 
28 


separately and at a different time from said 
receiving said first entity' s control : and 


(b) said securely processing step is performed 
at least in part in said protected processing 
environment 


Protected processing environment is the CLR, 
CLIorCCLR- 


Exhibit B ii 
34 i 


1 

2 
3 
•4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 


22. . . ... 

Infringing products include Office 2003 and 

lY*ir>\fiAf*A jmnl5f*5tf innc flhd Server 200^ 

including Microsoft ho$ted RMS Service using 
Passport 

A method of securely controlling use by a third 
party of at least one protected operation with 
respect to a data item comprising: 

A user (third party) accesses an IRM-protected 
data item governed by IRM controls under two 
or more RMS servers. For example, the data 
item may be a IRM-protected document 

The IRM controls may be associated with the 
data item directly dr via a IRM-protected 
container holding the IRM-protected data item, 
such as an IRM-protected email with the IRM : 
protected document attached. 

(a) supplying at least a first control from a first 
pity to said third party; 

The user acquires a first use license from a first 
RMS server (first party) enabling access to, the 
IRM-protected data item under the IRM rules 
associated with the first RMS server. For 
example: (1) the first use license from the first 
RMS server permits the user to access a IRM- 
protected document contained within or 
attached to an IRM-protected email; or (2) the 
first use license from the first RMS server 
applies a first set of IRM rules to an IRM- 
protected document. 

(b) supplying, to said third party, at least a 
second control from a second party different 
from said first party; 

The user acquires a second use license from a 
second RMS server (second party) enabling 
access to the IRM-protected data item under 
the IRM rules associated with the second RMS 
server. For example: (1) in addition to the 
user being given access to an IRM-protected 
email based on a first use license, a second 
RMS server provides a second use license 
enabling access to the IRM-protected 
document attached thereto; or (2> the second 
use license from the second RMS server 
applies a second set of IRM rules to the IRM- 
protected document; 

(c) securely combining at said third party's 
location, said first and second controls to form 
a control arrangement; ~ _ 

The first and second use licenses are combined 
to form a control arrangement that governs 
-access to the IRM-protected data item. 

(d) securely requiring use of said control 
arrangement in order to perform at least one 
protected operation using said data item: and 

The combined first and second use licenses 
govern access to the IRM-protected data item. 

(e) securely performing said at least one 
protected operation on behalf of said third 
party with respect lo said data item by at least 
in part employing said control arrangement 

The user performs a protected operation (e.g., 
read, print, edit) on the IRM-protected data 
item. The combined first and second use 
licenses are employed to permit the protected 
oDerition. 

4 

ExhibitBii 


1 

2 
3 
4 
5 
6 
7 

8 . 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


3. A method as in claim 22 wherein said data 
p.m is protected. 


The data item is encrypted and protected by 
1RM. 


9. A method as in claim 22 further including 
ecurely and persistently associating at least 
ne of: (a) said first control, (b) said second 
ontrol, and (c) said control arrangement, with 
aid data item. 


The first and/or second use license are securely 
and persistently associated with the IRM- 
protected data item. ". 


3. A method as in claim 22 wherein at least 
wo of the recited steps are performed at an end 
sct electronic appliance. 


Steps performed at a user's computer or 
appliance. 


0. A method as in claim 22 wherein step (a) 
omprises supplying said first control from at 
iast one remote location over a 
•lecommunications link, and step (b) 
omprises supplying said second control from 
he same or different remote location oyer the 
am or different telecommunications link 


The first and second use licenses are received 
over a telecommunications link such, as a 
networking or modem/serial interface. 


7. A method as in claim 22 wherein at least 
tep (c) is performed within the same secure 
irocessing environment at said third party's 


Steps are performed at user's computer or 
appliance. 


acation. . - 

1 . A method as in clai m 72 wherein: 


a) said method further comprises supplying 
aid data item to said third party separately and 
t a different time from supplying of said first 
ontrol to said third party; and 

b) said securely performing step comprises 
>erforming said protected operation at least in 
»art in a protected processing environment. 


The first use license (first control) is received 
at the time that the user accesses the data item, 
which occurs separately and at a different time 
from receipt of the IRM-protected data item 

itself. ■ — : — : -z 

The protected operations require decryption ol 
the protected content, which is done inside the 
RM lockbox. The RM lockbox is protected by 
mechanisms such as obfuscation, anti- 
debuecing. and tamper resistance. 


Exhibit tij 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


I NTERTRUST TECHNOLOGIES CORP. v- MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 


26- 


A secure method for combining data 
items into a composite data item 
comprising: 


(a) securely providing, from a first location 
to a second location, a first data item 
having at least a fust control associated 
therewith; 


Products infringing: Visual Studio.NET, • 
.NET Framework SDK, and all products 
that include the Common Language 
Runtime or Compact Common Language 
Runtime or Common Language 
Infrastructure. 


A first signed and licensed .NET 
component, .NET assembly, managed 
control and/or Web control (component) is 
the first data item. Thefirst.NET 
component developer (first location^ 
provides the application assembly 
developer (second location) the first 
component. The first control is the set of 
declarative statements comprising the 
LicenseProviderAttribute (alternately 
referred to as license controlsV 


(b) securely providing, from a third 
location to said second location, a second 
data item having at least a second control 
associated therewith; 


A second signed and licensed component is 
the second data item. The second 
component developer (third location) 
provides the application assembly 
developer (second location) the second 
component. The second control is the set 
of declarative statements comprising the 
LicenseProviderAttribute. 


(c) forming, at said second location, a 
composite of said first and second data 


items; 


The application assembly developer will 
include at least the two components into its 
assembly. 


(d) securely combining, at said second 
location, said first and second controls to 
form a control arrangement; and 


At the second location, the application 
assembly developer uses the .NET runtime 
that includes the LicenseManager. 

Whenever a component is instantiated 
(here, an instance of the first licensed 
component), the license manager accesses 
the proper validation mechanism for the 
component. The license controls (first 
control) for the runtime license (derived 
from the design-time license) are bound 
into the header of the .NET application 
assembly, along with the second control for 
the second component. 

Visual Studio.NET securely handles the 
creation of runtime license controls. 
Runtime licenses are embedded into (and 
bound to) the executing application 
assembly. The license control attribute 


Exhibit B 


10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482X2 


i ) 


included in the first component is 
customized in the second location to 
express and require the runtime license. In 
a more advanced scenario, the License 
Complier tool can be used to create a 
".licenses file" containing licenses for 
multiple components, including runtime 
licenses for components and classes created 
by the license provider. This .licenses file 
is embedded into the assembly. 

The third control set comprises the runtime 
license controls for the first and second ' 
components (that had been bound to the 
assembly), the declarative controls 
provided by the application assembly 
developer, and any runtime licenses for 
other components included by the 
developer in application assembly. The 
controls are typically integrated into the 
header of the .NET application assembly 
calline the first licensed component. 

(e) performing at least one operation on 
said composite of said first and second data 
items based at least in part on said control 
arraneement. 

The proper execution of the application 
will require that the assembly have run 
time licenses for the two components. 


27. A method as in claim 26 wherein said 
combining step includes preserving each of 
said first and second controls in said 
comDOsite set 

The set of declarative statements 
comprising the LicenseProviderAttribute of 
both the first and second components are 
included in the application assembly. 


28. A method as in claim 26 wherein said 
performing step comprises governing the 
operation on said composite of said first 
and second data items in accordance with 
said first control and said second control. 

The application will require the first and 
second controls to operate properly when it 
calls the first and second data items, 
respectively. 


29. A method as in claim 26 wherein said 
providing step includes ensuring the 
integrity of said association between said 
first controls and said first data item is 
maintained during at least one of 
transmission, storage and processing of 
said first data item. 

Signing the component that has embedded 
within it the license control ensures the 
integrity of the association of the control 
and data item. 


31. A method as in claim 26 wherein said 
providing step comprises codelivering said 
first data item and said first control. 

The component includes the license control 
and therefore they are codelivered. 


40, A method as in claim 26 further 
including the step of securely ensuring thai 
at least one of (a) said first control, (b) said 
second control, and (c) said control 
arraneement, is Dersistentlv associated with 

Each component includes the license 
control. Signing the component that has 
embedded within it the license control 
ensures the persistence of the association of 
the control anddata item. 

:: - r 

.: W 

Exhibit B il 
38 


1 

2 
3 
.4 
5 
6 
7 
. 8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


4. A method as in claim 26 wherein at 
>^si one of steps (c), (d) and (e) is 
eiformed at an end user electronic 
p pliance. ' , — 


At least step (e) is typically performed at an 
end-user electronic appliance. 


1. A method as in claim 26 wherein step 
i) comprises providing said first data item 
*om at least one remote location over a 
slecommunications link, and step (b) 
omprises providing said second data item 
rom the same or different remote location 
ver the same or different 
>1ecommunications li nk. 


Microsoft maintains Web sites where a 
developer can get components over the 
Web. These sites include references 
whereby a developer may obtain 
components, through their Web connection. 
One such site is Internet Explorer Web 
Control Gallery at 

ie.components.microsoftxom/we bcontrols 


8. A method as in claim 26 wherein step 
j) is performed within the same secure 
rpcessing environment at said second 
ication. : 


Typically, step (d) will bt performed 
within the same secure processing • 

environment 


9. A method as in claim 26 wherein steps 
a) and (b) are performed at different times. 


The application assembly developer will 
typically acquire components at different 
times. — . 


6. A method as in claim 26 wherein at 
*ast one of the first and second controls 
omprises at least one executable 
omponent and at least one data 
om ponent. „ — _ 


The component must include an executable 
and can include a data items as a EULA* 
readme file or help file. 


Exhibit B 

- 39 ; 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRVST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 


35 


A method for using at least one resource 
processed by a secure operating ; 
environment, said method comprising: 


Infringing products include: Windows 
tvledia Player, Individualized DRM Clients 
and the Secure Audio Path (SAP) 
technology, ; : ^_ 


securely receiving a first load module 
provided by a first entity external to said 
operating environment 


securely receiving a second load module 
provided by a second entity external to said 
operating environment, said second entity 
being different from said first entity; and 


The Individualized DRM Client (first load 
module) is a signed security upgrade DLL. 
It is also bound to the hardware ID of the 
machine on which it runs. It is therefore 
securely delivered and integrity protected: 


A SAP certified driver is also signed and 
carries with it a certificate that indicates its 
compliance with SAP criteria. If it is 
delivered to a PC it is secure in the sense 
that it is integrity protected. This driver 
would not come from the same entity as the 
Individualization DLL. ; 


securely processing, using at least one 
resource, a data item associated with said 
first and second load modules, including 
securely applying said first and second load 
modules to manage use of said data item. 


If a WM audio file targeted to the 
Individualized DRM client carries with it a 
requirement that SAP be supported to 
render the WMF contents, the content is 
processed for playing through a soundcard 
using the WMP and by applying the DRM 
client - which decrypts the content and 
negotiates with the DRM kernel processing 
of the content through a Secure Audio Path 
that includes the SAP-certified audio 
driver. • ; 


56. A method as in claim 35 wherein at 
least two of the recited steps are performed 
at an end user electronic appliance. 


All steps occur at the user's PC that 
supports the WMP and DRM client and 
SAP, ■ 


63. A method as in claim 35 wherein said 
first load module receiving step comprises 
securely receiving said first load module 
from at least one remote location over at 
least one telecommunications link, and said 
second load module receiving step 
comprises securely receiving said second 
load module from the same or different 
remote location over the same or different 
telecommunications link. 


The Driver and DRM client are received 
from distinct locations and may be 
delivered securely over the Internet. They 
are delivered securely in that each is 
integrity protected. 


70. A method as in claim 35 wherein said, 
securely processing step comprises 
securely executing said first and -second . 


Both load modules are executed on the PC 
within the.WP/DRM Client/SAP 
environment. • , . • • , . 


!! 

Exhibit Bii 
40 


1 

2 
3 
.4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


load modules within the same secure 
processing environment. 


74. A method as in claim 35 further 
including securely, combining said first and 
second'load modules to provide a 
combined executable. 


Since both the DRM client and the driver - 
are DLLs in the same audio rendering 
chain* they exist as an execution 
environment. 


Jl. A method as in claim 35 wherein said 
securely receiving steps are performed 
independently at different times. 


The driver and Individualization DLL need 
not be received at the same time. 


)4. A method as in claim 35 wherein said 
secure operating environment includes a 
Drotected processing environment, and 
therein: 

>aid method further comprises receiving a 
lata item within said secure operating 
snvironment; 

;aid first load module receiving step is 
performed separately and at a time different 
rom receiving said data item; and 

;aid securely processing step is performed 
it least in part in said protected processing 
environment. ; — 


The Windows Media Player together with . 
the Individualized DRM Client and Secure 
Audio Path comprise a protected 
environment for processing protected 
media. The protected Windows Me#a . 
File^ are received after the load modules 
have been received and installed (licenses 
cannot be acquired until load modules are 
in place). The processing of the Windows 
Media File occurs in the protected 
environment 


Examples of SAP-certified drivers include - as indicated at 
lttpV/www.microsoftxom/Windows/^ 


All VIA controllers with AC-97 codecs 

All ALI controllers with AC-97 codec 

Intel ICH controllers with AC-97 codecs 

Creative Labs SoundBlaster 16/AWE32/AWE64/Vibra 

Yamaha OPL3 

Yamaha DS-1 

Cirrus Logic (Crystal) CS4280 
Cirrus Logic (Crystal) CS4614 / CS4624 
ESS Maestro 2E 
USB Audio 

Cirrus Logic (Crystal) CS428 1 


Exhibit B jj 
"41 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


• All SiS controllers with AC-97 codecs 

■ Ensoniq ES1370 

• NeoMagic NM6 

• Ensoniq ESI 37 l/73and ; CT5880 

• SoundBlaster Live! 

• Aureal 8810 

■ Aureal 8820 
> Aureal 8830 

» Conexant Riptide 

• ESS Maestro 

• ESS ISA parts 

• NeoMagic NM5 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


t 

1NTERTRVST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 

36. ; : . ^ 

Product Infringing: Any product using 

Common- Language Runtime (CLK), Common 
Language Infrastructure (CLI), or Compact 
Common Laneuaee Runtime fCCLR) 

A secure operating environment system for 
managing at least one resource comprising: 

Microsoft CLR, CLI or CCLR (operating 
en vironment system), managing- any of the 
resources on a typical computer, including 
memory, fil es. system, communications Rdrts, 
storage devices, and higher level resources that 
mav use anv of these or combinations of them; 

(a) a communications arrangement 

Communications port and Microsoft Internet 
Protocol stack that may optionally use Secure*. 
Socket Layer protocol or IPSEOpacket 
security protocol, supplied with Microsoft 
Windows. 

(1) that securely receives a first control 
of a first entity external to said 
operating environment, and 

Rule or evidence contained in the manifest of a 
shared assembly, distributed by a first entity 
that can be used by the CLR, CLI or CCLR to 
determine permissions that may be needed to 
cause operations on a data item or resource 
controlled by another entity; shared assembly 
is tamper-protected and may be received using 
secure SSL or IPSEC protocol. 

(2) securely receives a second control 
of a second entity external to said 
operating environment, said second 
entity being different from said first 
entitv: and 

Rule specified in the manifest of a second 
shared (Tamper protected) assembly, that 
demands permissions of callers of its methods. 

(b) a protected processing environment, 
operatively connected to said 
communications arrangement that: 

CLR, CLI or CCLR, connected to (e.g.) 
communications port 

(1) Q securely processes, using at least 
one resource, a data item logically 
associated with said first and second 
controls, and 

CLR, CLI or CCLR uses type safety 
mechanisms, access controls, integrity 
detection, and separation of domains. Data 
item may be any data item that is managed by 
the second assembly, which may be a member 
of such assembly, and whose state or value 
may be accessible through an interface to other 
assemblies, and which is referenced by the first 
assemblv. 

(2) \\ securely applies said first and 
second controls to manage said 
resource for controlling use of said data 
item. 

CLR, CLI or CCLR processes the demand for 
permissions from the second assembly, collects 
the evidence or processes the rule from the first 
assembly, and determines whether the first 
assembly has the permissions to use the 
resource to operate on the data item controlled 
by the second assembly. 

57. A system as in claim 36 wherein said 
TsTrArcieA nmcpssino environment is Dart of an 

Computer or electronic appliance running 
CLR, CLI or CCLR 

' - - - ii 

Exhibit B ii 
43 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


) 


end user electronic appliance. 


64. A system as in claim 36 wherein said 
communications arrangement receives said 
first and second controls from at least one 
remote location over at least one 
telecommunications link. 

Shared assemblies are designed to be received 
remotely, e.g., over the internet. 

75. A system as in claim 36 wherein said 
protected processing environment combines 
said first and second controls to provide a 
combined control arrangement 

Arrangement consists of the stack frame and 
and the corresponding array of permission 
grants for assemblies on the stack, and the 
permission demanded by the second assembly. 

82. A system as in claim 36 wherein said 
communications arrangement independently 
receives said first and second controls at 
different times 

Assemblies, including controls, are designed 
for independent delivery. 

88. A system as in claim 36 wherein at least 
one of the first control and second controls 
comprises at least one executable component 
and at least one data component. 

The second entity supplies an assembly with a 
demand procedure (executed by the CLR, CLI 
or CCLR) that includes reference to a specific 
attribute value (the data component), and the 
protected processing environment executes the 
executable component (demand) in a manner 
that is at least in part responsive to the data 
component (execution is in response to the 
security action supplied in the data itemV 


Exhibit B l| 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 


36. 


Infringing Product: My Services 


A secure operating environment system 
for managing at least one resource 
com prising: 


a communications arrangement that 
securely receives 


Secure operating environment is the secure 
server for any .NET My Services service 
(e.g. Mv Calendar. Mv Inbox") 


Secure server receives communications 
formatted using the SOAP-SEC, the 
security extension to SOAP that is used by 
My Service servers to receive controls. 


a first control 


The first control is a roleTemplate 
associated with the service. The 
roleTemplate identifies specific actions 
(e.g. read, replace) that can be performed 
against a certain scope {resource or set of 
resources). 


of a first entity external to said operating 
environment, 


The first entity is the administrator of the 
server database, or other entity with 
authority over its content that sets up the 
roleTemplates and scopes. That entity is 
independent from and located remotely 
from the secure server. 


and securely receives a second control 


A role element specified by. a specific end 
user, which is securely received by the 
secure server using the SOAP-SEC 
protocol. - 


of a second entity external to said 
operating environment, said second entity 
Kgin gjiifferent from sa id first entity: 


The end user is located remotely from the 
secure server. 


and a protected processing environment, 
operatively connected to said 
communications arrangement, that: 


The protected processing environment is 
the .NET security service {authorization 
system) operating within the server. The 
server uses the SOAP-SEC 
communication protocol to receive 
controls. 


(a) securely processes, using at least one 
resource, a data item logically associated 
with said first and second controls, and 


^Securely processes" is performing the 
requested operation on secure server 
running .NET. The system will perform the 
requested operation ensuring that the user 
has no access to information outside the 


Exhibit Bij 

'45 :; 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
. 27 
28 


[b) securely applies said first and second 
Controls to manage said resource for 
:ontro!ling use of said data item. 


S4. A system as in claim 36 wherein said 
communications arrangement receives said 
first and second controls from at least one 
remote location over at least one 
telecommunications link. 


75. A system as in claim 36 wherein said 
protected processing environment 
combines said first and second controls to 
provide a combined control arrangement. 


82. A system as in claim 36 wherein said 
communications arrangement 
independently receives said first and 
second controls at different times. 

95. A secure operating environment system 
as in claim 36 wherein said 
communications arrangement also receives 
a data item separately and at a different 
time from at least one of said first control 
and said second control. 


scope computed. 

The resource is the server software and/or 
hardware used to process the two controls 
and user data. 

The first control is the roleTemplate for the 
service. The second control is the role 
element for an individual user. 

The data item is the end user's stored 
content (e.g. calendar, email inbox, etc.). 


The secure servier determines the result 
scope (visible node set) for the operation 
that is computed from the role element and 
the roleTemplate. That result scope is used 
to manage the data item. 


The remote location is the site where the 
user's or administrator's application is 
running. 

The telecommunication link can be the 
Internet, intranet, VPN or other similar 
channels. 


The role scope incorporating the role 
element and the role Template. 


Administrator and user controls will 
ordinarily be received at different times. 


This is the normal case for .NET My 
Services. The user's content is normally 
stored and updated independently of the 
setting of scope elements, role elements and 
roleTemplates. 


ij 

Exhibit B! 


1 

2 
3 
4. 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
21 
28 


iNTF.1t TR UST TECHNOLOGIES CORP. v - MICROSOFT CORP. 

INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 6,157,721 


product Infringing: Windows C£ for Automotive 


, A security method comprising: 


WCEfA is Microsoft Windows CE for Automotive, 
sometimes also known by its former name; AutoPC 2.0. 

With WCEfA an OEM can assign their device to a class 
that only accepts certain kinds of software. The device 
cari;be set to accept 1) any software with the correct • 
processor/version 2) only certified software or 3) onh/ 
software from the OEM or Microsoft. These Security (or 
Trust) levels also control to which kernel APIs and 
middleware APIs the software has access. 

Background: 

"Microsoft Software Install Manager (SIM), a 
component of WCEfA, allows you to control what can 
be installed on your device platform. You can define 
your platform as being open, closed or restricted to new 
installations, and SIM will enforce these designations." 
(D,pg.l) 

f Anything can be installed on an open platform, as long 
as the applications are compiled for the appropriate 
processor. At the other extreme, no third-party software 
can be installed on a closed platform. Only certified 
applications can be installed on a restricted platform." 
(D,pg.l) 

"By restricting installations to compliant applications, 
the risk of installing and using incompatible or harmful 
software is greatly reduced, while still keeping the 
device open for robust, quality applications that enhance 
the user experience." (F, pg.1) 

WCEfA also has a Security Layer whose purpose is to 
"Create an abstraction layer of security surrounding 1SV 
applications to limit and/or deny access to key Windows 
CE kernel API calls and WCEfA middleware APIs." 1, 

PSD 


r a)"digitally "sigrung a first load module with a 
first digital signature designating the first load 
module for use by a first device class; 


A first load module is a WCEfA software component in 
a signed .PE file. The first device class is a device that 
only allows software designated as "restricted" (or 
higher) to be installed. "Restricted" software is software 
that has been certified. With restricted software, the 
device also implements a Security Layer functionality 
that limits the kernel and WCEfA API calls that the 
software can make. '•- 


Exhibit B 

'47 I 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


W S1M Level: 1 « Restricted 
Description: Only properly certified CEI (WCEfA 
device installation) files can be installed on the device. 
Remote execution is restricted to executables with . 
master key. 

Key: Logo certified CEI file required. CEI files or EXEs 
with master keys permitted." (F,pg. 1) . 

"The kernel loader calls it each time a module is loaded 
by Windows CE. It returns one of the following values 
that determine the module's access to kernel resources: 

Value 
Meaning 

0EM_CERT1FY_TRUST (2) 
The module is trusted by the OEM to perform any 
operation. . § 

OEM.CERTIFV.RUN (1) 
The module is trusted by the OEM to run but is 
restricted from making certain function calls. 

OEM_CERTIFY_FALSE (0) 
The module is not allowed to run. 

"(H.pg.l) 

Digitally signing: "Before the kernel loads a file, it uses 
the OEMCertifyModule function to verify that the file • 
contains the proper signature." (N, pg.l) 

"Signfile.exe: This tool signs an executable with a 
supplied private key. You can use the following 
command parameters with this tool....-? AttribString, 
specifies an optional attribute string to be included in the 
signature. For example, you could add a string to 
indicate the trust level of the application.** (O. Pg. 1) 

In the MSDN article Verifying the Signature, the sample 
code segment states 
"//the file has a valid signature 
//-we expect the trust level to be returned as signed 
data... 

//case 'R' : dwTrustLevel =- OEM_CERTl FYRUN" (N, 
*2) 

"The WCEfA Security Layer isolates installed 
applications from making unrestricted kernel and 
WCEfA API calls. This allows the OEM to assign one of 
three levels of security to applications and drivers 
installed in RAM when they are loaded into the system. 
The three levels are Trusted. . . f Restricted . . . t and 
Blocked. ..On the systems level, the WCEfA Security 

ii *• • 

it 

Exhibit B l| 

' 48 !: 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


(b) digitally signing a second load module with 
a second digital signature different from the 
first digital signature, the second digital 
signature designating the second load module 
for use by a second device class having at least 
one of tamper resistance and security level 
different from the at least one of tamper 
resistance and security level of the first device . 
class; . • * 


(c) distributing the first load module for use by 
at least one device in the first device class; and 


layer fits between 1SV applications and isolates these 
software modules from having free access to all WinCE 
kernel calls and WCEfA middleware APIs." 0, pg. 1) 

The developer submits their application for certification. 
If it passes, then the cei file (a form of cab file) receives 
a certification key from the certifier. The signed PE is 
within this .cei file, 


A second load module is a WCEfA software component 
is a signed PE file. The second device class with a 
different tamper resistance or security level is a device 
that is "Closed", that is, it will not allow third party to 
software to be installed. A closed device only allows 
trusted software to run. The Security Layer setting of 
Trusted" allows the Microsoft and OEM software full 
access to kernel and middleware APIs. 

In the MSDN article Verifying the Signature, the sample 

code segment states 

7/the file has a valid signature 

// we expect the trust level to be returned as signed 

data... 

//case T* : dwTrustLevel - OEM CERTIFY JTRUST" 
(N,pg.2) 

l Signfile.exe: This tool signs an executable with a 
supplied private key. You can use the following 
command parameters with this tool.... AttribString, 
specifies an optional attribute string to be included in the- 
signature. For example, you could add a string to 
indicate the trust level of the application. (O. Pg. 1) 

"SIM Level: 2 = Closed 

Description: Platform is limited to software supplied 
directly by OEM or Microsoft. Third-party applications 
cannot be installed. ... 

Key. Master key required for any install or remote 
execution." (F,pg.l) 

Related to the Security Layer, the Trusted level "is most 
likely reserved for MS and OEM applications and 
drivers." (I, Pg- . I) 

Whereas the .cei files for certified software have a 
certification key (sometimes call MS Logo key), the .cei 
files from Microsoft or the OEM have a master key 
attached. ""Master key required for any install or remote 
execution.** (F,p.gl) 


First had module is the certified software from a third 
party that will be run as part of the "Restricted" first 
device class. 

"Once your application is complete, send'the .cei file to 


'-!! 

Exhibit b ii 

49 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


(d) distributing the second load module for use 
by at least one device in the second device 
class. 


the organization that is performing validation or 
certification for the OEM. They would validate it, then 
either reject or return a .cei that has been stamped with a 
certification key. You would then reproduce this .cei file 
on CD-ROM or a compact flash card and distribute." (D, - 
P-g5) 

"APCLoad compares the device SiM level against the 
xei file certification key, and either allows the 
installation to proceed or prohibits it based on the 
outcome of this comparison." (D. pg. 2) 

"Security;. To achieve a high level of reliability, 
WCEfk is carefully designed to: 

Control the installation of certified and tested 
.. software and drivers. 
• - Limit the access of system services by installed 
module. 

Monitor the proper execution of software..." 
(G,pg.l) 

The second load module is the certified software from 
the OEM or Microsoft that will be run as part of the 
"Closed" second device class, 

"You may need to change ROM components after your 
device ships, either to fix a problem, or to provide 
enhanced functionality. For this purpose, the OEM is 
given a CEIBuild that adds a master key to a .cei file. 
CEI files stamped with this master key can be installed 
on an open, closed or a restricted platform," (D, pg. 3) 

"Trusted: The application is registered as a completely 
trusted module and allowed full access to the kernel 
APIs and WCEfA APIs. This mode is mostly likely 
reserved for MS and OEM applications and drivers. 
Note that applications and drivers included in ROM are 
automatically given trusted status." (I, Pg-0 


[D] http://msdri.microsoft.com 

[F] hrtp://msdnjnicrosoft 

[G] http^/tasdiu^ 

[H] http://msdn.microsoftxon^ 

mhitp://tas^ 

[N]http://msdn.mi^^ 

[O] http://msdn.microsoftxom/lib^^ 


Exhibit B i! 

50 !; 


1 

2 
3 
4 
5 
6 
7 
8 
9 
1.0 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v- MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,157,721 


5. * - ( 

Product infringing: Windows Hardware 
Quality Lab certification service^ -and * . 
operating system products that support 
driver signature technoloirv. 

A software verifying method comprising: 

Microsoft encourages manufacturers to 
have their device drivers tested and signed. 
For example, only signed drivers will ship 
"iii-the-box." Also, Microsoft's driver 
ranking prefers signed drivers to unsigned 
drivers. 

Microsoft Web-Ease - Can't Find a Test 

Catecorv for Your Driver? 

WHQL's long-term objective is to be able 
to digitally sign all drivers. Although we do 
not currently have test programs for certain 
driver types, such as specialized device 
drivers and software filter drivers, WHQL 
is investigating a long term solution to 
expand the categories of drivers tested 
under Windows 2000 and ultimately all 
Windows operating systems. We are 
already formulating a test program for anti- 
virus file system filters, and plan to address 
other file system filter drivers as soon as 
the initial proeram is in place. 

(a) testing a load module 

havinp at least one specification associated 

The driver will be tested for each version of 
the operating system it supports and against 
the device class specification that apply to 
the device's class. 

The driver package is a load module. A 
driver package contains one or more of the 
following files: 

A device setup information file (INF file) 

f\ OilVCl LaUlJUg ^.tfllj illy 

One or more optional co-installers 

Microsoft operates the Window Hardware 
Quality Lab, which tests drivers submitted 
by driver manufactures. 

The manufacturer can test their own driver 
using the Microsoft testing kit and submit 
the test results to WHQL when requesting a 
signature. Additionally, Microsoft or a 
testing facility working with Microsoft can 
perform the testing. 

The manufacturer- written INF file, which 


. ii 
1- 

Exhibit Ell 


1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24. 
25 
26 

27 

28 


293482.02 


therewith, 


the specification describing one or more 
functions performed by the load module; 


its part of the driver package, is a. 
specification. Microsoft Windows drivers 
rrjust have an INF file in order to be 
installed. 


(b) verifying that the load module satisfies 
the specification; and 


The INF Version section specifies its , 
device class. One use of the device class is 
to identify the. specific Windows 
compatibility specification that relate to the 
device class. These specifications will vary 
by device class in part because the function 
of each device can vary among class. The 
INF incorporates by reference the , 
Microsoft supplied device class-specific 
specification by identifying its class in the 
INF. 

The INF can include operating system 
"decorating" to specify the operating 
system architecture, major and minor 
version, product and suite the driver is 
intended for and can further use this 
decorating to specify what operating 
systems for which it is not intended. 
Because the functionality of each of the 
operating systems may vary the driver must 
be tested for each applicable operating 
system. 

Qualification Service Pol icy Guide - 


Hardware C ate gory Policies 


You must select the correct hardware 
category for your device. If you select the 
wrong hardware category for your device, 
your submission will fail. For example, if 
you have a storage/hard drive device, but 
you select storage/tape drive as your 
hardware category, your submission will 
fail. 

Windows XP HCT 10.0 Q & A - Windows 
XP Logos 

Q: Which "Designed for Windows XP" 
logos are available for my product? 
A: Devices and systems qualify for a 
"Designed for Windows" logo after passing 
testing with the appropriate WHQL test kit 
on all operating systems specified by the 
logo. "Designed for Windows* Logos for Device 
and System Programs lists which logos are 
available for each type of product 


The Microsoft WindowsXP Hardware 
Compatibility Test (HCT) kit version 1 0.0 
includes" the tests, test documentati on/ and 


Exhibit B| 
52 : 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


c) issuing at least one digital certificate 
nesting to the results of the verifying step. 


submission processes that are required to 
participate in the Microsoft Windows Logo 
Program for Hardware for the Windows 
XP Professional operating system. To 
qualify to use the "Designed for Windows." 
logo for hardware, products must pass 
testing with the Microsoft Windows HCT 
kit The HCT kits are of ganized by. 
hardware type. 

As mentioned above, the manufacturer can 
test their own driver using the Microsoft 
testing kit and submit the test results to 
WHQL when requesting a signature. 
Additionally, Microsoft or a testing facility 
working with Microsoft can perform the 
testing. 


When a driver package passes WHQL 
testing, WHQL generates a separate CAT 
file containing a hash of the driver binaries 
and other relevant information, WHQL 
then digitally signs the CAT file using 
Digital Signature cryptographic technology 
and sends it to the vendor. Driver signing 
does not change the driver binaries or the 
INF file submitted for testing. 

Microsoft uses digital signatures for device 
drivers to let users know that drivers are 
compatible with Microsoft Windows XP, 
Windows 2000, and Windows Me. A 
driver's digital signature indicates that the 
driver was tested with Windows for 
compatibility and has not been altered since 
testing. 


. i 

Exhibit b! 

" ' '53 :': 


1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 
.13. 
14 
15 
16 
17 

18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


MTFP TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 

~ INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 6,157,721 



4. 


l first protected processing environment 
omprising: 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 

Passport 

A personal computer running Windows XP, 
Windows 2000, or Windows 2003 


first tamper resistant barrier having a first 
scurity -level, and 


t least one arrangement within the first 
unper resistant barrier that prevents the first 
rotected processing environment from 
xecuting the same load module accessed by a 
econd protected processing environment 
aving a second tamper resistant barrier with a 
econd security level different from the first 
ecurity level. 


The tamper resistant barrier is the Office 2003 
IRM client environment and includes the 
signed digital certificate identifying the user: 

If the certificate is tampered with, or if certain, . 
sensitive IRM processes or modules are 
debugged or tampered with, the system will 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 

Application e.g.. Word. 

The arrangement that prevents a load module 
from running in one PPE and not in another is 
the type and characteristics of a particular Load 
Module (VBA program within a document or 
add-in); i.e., signed, script author, code 
capabilities, etc., and the "Security Level" 
settings. 


i] 

Exhibit B ;! 
54 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,157,721 



Infringing products include Office 2003. and 
included applications, arid Server 2003, 
including Microsoft hosted RMS Seryice using 
Passport 


\ method for protecting a first computing 
irrangement surrounded by a first tamper 
esistant barrier having a first security level, 
he method including: 


The first cpmputing arrangement with a tamper 
resistant barrier is the Office 2003 1RM client 
environment and includes the signed digital . 
certificate identifying the user. 

If the certificate is tampered with, or if certain, 
sensitive IRM processes or modules are ; 
debugged or tampered with, the system will 
cease to operate. 

The computing arrangement is being protected 
from; for example, viruses and malicious code. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application^ e.g.. Word. 


ireventing the first computing arrangement 
rom using the same software module 
ccessible by a second computing arrangement 
laving a second tamper resistant barrier with a 
econd security level different from the first 
ecurity level. 


The arrangement that prevents a load module 
from running in one computing arrangement 
and not in another is the type and 
characteristics of a particular software module 
(VBA program within a document or add-in); 
i.e., signed, script author, code capabilities, 
etc., and the "Security Level" settings. 


ii 


, Exhibit B \\ 
55 ;! 


1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 

21 
22 
23 
24 
25 
26 
27 
28 


rMTrwT RTIXT TECHNOLOGIES CORP. v. MI CROSOFT CORP. 

m£J1 JNTERTMJST INFRINGEMENT CHART 

FOR UJS. PATENT NO. 6,157,721 



protected processing environment 

jmprising: 

first tamper resistant barrier having a first 
;curity level, 


first secure execution space, and 


Infringing products include Office 2003 and 
included applications, and Server2003i 
including Microsoft hosted RMS Service using 

Passport 

A personal computer running Windows XP, 

Windows 2000, or Windows 2003 

The first tamper resistant barrier is the Office 
2003 IRM client environment and includes the 
signed digital certificate identifying the user. If 
the certificate is tampered with, or if certain, 
sensitive IRM processes or modules are 
debugged or tampered with, the system will, 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application e.g.. Word. 


The secure execution space is process space 
allocated by the operating system for the 
Microsoft Office host application to run. This 
host application (e.g., Word) executes the VBA 
code within this process space. 

This execution space (application) is secure 
because the IRM environment takes steps to 
insure that it is "trusted", the application is 
signed, and the document which includes the 
VBA code is protected by IRM policy and then 
encrypted and signed. . , 


t least one arrangement within the first 
amper resistant barrier that prevents the first 
ecure execution space from executing the 
ame executable accessed by a second secure 
xecution space having a second tamper 
esistant barrier with a second security level 
lifferent from the first security level. 


The arrangement that prevents a load module 
from running in one computing arrangement 
and not in another is the type and 
characteristics of a particular software module 
(VBA program within a document or add-in); 
i.e., signed, script author, code capabilities, 
etc., and the "Security Level" settings. 


£*hibit«i 

" 56 :i 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 

11 

12 

13. 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
1NTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,157,721 


34. 


Product Infringing: Microsoft Common Language 
Runtime and ASP.WET 


A protected processing environment 
comprising: 


Microsoft Common Language Runtime and 
ASP.NET 


a first tamper resistant barrier having a 
first security level, 


TAMPER RESISTANT BARRIER 
The first tamper resistant barrier is the application . 
domain in the CLR. The runtime hashes the 
contents of each file loaded into the application 
domain and compares it with the hash value in the 
manifest If two hashes don't match, the assembly 
fails to load.[l] 

Also "Code running in one application cannot 
directly access code or resources from another 
application. The common language runtime 
enforces this isolation by preventing direct calls 
between objects in different application domains. 
Objects that pass between domains are either 
copied or accessed by proxy. n [2] 

SECURITY LEVELS 

The security levels of the! application domain if 
different by setting the trust level assigned to an 
outside application using the "trust" element in the 
web.config for the ASP.NET application. 
Syntax- 

<trust leveI="Full/High/Low/None" 
originUrl=^url'7> 

Example- 

<uust levd="Hieh" 

ori 8 inUri-http^/v^vw.SomeOtherCompany.com/defaul 
t.aspx/> 

[7] 


a first secure execution space, and 


at least one arrangement within the first 
tamper resistant barrier that prevents the 
first secure execution space from 
executing the same executable accessed 
by a second secure execution space 
having a second tamper resistant barrier 
with a second security level different from 
the first security level. • — 


The application domain is the execution space for a 
particular application. 


The second secure execution space is another 
application domain that has a different trust level for 
an outside application. 

If second app domain gives Full trust to the outside 
application; whereas the first one doesn't, the first 
app domain won't be able to execute the application 
that requires full trust permission. : 


References: 
ILL 


■ ■ 

•i 

Exhibit B!! 
57 


1 

2 
3 
4 
5 
6 
7 
8 
9 
JO 
11 
12 

13 
14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


www.microsoft.com/gerinany/ms/insdnbiblio/do 

tnetrk/doc/assembly.doc 

[2] msdn.Microsoft.com/library/en- 

us/cpguide/html/ 

cpconapplicationdomainsoverview.asp?frame=tr 
ue 

[ 7] LaMacchia,etc, .NET Framework Securit y. 
Addision-Wesley, 2002 


i! 

Exhibit B| 
'58 i 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,157,721 


34. 


Product Infringing: Products containing 
Microsoft Common Language Runtime or 
Compact Common Language Runtime and 
products implementing the Common Language 
Infrastructure specification. 


A protected processing environment 
comprising:. 


a first tamper resistant barrier having a first 
security level, 


Microsoft Common Language Runtime and 
.NET Framework SDK: 


TAMPER RESISTANT BARRIER 
The first tamper resistant barrier is the 
application domain in the CLR. The runtime * 
hashes the contents of each file loaded into thie 
application domain and compares it with the . 
hash value in the manifest If tw6 hashes don't 
match, the assembly fails to load. [1] 

Also "Code running in one application cannot 
directly access code or resources from another 
application. The common language runtime 
enforces this isolation by preventing direct 
calls between objects in different application 
domains. Objects that pass between domains 
are either copied or accessed by proxy '."[2] 

SECURITY LEVELS 

Application domains have different security 
levels by setting security policy of the 
application domain programmatically. [3] 
"It has different security based on code-based 
security model of.NET Administrators and 
hosts use code-access security to decide what 
code can do, based on characteristics of the 
code itself regardless of what user is executing 
the code. The code characteristics are called 
evidence and can include the Web site or zone 
from which the code was downloaded, or the 
digital signature of the vendor who published 
the code." 

"When the security manager needs to 
determine the set of permissions that an 
assembly is granted by security policy, it starts 
with the enterprise policy level Supplying the 
assembly evidence to this policy level will 
result in (he set of permissions granted from 
that policy level. The security manager 
typically continues to colled the permission 
sets of the policy levels below the enterprise 
policy fincludine the am) domain! in the same 


.41 
il 

Exhibit Bli 
59 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


fashion. These permission sets are then 
intersected to generate the policy system 
permission set for the assembly. All levels must 
allow a specific permission before it can make 
it into the granted permission set for the 
assembly" 

Example of granted permission sets from a . 
policy— 

Condition: AH code, Permission Set: Nothing 

Condition: Zone: Internet, Permission Set: Internet Condition: URL: 
www. monaskediL au, Permission Set: MonashPSet 
Condition: Strong Name: m-Commerct, Permission Set: m- • 
CommereePSet [4] 

Another difference in security levels can be 
whether the verification process is turned off or 
on, "Managed code must be passed through a 
verification process before it can be run 
(unless the administrator has granted 
permission to skip the verification). The 
verification process determines whether the 
code can attempt to access invalid memory 
addresses or perform some other action that 
could cause the process in which it is running 
to fail to operate properly Code that passes 
the verification test is said to be type-safe. The 
ability to verify code as type-safe enables the 
common language runtime to prqvide as great 
a level of isolation as the process boundary, at 
a much lower performance cost" [5]* 


a first secure execution space, and 


The application domain is the execution space 
for a particular application. 


it least one arrangement within the first tamper 
esistant barrier that prevents the first secure 
execution space from executing the same 
executable accessed by a second secure 
execution space having a second tamper 
esistant barrier with a second security level 
lifferent from the first security level. 


The second secure execution space is another 
application domain that has a different security 
policy than the first. 

If second app domain's security policy doesn't 
give any permission to code from internet 
zone, but first app domain does, then the code 
would run in first app domain and not in 
second, f 6] 


References: 

www,microsoftxom/gennany/ms/msdnbibl 

io/dotnetrk/doc/assembly.doc 

[2] msdn.Microsoft.conl/library/en- 

us/cpguide/html/ 

cpcQnapplicaUondpmainsoverview.asp?fra 
me=true ■■_ '_ j 


li 

Exhibit B|j 
60 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


• \ 


[3] I^aMacchia.etc. ,NET Framework 
Securit y, Addisipn-Wesley, 2002, p.l 13 
[4] Watkins, Demien, "An Overview of 
Security in the .NET Framework", from 

VlSDN Library, January 2002 

5] same as [2] 

6] msdn.Microspft.com/library/en- 
. us/cpguide/html/ 

. cpconapplicationdomainlevelsecuritypolicy 
.asp?frame= = tme 


■ ti 

Exhibit Bii 

<6\ -! 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. r. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,157,721 



M$0&<3B-l 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosrted RMS Service using 
Passport 


^ method for protecting a first computing 
irrangement surrounded by a first tamper 
esistant barrier having a first security level, 
he method including: 


The first computing arrangement surrounded by 
a tamper resistant barrier is the Office 2003 
IRM client environment and includes the 
signed digital certificate identifying the user. If 
the certificate is tampered with, or if certain, 
sensitive IRM processes or modules are 
debugged or tampered with, the system, will 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application. e.g.. Word. 


)reventing the first computing arrangement 
rom using the same software module accessed 
)y a second computing arrangement having a 
lecond tamper resistant barrier with a second 
;ecurity level different from the first security 
evel. 


The computinjg arrangement that prevents a 
software module from running in one 
computing arrangement and not in another is 
the type and characteristics of the particular 
software module (VBA program within a 
document or add-in); i.e., signed, script author, 
code capabilities, etc.; and the "Security Level" 
settings. 


1! 

Exhibit3 'H 
62 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
It 
2' 
21 


INTERTRUST TECHNOLOGIES CORP.' v. MICROSOFT CORP. 

INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 6,185,683 


Product Infringing: Windows Media Rights 
Manager and Windows Media Play er 


system including: 


) a first apparatus including, 
(1) user controls, 


(2) a communications port, 


(3) a processor, 


(4) a memory storing: 


(i) a first secure container containing 
a governed item, the first secure 
container governed item being at 
least in part encrypted; the first 
secure container having been 
revived from a & **mA apparatus: 


(ii) a first secure container rule at least 
in part governing ah aspect of 
access to or use of said first secure 
container governed item, the first 
secure container rule [sic], the first 
secure container rule having been 
received from a third apparatus 
different from said second 
ap paratus: and 


(5) hardware or software used for 
receiving and opening secure 
containers, said secure containers each 
including the capacity to contain a 
governed item, a secure container rule 
being associated with each of said 
«y.nre containers: 


(6) a protected processing environment at 
least in part protecting information 
contained in said protected processing 
environment from tampering by a user 
of said first apparatus, said protected 
processing environment including 
hardware or software used for 
applying said first secure container 
rule and a second secure container rule 
in combination to at least in part 
govern at least one aspect of access to 
or use of a governed item contained in 
a secure container: and 


(7^ hardware or software used for 


Consumer's computer, as shown in WMRM 

SDK *- — 

Consumer's computer, as shown in WMRM 

SDK 


Consumer's computer, as shown in WMRM 
SDK 


Consumer's computer, as shown in WMRM 
SDK 


Consumer's computer, a$ showr> in WMRM 

SDK — 

Secure container (packaged Windows Media 
file) received by consumer's computer from 
"Content provider" ( WMRM SDK, Step 3), 
which contains encrypted governed item 
("Encrypted content") 


Rights portion of signed license, received by 
consumer's computer from "License issuer" 
(WMRM SDK, Step 9) 


Windows Media Player and Windows Media 
Rights Manager 


1 st and 2nd rules consist of any two valid rules 
as specified in the Window Media Rights 
Manager SDK; protected processing 
environment includes Windows Media Rights 
Manager and Windows processes for 
protecting operation of Windows Media Rights 
Manager. Licenses can be used to convey 
multiple rules. 


Anv hardware or software, employed in 


Exhibit B 


transmission of secure containers to 
other apparatuses or for the receipt of 
secure containers from other 
a pparatuses. 


transmitting Windows Media files, including 
for example consumer's computer's 
communication port and Windows Media 
Player fWMRM SDK. Step 3^> _ 


Exhibit B 
64 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


JNTERTJtUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 


^ system including: 


l first apparatus including, 
iser controls, 
, communications port, 
processor, 
memory storing: 


A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 


first secure container containing a governed 
Lem, the first secure container governed item 
eing at least in part encrypted; the first secure 
ontainer having been received from a second 
pparatus; 


An encrypted IRM-governed email received 
from a remote computer. The encrypted IRM- 
govemed email contains an encrypted IRM- 
govemed email message. 


first secure container rule at least in part 
overning an aspect of access to or use of said 
irst secure container governed item, the first 
2cure container rule, the first secure container 
jle having been received from a third 
pparatus different from said second 
pparatus: and 


The first secure container rule is received from 
the RMS server in the form of a use license. 

This use license contains rules generated by the 
RMS server specifically for the user (or user's 
group) 


ardware or software used for receiving and 
pening secure containers, 

lid secure containers each including the 
apacity to contain a governed item, a secure 
ontainer rule being associated with each of 
lid secure containers; 


protected processing environment at least in 
art protecting information contained in said 
rotected processing environment from 
impering by a user of said first apparatus, 

iid protected processing environment 
icluding hardware or software used for 
pplying said first secure container rule and a 
jcond secure container rule in combination to 
: least in nart govern at least one aspect of 


The RM-enabled device contains hardware or 
software for receiving and opening secure 
emails. 

The secure email has the capacity to contain an 
IRM-govemed email message, with a rule 
being associated with each emaiL 

The rules associated with the secure emails are 
rules that come as part of the original email as 
well as rules that come back from the RMS. 


Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic techniques. 


The rule governing the email works together 
with an additional rule to determine what 
access to or use (if any) are allowed with 
respect to the IRM-govemed email message. 
FoTiiexamnle. the additional rule mav he 


Exhibit B 


I 
2 
3 
4 
. 5 
6 
7 
8 
9 
!0 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


access to or use of a governed item contained 
in a secure container; and 

received together with the rule in the use 
license. 

hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 

The device includes hardware or software used 
for transmitting or receiving secure emails. For 
example, RM-enabled OUTLOOK is designed 
to transmit and receive encrypted 1RM- 
governed emails lo/from other devices. 


Exhibit B 
66 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


rimmitS T TECHNOLOGIES CORP. v. MICROSOFT CORP. 

INTERTRUST INFRINGEMENT CHART 

FOR U.S. PATENT NO. 6,185,683 



system including: 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport - 


first apparatus including, 
ser controls, 
communications port, 
processor, 
memory storing: 


A device with user controls, a communications 
port, a processor, and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. • 


first secure container containing a governed 
em, the first secure container governed item 
eing at least in part encrypted; the first secure 
ontainer having been received from a second 
pparatus; 


The first secure container is an encrypted IRM- 
protected document 

This encrypted IRM-governed document is, for 
example, received from a remote computer, as 
an attachment to an IRM-governed email or 
downloaded from a document server or web 
site. 


first secure container rule at least in part 
oveming an aspect of access to or use of said 
irst secure container governed item, the first 
ecure container rule, the first secure container 
ale having been received from a third 
pparatus different from said second 
pparatus: and 


The first secure container rule is received from 
the RMS server in the form of a use license. 

This use license contains rules generated by the 
RMS server specifically for the user (or user's 
group). 


ardware or software used for receiving and 
pening secure containers, 

aid secure containers each including the 
apacity to contain a governed item, a secure 
ontainer rule being associated with each of 
aid secure containers; 


The RM-enabled device contains hardware or 
software for receiving and opening secure 
documents. 

The secure documents have the capacity to 
contain IRM-governed content, with a rule 
being associated with each secure document. 

The rules associated with said secure 
documents are the rules that come as part of the 
originally received document as well as rules 
that come hack from the RMS server, 


i protected processing environment at least in 
>art protecting information contained in said 
protected processing environment from 
ampering by a user of said first apparatus, 


Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic technique. 

The rule governing the document works 


Exhibit B 

r *67 


] 

A 

t 
1 

8 
9 
10 
11 
12 
13 
14 
15 
16 

17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


said protected processing environment 
including hardware or software used for 
applying said first secure container rule and a 
second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container; and " 


hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 


together with an additional rule to determine 
what access to or use (if any) are allowed with 
respect to the IRM-governed document For 
example, the additional rule may be associated 
^with an email to which the document was 
attached, or received together with the rule in . 
the use license. . 

The device includes hardware or software used 
for transmitting or receiving secure documents. 
For example, RM-enabled OUTLOOK is 
designed to transmit and receive' to/from other 
■ devipes emails with DlM-governed documents 
attached thereto. ' ' '■ 


Exhibit Bi! 
68 


.) 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 


21 
22 


23 


24 
25 
26 


27 


28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 


3. 


A system including: 


a first apparatus including, 
user controls, 
a communications port, 
a processor, 
a memory storing: 


Infringing products include Office 2003 aiid 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 


a first secure container containing a governed 
item, the first secure container governed item 
?eing at least in part encrypted; 


a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item; and 


a second secure container containing a digital 
certificate; 


hardware or software used for receiving and 
opening secure containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
container rule being associated with each of 
said secure containers: 


a protected processing environment at least in 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
I includine hardware or software used for 


A device with user controls, a communications 
port, a processor and memory. Tor example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 


The first secure container containing a 
governed item is an IRM protected email. 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 


The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 


The second secure container is the IRM 
protected attachment's derived license request 
object 

The license request object contains this 
Publishing license and a signed digital 
certificate. 


The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 


Protected information on the RM-enabled 
computer is protected by the use of at least 
cryptographic techniques. 


The rules governing the email itself (first 


293482.02 


> Exhibit $ 

~ 69 * : 


i 

2 

3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17. 
18 

19 

20 

21 

22 

23 

24... 

25 

26 

27 

28 


applying said first secure container rule and a 
second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 

in a secure container: and ■ 

hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 


secure container rule) and the rules .governing 
the attachment work together to determine what 
access to or use (if any) will be allowed with 
respect to the governed item. 

IRM-enabled applications, e.g., OUTLOOK, 
are designed to transmit and receive RM 
secured containers to/from other computers. 


ExbfcitB 11 
70 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 

16 
17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


INTERTRUST TECHNOLOGIES CORP. r. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR ILS. PATENT NO. 6,185,683 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 


^ system including: 


i first apparatus including, 
tser controls, 
communications port, 
processor, 
memory storing: 


A device with user controls, a communications 
port, a processor and memory* For example, . 
the user controls may be a keyboard and ' 
mouse, the communications port may be a \i\C 
card with an Ethernet port, the processor may . 
be a CPU, and the memory may be a hard-drive 
orRAM. 


first secure container containing a governed 
em, the first secure container governed item 
eing at least in part encrypted; 


The first secure container containing a 
governed item is an IRM protected document, 
which is an attachment within an IRM 
protected email message. The governed item is 
the document's content. 

Both the email message and attachment are 
encrypted and have associated usage rules due 
to DIM protection. 


first secure container rule at least in part 
overning an aspect of access to or use of said 
rst secure container governed item: and 


A use license for the IRM protected document 
specifies rules governing access to or use of 
said first secure container governed item. 


second secure container containing a digital 
irtificate; 


The second secure container is the IRM 
protected email message. 

The IRM protected attachment includes a 
publishing license and an owner certificate, 
both of which are signed XrML digital 
certificates. 

The attachment (including embedded 
certificates) is contained within the IRM 
protected email message (said second secure 
container). _ • 


irdware or software used for receiving and 
>ening secure containers, 

id secure containers each including the 
ipacity to contain a governed item, a secure 
mtainer rule being associated with each of 
lid secure containers: 


The RM (IRM) enabled computer has software 
for receiving and opening secure containers* 

The IRM secure containers have capacity to 
cojitain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 


protected processing environment at least in 
irt protecting information contained in said 
otected processing environment from . 


Protected information on the RM-enabled 
computer is protected, by the use of at least 
cryptographic techniques. . 


Exhibit B !i 
71 * : 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


mpering by a user of said first apparatus, 

id protected processing environment 
eluding hardware or software used for 
>plying said first secure container rule and a 
:cond secure container rule in combination to 
least in part govern at least one aspect of 
:cess to or use of a governed hem contained 

a secure container: and : 

irdware or software used for transmission of 
:cure containers to other apparatuses or for 
e receipt of secure containers from other 
)paratuses. 

A system as in claim 3. . — 

lid memory storing a rule associated with 
lid second secure container, said rule 
isociated with said second secure container at 
ast in part governing at least one aspect of 
rr+ss to or use- nf said digi tal certificate. 


The rules governing the attachment (first secure 
container rule) and the rules governing the 
email message (second secure container rule) 
work together to determine what access to or 
use (if any) will be allowed with respect to the 

governed item." ■ ■ ■ — '■ — . 

RM-enabled applications, e.g., OUTLOOK, are 
designed to transmit and receive RM secured 
containers to/from other computers. 


All parts of the attachment (including 
embedded signed XxML licenses/certificates) 
are protected by the enclosing email message 
and governed by the associated email rules 
(second sectire container rulel. 


Exhibit B y 
72 ! 


1 

2 
* 3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 


CLAIM LANGUAGE 


CLAIM OF INFRINGEMENT 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport • . , 


V system including: 


t first apparatus including, 
iser controls, 
i communications port, 
\ processor, 
memory storing: 


A device with user controls, a cofnmunications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drivd 
or RAM. I 


first secure container containing a governed 
tern, the first secure container governed item 
eing at least in part encrypted; 


first secure container containing a governed 
item is an IRM protected email. 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 


first secure container rule at I east in part 
overning an aspect of access to or use of said 
irst secure container governed item; and 


The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 


second secure container containing a digital 
ignature, the second secure container being 
ifferent from said first secure container, 


The second secure container is the IRM 
protected attachment's derived license request 
object. 

The license request object contains the 
Publishing license and a signed digital 
certificate. 


ardware or software used for receiving and 
penirig secure containers, said secure 
ontainers each including the capacity to 
ontain a governed itern, a secure container 
lie being associated with each of said secure 
ontainers; 


The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. . 


protected processing environment at least in 
art protecting information contained in said 
rotected processing environment from 
impering by a user of said first apparatus, 

aid protected processing environment 
icluding hardware or software used for 
rcnlving said first secure container rule and a 


Protected information on the RM-enabled 
computer is protected by the use of at least 
cryptographic techniques. 


The rules governing the email itself (fust 
secure container rule^ and the rules governing 


Exhibit Bj 

; 73 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


) 


second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container and 


the attachment will work together to determine 
what access to or use (if any) will be allowed 
with respect to the governed item. 


hardware or software used for transmission of 
secure containers to other, apparatuses or for 
the receipt of secure containers, from other 
a pparatuses. . ■_ '. 


RM-enabled applications, e.g., OUTLOOK, are 
designed to transmit and receive RM secured 
containers to/from other computers. 


. Exhibit Bj| 
74 •' 


1 

2 
3 
.4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 


INTERTRUST TECHNOLOGIES CORP. v- MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



5. 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 


A system including: 


a first apparatus including, 
user controls, 
a communications port, 
a processor, 
a memory storing: 


A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. *' 


a first secure container containing a governed 
item, the first secure container governed item 
being at least in part encrypted; 


first secure container containing a governed 
item is an IRM protected email. 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 


a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item; and 


The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 


a second secure container containing a digital 
signature, the second secure container being 
different from said first secure container; - 


The second secure container is the IRM email 
attachment. 

This attachment and its publishing license are 
signed. 


hardware or software used for receiving and 
opening secure containers, said secure 
containers each including the capacity to 
contain a governed item, a secure container 
rule being associated with each of said secure 
containers; 


The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 


a protected processing-environment at least i 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software, used foi 
annlving said first secure container rule and a 


Protected information on the RM-enabled 
computer is protected by the use of at least 
cryptographic techniques. 


The rules governing the email itself (first 
secure container ruto and the rules governing 


Exhibit B [ 


1 

2 
. 3 
.4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


second secure container rule in combination to . 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container and 


the attachment work together to determine what 
access to or use (if any) will be allowed with 
respect to the governed item. 


hardware or software used for transmission of 
secure containers to other apparatuses or for 
thereceipt of secure containers from other 
a pparatuses. ■• • 


RM-enabled applications, e.g., OUTLOOK,are 
designed to transmit and receive RM secured 
containers to/from other computers. 


Exhibit B 

76 " 


) 


1 

2 

3 

4 

5 

6 

7 

8 

9 

10 

11 

12 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT COR P 
INTERTRUST INFRINGEMENT CHART " 
FOR ILS. PATENT NO. 6,185,683 


13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 


28 


293482.02 


5. 


A system including: 


a first apparatus including, 
user controls, 
a communications port, 
a processor, 
a memory storing: 


a first secure container containing a governed 
item, the first secure container governed item 
being at least in part encrypted; 


a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item: and 


a second secure container containing a digital 
signature, the second secure container being 
different from said first secure container; 


Infringing products include Office 2003 and 
included applications, arid Server 2003, 
including Microsoft hosted RMS Service using 
Passport 


A device with user controls, a communications 
port, a processor and memoiy. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 


The first secure container containing a 
governed item is an IRM protected document, 
which is an attachment within an IRM 
protected email message. The governed item is 
the document's content 

Both the email message and attachment are 
encrypted and have associated usage rules due 
to IRM protection. 


A use license for the IRM protected document 
specifies rules governing access to or use of 
said first secure container governed item. 


hardware or software used for receiving and 
opening secure containers, said secure 
containers each including the capacity to 
contain a governed item, a secure container 
rule being associated with each of said secure 
containers: 


a protected processing environment at least in 
nart protecting information contained in said 


The second secure container is the IRM 
protected email message. 

The IRM protected attachment includes a 
Dublishing license and an owner certificate, 
both of which are signed XrML digital 
certificates. 

The attachment (including embedded 
certificates) is contained within the IRM 
protected email message {said second secure 
container). 


The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 


Protected information on the RM-enabled. 
computer is protected hv the use of at least 


Exhibit B 
11 


1 

2 

3 

4 

5 

6 

7 

8 

9 
10 
11 
12 

13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


rotected processing environment from 
impering by a user of said first apparatus, 

lid protected processing environment 
icluding hardware or software used for 
pplying said first secure container rule and a 
scond secure container rule in combination to 
t least in part govern at least one aspect of 
ccess to or use of a governed item contained 
i a secure container: and 


cryptographic techniques. 


The rules governing the attachment (first secure 
container rule) and the rules governing the 
email message (second secure container rule) 
work together to determine what access, to or 
use (if any) will be allowed with' respect to the 
governed item 


ardware or software used for transmission of 
ecure containers to other apparatuses or for 
ie receipt of secure containers from other 


RM-enabled applications, e.g., OUTLOOK, are 
designed to transmit and receive RM secured 
containers to/from other computers. 


. A system as in claim 5, 

aid memory storing a rule at least in part 


aiu uiciuui/ ovvFiiii^ « * *** * — - 

oveming an aspect of access to or use of said 
igital signature. 


All parts of the attachment (including 
embedded signed XrML licenses/certificates) 
are protected by the enclosing email message 
and governed by the associated email rules 
(second secure container rule"). 


Exhibit B ji 
'"78 


1 

2 
3 
4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

t . } 

INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
FOR U.S. PATENT NO. 6,185,683 



28. v 

Infringing products include Office2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 

A system including: 

• 

a first apparatus including; 
user controls, 
a communications port, 
a processor, 

a memory containing a first rule, 

A device with user controls, a communications 
port, ai processor and memory/ For example, 
the user controls may be a keyboard and" 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
orRAM. . ' 

The first rule governs use of an IRM protected 
document (e.g., an IRM rule permitting a . 
document to be read by specified users or 
barring access to IRM-govemed information 
from specified users, applications, or other 
principals!. 

hardware or software used for receiving and 
opening secure containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
container rule being associated with each of 
said secure containers; 

The RM-enabled device contains hardware or 
software for receiving and opening secure 
containers. 

The secure email has the capacity to contain an 
IRM-govemed email message, with a rule 
being associated with each email. 

19 
20 
21 
22 
23 
24 
25 
26 

JL 1 

28 - 

a protected processing environment at least in 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software used for 
aDnlvirie said first rule and a secure container 
rule in combination to at least in part govern .at 
least one aspect of access to or use of a 
governed item; and 

Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic techniques. 

The secure container rule is an IRM rule 
governing access to the IRM protected 
document (e.g., a rule permitting editing by 
soecified users! 

The rule governing the email works together 
with an additional rule to determine what 
access to or use (if any) are allowed with 
respect to the IRM-governed email message 
(the document's content). For example, the 
additional rule may be received together with 
the rule in the use license, may be associated 
with a publishing license, may be associated 
with user certification, revocation lists, or 
exclusion policies, or may be received from 
anv other source. 


lardware or software used for transmission of 

The device includes hardware or software used 


" . . . ii . - * * 

Exhibit B 1 
79 


I 

2 
3 
4 
5 
6 
7 
8 
9 
10 
II 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses; and 


for transmitting or receiving secure containers. 
For example, RM-enabled OUTLOOK is 
designed to transmit and receive encrypted 
IRM-governed emails to/from other devices; 


a second apparatus including: 


user controls, 

a communications port, 

* processor, 

i memory containing a second rule, 


A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse; the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 

The second rule governs use of an IRM . 
protected document (e.g., an IRM rule 
permitting a document to be read t>y specified 
users or barring access to IRM-governed 
information from specified users, applications,- 
or other principals! 


Lardware or software used for receiving and 
►pening secure containers, 

aid secure containers each including the 
apacity to contain a governed item, a secure 
ontainer rule being associated with each of 
aid secure containers: . • 


protected processing environment at least in 
art protecting information contained in said 
rotected processing environment from 
impeiing by a user of said apparatus, 

aid protected processing environment 
lduding hardware or software used for 
pplying said second rule and a secure 
ontainer rule in combination to at least in part 
overn at least one aspect of access to or use 
fa governed item; 


The RM-enabled device contains hardware or 
software for receiving and opening secure 
containers. 

The secure email has the capacity to contain an 
IRM-governed email item, with a rule being 
associated with each secure containers. 


Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic technique. 

The secure container rule is an IRM rule 
governing access to the IRM protected 
document (e.g., a rule permitting editing by 
specified users). 

The rule governing the email works together 
with an additional rule to determine what 
access to or use (if any) are allowed with 
respect to the IRM-governed item (the 
document's content). For example, the 
additional rule may be received together with 
the rule in the use license, may be associated 
with a publishing license, may be associated 
with user certification, revocation lists, or 
exclusion policies, or may be received from 
any other source. . 


ardware or software used for transmission of 
icure containers to other apparatuses or for 
ie receipt of secure containers from other 
jparatuses; and 


The device includes hardware or software used 
for transmitting or receiving secure containers. 
For example, RM-enabled OUTLOOK is 
designed to transmit and receive encrypted 
IRM*g6verned emails to/from other devices. 


) electronic intermediary, said intermediary 
eluding a user rights authority clearinghouse. 


The RMS Server (Microsoft hosted or 
otherwise) constructs a 'use license' specific to 
a piece content and targets it to a specific user. 


Exhibit Bii 
80 1 


1 

2 
3 

.4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


29. A system as in claim 28, said user rights 
authority clearinghouse operatively connected 
to make rights available to users. 


.' The RMS server sends use licenses to users 
through a communications port, e.g., Ethernet, 
serial, satellite, "the internet" 
These use licenses include rights. 

The clearing functionality of the RMS is 
operatively connected to the RMS server. 


.Exhibit Bj 
81 " 


1 

2 
3 
4 
5 
6 
7 
8 
9 
JO 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


JNTERTRUST TECHNOLOGIES CORP. r. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 


28. 


Product Infringing: Windows Media Rights 
Manager and Windows Media Player / 


A system including: 


(a) a first apparatus including; 


Consumer's computer, as shown in WMRM 
SDK • 


(1) user controls, 


Consumer's computer, as shown.in WMRM 
SDK • 


(2) a communications port, 


Consumer's computer, as shown in WMRM 

SDK • 


(3) a processor, 


Consumer's computer, as shown in WMRM 
SDK ' 


(4) . a memory ; containing a first rule, 


Memory is in the consumer's computer, first 
rule is a right received as part of a signed 
license (WMRM SDK, Step 9) 


(5) hardware or software used for 
receiving and opening secure 
containers, said secure containers 
each including the capacity to contain 
a governed item, a* secure container 
rule being associated with each of 
said secure containers: 


Consumer's computer receives Windows 
Media file (secure container) via 
communications port (WMRM SDK, Step 3) 
and applies secure container rule or rules via 
Windows Media Player and Windows Media 
Rights Manager. 


(6) a protected processing environment at 
least in part protecting information 
contained in said protected processing 
environment from tampering by a 
user of said first apparatus, said 
protected processing environment 
including hardware or software used 
for applying said first rule and a 
secure container rule in combination 
to at least in part govern at least one 
aspect of access to or use of a 
governed item: and 


Processing environment includes Windows 
Media Rights Manager and Windows 
processes for protecting operation of Windows 
Media Rights Manager 


(7) hardware or software used for 

transmission of secure containers to 
other apparatuses or for the receipt of 
secure containers from other 
a pparatuses: an d 


Hardware or software employed in transmitting 
Windows Media files, including for example 
consumer's computer's communication port 
and Windows Media Player (WMRM SDK, 
Step 3) 


V) a second apparatus including: 


2nd consumer's computer 


(IV user controls. 


2nd consumer's computer 


(2) a communications port. 


2nd consumer's computer 


(3) a processor. 


2nd consumer's computer 


(4) a memory containing a second rule, 


Memory is in the 2nd consumer's computer, 
first rule is a Right received as part of a signed 
license (WMRM SDK, Step 91 


2nd consumer's computer receives Windows 
Media file (secure container) via 
communications port (WMRM SDK, Step 3) 
and applies secure container rule or rules via 


(5) hardware or software used foi 
receiving and opening secure 
containers, said secure containers 
each including the capacity to contain 


Exhibit B il 
:r7 82 ? i 


1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 

18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


a governed item, a secure container 
rule being associated with each of 
said secure containers: ' 


Windows Media Player and Windows Media 
Rights Manager. 


(6) a protected processing environment at 
least in part protecting information 
contained in said protected processing 
environment from tampering by a 
user of said apparatus said protected 
processing environment including 
hardware or software used for . 
applying said second rule and a 
secure container rule in combination 
to at least in part govern at least one 
aspect of access to or use of a 
governed item; 


Processing environment includes Windows 
Media Rights Manager and Windows 
processes for protecting operation of Windows 
Media Rights Manager; processing 
environment applies multiple rules in 
combination - • ■ * 


(7) hardware or software used for 

transmission of secure containers to 
other apparatuses or for the receipt of 
secure containers from other 
a pparatuses: and 


Hardware or software employed in transmitting 
Windows Media files, including for example 
2 nd consumer's computer's communication 
port and Windows Media Player, (WMRM 
SDK. Step 3) 


c) an electronic intermediary, said 
intermediary including a user rights 
authority clearinghouse. 


License Issuer 


9. A system as in claim 28. 


>aid user rights authority clearinghouse 
peratively connected to make rights available 
3 users. 


License Issuer, operatively connected to 
consumer's computer (WMRM SDK, Step 9) 


\ r Exhibit Bli 

'83 :i 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 


INTERTRUST INFRINGEMENT CHART 
FOR U.S, PATENT NO- 6,185,683 


56. 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 


\ method of securely delivering an item, 
ncluding the following steps: 


>erforming an authentication step; 


The RM-enabled application, e.g., Word, 
OUTLOOK, PowerPoint, etc., must be 
authenticated before it is allowed access to or 
use of the content. 


issociating a digital signature with said item: 


The RM protected content is signed . 


ncorporating said .item into a first secure 
lectronic container, said item being at least in 
►art encrypted while in said container, 

aid incorporation occurring in an apparatus 
ontaining a first protected processing 
nvironment, said protected processing 
nvironment at least in part protecting 
^formation contained in said protected 
rocessing envirotunent from tampering by a 
ser of said apparatus: 


RM-protected content is packaged with rules 
and encrypted. 


Protected information on the RM enabled 
computer is protected by the use of at least 
cryptographic techniques. 


3 said protected processing environment, 
ssociating a first rule with said first secure 
lectronic container, said first rule at least in 
art governing at least one aspect of access to 
r use of said item: 


The IRM-prdtected document (said item) has 
an associated rule or rules. 


uthenticating an intended recipient of said 
em; 


A recipient of IRM-protected content must be 
authenticated before being allowed access to or 
use of the content 


ansmitting said first secure electronic 
ontainer and said first rule to said intended 
>cipient: and . 


The document is sent via IRM-protected email 
as an attachment. 


sing a second protected processing 
nvironment, providing said intended recipient 
zcess to at least a portion of said item, 

lid access being governed at least in part by 
lid first rule and by a second rule present at 
aid intended recipient's site. 


The email is received at another IRM-enabled 
computer. 


The first said rule is the rule(s) associated with 
the attached document, and the second rule is 
the rule(s) received that govern the email itself 


Exhibit B |j 
8'4 


1 

2 
3 
4 
5 
6 
7 
8 
9 

' 10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
.24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP; v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 


126. 


Product Infringing: Windows Hardware 
Quality Labs Authentication services, 
Windows, operating Systems (such as 
Windows XP) that support the driver 
signing features, and any product using 
Driver Signing feature 


A method of providing trusted intermediary 
services including the following steps 


at a first apparatus, receiving an item from 
a second apparatus; 


Microsoft's Window Hardware Quality . 
Labs (WHQL) (first apparatus) receiving 
driver package (item) from independent 
hardware vendor (IHV) or any driver 
developer (second apparatus^ l 


associating authentication information with 
said item; 


The signature information of a security 
catalog file (see next element of claim) 
names Microsoft as the publisher, 
WHQL's signature is intended to signify 
that a driver has complied with Microsoft's 
Windows compatibility and/or Secure 
Audio Path (SAP) specifications. 


ncorporating said item into a secure digital 
container; 


The hashes of the files making up the 
driver package are included in the signed 
security catalog file for the driver package. 
The catalog file makes the driver package a 
secure digital container. 


tssociating a first rule with said secure 
ligital container, said first rule at least in 
)art governing at least one aspect of access 
o or use of said item; 


Driver developers specify rules in an INF 
file that govern the installation and/or use 
of the driver. For example, as specified in 
the INF, the installation events will vary 
based on the user's operating system 
version, which includes architecture, 
product type and suite. The INF logging 
rules and can further specify security rules 
that are evaluated when the driver is used. 

White Paper - Operating-System 
Versioning for Drivers under Windows XP 

Setup selects the [Models] section to use 
biased on the following rules: 

If the INF contains [Models] sections for 
several major or minor operating system 
version numbers, Setup uses the section 
with the highest version numbers that are 
not higher than the operating system 
version on which the installation is taking 
place. 


. Exhibit B i| 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


If the INF [Models] sections that match the 
operating system version also include 
product type decorations, product suite 
decorations, or both, then Setup selects the 
section that most closely matches the 
running operating system. 

Suppose, for example, Setup is running on 
Windows XP Professional^ which is 
operating system version 5.1), and it finds 
the following entry in a [Manufacturer] 
section: 


%FooCorp% 
NT....0x80 


=FooMfg, NT, NT..5; NT.5.5, 


In this case, Setup will look for a [Models] 
section named [FooMfg.NT.5]; Setup will 
also use the [FooMfg.NT.5J section if it is 
running on a Datacenter version of 
Windows .NET Server, because a specific 
major/minor version takes precedence over 
the product type and suite mask. 

For example, to create ah INF that is 
intended for use only on Windows XP, the 
INF file could contain the following: 

[Manufacturer] 

Too Corp." - FooMfg, NT.5. 1 , NT.5.2 
[FooMfg.NT.5.1] 

Too Device" = FooDev, TOO 1234 

Note the omission of the undecorated 
TboMfg] section, as well as the omission 
of the [FooMfg.NT.5.2] section. This INF 
file would appear to be "empty" on any 
operating system other than Windows XP. 

Access Control List Rules 


XP DDK - Tightening File-Open 


Security in a Device INF File 


; or Microsoft Windows 2000 and later, 
Microsoft tightened file-open security in 
the class installer INFs for certain device 
classes, including CDROM, DiskDrive, 
T)C, FloppyDisk, HDC, and - 
SCSIAdapter. 

f you are unsure whether the class installer 
or your device has tightened security on 
lie opens, you should tighten security by 
using the device's INF file to assign a value 
to the DeviceCharacteristics value name 
in the registry. Do this within an add- 


293482.02 


Exhibit B 
'86 


) 


regisiry-section, which is specified using 
(he INF AddReg directive. 


I transmitting said secure digital container 
and said first rule to a third apparatus, said 
third apparatus including a protected 
processing environment at least in part 
J protecting information stored in said 
protected processing environment from 
tampering by a user of said third apparatus; 


8 

9 || 
JO 
11 
12 
13 
14 


Microsoft, IHV, driver developer or any 
other party distributing signed driver 
packages transmitting the driver package to 
user (third apparatus). Since the driver 
package includes the INF file, it will 
indude the first rule. The protected 
processing environment (PPE) is Windows 
operating system with its pertinent services 
such as Windows File Protection, signature 
and cryptographic functions, Plug and Play 
and Set-up and their related default and 
modifiable policies. The PPE checks for 
signatures on driver packages and detects 
situations when the driver package's 
signature does not match the driver 
package. 

Additionally, the Digital Rights Manager 
(DRM) components (kernel and client) will 
contribute to making the third apparatus a 
PPE when the SAP functionality is 
invoked, [That is, when SAP is required, an 
additional signature is checked to verify 
that the driver is SAP compliant and that it 
hasn't been tampered with.] 


15 II said third apparatus receiving said secure 

digital container and said first rule: 
]g || said third apparatus checking saijd 


The end-user receiving the driver package. 


17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


authentication information; and 


A step in the Plug and Play/Setup driver 
installation process checks signature at 
installation. Additionally, the DRM 
component will check the DRM signature 
when invoking DRM functionality. 

White Paper - Driver Signing for Windows 


During driver installation, Windows 
compares the hashes contained in the 
driver's CAT file with the computed hash 
of the driver binaries to determine whether 
the binaries have changed since the CAT 
file was created. If a driver fails the 
signature check or there is no CAT file, 
what happens next depends on the driver 
signing policy in effect on the user's 
system: 

f the policy is set to Ignore, the driver 
installs silently, with no message to the 
user. 

f the policy is set to Warn, a message 
warns the user the driver is unsigned, 
which means that it has not passed WHOL 


293482.02 


Exhibit B jj 

'87 ■; 


) 


1 

2 
3 

. 4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293462.02 


said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part, by said 
first rule and by a second rule resident at 
said third apparatus prior to said receipt of 
said secure digital container and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment. 


testing and might cause problems. The 
Warn dialog, box gives an administrative . 
user the option to override the warning and 
install an unsigned driver anyway* 

If the policy is set to Block, the system 
displays a message that informs the user 
that the driver, cannot be installed because - 
it is not digitally signed; 


The action would be installing and/or using 
the driver. For example, installation 
policies govern the actions (ignore, warn or 
block) taken based on whether a driver is 
signed or not and these policies (rule) are 
resident on the third apparatus. Another 
rule is the "ranking" of available drivers 
when selecting a driver to install. This 
ranking process includes whether a driver 
is signed or not. t Another rule is the 
security access rules that the class installer 
that will be used to install the device has. 

In the case qf DRM, the content will have 
associated rules governing its use in a SAP- 
complaint environment. These rules (the 
content license) can be resident at the third 
apparatus particularly in the case when a 
user is installing a new (SAP-compliant) 
device that will render previously acquired 
content or in the case that acquired content 
cannot be rendered until the user installs 
required drivers. 

For example, when installing: 

The XP driver ranking process and the 
modifiable default related to signature state 
of the driver act as the second rule. 

The driver will be installed only if the first 
and second rules validate. - 

Operating-System Versioning for Drivers 
under Windows XP 


Default System Policy for Unsigned 
Drivers 

If the user installs an unsigned driver for a 
designated device class from disk or from 
another web site, Windows XP/Windows 
2000 displays a warning that the driver is 
unsigned, thus helping to preserve the 
integrity of the released system. However, 
bv default. Windows XP/Windows 2000 


/ExhibitiB 
88 i! 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 


27 
28 


293<82.02 


does not block installation of unsigned 
drivers, so vendors can get urgent hot-fixes 
to customers while waiting for WHOL to 
test the fix. 

In Windows XP, the default driver signing 
policy can be changed through the 
Hard ware tab of the System -applet on the 
Control Panel. A user can change the 
policy to be more restrictive, but not less 
| restrictive on a per-user basis (that is, a 
user can change Warn to Block, but not to 
Ignore); An administrator can change the 
policy to be either more restrictive or less 
restrictive for. all users on the system by 
checking "Apply the setting as system 
1'defaulL" 

Driver Ranking 

Under Windows XP, the driver ranking 
strategy has been modified as follows: 

If an INF file is unsigned, and if neither the 
[Models] section nor the [DDlnstaU] 
I. section is decorated with an NT-specific 
extension, the INF file is considered 
"suspect" and its rank is shifted into a 
higher range (that is, worse) than all 
| hardware and compatible rank matches of 
INF files for which one (or both) of those 
criteria are met. 

The new ranking ranges will now be: 
0-OxFFF 

(DRTVER_HARDWAREID_RANK) : 
"trusted" hardware-ID match 
0x1 000 - 0x3FFF : "trusted" compatible- 
ID match 

0x8000 - 0x8FFF : "untrusted" hardware- 
ID match 

0x9000 - OxBFFF : "untrusted" 
compatible-ID match 
OxCOOO - OxCFFF : "untrusted" 
undecorated hardware-ID match (possibly a 
Windows 9x-only driver) 
OxDOOO - OxFFFF : "untrusted" 
undecorated compatible-ID match 
(possibly a Windows 9x-onJy driver) 


127. A method as in claim 126, in which 
said authentication information at least in 
part identifies said first apparatus and/or a 


The authentication information will 
identify Microsoft, operator of the first 
apparatus. 


fi 


Exhibit B 
89 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 

J 3 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


user of said first apparatus. 


|i 

Exhibit B j| 
- '90 


1 

2 
3 
4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 


19 

21 

22. 

23 

24 

25 

26 

27 

28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTROST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 


126. 


I A method of providing trusted intermediary 
services including the following steps: 


293482.02 


at a first apparatus, receiving an item from 
a second apparatus; 


Products Infringing: Microsoft Software 
that includes the Authenticode feature* 
.NET Framework SDK, Visual Studio, 
Microsoft technology that supports a digital 
signature function (such as ActiveX), 
Windows Installer technology. 


Infringement is based on use Microsoft 
ActiveX control, Cabinet file, Microsoft 
Windows Installer, Authenticode anil ■ 
Software Restriction Policy technologies. 
For example, a software publisher 
distributing a signed application that has 
licensed ActiveX controls embedded 
within it would practice this method 


associating authentication information with, 
said item; 


The item is un signed software such as an 
ActiveX control or any software packaged 
in a cabinet file or Microsoft Installer 
(.msi) file. Within the development 
environment, multiple software developers 
(working on a second apparatus) will send 
their unsigned software to a secure location 
(first apparatus) containing the entity's 
private signing key. An example entity 
would be a software publisher. 

Source: Deploying ActiveX Controls on 
the Web with the Internet Component 
Download 

The bolder of the digital certificate 

Keeping your digital certificate safe is very 
important. Some firms (including 
Microsoft) do not keep their signature file 
on site; The signature is kept with the 
Certificate Authority and files are sent 
there for signing. 


Signing the software associates the 
software publisher's identify with the 
software. 

Source: Packaging ActiveX Controls 
Signing Cabinet Files 
A .cab file can be digitally signed like an 
ActiveX control. A digital signature 
provides accountability for software 
developers: The signature associates a 
software vendor's name with a given file. A 
signature is applied to a .cab file (or 
controlVusing the Microsoft Authemicodeig) 


-I! 
■•■'Jj 
Exhibit Bi 
' 1 ' 91 1! 


) 


10 

u 

12 
13 
14 
15 
16 
17 
18 
19 

,20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


incorporating said item into a secure digital 
container; 


technology. 

The .cab tool set assists software 
developers in applying digital signatures to 
.cab files by allowing a developer to 
allocate space in the .cab file for the 
signature. 


associating a first rule with said secure 
digital container, said first rule at least in 
jart governing at least one aspect of access 
to or use of said item; 


Signing software either directly or within a 
package (cabinet or ,msi file) secures it in a 
digital container. ... 
Alternately, the signed ActiveX control 
could be placed into a signed cabinet file. 


The first rule would be the licensing , 
support code within the ActiveX control 
and/or conditional syntax statements when 
the software is within a signed .msi file. 
When the software is within a signed 
cabinet file, the first rule can be a rule 
contained in the software, as is the case 
when an ActiveX control is packaged in a 
signed cabinet file. 

First rule, in the case of ActiveX: 

When an application with a licensed 
ActiveX control is started, an instance of 
the control usually needs to be created. 
The application accomplishes this by 
making a call to CreatelnstanceLic and 
passing the license key embedded in the 
application as a parameter in the call. The 
ActiveX control performs a string 
comparison between the embedded license 
key and its own copy of the license key. If 
the keys match, an . instance of the control is 
created and the application can execute 
normally. 

Source: Using ActiveX Controls to 
Automate Your Web Pages 
Run-time licensing 

Most ActiveX Controls should support 
design-time licensing and run-time 
licensing. (The exception is the control that 
is distributed free of charge.) Design-time 
licensing ensures that a developer is 
building his or her application or Web page 
with a legally purchased control; run-time 
licensing ensures that a user is running an 
application or displaying a Web page that 
contains a legally purchased control. 
Design-time licensing is verified by control 
containers such as Visual Basic, Microsoft 
Access, or Microsoft Visual InterDev®". 
Before these containers allow a developer 
to place a control on a form or Web page. 


Exhibit B!j 
■92 : 


3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


293462.02 




they first verify that the control is licensed 
by the develpper or content creator. These 
containers verify that a control is licensed 
by calling certain functions in the control: 
If the license is verified, the developer can 
add it. 

Run-time licensing is also an issue for 
these containers (which are sometimes 
bundled as part of the final application); the 
containers again call functions in the 
control to validate the license that was 
embedded at design time. 

transmitting said secure digital container 
and said first rule to a third apparatus, said 
third apparatus including a protected 
processing environment at least in part 
protecting information stored in said 
protected processing environment from 
tampering by a user of said third apparatus; 

The third apparatus is a user computer or 
an application server. The protected 
processing environment (PPE) is Windows 
operating system, Internet Explorer (IE) 
and pertinent operating IE services such as 
Windows File Protection and security, 
signature and cryptographic functions 
related to code signing and related policies. 
The PPE checks for signatures on software 
or the software packages and detects 
situations when the signature does not 
validate as an indication that tampering 
mav have occurred with the item. 

said third apparatus receiving said secure 
digital container and said first rule; 

Having the third apparatus receiving said 
secure digital container and said first rule is 
typical of networked computing 
environments. 

said third apparatus checking said 
authentication information; and 

Examine the signature information includes 
verifying that signature was creating using 
the private key that corresponds to the 
public kev of the publisher. 

said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part, by said 
first rule and by a second rule resident at 
said third apparatus prior to said receipt of 
said secure digital container and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment. 

The action would be installation and/or use 
of the distributed software. The second 
rule can be software restriction policies 
resident on the machine, which can be 
invoked at installation and/or runtime. 

.NET Framework Security - pf> 259 

and 

White Paper - Usine Software Restriction 

Policies in Windows XP and Windows 

.NET Server to Protect Aeainst 
Unauthorized Software 

Software Restriction Polices is a policy- 
driven technology that allows 
administrators to set code-identity-based 
rules that determine whether an application 
is allowed to execute. (.NET Framework 
Security - pg 259) 

it 

Exhibit b!| 

• ■ 93 :i 


i 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 

19 
20 

21 

22 

23 

24 

25 

26 

27 

28 


) 


For example, administrators can set rules 
for all Windows Installer packages coming 
from the Internet or Intranet zone. 

As part of the DLL load mechanisms, 
Software Restriction Policies is invoked 
and starts to check its most specific rules. 
Software Restriction Policies get invoked 
prior to an .exe being able to run. - 

The four types of rules are - hash, 
certificate, path, and zone. 

Note: The hash and certificate rules relate 
directing to the signature information 
whereas, the path and zone rules do not 


127. A method as in claim 126, in which 
said authentication information at least in 
part identifies said first apparatus and/or a 
user of said first apparatus. 


.The software publisher, user of first device, 
is identified in the authentication 1 
information. . 


... Exhibit Bl! 
■ - 9 4 , 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
1NTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 


126. 


Product infringing: Visual Studio .NET, 
.NET Framework SDK, Aulhenticode, 
Products that contain the .NET CLR, 
Compact CLR or CLI. 


A method of providing trusted intermediary 
services including the following steps: 


8 


10 


at a first apparatus, receiving an item from 
J a second apparatus; 


First apparatus is a software build or 
deployment services computer that has 
access to signing key. The item may be a 
program, graphic, media object or other 
resource, from a developer computer, or 
archive (second apparatus! 


13 
14 
15 
16 
17 
18 


19 


.20 


21 
22 


23 


associating authentication information with 
I ] It said item; 


12 


Associating a cryptographic hash with the 
file that will contain this item for the 
purpose of ensuring the authenticity of the 
item, along with names and attributes that 
are desired to be associated with the item 
for identification purposes. 


incorporating said item into a secure digital 
container: 


Producing signed, strongly named 
assembly that contains this assembly and 
associated attributes. 


associating a first rule with said secure 
digital container, said first rule at least in 
part governing at least one aspect of access 
to or use of said item; 


transmitting said secure digital container 
and said first rule to a third apparatus, said 
third apparatus including a protected 
processing environment at least in part 
J protecting information stored in said 
protected processing environment from 
tampering by a user of said third apparatus; 


Including any security demands (such as 
members of the Microsoft .NET 
Framework SDK Public Class 
CodeAccessSecurityAttribute) as part of 
the assembly. 


The third apparatus is a user computer or 
an application server. The third 
apparatus's protected processing 
environment is Windows NT and the .NET 
CLR, CLI and/or compact CLR. 
Information is protected from tampering 
because user is not administrator, user runs 
code on server, a share on another 
computer, or over a network. Further this 
information is protected by a number of 
protection mechanisms that are included 
with the Windows NT and CLR, CLI 
and/or compact CLR distributions. 


24 j said third apparatus receiving said secure 
J digital container and said first rule; 

25 


'. -laving the third apparatus receiving said 
secure digital container and said first rule is 
typical of networked computing 
environments. 


26 I) said third apparatus checking said 
j authentication information: and 

27 " 


28 


The .NET Framework, when the assembly 
is installed into the global assembly cache 
(GAC). verifies the strong name of 
assemblies. This process includes 
verifying that signature was creating using 
the private key that corresponds to the 


293482.02 


Exhibit Bti 
'95 


public key of the publisher. 


said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part, by said 
first rule and by a second rule resident at 
said third apparatus prior to said receipt of 
said secure digital contairier and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment 


The action is executing code that is the 
item or using code that renders the item- 
Action is governed by security demands on 
code that calls the item or on code that calls 
code included in the .NET assembly that 
manages said item. The second rule is the 
machine, enterprise, user, and application 
configuration file resident rules. Typically 
these configuration files will be populated 
before the arrival of most new assemblies 
in a virtual distribution environment This 
action governance occurs in the protected 
processing environment of the CLR, CLI 
and/or compact CLR. • 


127- A method as in claim 126, in which 
said authentication information at least in 
part identifies said first apparatus and/or a 
user of said first apparatus. 


The authentication information will * 
identify the .NET Assembly Class 
company name and trademark attributes 
that identify the apparatus or user of the 
first apparatus as being a member of an 
entity or a branded source fbrand nameV 


293482.02 


Exhibit B !l 
96 


1 

2 
3 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 


126. 


Product infringing: Visual Studio .NET, 
.NET Framework SDK, Authenticode, - 
Products that contain the .NET CLR, 
Compact CLR or CLI. 


A method of providing trusted intermediary 
services including the following steps: 


8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


at a first apparatus, receiving an item from 
a second apparatus; 


The item is an unsigned .NET assembly, 
which can include, but not be limited to, a 
Web control, multi-file assembly or 
component. Within the development 
environment, multiple assembly builders 
(working on a second apparatus) will send 
their unsigned assembly to a secure • 
location (first apparatus) containing the 
entity's private signing key. An example 
entity would be a software publisher. 

.NET Security Framework - pg 1 30-1 


Describes this exact practice and further 
explains the "Delay Signing Assemblies" 
feature of .NET that accommodates the fact 
that "many publishers will keep the private 
key in a secure location, possibly 
embedded in specially designed 
cryptographic hardware." 

"Delay signing is a technique used by 
developers whereby the public key is added 
to the assembly name as before, granting 
the assembly its unique identity, but no 
signature is computed- Thus, no private 
key access is necessary." 


associating authentication information with 
| said item; 


Strong naming the assembly binds the 
entity's/publisher's name into the 
assembly. The public portion of the key 
used to strongly name the assembly is 
placed in the assembly manifest. Other 
assemblies or applications can contain 
references to the strong names of strongly 
named assemblies such as in the case of 
applications that contain references to a set 
of compliant .NET core libraries. Strong 
naming compliant .NET core libraries with 
the European Computers Manufactures 
Association's fECMA) key is a way to 
allow any publisher to develop compliant 
.NET core libraries that can be 
authenticated by other applications. 


293482.02 


Exhibit Bi| 
''-97 : * 


) 


1 


.NET Security Framework - pg 124 
"Strong naming is a process whereby an 
assembly name can be further qualified by 
the identity of the publisher." 
.NET Security Framework - pg 133 
The publisher must advertise its public key 
or keys in an out-of-band fashion (such as 
documentation shipped with the product or 
on the ccihipany Web site) 
.NET Security Framework - pg 130 


The goal of the ECMA key is to allow a 
slightly more generalized strong name 
binding than usual, namely allowing 
binding to the publisher of the runtime in 
use, rather than to a fixed publisher. 


incorporating said item into a secure digital 
container; 


Signing the assembly places it in a secure 
container. 

.NET Framework Security - pg 527 


Strong named assemblies cannot be 
modified in any mariner without destroying 
the strong name signature. 
Applied Microsoft .NET Framework 


Programming - pg 89 


Strongly Named Assemblies Are Tamper- 
Resistant 

When the assembly is installed into the 
G AC, the system hashes the contents of the 
file containing the manifest and compares 
the hash value with the RSA digital 
signature value embedded within the PE 
file (after unsigning it with the public key). 
If the values are identical, the file's 
contents haven't been tampered with and 
you know that you have the public key that 
corresponds to the publisher's private key. 
In addition, the system hashes the contents 
of the assembly's other files and compares 
the hash values with the hash values stored 
in the manifest file's FileDef table. If any 
of the hash values don't match, at least one 
of the assembly's files has been tampered 
with and the assembly will fail to install 
into the GAG. • - 


associating a first rule with said secure 
digital container, said first rule at least in 
part governing at least one aspect of access 
to or use of said item; 


.NET assembly includes imperative and 
declarative statements/rules that will 
ijovern its access or use. For example, 
role-based security or strong name; 
demands in the assembly can be the first 
rule. 

MSDN on Role-Based Security 

Applications that implement role-based 
security grant ri gh ts based on the rol e 


293482.02 


il 

Exhibit B ij 

98 ?i 


5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


293482.02 


associated with a principal object The 
principal object represents the security 
context under which code is running. The 
PrincipalPermission object represents the 
identity and role that a particular principal, 
claSs must have to run* To implement the' 
PrincipalPermission class imperatively, 
create a new instance of the class and 
initialize it with the name and role that you 
want users to have to access your code, 

MSDN on StrongNameldentityPermission 

StrongNameldentityPermission class 
defines the identity permission for strong 
names. StrongNameldentityPermission 
uses this class to confirm that calling code 
is in a particular strong-named assembly. 


transmitting said secure digital container 
and said first rule to a third apparatus, said 
third apparatus including a protected 
processing environment at least in part 
protecting information stored in said 
protected processing environment from 
tampering by a user of said third apparatus; 


said third apparatus receiving said secure 
digital container and said first rule: 


said third apparatus checking said 
authentication information; and 


The third apparatus is a user computer or 
an application server. The software 
publisher transmitting the .NET assembly 
to an end-user with a CLR. The third 
apparatus's protected processing 
environment is Windows NT and the .NET 
CLR, CLI and/or compact CLR. 
Information is protected from tampering . 
because user is not administrator, user runs 
code on server, a share on another 
computer, or over a network. Further this 
information is protected by a number of 
protection mechanisms that are included 
with the Windows NT and CLR, CLI 
and/or compact CLR distributions. 


The end-user receiving the signed 
assembly. 


The wNET Framework, when the assembly 
is installed into the global assembly cash 
(GAC), verifies the strong name of 
assemblies. This process includes 
verifying that signature was creating using 
the private key that corresponds to the 
public key of the publisher. 
Applied Microsoft .NET Framework 
Programming - pg 89 
Strongly Named Assemblies Are Tamper* 
Resistant 
As above. 

.NET Framework Security - pg 128 


The verification of any strong name 
assemblies is performed automatically 
when needed by the .NET Framework. 
Any assembly claiming a strong name but 


ExhiKitB 
99' 


said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part; by said 
first rule and by a second rule resident at 
said third apparatus prior to said receipt of 
said secure digital container and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment 


failing verification will fail to install into 
the global assembly or download cache or 
will fail to load at runtime 


Within the CLR (protected processing 
en vironment), the execution of the program 
will depend upon whether the user is of the 
"role" required of the assembly or whether 
the calling assembly is from a strong- 
named assembly specified in the "item" 
assembly (alternate first rules) and only if 
assembly complies with the local code 
access security policy (second rule), as an 
example of one of the types of rule? that 
.NET Framework allows to be resident on 
the third apparatus.. 


10 
11 
12 
13 


127. A method as in claim 1 26, in which 
I said authentication information at least in 
l part identifies said first apparatus and/or a 

user of said first apparatus. 


The user of the first apparatus is the developer 
at the assembly deyeloper. Strong naming 
binds the publisher's name to assembly. 


LaMacchi^Brian, etc, NET Framework S^rity, Addison-Wesley, 2002 

Richter, Jeffrey, Applied Microsoft .NET Framewo rk Programminp Microsoft Press, 2002 


14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


Exhibit B 
100 


293482.02 


I 

2 


INTERTRl ST TECHNOLOGIES r ORP . K MICRnsnrr^p 
IN TKRTRUST I NFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 


4 IM 


J A method compr^ ir.,. 

(a) receiving a digital file including music; 


10 
11 


12 


I (b) storing said digital file in a first secure 
memory of a first device; 

(c) storing information associated with said 
digital file in a secure database stored on said 
first device, said information including at least 
one budget control and at least one copy 
control, said at least one budget control 
including a budget specifying the number of 
copies which can be made of said digital file- 
and said at least one copy control controlling' 
the copies made of said digital file; 
(d) determining whether said digital file may 
be copied and stored on a second device based 
on at least said copy control; 


Infringing products include Windows Media 
SDK r Wmdows Media Rfcta* Manager 

Reference is made to the Windows Media 
?fc^for^m DK Pr °g ra ™>hig Reference 
t { yffW.$P*n> a «ached hereto as Exhibit 
A. Media Player infringement analysis is set 
forth, herein using the example of a music-file 
| player 03 transfeiTed t0 a P orta We audio 

Consumer receives a Windows Media file 
. fWMRM SDK. Step T\ 

Windows Media file is stored in consumer's 
computer and all use of it is securely managed 
by the Secure Content Manager in Windows 
Media Plaver 

License is stored in the License Store (WMRM 
i>U0L, Mep 5); license includes Rights which 
, may include AllowTransfertoNonSDMI 
™T^™w~ oSDMI ' (° r Allow Transfer to 
WM-D-DRM-Compliant devices or other 
types of devices), and. TransferCount- the 
I number of times a piece of content may be 
transferred to the device (a transfer budget) 


Windows Media Rights Manager enforces the 
license restrictions 


(e) if said copy control allows at least a portion 
of said digital file to be copied and stored on a 
second device, 


(l)copying at least a portion of said digital 
file; 


(2)transfem*ng at least a portion of said 
digital file to a second device 
including a memory and an audio 


Windows Media Rights Manager determines 
whether the AllowTransferToNonSDMJ or 
AJlowTransferToSDMI rights are present(Or 
Allow Transfer to WM-D-DRM-Compliant 
devices or other types of devices.) 
Transfer to the SDMI or non-SDMI portable 
device (Allow Transfer to WM-D-DRM- i 
Compliant devices or other types of devices) if 
allowed bv Windows MeH,> Rights Manap/r* 1 
Portable device necessarily includes at least a 
memory and audio output 


25 


28 


(3)storing said digital file in said memory 
1 of said second device; and 

1 Music file is transferred to the portable device 

(^including playing said music through 
J said audio output. 

Portable device plays the music 1 

J| 2. A method as in claim ], further 
I comprising: 


II (a) at a time substantially contemporaneous 
with said transferrine sten. recordine in said 

Counter reflecting TransferCount is 
decremented hv Window*. m«k„ 

II -■! ~ — ' LiJ " ' 'Jt^Jiu »v »^. M> 

II *!•'■" 

If " ii 

..Exhibit B !S 


first device information indicating that said 
transfer has occurred. 


Manager 


3. A method as in claim 2. in which: 


(a) said information indicating that said 
transfer has occurred includes an encumbrance 
on said budget. ^ 


Counter decrement reduces the allowable 
number of budgeted transfers 


4. A method as in claim -3*. in which: 


5 I (a) said encumbrance operates to. reduce the 
J number of copies of said digital file authorized 

6 I by said budget. • 


Counter decrement reduces the allowable 
number of budgeted transfers ' 


7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
IS 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


Exhibit B 1j 
102 - 


j 


293482.02 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR ILS. PATENT NO- 6,253,193 


11. A method comprising: 


(a) receiving a digital file; 


(b) storing said digital file in a first secure 
memory of a first device; 


(c) storing information associated with said 
digital file in a secure database stored on said 
first device, said information including a first 
control; 


(d) determining whether said digital file may 
be copied and'stored on a second device based 
on said first control. 


(1) said determining step including 
identifying said second device and 
determining whether said first control 
allows transfer of said copied file to 
said second device, said determination 
based at leaist in part on the features 
present at the device to which said 
copied file is to be transferred: 


! (e) if said first control allows at least a portion 
I of said digital file to be copied and stored on a 
second device, 


Infringing products include Windows Media 
Player and. Windows Media Rights Manager 
SDK ■ - 


Consumer receives a Windows Media file 
rWMRMSDK. Step 3) 


Windows Media file is stored in consumer's, 
computer and all use of it is securely managed 
by the Secure Content Manager in Windows 
Media Player. 


License information is stored in the License 
Store (WMRM SDK, Step 10), license 
ijifonnation includes Rights. License Rights 
may include AllowTransferToNonSDMI, 
AllowTransferToSDMI (Allow Transfer to 
WM-D-DRM-Compliant devices or other 
types of devices! TransferCount 


WMRM determines whether transfer rights are 
included in license (WMRM SDK, Step 5) 


Portable Device Service Provider Module 
identifies the portable device as either SDMI- 
compliant or non-SDMI-compIiant (or WM-D- 
DRM Compliant or other types of supported 
devices) and provides this information to 
Windows Media Device Manager, which 
allows the transfer based on whether the device 
identification matches the License Right 


(1) copying at least a portion of said 
digital file; 


(2) transferring at least a portion of said 
digital file to a second device 
including a memory and an audio 
and/or video output: 


(3) storing said digital file in said memory 
of said second device: and ■ ' 


(4) rendering said digital file through said 
output. 


If Windows Media Rights Manager determines 
whether the AllowTransferToNonSDMI or 
AllowTransferToSDMI rights are present (or 
Allow Transfer to WM-D-DRM-Compliant 
devices or other types of devices), the 
following sleps are performed: 


Transfer to the SDMI or non- SDMI (Allow 
Transfer to WM-D-DRM-Compliant or other) 
portable device, if allowed by Windows Media 
Rights Manager 


Portable device necessarily includes at least a 
memory and audio output 


Music file is stored in the portable device 


Portable device plays the music 


Exhibit B 1! 
1 03 


1 

2 
3 
. 4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
1NTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 


Product infringing: Windows Media Player, 
Windows Media Player, Windows Media 
Rights Manager SDK «• . - 


5. A method comprising: 


a) receiving a digital file; 


Consumer receives a Windows Media file 
(YWMRM SDK, Step 3) - 


an authentication step comprising: 


(1) accessing at least one identifier 

associated with a first device or with a 
user of said first device; and 


License includes identity of user's Windows 
Media Player: WM Players-capable of playing 
protected content must be individualized. 
They contain a unique (Individualized) DRM 
client component to which protected WMA 
content licenses are bound. Content licenses 
are bound to this DRM individualization 
module as the result of a challenge sent from 
the Client to the WMLM service. The 
challenge contains information about 
Individualized DRM Client (in the form of an 
encrypted Client ID) and capabilities of the 
machine (e.g. support for Secure Audio Path 
(SAP), version of the WMRM SDK supported 
in the player. 


(2) determining whether said identifier is 
associated with a device and/or user 
authorized to store said digital file; 


Music file cannot be used unless identifier 
indicated in License matches user's Windows 
Media Player identifier (that is, the 
Individualized DRM Client to which the 
license is bound must be the same one 
supported by the device). 


) storing said digital file in a first secure 
emory of said first device, but only if said 
:vice and/or user is so authorized, but not 
oceeding with said storing if said device 
id/or user is not authorized; 


Music file will not be processed through 
Windows Media Player, including protected 
rendering buffers, unless the identifiers match. 
Protected WMA file can be stored on client 
even if unauthorized but it cannot be decrypted 
and enter into the secure boundary (first secure 
memory) of the player unless appropriately 
licensed. 


) storing information associated with said 
gital file in a secure database stored on said 
st device, said information including at least 
e control; 


License includes Rights and is stored in the 
License Store, Rights may include 
AllowTransferToNonSDMI, 
AllowTransferToSDMI, (or Allow Transfer To 
WM-D-DRM-CompliantDevice or Other 
device) TransferCount 


I determining whether said digital file may 
copied and stored on a second device based 
said at least one control: 


Windows Media Rights Manager enforces the 
license restrictions 


if said at least one control allows at least a 
nion of said digital file to be copied and 
>red on a second device. . 


If appropriate rights are present, the following 
steps are performed: 


(W copying at least a portion of said 


Transfer to the SDMI or non-SDMl (or WM- 


Exhibit B li 
104 « 


digital file; 


(2) transferring at least a portion of said 
digital file to a second device 
including a memory and an audio 
and/or video output: 


D-DRM Compliant or other) portable device, if 
allowed by Windows Media Rights Manag er 


Portable device necessarily includes at least a 
memory and audio output 


• (3) storing said' digital file in said memory 
of said second device: and 


Music file is stored in the portables device 


(4) rendering said digital file through said 
output 


Portable device plays the music 


16. A method as in claim 15. in which: 


7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


said digital file is received in an encrypted 
form; 

and further comprising; 

decrypting said digital file after said 
authentication step and before said step of 
storing said digital file in said memory of said 
Irst device. 


Protected Windows Media File is encrypted. 
, WMP will not decrypt file until license is 
processed- Licenses are bound to 
Individualization DLLs, which are bound to 
Hardware ID. Ind. DLL and Hardware ID 
niust be verified as the Ids to which the license 
is bound - this is the authentication process. 
/(Recall that this module was created based in 
part on receipt of the Client Hardware ID or 
fingerprint arid the license was create based in 
part on receipt of a challenge from the client 
indicating the security properties (SAP-ready,; 
SDK support etc.) of the clientV 


293482.02 


* 


Exhibit B! 
-'"105 -' 


1 

2 
3 

■ 4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 
24 

25 

26 

27 

28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 


19. 


Infringing product? include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport " • ' 


^ method comprising: 


eceiving a digital file at a first device; 


Receiving a digital file such as a Word 
Document, email, Excel spreadsheet, 
PowerPoint presentation, or other content at a 
recipient's device. Such content may be 
received via email, received on removable 
media, such as floppy disk, downloaded and t 
viewable by Internet Explorer, e.g. * a web page 
possibly containing graphics and/or audio data, 
etc. • 


stablishing communication between said first 
evice and a clearinghouse located at a 
>cation remote from said first device; 


If the digital file is subject to rights 
management, and the recipient tries to open the 
digital file in an IRM-enabled application, the 
IRM-enabled application contacts a remote 
RMS, /.e.. clearinghouse for a use license. 


lid first device obtaining authorization 
iformation including a key from said 
learinghouse; 


If the recipient is authorized to access or use 
the digital file, the RMS creates a license for 
the digital file. The RMS then seals a key 
inside the license so that only the recipient 
canaccess or use the digital file. Finally, the 
RMS sends the license back to the recipient 


lid first device using said authorization 
iformation to gain access to or make at least 
ne use of said first digital file, including 
sing said key to decrypt at least a portion of 
tid first digital file; and 


The recipient's device then uses the key in the 
license to gain access or decrypt a portion of 
the digital file. 


ceiving a first control from said 
earinghouse at said first device; 


The license received from the RMS at the 
recipient's device contains at least one control, 
such as restricting the ability to print, forward, 
or edit. ' 


oring said first digital file in a memory of 
lid first device; 


The digital file is stored in the memory of the 
said recipient's device, such as in RAM, on a 
hard drive, etc, ' . 


;ing said first control to determine whether 
id first digital file may be copied and stored 
1 a second device; 


The at least one control in the license limits 
copying the digital file. 

Such controls are set when the digital file was 
authored. For example, when the digital file is 
authored, the IRM-enabled application 
presented the author with a list of policy 
templates with different rights levels. The 
author selected an appropriate rights level 
which may for instance, allow other users in the 
svstem to onen and read the document, hut not 


Exhibit Q 
106 ! 


') 


5 


10 
11 

12 
13 
14 
15 
16 
17 
18 
19 
20 

21 

22 

23 

24 

25 

26 

27 

28 


293482:02 


if said first control allows at least a portion of 
said first digital file to be copied and stored on 
a second device, 


copying at least a portion of said first digital 
file: " 


transferring at least a portion of said first 
digital file to a second device including a 
memory and an audio and/or video output; 


to modify it, copy text from it, or forward it. 
These rights or controls are then associated 
with the digital file. 

When an attempt is made to access the digital 
file, the RMS determines the recipient's rights 
based op the recipient's identity and the 
policies or controls associated with the digital 
file. . 


If the control in the license allows copying the 
digital file to a second device, then at least a 
portion of the digital file is copied. • 


such as by transferring or forwarding the digita 
file in an email message: ' 


storing said first digital file portion in said 
memory of said second device: and 


rendering said first digital file portion through 
said output 


A portion of the digital file is then transferred 
to a second device, such as a personal computer 
or portable device. The second device includes 
a memory and an audio and/or video output 
The memory may be a hard-drive, RAM, CD, 
DVD, or other storage. The audio and/or video 
output may be speakers and/or a video monitor. 


The digital file is stored in the second device's 
memory. 


The digital file is rendered through the output, 
such as played through the speakers and/or 
displayed on the video monitor. For example, a 
Word document is displayed on the screen of 
the video monitor. 


Exhibit Bii 
107 :| 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTER TR VST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR V.S. PATENT NO. 6,253,193 


Infringing products include Windows Media 
Player. Windows Media Rights Manager SDK 


19, A method comprising; 


(s) receiving a digital file at a first device: 


WMRM SDK. Step 3. 


(b) establishing communication between said 
first device and a clearinghouse located at 
a location remote from said first device: 


WMRM SDK* Step 6. 


(c) said first device obtaining authorization 
information including a key from said 
clearinghouse: 


WMRM SDK, Step 9. [License contains .the 
key] 


(d) said first device using said authorization 
information to gain access to or make at 
least one use of said first digital file, 
including using said key to decrypt at least 
a portion of said first digital file: and 


WMRM SDK, Step 11. 


(e) receiving a first control from said 
clearinghouse at said first device: 


WMRM SDK, Steps 8-9. 


[f) storing said first digital file in a memory 
of said first device: ■ . 


WMRM SDK, Step 3. 


[g) using said first control to determine 
whether said first digital file may be 
copied and stored on a second device; 


At least the following WMRMRights Object 
properties meet this limitation: 
AllowTransferToNonSDMl, 
AlIowTransferToSDMl (or AllowTransfer To 
WM-D-DRM-Compliant Device or other) and 
TransferCount . 


h) if said first control allows at least a portion 
of said first digital file to be copied and 
stored on a second device. 


This and all subsequent claim steps occur when 
the condition specified in the WMRMRights 
Object property is met 


i) copying at least a portion of said first 
digital file; 


Transfer to the SDMI or non-SDMI (or WM- 
D-DRM Compliant) portable device, if 
allowed bv Windows Media Rights Manager 


}) transferring at least a portion of said first 
digital file to a second device including a 
memory and an audio and/or video output; 


Portable device necessarily includes at least a 
memory and audio output 


k) storing said first digital file portion in said 
memory of said second device: and 


Music file is stored in the portable device 


1) rendering said first digital file portion 
through said output. 


Portable device plays the music 


Exhibit B 
108 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 


Infringing products include Windows Media 
Player, Windows Media Player, Windows . 
Media Rights Manager SDK 


51. A method comprising: 


(a) receiving a digital file at a first 
I device: 


WMRM SDK, Step 3. 


(b) establishing communication 
| between said first device and a 

clearinghouse located at a location 
I remote from said first device: 


WMRM SDK, Step 6. 


(c) said first device obtaining 
authorization information from said 
clearinghouse: and 


WMRM SDK, Step 9,. 


(d) said first device using said 
authorization information to gain access 
to or make at least one use of said first 
digital file; 


WMRM SDK, Step 11. 


(e) storing said first digital file in a 
memory of said first device: 


WMA file stored on client 


(f) using at least a first control to 
determine whether said first digital file 
may be copied and stored on a second 
device, said determination based at least 
in part on (1) identification information 
regarding siaid second device, and (2) 
the functional attributes of said second 
[device: 


If device is based on WM D-DRM, it has a 
certificate that is used to identify the device as 
compliant as well as the device's security 
level. The security level indicates support on 
the device for such attributes as an internal 
clock- 


(g) if, based at least in part on said 
identification information, said first 
control allows at least a portion of said 
first digital file to be copied and stored 
1 on a second device. 


If License specifies that transfer of protected 
WMA file to WM-D-DRM-Compliant device 
is allowed, transfer may occur. 


(h) copying at least a portion of said 
first digital file; 


If transfer is a licensed right as indicated in 
the license, the song is copied to the device via 
Windows Media Device Manager, 


(i) transferring at least a portion of said 
first digital file to a second device 
including a memory and an audio 
and/or video output: 


Windows Media Device Manager transfers the 
content to the device: 


(j) storing said first digital file portion 
in said memory of said second device; 
land 


WMA file is stored on device 


(k) rendering said first digital file 
portion through said output. 


WMA file is rendered. 


293482.02 


Exhibit 

109 :j 


1 

2 
3 
• 4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR PATENT NO. 5,915,019 


J3. 


Infringing products include all Microsoft 
tools that support the Microsoft ActiveX 
licensing model, Visual Studio .NET, the 
Microsoft Installer SDK, and Operating 
System products that include the Microsoft 
Installer technology. 


V data processing arrangement comprising 
it least one storing arrangement that at 
east temporarily stores a first secure 
ontainer comprising first protected data 
nd a first set of rules governing use of said 
irst protected data, 


The first protected data is an ActiveX 
control. 

The first alternative for -the first secure 
container is the signed .msi in which the 
ActiveX developer packaged the ActiveX 
control. The first set of rules is the 
conditional syntax statements of the feigned 
.msi file. 

The second alternative for the first secure 
container is the signed and licensed 
ActiveX control. The first set of rules is 
the license support code in the ActiveX 
control. 


A third alternative for the first container is 
a signed cabinet file containing a (signed or 
unsigned) ActiveX control with license 
support code. The first set of rules is the 
license support code in the ActiveX 
control. 


id at least temporarily stores a second 
jcure container comprising second 
otected data different from said first 
otected data and a second set of rules 
jverning use of said second protected 
ita; and 


The second protected data is the application 
developer's application that includes/uses 
the ActiveX control. The application 
developer's signed .msi file (second secure 
container) contains the application (second 
protected data). The second set of rules is 
the signed .msi file's conditional syntax 
statements that will be governed the 
offer/installation of the application. 


data transfer arrangement, coupled to at 
ast one storing arrangement, for . 
ansferring at least a portion of said first 
otected data and a third set of rules 
rverning use of said portion of said first 
otected data to said second secure 
mtainer. 


Placing the licensed ActiveX control (first 
protected information) in a signed cabinet 
file (third secure container) that itself is 
included in the application's signed .msi 
file (second secure container). The third 
set of rules is the license support code in 
the ActiveX control. • 


rther comprising 


means for creating and storing, in said at 
least one storing arrangement, a third 
secure container; ' 


The ability of the application developer to 
package files in signed cabinet files. 


. • ir 
-1! 


Exhibit Bjj 
"'110 =! 


said data transfer arrangement further 
comprising means for transferring said 
portion of said first protected data and 
said third set of rules to said third secure 
container, and means for incorporating 
said third secure container within said 
second secure container/ • 


The third secure container is a cabinet file 
signed by the application developer and 
including at least the licensed ActiveX 
control (first protected information. The 
licensing support code in the ActiveX 
control when its developer added licensing 
support to the ActiveX control is the third 
set of rules. • 


34. A data processing arrangement as in 
claim 33 further comprising means for 
applying said third set of rules to govern at 
least one aspect of use of said portion of 
said first protected data. 


Before an ActiveX control will create a 
copy of itself, the calling application has to 
pass a license key to the ActiveX control. 
The license support code in the ActiveX 
control (third rule set) evaluates the 
authenticity of the calling"application's 
request. 


35. A data processing arrangement as in 
claim 34 further comprising means for 
applying said second set of rules to govern 
at least one aspect of use of said portion of 
said first protected data. 


Windows Installer operating system service 
enforces the conditional syntax statements 
of the application's signed .msi file. Tliese 
statements govern the offer/installation of 
the ActiveX control. 


Exhibit B 1| 
111 


) 


1 

2 


10 
11 

12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


41 


A method comprising performing the 
following steps within a virtual distribution 
environment comprising one or more 
electronic appliances and a first secure 
container, said first secure container • 
comprising (a) a first control set, and 

i£>) a second secure container comprising a 
second control set and first protected 
information: 


using at least one control from said first 
control set or said second control set to 
govern at least one aspect of use of said 
first protected information while said first 
protected information is contained within 
said first secure container; 


creating a third secure container 
comprising a third control set for governing 
at least one aspect of use of protected 
information contained within said third 
secure container; 


incorporating a first portion of said first 
protected information in said third secure 
container, said first portion made up of 
some or all of said first protected 
nformation: and ; 


Infringing products include all Microsoft , 
tools that support the Microsoft ActiveX 
licensing model, Visual Studio .NET, the 
Microsoft Installer SDK, and Operating 
System products that include the Microsoft 
Installer technology. 


The signed .msi file created by the ActiveX 
control developer is the first secure , 
container. The conditional syntax 
statement(s) of the ActiveX control 
developer's signed .msi. file is/are the first 
control set 

The first protected information is the 
ActiveX control. 1 . 

The first alternative for the second secure 
container is the signed and licensed 
ActiveX control. The second control set is 
the license support code in the ActiveX 
control. 

The second alternative for the second 
secure container is a signed cabinet file 
containing the (signed or unsigned) 
ActiveX control. The second control set is 
the license support code in the ActiveX 
control, 


The ActiveX control developer's 
conditional syntax statements (first control 
set) in the ActiveX developer's signed .msi 
file govern the offer/installation of the 
ActiveX control while it is in its signed 
msi file. 

Alternately, the license support code 
(second control set) in the ActiveX control 
governs use of the licensed ActiveX 
control. 


The third secure container is a signed .msi 
file. The application developer packages 
its application in a signed .msi file (third 
siecure container) and includes conditional 
syntax statements (third control set) in the 
signed .msi . : • 


lacing the ActiveX control into the 
application developer's signed .msi file 
(third secure container). 


using at least one control to govern at least 


The application developer's conditional 


Exhibit E 
112 ;! 


) 


one aspect of use of said first portion of 
said first protected information while said 
first portion is contained within said third 
secure container ' 


syntax statement(s) in its signed .msi file 
govern the offer/installation ActiveX 
control while it is in the signed .nisi file 
f third secure container). 


42. A method as in claim 41, in which said 
first secure container further includes a 
fourth secure container comprising a fourth 
control set and second protected 
information and further comprising the 
following step: 


8 
9 
10 
11 
12 
13 
14 
15 
16 
17 


18 


22 
23 
24 
25 


26 


using at least one control from said first 
control set or said fourth control set to 
govern at least one aspect of use of said 
second protected information while said 
second protected information is contained 
within said first secure container. 


Th6 second protected information is a 
second ActiveXicontrol. 

The first alternative for the fourth secure* 
container is the signed and licensed second 
ActiveX control The fourth control set is 
the license support code in the ActiveX 
control. 

The second alternative for the fourth secure 
container is a signed cabinet file containing 
the (signed or unsigned) second ActiveX 
control. The fourth control set is the 
license support code in the ActiveX : 
control. - 


The ActiveX control developer's 
conditional syntax statements (first control 
set) in the ActiveX developer's signed jnsi 
file govern the offer/installation of the 
second ActiveX control while it is in its 
signed .msi file. 


Alternately, the license support code 
(second control set) in the ActiveX control 
governs use of the licensed ActiveX 
control. 


47. A method as in claim 41 , in which said 
step of creating a third secure container 
19 II includes: 


creating said third control set by 
,20 II incorporating at least one control not found 

in said first control set or said second 
21 II control set. 


The application developer's conditional 
syntax statements are not found in either 
the first control set or the second control 
set. 


1 52. A method as in claim 41 in which said 
step of creating a third secure container 
occurs at a first site, and fiirther 
comprising: 


copying or transferring said third secure 
container from said first site to a second 
site located remotely from said first site. 


The application developer at first site 
distributes its application to other sites. 


53, A method as in claim 52 in which said 
first site is associated with a content 
27 II distributor. 


The application developer at the first site is 
the content distributor. 


28 II 54, A method as in claim 53 in which said 
second site is associated with a user of 


The application developer distributes the 
application to end-users. 


293482.02 


■ jj 

Exhibit B l| 
113 "H 


1 content. 


II 55. A method as in claim 54 further 
comprising the following step: 


II said user directly or indirectly initiating 
communication with said first site. 

For Internet downloads, the user initiates 
the communication with the first site. 


64. A method as in claim 54 in which said • 
third control set includes one or more 
II controls at least in part governing the use 
by said user of at least a portion of said 
first portion of said first protected 
information. 

The application developer's conditional 
syntax statements (third control set) govern 
the installation of the ActiveX control (first 
protected information). 


8 


10 
11 
12 
13 
14 
15 
16 
17 

18 
19 
20 
21 
22 
23 
24 


1 76. A method as in claim 4 1 in which said 
creation of said third secure container 
further comprises using a template which 
specifies one or more of the controls * 
contained in said third control set. 


The third secure container is the application 
developer's signed .msi file and the third 
control set is the conditional syntax 
statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The UISample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements 
directly govern the installation by blocking 
progress until the EULA is accepted. 


78. A method as in claim 52 in which said 
creation of said third secure container 
further comprises using a template which 
specifies one or more of the controls 
contained in said third control set. 


The third secure container is the application 
developer's signed .msi file and the third 
control set is the conditional syntax 
statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The UISample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements 
directly govern the installation by blocking 
progress until the EULA is accepted. 


25 
26 
27 
28 


293482.02 


Exhibit B ]| 
114 


1 

2 
3 


JNTERTRUSTTECHNOI na m CORP. v . MICROSOFT CORP . 

INTERTRUST INFRINGEMENT CHART 1 
FOR U.S. PATENT NO. 5,915,019 


81. 


A data processing arra ngement comprisinp: 


Infringing products include all Microsoft . 

tools that support the Microsoft ActiveX ' 
| licensing model, Visual Studio .NET, the 

Microsoft Installer SDK, and Operating 

System products that include the Microsoft 
I Installer technology. ' 


J a first secure container comprising first 
I protected information and a first rule set 
governing use of said first protected 
information; 


10 
11 

12 
13 
14 
15 
16 
17 

18 

19 

20 

21 

22 


The first alternative for the first secure 
container is the ActiveX control 
developer's signed .msi file containing a 
licensed; ActiveX control (the first. . 
I protected information). The conditional 
syntax statements of the signed .msi file are 
the first rule. set. " . 

The second alternative for the first secure 
I container is the signed cabinet file 
containing the ActiveX control. The 
license support code in the ActiveX control 
is the first rule set 

The third alternative for the first secure 
container is the licensed and signed 
ActiveX control governed by license 
support co de in the ActiveX control 


a second secure container comprising a 
second rule set; 


means for creating and storing a third 
secure container and 


The second secure container is the signed 
.msi file which the application developer 
package its application. The second rule 
set is the conditional syntax statements of 
the applicati on develop e r's sig ned msi fil* 


23 
24 
25 
26 

27 


28 


means for copying or transferring at least a 
portion of said first protected information 
and a third rule set governing use of said 
portion of said first protected information 
to said second secure container, said means 
for copyin g or transferring comprising: 
means for incorporating said third 
secure container within said second 
secure container. 


The third container is a signed cabinet file 
containing at least the ActiveX control. 


Putting the licensed ActiveX control (first 
protected information) in a signed cabinet 
file (third secure container). The licensing 
support code in the ActiveX control is third 
rule set. 


Packaging the signed cabinet file in the 
signed .msi file. 


82. A data processing arrangement as in 
claim 81 further comprising: 


means for applying at least one rule from 
said third rule set to at least in part govern 
at least one factor related to use of said 
portion of said first protected information. 


The third rule set ensures the user is 
licensed. 


83. A data processing arrangement as in 
claim 82 further comprising: ' 


293482.02 


Exhibit B ?j 
115 


) 


4 

5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


293482.02 


means for applying at least one rule from 
said second rule set to at least in part 
govern at least one factor related to use of 
said portion of said first protected 
information. 


The second rule set governs the 
offer/installation of first protected 
information. 


Exhibit B I, 
116 


293482.02 


1 

2 
3 


JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP^ 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


85. 


7 I A method comprising the following steps: 


18 

19 
20 

21 
22 
23 
24 
25 
26 
27 
28 


creating a first secure container comprising 
a first rule set and first protected 
information; 


10 
II 
12 
13 
14 


] 5 | storing said first secure container in a first 
memory: . 


16 ] creating a second secure container 
comprising a second rule set; 

17 ' 


Infringing products include all Microsoft 
tools that support the Microsoft ActiveX . 
licensing model, Visual Studio .NET; the 
Microsoft Installer SDK, and Operating . 
System products that include the Microsoft 
Installer technology. 


The first protected information is the 
ActiveX control. 

The first alternative for the first secure 
container is the signed and licensed 
ActiveX control. The first rale set is the 
license support code in the ActiveX 1 ' 
control. 

The second alternative for the first secure 
container is an (signed or unsigned) 
ActiveX control with license support 
contained within a signed cabinet file. The 
first rule set is the ActiveX license support 
code; 


The first secure container is stored at the 
ActiveX control developer's location. 


storing said second secure container in a 
second memory: 


copying or transferring at least a first 
portion of said first protected information 
to said second secure container, said 
copying or transferring step comprising: 


creating a third secure container 
comprising a third rule set; 


copying said first portion of said 
first protected information; 


transferring said copied first portion 
of said first protected information to 
said third secure container: and 


copying or transferring said copied 
fjrst portion of said first protected 
information from said third secure 
container to said second secure 
container. 


The second secure container is the 
application developer's signed jnsi file. 
The conditional syntax statements of the 
signed .msi file are the second rule set 


The second secure container is stored at the 
a pplication developer's location. 


The ActiveX control developer packages 
the control in a signed .msi file for 
distribution to the application developer's 
site. 


The third secure container is the ActiveX 
control developer's signed .msi file 
containing a licensed ActiveX control. The 
condi tional syntax statements of the signed 
.msi file are the third rule set. 


In preparation for using a msi authoring 
tool, such as Microsoft's Orca, copying the 
ActiveX control to a package staging area. 


Using msi authoring tool to import the 
control into the signed .msi file. 


The application developer installs the 
ActiveX control, which involves removing 
it from the ActiveX developer's signed 
; msi file and installing it into its* 
environment. Subsequently., the- 


E?chibit % 

117 


1 

2 


application developer places the ActiveX 
control into its signed .msi file when it is 
packaging its application. 


87. A method as in claim 85 in which said 
copied first portion of said first protected 
information consists" of the entirety of said 
first protected information. i 


The entire ActiveX control is copied. 


II 89. A method as in claim 85 in which 


jj said first memory is located at a first site, 

The fitst memory is located at the ActiveX 
control developer's site. 

Jl.said second memory is located at a second 
I site remote from said first site, and 

The second memory is located at the 
application developer's site. 

II said step of copying or transferring said 
I first portion of said first protected 

information to said second secure container 
J further comprises copying or transferring 
I said third secure container from said first 
1 site to said second site. 

The ActiveX control developer's signed 
.msi file is transferred from its site to the 
site of the application developer. 


10 

11 

12 

13 

14 

15 

16 

17 

18 

19 
20 
21 
22 
23 
24 
25 
26 
27 I! 
28 


293482.02 


Exhibit B ;i 
T18 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRVST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


85. (alternate infringing scenario) 


Infringing products include all Microsoft 
tools that support the Microsoft ActiveX 
licensing model, Visual Studio .NET, the. 
Microsoft Installer SDK, and Operating . 
System products that include the Microsoft 
Installer technology. 


A method comprising the following steps: 


creating a first secure container comprising 
a first rule set and first protected 
information; 


The first protected information is the 
ActiveX control. 

The first alternative for the first secure 
container is the signed and licensed 
ActiveX control. The first rule set is the 
license support code in the ActiveX- 
control. 

The second alternative for the first secure 
container is a (signed or unsigned) ActiveX 
control with license support contained 
within a signed cabinet file. The first rule 
set would remain the ActiveX license 
support code. 

The third alternative for the first secure 
container is a signed msi file in which the 
ActiveX control developer packaged its 
ActiveX control. The first rule set is the 
conditional syntax statements) of the 
signed msi file. 


;toring said first secure container in a first 
nemorv: . 


The first secure container is stored at the 
ActiveX control developer's location. 


seating a second secure container 
comprising a second rule set; 


The second secure container is the 
application developer's signed .msi file. 
The conditional syntax statements of the 
signed .msi file are the second rule set 


loring said second secure container in a 
;econd memory: 


The second secure container is stored at the 
a pplication developer's location. 


copying or transferring at least a first 
>ortion of said first protected information 
o said second secure container, said 
:opving or transferring step comprising: 


The ActiveX control is placed in a cabinet 
file signed by the application developer and 
the signed cabinet file is placed in a .msi 
file signed by the application developer. 


treating 'a third secure container 
:omprising a third rule set; 


The third secure container is signed cabinet 
file in which the application developer 
placed licensed ActiveX. The third rule set 
is the license support code in the ActiveX 
control. 


copying said first portion of said 
first protected information; 


Copying ActiveX control. 


transferring said copied first portion 
of said first protected information to 


Transferring ActiveX control to signed 
cabinet file. 


Exhibit m 
119 


I 


} 


II said third secure container and 


II copying or transferring said copied 
first portion of said first protected 
information from said third secure 

|| container to said second secure 

II container. 

The application developer places the signed 
cabinet file into its signed .msi file when it 
is packaging its application. 


87. A method as in claim 85 in which said 
copied first portion of said first protected 
information consists of the entirety of said 
1 first protected information. 

. The entire ActiveX control is copied. • 


1 93. A method as in claim 85 in which 


| said step of copying transferring said 
copied first portion of said first protected 
information from said third secure 
container to said second secure container 

1 further comprises storing said third secure 
container in said second secure container. 

The ActiveX control is placed in a cabinet 
file signed by the application developer arid 
the signed cabinet file is placed in a .msi 
file signed by the application developer. 

< . • • i 


293482.02 


Exhibit B 
120 


10 


11 


12 
13 


14 


15 
16 


17 


18 


19 
20 


21 


22 
23 
24 
25 


26 


27 


28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


A method of operating on a first secure 
container arrangement having a first set of 
controls associated therewith, said first 
secure container arrangement at least in 
jart comprising a first protected content 
file, said method comprising the following 
steps performed within a virtual 
distribution environment including at least 
one electronic appliance: 


using at least one control associated with 
said first secure container arrangement for 
governing, at least in part, at least one 
aspect of use of said first protected content 
file while said first protected content file is 
contained in said first secure container 
arrangement: 


creating a second secure container 
arrangement having a second set of 
controls associated therewith, said second 
set of controls governing, at least in part, at 
least one aspect of use of any protected 
content file contained within said second 
secure container arrangement; 


transferring at least a portion of said first 
protected content file to said second secure 
container arrangement, said portion made 
up of at least some of said first protected 
content file; and 


using at least one rule to govern at least one 
aspect of use of said first protected content 
file portion while said portion is contained 
within said second secure container 
I arrangement: 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
!NEt, the Microsoft Installer SDK, and- • 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer : 
technology/ 


The first protected content is a signed and 
licensed .NET component used by.the 
.NET assembly. The .NET assembly is 
distributed with a signed and governed .msi 
file. . The second protected content is 
another signed and licensed .NET 
component that is used by the .NET 
assembly. 


The first protected content is signed and 
licensed .NET component (first secure 
container) contained within the .NET 
assembly. The one control is a declarative 
statement(s) within the assembly's header. 


The protected content is the same as the 
first protected content plus the additional 
implementation information included in the 
signed .msi file. The second secure 
container is the signed .msi file created for 
the .NET assembly. The signed .msi file's 
conditional syntax statements are the 
second set of controls that control the 
offer/installation of the .NET assembly. 


The entire .NET assembly is included in 
the signed .msi file. 

Packaging the .NET assembly in the signed 
.msi file involves the following process 
steps. In preparation for using a msi 
authoring tool, such as Microsoft's Orca, 
copying the .NET component to a package 
staging area. Using msi authoring tool to 
import the .NET component into the signed 
msi file. 


The conditional syntax statement(s) of the 
signed .msi file (second secure container) 
control(s) the offer/installation of the .NET 
assembly. 


I in which 


said first secure container arrangement 
comprises a third secure container 


The first alternative for the third secure 
container is a licensed and signed .NET 


293482.02 


'II 

.Exhibit B tj 
121 


1 

2 

'; 3 

.. 4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 | 

20 

21 

22 

23 

24 

25 

26 

27 

28 


arrangement comprising a third set of 
controls and said first protected content 
file, and 


component governed by the set of 
declarative statements comprising the 
LicenseProviderAttribute (third set of 
controls). 

The- second alternative for the third secure' 
container is a .NET component whose hash 
is included in the header of the .NET; 
assembly. , The set of declarative • 
statements comprising the 
LicenseProviderAttribute is the third set of 
controls. - 


said first secure container arrangement 
further comprises a fourth secure container 
arrangement comprising a fourth set of 
controls and a second protected content 
file. 


The first alternative for the fourth secure 
container is another licensed and signed 
.NET component governed by the set of 
declarative- statements comprising the 
LicenseProviderAttribute (fourth set of 
controls). 

The second alternative for the fourth secure 
container is the container created when the 
hash of the .NET component is included in 
the header information of the .NET 
assembly. The set of declarative 
statements comprising the 
LicenseProviderAttribute is the fourth set 
of controls. • 


Exhibit Bjj 

122 ; 


1 

2 I 


10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORR 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


33. 


28 


A data processing arrangement comprising 
at least one storing arrangement that at 
least temporarily stores a first secure 
container comprising first protected data 
and a first set of rules governing use of said 
first protected data, 


293462.02 


and at least temporarily stores a second 
secure container comprising second 
protected data different from said first 
protected data and a second set of rules 
governing use of said second protected 
data; and 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and. the Microsoft Installer 
technology. 


a data transfer arrangement, coupled to at 
east one storing arrangement.- for 


The first protected information is the .NET 
component 

The first alternate for the first secure 
container is the signed .msi file in which 
the .NET component developer packaged 
its .NET component The first set of rules 
is the conditional syntax statements of the 
signed .msi file. 

The second alternative for the first secure 
container is a licensed and signed .NET 
component governed by the set of 
declarative statements comprising the 
LicenseProviderAttribute of the .NET 
component (first set of controls). 

The third alternative for the first container 
is a signed cabinet file containing a (signed 
or unsigned) .NET component with license 
support The first set of controls is the set 
of declarative statements comprising the 
LicenseProviderAttribute of the .NET 
component 

The second protected data is the .NET 
assembly developer's assembly that 
includes/uses the .NET component 

The first alternative for the second secure 
container is a signed\msi file in which the 
.NET assembly developer packaged its 
multi-file assembly (second protected 
data). The second set of rules is the 
conditional syntax statements of the signed 
.msi file that governs the offer/installation 
of the .NET assembly. 

The second alternative for the second 
secure container is a signed .NET 
assembly. The second set of rules is the 
declarative rules within the assembly's 
leader. 


The third secure container is a signed .NET 
assembly governed by declarative rules in 


Exhibit B!i 
123 i 


transferring at least a portion of said first 
protected data and a third set of rules 
governing use of said portion of said first 
protected data to said second secure 
container, 


its header (third set of rules). An 
alternative third rule set is the set of 
declarative statements comprising the 
LicenseProviderAttribute. The .NET 
assembly includes the .NET component. . 
The secure .NET assembly is included in a 
signed .msi file (second secure container). 

An alternative third secure .container is the 
container created by hashing the .NET 
component and including the hash in the 
header information of a .NET assembly. 
The .NET component is included in the 
signed and governed .NET assembly 
(second secure container). The third set of 
rules is the set of declarative statements 
comprising the LicenseProviderAttribute. 

An alternative third secure container is a 
signed cabinet file containing the *NET 
component and which is destined for a 
signed .msi file (second secure container). 
The third set of rules is the set of 
declarative statements comprising the 
LicenseProviderAttribute. 


: iirther comprising 


means for creating and storing, in said at 
least one storing arrangement, a third 
secure container; 


The first alternative for the third secure 
container is a signed .NET assembly. In 
this case, the second secure container is the 
signed .msi file. 

The second alternative for the third 
container is the container created by 
including a hash of the .NET component in 
the header information of a .NET assembly. 
In this case, the second secure container is 
either the signed .msi file or the signed 
.NET assembly. 

The third alternative for the third container 
is a cabinet file signed by the .NET 
assembly developer containing the .NET 
assembly and/or the .NET component In 
this case the signed .msi file is the second 
secure container. 


said data transfer arrangement further 
comprising means for transferring said 
portion of said first protected data and 
said third set of rules to said third secure 
container, and means for incorporating 
said third secure container within said 
second secure conlainer. 


The first alternative for the third secure 
container is the signed .NET assembly, 
which" includes and/or uses the licensed 
.NET component (first protected 
information). The third set of rules is a 
declarative rule within the .NET 
assembly's header. The .NET assembly is 
placed in a signed .msi file (second secure 
container). 


293482.02 


Exhibit B u 
124 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


293482.02 


TTie second alternative for the third secure 
container is the container that results when 
the hash of the .NET component is added 
to the .NET assembly header information. 
The third set of rules is the set of 
declarative statements comprising the 
LicenseProviderAttiribute added to the 
assembly. 

The third alternative for the third secure 
container is a cabinet file signed by the 
.NET assembly developer containing the 
.NET assembly and/or the .NET 
component The third set of rules is a 
declarative rule(s) within the .NET 
assembly's header and/or the set of 
declarative statements comprising the 
LicenseProviderAttribute added to the 
assembly _ 


34. A data processing arrangement as in 
claim 33 further comprising means for 
applying said third set of rules to govern at 
least one aspect of use of said portion of 
said first protected data. 


When the third rule set is the declarative 
statements) of the assembly header, the 
runtime CLR enforces the statements. 

When the third set of rules is the set of 
declarative statements comprising the 
LicenseProviderAttribute added to the 
assembly, the license support code in the 
.NET component evaluates the authenticity 
of the calling assembly's request. 


35. A data processing arrangement as in 
claim 34 further comprising means for 
applying said second set of rules to govern 
at least one aspect of use of said portion of 
said first protected data. 


When the second set of rules is the 
conditional syntax statements of the signed 
.msi file, the Windows Installer operating 
system service enforces the conditional 
syntax statements of.NET assembly's 
signed .msi file, which govern the 
offer/installation of the .NET component 

When the second set of rules is the 
declarative statement(s) within the 
assembly's header, the runtime CLR 
enforces the statements. 


Exhibit Bit 
; 125 ! ! 


1 

2 
3 
4 
5 
6 
7 
S 
9 
10 
1! 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


INTERTRUST TECHNOLOGIES CORP. v, MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR; and the Microsoft Installer 
technology. 


K method comprising performing the 
bllowing steps within a virtual distribution 
invironment comprising one or more 
Jectronic appliances and a first secure 
;ontainer, said first secure container 
pmprising (a) a first control set, and 

b) a second secure container comprising a 
econd control set and first protected 
^formation: 


The Signed .msi file created by the .NET 
component developer is the first secure 
container. The first conditional syntax * 
statement(s) of the .NET component 
-developer's signed .msi file is/are the first 
control set. 

The first protected information is the .NET 
component. • 

The first alternative for the second secure 
container is the signed and licensed .NET 
component The second control set is the 
set of declarative statements comprising the 
LicenseProviderAttribute. 

The second alternative for the second 
secure container is a signed cabinet file. 
The second control set remains the set of 
declarative statements comprising the 
LicenseProviderAttribute. 


sing at least one control from said first 
Dntrol set or said second control set to 
overn at least one aspect of use of said 
rst protected information while said first 
rotected information is contained within 
lid first secure container; 


The .NET component developer's 
conditional syntax statements (first control 
set) in its signed .msi file governs the 
offer/installation of the .NET component 
while it is in the signed .msi file. 

Alternately, the set of declarative 
statements comprising the 
LicenseProviderAttribute (second control 
set) of the licensed .NET component 
governs use of the .NET component. 


eating a third secure container 
>mprising a third control set for governing 
least one aspect of use of protected 
formation contained within said third 
:cure container; 


The first alternative for the third secure 
container is a signed .NET assembly, the 
protected information is the .NET 
component and the third control set is the 
declarative statements) within the .NET 
assembly's header. 

The second alternative for the third secure 
container is a signed .msi file in which the 
NET assembly developer packages its 
NET assembly and the third control set is 
the conditional syntax statement(s) in the 
signed .msi file. ~ • 


Exhibit B 
1 126 1 


1 

2 
3 
4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 
23 
24 
25 


I incorporating a first portion of said first 
protected information in said third secure 
container, said first portion made up of 
some or all of said first protected 
information; and 


In the first alternative, placing the .NET 
component into the signed .NET assembly. 

In the second alternative, placing the .NET 
component into the. Net assembly • 
developer's signed msi file. 


I using at least one control Co. govern at least 
one aspect of use of said first "portion of 
said first protected information while said 
first portion is contained within said third 
secure container. 


In the first alternative, the .NET assembly 
developer's declarative statement(s) within 
the .NET assembly's header govem(s) the 
use of the .NET component while- it is in 
the signed .NET assembly. 

In the second alternative, the conditional 
syntax statements of the .NET assembly 
developer's signed .msi file govern the 
offer/installation of the .NET component 
while it is in the signed .msi file, _ 


The second protected information is.'a 
second .NET component 

The first alternative for the fourth secure 
container is the signed and licensed second 
.NET component. The fourth control set is 
the set of declarative statements comprising 
the LicenseProviderAttribute of the second 
.NET component. 

The second alternative for the fourth secure 
container is a second signed cabinet file. 
The fourth control set is the set of 
declarative statements comprising the 
LicenseProviderAttribute. 


42. A method as in claim 4 1 , in which said 
first secure container further includes a 
fourth secure container comprising a fourth 
j control set and second protected 
; information and further comprising the 
following step: 


using at least one control from said first 
control set or said fourth control set to 
govern at least one aspect of use of said 
second protected information while said 
second protected information is contained 
within said first secure container. 


The .NET component developer's 
conditional syntax statements (first .control 
set) in its signed .msi file governs the 
offer/installation of the second .NET - 
component while it is in the signed .msi 
file. 

Alternately, the set of declarative 
statements comprising the 
LicenseProviderAttribute (fourth control 
set) of the licensed second .NET 
component governs use of the second .NET 
component. 


47. A method as in claim 41, in which said 
step of creating a third secure container 
26 11 includes: 


27 


28 


creating said third control set by 
incorporating at least one control nol found 
in said first control set or said second 
control set. 


The .NET assembly developer's declarative 
statements (first alternative for third control 
set) and/or the developer's conditional 
syntax statements (second alternative for 
the third control sett are not found in either 


293482.02 


Exhibit Si 
127 


1 

2 


8 


10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25- 

26 

27 

28 


293482.02 


the first control set or the second control 
set. . 


52. A method as in claim 41 in which said 
step of creating a third secure container 
occurs at a first site, and farther 
comprising: 


copying or transferring said third.secure 
container from said first site td a second 
site located remotely from said first site. 

The .NET assembly developer at first site - 
distributes its assembly to cither sites. 


53. A method as in claim 52 in which said 
first site is associated with a content 
distributor. 

The .NET assembly developer's business 
module is used to create and distribute its 
assembly. 


54. A method as in claim 53 in which said 
second site is associated with a user of 
content. 

The .NET assembly developer distributes 
the assembly to end-users. 


II 55. A method as in claim 54 further 
comprising the following si eo: 


II said user directly or indirectly initiating 
communication with said first site. 

For Internet downloads, the user initiates 
the communication with the first site. 


64. A method as in claim 54 in which said 
third control set includes one or more 
controls at least in part governing the use 
by said user of at least a portion of said 
first portion of said first protected 
information. 


When the third control set is the .NET 
assembly developer's declarative 
statements) within the .NET assembly's 
header, it governs the user's use of the 
.NET component (first protected 
information). 

When the third control set is the .NET 
assembly developer's conditional syntax 
statements of the .NET assembly 
developer's signed .msi file, it governs the 
user's offer acceptance/installation of the 
.NET component (first protected 
information). 


I 76. A method as in claim 41 in which said 
creation of said third secure container 
further comprises using a template which 
specifies one or more of the controls 
contained in said third controi set. 


When the third secure container is the 
.NET assembly developer's signed .msi file 
and the third control set is the conditional 
syntax statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The UISample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements 
directly govern the installation by blocking 
progress until the EULA is accepted. 


Exhibit B || 
128 


5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


78. A method as in claim 52 in which said 
creation of said third secure container •' 
further comprises using a template which 
specifies one or more of the controls 
contained in said third control set 


When the third secure container is the 
.NET assembly developer's signed .msi file 
and the third control set is the conditional . 
syntax statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The LJlSample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements ' 
directly govern the installation by blocking 
progress until the EULA is accepted. 


293482.02 


*!i 
.i 

■ii 

. Exhibit Si 
129 "■ 


1 

2 
3 

4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


28 


81. 


A data processing arrangement comprising: 


a first secure container comprising first 
protected information and a first rule set 
governing use of said first: protected 
information; 


20 || a second secure container comprising a 
J second rule set; 

21 


22 
23 


24 
25 
26 

I means for creating and storing a third 
27 I secure container; and 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio. 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology. ; . 


The first protected information is the .NET 
component 

The first alternative for the first secure 
container is the signed .msi file in which 
the .NET component developer packaged 
its assembly. The first rule set is the 
conditional syntax statements written by 
the .NET component developer and placed 
into the signed .msi file. 

The second alternative for the first secure 
container is the signed cabinet file 
containing the (signed or unsigned) .NET 
component The set of declarative 
statements comprising the 
LicenseProviderAttribute when its 
developer added licensing support to the 
assembly is the first rule set 

The third alternative for the first secure 
container is the licensed and signed .NET 
component governed by the set of 
declarative statements comprising the 
LicenseProviderAttribute (first rule set) 
added by the .NET component developer. - 


The first alternative for the second secure 
container is the signed .msi file in which 
the .NET assembly developer packaged its 
.NET assembly. The second rule set is the 
conditional syntax statements written by 
the .NET assembly developer and placed 
into the signed .msi file. 

The second alternative for the second 
secure container is the signed .NET 
assembly. The second rule set is the 
declarative statements in the .NET 
assembly's header. 


When the second secure container is the 
signed msi file, the third secure container is 
the signed .NET assembly. 

When the second secure container is the 


293482.02 


Exhibit Bli 
130 : 


1 

2 

• 3 
.4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 


20 
21 
22 
23 
24 
25 
26 
27 
28 


293482.02 


means for copying or transferring at least a 
portion of said first protected; information 
and a thitd rule set governing aise of said 
portion of said first protected information 
to said second secure container, said means 
for copying or transferring comprising: 


signed .NET assembly, the third secure 
container a .NET component secured by 
placing it in a signed cabinet file or by 
including its hash in the header of the 
assembly. 


means for incorporating said third 
secure container within said second 
secure container. 


When the second secure container is the 
signed msi file and the third secure . 
container is the signed .NET assembly, the 
third rule set is the set of declarative - 
statements within the assembly's header. 

When, the second secure container is the 
signed .NET assembly, the third rule set is 
the set of declarative statements comprising 
the LicenseProviderAttribute (third rule 
set) added to the .NET Component by its 
developer. 


When the second secure container is the 
signed msi file and the third secure . 
container is the signed .NET assembly, the 
assembly is placed in the signed .msi file. 

When the second secure container is the 
signed ^NET assembly and the third secure 
container is a .NET component contained 
in a signed cabinet file or a .NET 
component whose hash is included in the 
header of the assembly, the third secure 
container is incorporated within the .NET 
assembly, ' 


82. A data processing arrangement as in 
[ claim 8 1 further comprising: 


means for applying at least one rule from 
I said third rule set to at least in part govern 
j at least one factor related to use of said 
portion of said first protected information. 


When the third rule set is declarative 
statements within the assembly's header, it 
governs the use of the .NET assembly 
which includes the first protected 
information. 

When the third rule set is the set of 
declarative statements comprising the 
LicenseProviderAttribute added by the 
.NET component by its developer, it 
ensures the user is licensed. 


II 83. A data processing arrangement as in 
claim 82 further comprising: 


II means for applying at least one rule from 
said second rule set to at least in part 
govern at least one factor related to use of 
said portion of said first protected 
information- 

When the second rule set is the conditional 
syntax statements written by the .NET 
assembly developer and placed into the 
signed .msi file, it governs the 
offer/installation of the .NET component. 

When the second rule set is the declarative 
statements in the .NET assembly's header. 

Exhibit B! 

131 :; 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
'22 
23 
24 
25 
26 
27 
28 


it governs the use of the .NET assembly, 
which includes the first protected 
information. 


293482.02 


Exhibit Bii 
'132 " 


JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


85. A method comprising the following 
steps: 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
;NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology 


creating a first secure container comprising I The first protected information is .the .NET 
a first rule set and first protected component, 
information; ' , | 

The'first secure container is a signed .NET 
component (first protected information) • 
governed by the set of declarative 
statements comprising the 
LicenseProviderAttribute (first rule set). 

The second alternative for the first secure 
container is a cabinet file signed by the 
.NET component developer containing a 
(signed or unsigned) .NET component with 
license support. The first rule set is the set 
of declarative statements comprising the 
. LicenseProviderAttribute. 


10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


storing said first secure container in a first 
memory: 


creating a second secure container 
comprising a second rule set; 


The first secure container is stored at the 
.NET component developer's location. 


The first alternative for the second secure 
container is a signed .NET assembly and 
the second rule set is declarative 
[ statement(s) within the assembly's header. 

The second alternative for the second 
secure container is the signed .msi file in 
which the .NET assembly developer 
packages its (signed or unsigned) 
assembly. The second rule set is the 
conditional syntax statements) written by 
the .NET assembly developer and placed 
into the signed .msi file. 


storing said second secure container in a 
I second memory: 


The second secure container is stored at the 
NET assembly developer's location. 


copying or transferring at least a first 
portion of said first protected information 
to said second secure container, said 
copying or transferring step comprising: 


The .NET component developer packages 
its module in a signed .msi file for 
distribution to the .NET assembly 
developer's site 


creating a third secure container 
comprising a third rule set; 


The third secure container is the signed 
.msi file in which the .NET component 
developer packaged its .NET component. 
The third control set is the conditional 
syntax statements written by the .NET 
component developer and placed into the 
signed .msi fi le 


In prepara tion for using a msi authoring 


copying said first portion of said 


293482.02 


JExhibit $ 
'133 ; 


4 
5 
6 
7 
8 
9 
10 
11 
12 

13 
14 

15 

16 

17 

18 

19 
20 
21 
22 
23 
24 


25 
26 
27 
28 


first protected information; 

tool, such as Microsoft's Orca, copying the 
.NET component to a package staeinp area. 

1 transferring said copied first portion 
of said first protected information to' 
said third secure container and 

Using the msi authoring tool to import the 
.NET component into the signed .msi file. 

1 . copying or transferring said copied 
first portioirof said first protected 
1 information from said third secure 
J container to said second secure 
container. 

The .NET assembly developer installs the' 
.NET component, which involves 
i&ijjuv-iijg ii iiuiii uic .injdi component* 
developer's signed -.msi file and installing it 
into its environment. Subsequently, the 
.NET assembly developer places the .NET 
component into its .NET assembly and/or 
signed msi file when it is packaging' its. 
.NET assembly. 


1 87. A method as in claim 85 in which said 
copied first portion of said first protected 
information consists of the entirety of said 
first protected information. 


The entire .NET component is copied. 


II 89. A method as in claim 85 in which 


II said first memory is located at a first site, 

The first memory is located at the .NET 
component developer's site. 

II said second memoiy is located at a second . 
II site remote from said first site, and ' 

The second memory is located at the .NET 
assembly developer's site. 

j| said step of copying or transferring said 
II first portion of said first protected 
|| information to said second secure container 
1 further comprises copying or transferring 

I said third secure container from said first 

II site to said second site. 

The .NET component developer's signed 
.msi file is transferred from its site to the 
site of the .NET assembly developer. 


94. A method as in claim 85 further 
|| comprisine: 


|| creating a fourth rule set. 

When the second secure container is not a 
signed .NET assembly, the fourth rule set is 
declarative statements within the 
assembly's header. 

When the second secure container is not 
the signed .msi file in which the .NET 
assembly developer packages its (signed or 
unsigned) assembly, the fourth rule set is 
the conditional syntax statements written 
by the .NET assembly developer and 
placed into the signed .msi file. 


293482.02 


:ri 

Exhibit Bn 
134 ' 


1 

2 


8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24. 

25 

26 

27 

28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


293482.02 


85 (alternate infringing scenario) 


4 j] A method comprising the following steps: 
5 


I creating a first secure container comprising 
la first rule set and first protected 
information; 


[ storing said first secure container in a first 
I memory: 


creating a second secure container 
comprising a second rule set; 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, arid 
products that include the Microsoft JNET 
CLR, and the Microsoft Installer 
technology. 


The first protected information is the .NET 
component. 

The first alternative for the first secure 
container is the signed and licensed .NET 
component. The first rule set is the set of 
declarative- statements comprising the 
LicenseProviderAttribute in the .NET 
component. 

The second alternative for the first secure 
container is a (signed or unsigned) .NET 
component with license support contained 
within a cabinet file signed by the .NET 
component developer. The first rule set is 
the set of declarative statements comprising 
the Li censeProvider Attribute in the .NET 
component. 

The third alternative for the first secure 
container is the signed .msi file in which 
the .NET component developer packaged 
its assembly. The first rule set is the 
conditional syntax statements written by 
the .NET component developer and placed 
into the signed .msi file. 


The first secure: container is stored at the 
.NET component developer's location. 


storing said second secure coniainer in a 
second memory: 


The first alternative for the second secure 
container is a signed .NET assembly and 
the second rule set is declarative 
statement(s) within the assembly's header. 

The second alternative for the second 
secure container is the signed .msi file in 
which the .NET assembly developer 
packages its (signed or unsigned) 
assembly. The second rule set is the 
conditional syntax statement(s) written by 
the .NET assembly developer and placed 
into the signed .msi file. 


copying or transferring at least a first 


The second secure container is stored at the 
.NET assembly developer's location. 


The .NET assembly developer places the 


Exhibit Bm 
; 135 ' 


10 

11 

12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 


II portion of said first protected information 
2 II to said second secure container, said 
I copvine or transferring step comprising: 

.NET component into the third secure 
container, which is either a signed cabinet 
file or a signed .NET assembly. 

j II creating a third secure container 
comprising a third rule set; 

1 

II 

When the second secure container is the 
signed .msi file, the third secure container, 
is the signed .NET assembly. The third 
rule set is the declarative statements) in 
the .NET assembly's header. 

Whenlhe second secure container is either 
a .NET assembly or the signed .msi file, the 
third secure container is a signed cabinet 
file in which the .NET assembly developer 
placed licensed .NET component The 
third rule set is the set of declarative 
statements comprising the 
LicenseProviderAttribute in the .NET 
component. 

II copying said first portion of said 
first protected information; 

Copying the .NET component to either the 
.NET assembly or to the signed cabinet 
file. 

II transferring said copied first portion 
of said first protected information to 
II said third secure container: and 

Transferring the .NET component to either 
the .NET assembly or the signed cabinet 
file. 

II copying or transferring said copied 
1 first portion of said first protected 

I information from said third secure 
| container to said second secure 

II container. 

When the second secure container is the 
signed .msi file and the thin! secure 
container is the signed .NET assembly, the 
.NET assembly is placed into the signed 
.msi file. 

When the second secure container is either 
the .NET assembly or the signed .msi file 
and the third secure container is the signed 
cabinet file, the signed cabinet file is placed 
into either the .NET assembly or the signed 
.msi file. 


23 


24 
25 


26 


27 
28 


1 87. A method as in claim 85 in which said 
I copied first portion of said first protected 
.information consists of the entirety of said 
! first protected information. . 


The entire .NET component is copied. 


293482.02 


II 93. A method as in claim 85 in which 


II said step of copying transferring said 
copied first portion of said first protected 
information from said third secure 
container to said second secure container 
further comprises storing said third secure 
container in said second secure container. 

When the third secure container is the 
signed .NET assembly, it is placed in the 
signed .msi file. 

When the third secure container is a signed 
cabinet file, it can be placed in either the 
.NET assemblv and/or the signed msi flip 


94. A method as in claim 85 further 
comprising: 


|| creating a fourth rule set. 

When the second rule set is declarative 
statemelntCs) within the assembly's header. 

•I — ■ 3 — * 

r ■ " ■ il - ' 

.. . . .Exhibit K; 

1 • ^136 II 


1 

2 
3 
4 
5 
6 
7 
8 


10 

11 

12 

13 

14 

15 

16 

1.7 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


the fourth rule set is the conditional syntax 
statements) written by the .NET assembly 
developer arid placed into the signed .msi 
file. 

When the second rule set is the conditional 
syntax statements) written by the .NET 
assembly developer and- placed into -the 
signed .msi file, the fourth rule set is 
declarative statements) within the 
assembly's header or the set of declarative 
statements comprising the 
LicenseProviderAttribute in the .NET 
component. .- 


95. A method as in claim 94 further 
comprising: 


using said fourth rule set to govern at least 
one aspect of use of said copied first 
portion of said first protected information. 


If the fourth rule set is the .NET assembly 
developer's declarative statements) within 
the .NET assembly's header, it governs the 
use of the .NET component 

If the fourth rule set is the conditional 
syntax statements of the .NET assembly 
developer's signed jnsi file, it governs the 
offer/installation of the .NET component. 


i! 

.Exhibit # 
"" 137 


!NTERTRVSTTFCHMManXrn»» K MirRntnrr^p 
1NTERTRUST IN FRINGEMENT CHART " 
FOR U.S. PATENT NO. 5,915,019 


85 (second alternate scenario for .NET) 


Infringing products include the .NET • 
Frahework SDK, Microsoft Visual Studio 
.Nbl, the Microsoft Installer SDK, arid 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technolopy - 


8 


10 
11 
12 
13 

15 
16 
17 
18 

19 
20 


I A method comprisirtp th* foiiowinp «tp p7 . 

I information; wniponem. 

The first alternative for the first secure 
J container is the signed and licensed NET 
component. The first rule set is the set of 
declarative statements comprising the 
LicenseProviderAttribute in the NET 
I component 

The second alternative for the first secure 
container is a (signed or unsigned) NET 

SE? 11 ^ ] J? en ^ su PP° rt contained 
within a cabinet file signed by the NET 

assembly developer. The first rule'set is 
the set of declarative statements comprising 
the LicenseProviderAttribute in the NET 
component. 

The third alternative for the first secure 
I container is a .NET component whose hash 
is included m the assembly header of a 
.NET assembly. The first rule set is the set 
I °f declarative statements comprising the 
LicenseProviderAttribute in the NET 
component 


storing said first secure container in a first 

21 I memory: . 

creating a second secure container 

22 I comprising a second rule set- 


23 
24 
25 
26 

27 


28 


93482.02 


storing said second secure container in a 
second memory; 


r i 

copying or transferring at least a first 
portion of said first protected information 
to said second secure container, said 
copying or iransfemnp ^comprising- 
creatine a third 


The first secure container is stored at the 
,NfcT assembly developer 's location 


The second secure container is the signed 
.msi file in which the .NET assembly 
developer packages its signed assembly. 
The second rule set is the conditional 
syntax statements) written by the NET 
assembly developer and placed into the 
signed .msi fil<> 

The second secure container is stored at the 
.NET assembly develop^ lAr.^ 


■ t '— — ■ — ' f- >"^ J J WJ1 

creating a third secure container 
comprising a third nile set: 


The NET assembly developer places the 
.NET component inlo the third secure 
container which is the signed .NET 
assembly 


The third secure container is a signed NFT 
assembly and the third ' nile set i« ' 


Exhibit B >i 
138 


1 

J ^ ) 

2 


declarative statements) within the 
assembly's header. ^ 

. 3 

1 copying said first portion of said 
1 first orotected information: 

Copying the .NET component to the .NET 
assembly. 

4 

1 transferring said copied first portion 
of said first protected information to 
said third secure container: and 

Transferring the .NET component to the 

NET a5i<;emhlv 

5 

O 

7 

copying or transferring said copied 
first portion of said first protected 
information from said third secure 
container to said second secure 
container. 

When the second secure container is the 
signed .msi file and the third secure 
container is the signed ;NET assembly, the' 
.NET assembly is placed into the signed 
.msi file. 

8 
9 
10 

87, A method as in claim 85 in which said 
copied first portion of said first protected 
information consists of the entirety of said 
first protected information. 

The entire .NET component is copied. 

11 

90. A method as in claim 85 in which 
said first memory and said second memory 
are located at the same site. 

First and second memory is at the .NET 
assembly developer's location. 

12 
13 



14 ( 
1 j 

15 t 
1 

1 

16 c 

said step of copying transferring said 
copied first portion of said first protected 
^formation from said third secure 
container to said second secure container 
Either comprises storing said third secure 
xmtainer in said second secure container 

When the third securfc container is the 
signed .NET assembly, it is placed in the 
signed .msi file. 


17 


18 

19 
20 
21 
22 
23 
.24. 
25 
26 
27 
28 

• - ii 

ii 

293482.02 Exhibit Bj 

139 


1NTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORR 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,915,019 


96. A method comprising performing the 
following steps within a yirtuaj distribution 
environment comprising one orjnore 
electronic appliances and a first .secure 
container, said first secure container 
comprising a first control set and first 
protected information 


A signed and licensed .NET component 
(first container) is part of a .NET assembly 
(second container), which is packaged in a 
signed .msi file (third container). 


10 

II 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 


22 
23 
24 
25 
26 
27 
28 


using at least one control from said first 
control set to govern at least one aspect of 
use of said first protected information 
while said first protected information is 
contained within said first secure container 


The first secure container is a licensed and 
signed .NET component governed by the 
set of declarative statements coiiprising the 
LicenseProviderAttribute (one control). 


creating a second secure container 
comprising a second control set for 
governing at least one aspect of use of 
protected information contained within said 
second secure container; 


The second secure container is a .NET 
assembly, the protected information is the 
assembly and the second control set is 
declarative statements) within the 
assembly's header. 


incorporating a first portion of said first 
protected information in said second secure 
container, said first portion made up of 
some or all of said first protected 
information: 


Included in the .NET assembly is the .NET 
component 


using at least one control to govern at least 
one aspect of use of said first portion of 
said first protected information while said 
: irst portion is contained within said second 
secure container and 


The declarative statement(s) govern the use 
of the .NET component and the custom 
LicenseProvider class (first control set) 
controls the .NET component 


incorporating said second secure container 
containing said first portion of said first 
protected information within a third secure 
container comprising a third control set. 


The third secure container is the signed 
.msi file in which the .NET assembly 
developer packages its assembly. The third 
control set is the conditional syntax 
statements written by the assembly 
developer and placed into the signed .msi 
file. 


293462.02 


Exhibit B 
140 


1 

2 

3 

4. 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,949,876 

2. 

Infringement is based on Microsoft's Visual Studio 
.NET and/or the .NET Framexvork licensing tools (in 
the.NET Framework SDK) and/or Microsoft Installer 
SDK.. 

A system for supporting electronic 
commerce including: 


means for creating a first secure control 
set at a first location; 

The first location is a .NET component developer's 
site. 

The first secure control set is the set of declarative 
statements comprising the LicenseProviderAttribute of 
. a first .NET licensed component that provides for a 
design-time license to use the control This attribute 
also specifies the type of license validation that occurs. 
The component is encapsulated in a signed .NET 
assembly. 

means for creating a second secure 
control set at a second location; 

The second location is the .NET application 
developer's site where a .NET application comprising 
one or more assemblies is created. 

The second secure control set comprises the 
declarative statements) (including licensing 
statements, and code access security statements) of a 
signed .NET assembly using or calling the first .NET 
component. The control set can include a set of 
security permissions demanded by the .NET assembly 
containing the licensed component* whereby the 
permissions are demanded of components that call the 
application components. The control set can also be 
extended by controls expressed as conditional syntax 
statements in a signed .msi file containing a click 
through end-user license (the end-user license 
scenario). 

21 
22 
23 

means for securely communicating said 
first secure control set from said first 
location to said second location; and 

The first .NET control set is securely communicated 
from the first location developer to the .NET solution 
provider by either being contained in a signed 
assembly, within a signed cabinet file or within a 
signed .msi file. 

24 
25 
26 
27 
28 

means at said second location for 
securely integrating said first and 
second control sets to produce at least a 
third control set comprising plural 
elements together comprising an 
electronic value chain extended 
agreement. 

At the second location, the solution developer uses the 
.NET runtime that includes the LicenseManager. 

Whenever a class (control or component) is 
instantiated (here, an instance of the first .NET 
licensed component), the license manager accesses the 
proper validation mechanism for the control or 
component. A value chain is created through the 
creaiion of a run-time license for use of the first .NET 
component in the context of use of the .NET 
application developed at the second location. The 


it 

n • 

. ..Exhibit*? 
141 " 



23 
24 
25 
26 
27 
28 


293482.02 


license controls for the runtime license (derived from 
the design time license) are bound into the header of 
the .NET application assembly, along with the second 
control set 

The creation of runtime license controls is securely 
handled by Visual Studio.NET or the LC tool. 
Runtime licenses are embedded into (and bound to) 
the executing assembly. The lipense control attribute 
included in the first .NET component is customized in 
the second location to express and require the runtime 
license. In a different scenario, the LC tool is used to 
create a ".licenses file*" containing licenses for 
multiple components, including runtime licenses for 
components and classes created by the license . ' 
provider. This .licenses file is embedded into the 
assembly. 

The third control set is an extended value chain 
agreement that comprises ihe runtime license controls 
for the first .NET licensed class (that had been bound 
to the assembly), the declarative controls provided by 
the solution provider in the solution provider's 
assembly, and any runtime licenses for other 
components included by the solution provider in the 
solution provider's assembly, and any end user license 
agreement provided by the application provider. The 
controls are typically integrated into the header of the 
.NET application assembly calling the first .NET 
licensed component. 

A further "end user licensing scenario" occurs when, 
at the second location, the application developer 
packages the application into a signed .msi file that 
includes conditional syntax statement controls that 
require that a user read and agree to an end user 
license agreement for the application and the 
embedded first component. The third control set 
includes a plurality of elements that include the run- 
time licenses mentioned above, security permissions 
controls, EULA controls (a fourth control set), all 
securely bound into the signed .msi file. 


1 1. A system as in claim 2 in which said 
first location and said second location are 
contained within a Virtual Distribution 
Environment. 


The Microsoft .NET Framework provides a 
Virtual Distribution Environment Here the 
nodes are the Common Language Runtime 
instances that interpret the controls 
contained within .NET assemblies (among 
other functions). 


29. A system as in claim 2 in which said 
jlrst secure control set includes required 


The licensing control in the first control set 
specifies the method required to validate 


Exhibit B:i 
142 


2 
3 
4 
5 
6 

. 7 
8 
9 
10 
11 
12 


13 
14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 


27 


terms. 


the license. 


32. A system as in claim 2 in which said 
second secure control set includes required 
terms. 

The security permissions demanded (as 
descried above) are required terms for 
execution of the application code elements 


60. A system as in claim 1 in which said 
means for securely integrating said first arid 
second control sets includes a fourth 
control set. 

In the scenario where the application - 
assembly is distributed using a signed .msi 
file, the secure integration of the first and 
second control sets is enhanced by the 
tamper protection afforded by the signed 
.msi file. In the end user license scenario, a 
fourth control set consisting of conditional 
syntax statements is included in the .msi 
file.' ; 


28 


293482.02 


130. A system as in claim 2 further 
including means for executing said third 
control set within a protected processing 
environment. * 


The third control set is executed under the 
auspices of the CLR . 


132. A system as in claim 130 in which 
said protected processing environment is 
ocated at a location other than said second 
ocation. * 


The third control set is executed at an end- 
user site within the CLR. 


1 61 . A system as in claim 2 in which said 
third control set includes controls 
containing human-language terms 
corresponding to at least certain of the 
machine-executable controls contained in 
said third control set. 

In the end user license scenario, the third 
control set includes a fourth control set that 
requires that the human user agree with 
license terms displayed to the user. TTiese 
human readable tenns are referenced in the 
conditional syntax statement controls 
contained in the signed .msi file. 

1 62. A method as in claim 1 61 in which 
said human-language tenns are contained 
in one or more data descriptor data 
structures. 

The .msi file is a data descriptor data 
structure. 


170. A system as in claim 2 in which said 
means for creating a first secure control set 
includes a protected processing 
environment. 

The creation of the first licensed 
component, including its licensed controls 
is carried out under the auspices of the 
CLR. 


1 71 . A system as in claim 2 in which said 
means for creating a second secure control 
set includes a protected processing 
environment. 

The application design time environment 
and the creation of the .NET application is 
carried out under the auspices of the CLR. 


1 72. A system as in claim 2 in which said 
means at said second location for securely 
integrating includes a protected processing 
environment. 

The means for integrating the runtime 
license with the application controls is 
carried out under the auspices of the CLR. 


329. A system as in claim 2 in which said VS.NET runs under Windows I 


. n 


£xhibii'B 
143 


1 

2 


means for creating a first secure control set 
includes an operating system based on or 
compatible with Microsoft Windows. 


330. A system as in claim 2 in which said 
means for creating a second secure control 
set includes an operating system based on 
or compatible with Microsoft Windows. 


VS.NET runs under Windows. 


8 


10 
11 
12 
13 

14 
15 

16 

17 


1 33 1 . A system as in claim 2 in which said 
means at said second location for securely 
integrating said first and second control 
sets includes an operating system based on 
I or compatible with Microsoft Windows. 


VS.NET runs under Windows. 


346. A system as in claim 2 further 
comprising means by which said third 
control set governs the execution of at least : 
one load module. 


The third control set in the scenario 
described in the claim map for claim 2 
governs a portable .NET executable 
designed to be loaded into the CLR • 
environment fa CLR hosfl. 


347. A system as in claim 2 farther 
comprising means by which said third 
control set governs the execution of at least 
1 one method. 


The third control set in the scenario 
described in the claim map for claim 2 
governs a .NET executable. This 
executable contains one or more methods. 


349. A system as in claim 2 further 
comprising means by which said third 
control set governs the execution of at least 
one procedure. 


The third control set in the scenario 
described in the claim map for claim 2 
governs a .NET executable. This 
executable contains one or more 
procedures. ; 


18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


Exhibit B ij 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 


28 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP, 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,1 12,181 


•GLMMJ^ANGUAGE v 


48. 


A method for narrowcasting selected 
digital information to specified 
recipients, including: 


a) at a receiving appliance, receiving 
selected digital information from a 
sending appliance remote from the 
receiving appliance, 


the receiving appliance having a 
secure node and being associated 
with a specified recipient; 


293482.02 


i) the digital information having 
been selected at least in part based on 
the digital information's membership in 
a first class, wherein the first class 
membership was determined at least in 
part using rights management 
information; and 


ii) the specified recipient having 
been selected at least in part based on 
membership in a second class, wherein 
the second class membership was 
determined at least in part on the basis 
of information derived from the 
specified recipient's creation, use of, or 
interaction with rights management 
information: and 


b) the specified recipient using the 
receiving appliance to access the 
received selected digital information in 
accordance with rules and controls, 
associated with the selected digital 
information. 


the rules and controls being enforced 


Infringing products include Microsoft SMS 
(Systems Management Server) 2.0 and 
subsequent versions. . ' • • 


The receiving appliance is the client (e.g., etad 
user computer in an Enterprise setting*) 
receiving digital information (packages and/or 
advertisement files) from the sending 
appliance, the centralized SMS database via a 
Client Access Point and/or Distribution Point 
set up on a server. 


The "node" is "secure" as a result of SMS 
security, as well as how it identifies and selects 
clients. 

The "specified recipient" is the result of the 
collection identifying a specific client that 
meets the criteria for a package or 
advertisement. 


The digital information is a software package . 
or advertisement The "first class membership 
was determined in part using rights 
management information" reads on creating 
software packages (or advertisements) based 
on attributes of the software. 


The "specified recipient" is the client selected 
to receive a package or advertisement. That 
recipient is chosen based on a collection rule, 
or on the recipient's possession of a license. 


The receiving appliance is the client computer. 
The -SMS agents on the client computer 
receive, evaluate and take the appropriate 
action based on rules and controls governing 
the package and/or advertisement (i.e. the 
selected digital information). 


Rules and controls are enforced by Agents on 


I 

Exhibit B 
145 


10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


1 by the receiving appliance secure node. 

the client (the secure node) 



1 59. The method of claim 48 wherein 
i saia received selected digital 
1 infonnation is at least in part event 
1 information. 

Event information includes SMS event 
information, including Scheduling Classes . . 

I 63. The method of claim 48 wherein 

said received selected digital 
1 information is at least in part executable 
I software. 

AH SMS packages must include a minimum of 
one program. 

J , 70. The method of claim 48 wherein 
i 2>aiu j ujc2> cuiu vonuojs ax leasi in pan 
govern usage audit record creation. 

A control governs whether a MIF 
(management information file) is sent back to 
the SMS db after installation is done to report 
on the success or failure of the installation. 

1 89. The method of claim 48 wherein 
said receiving appliance is a personal 
computer. 

The primary purpose of SMS is to manage 
software on personal computers throughout the 
Enterprise. 


Exhibit B 
146 " 


1 

2 
. 3 
.4 
5 
6 
7 
8 
•9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 


INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,1 12,181 


18. 


\ method for narrowcasting selected 
ligital information to specified recipients, 
ncluding: 


Infringing products include Windows* 
Media Player and Windows Media-Rights 
Manager . 


This claim pertains to Windows Media 
Player with Individualized DRM Client and 
Windows Media Rights Manager used in 
the context of a nairowcast pay-per-view 
(hear) media distribution service.,' 
simulcast and/or subscription services. 


a) at a receiving appliance, receiving 
elected digital information from a sending 
ppliance remote from the receiving 
ppliance, the receiving appliance having a 
ecure node and being associated with a 
pecified recipient 


Receiving appliance is a user's PC with 
individualized DRM client (secure node). 
Specified recipient is a user using the 
specific individualized DRM client to 
access and render nairowcast pay-per-view 
media, simulcast and/or subscription 
services for which the user acquires a 
license. 


) the digital information having been 
ilected at least in part based on the digital 
lformation's membership in a first class, 
'herein the first class membership was 
etermined at least in part using rights 
lanagement information; and 


The digital information is media that is 
narrpwcast to licensed recipients. These 
narrowcast streams are licensed to users 
who have acquired licenses and whose PCs 
(appliances) support WMPs that have 
individualized DRM clients. This attribute 
is included in the signed WMA file header 
and is used in the process of acquiring 
licenses for access to the media. Media that 
are licensed to the recipient have their 
licenses bound to the recipient's 
Individualization module. 


i) the specified recipient having been 
Jected at least in part based on 
embership in a second class, wherein the 
jcond class membership was determined 
least in part on the basis of information 
irived from the specified recipient's 
eation, use of, or interaction with rights 
anagement information; and 


The recipient is selected for this content 
based on the fact that the recipient is a 
member of the class of recipients who have 
a license for the narrowcast media and 
whose devices support WMP and 
individualized DRM clients. The 
recipient's machine must indicate support 
for individualization in challenges that are 
sent as part of requests for media in this 
narrowcast class. , 


) the specified recipient using the 
ceiving appliance to access the received 
lected digital information in accordance 
ith rules and controls, associated with the 
lecied digital information, the rules and 
►ntrols being enforced by the receiving 
►pliance secure node. • m _ 


Recipient's machine uses WMP and the 
individualized DRM client to access the 
narrowcast media in accordance with all 
rules associated with the media and 
contained in the media license - in 
particular, requirements that 
individualization be supported. _ 


Exhibit B; 

147 


10 

11 


12 


?3 
14 
15 
16 


17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


A 
5 




1 61. The method of claim 48 wherein said 
received selected digital information is at 
1 least in part entertainment information. 

The digital information is Windows Media, 
which encodes audio/visual entertainment 
content 


• 

1 62. The method of claim 61 wherein said 
entertainment information is at least in part 
music information. 

Reads.on najTOwcast Windows Media Files 
that are music or audio/visual. 



J 67. The method of claim 4 8 wherein said 
1 rules and controls at least in part use digital 
certificate information. 

The- license contains a digital certificate 
The DRM client uses the certificate in the 
license to verify this signature and to verify 
that the header has not been tampered with. 


.* *. * 

j .72. The method of claim 4 8. wherein said 
1 rules and controls in part specifying at least 

one clearinghouse acceptable to 
I riehtsholders. 

The signed header contains at least .one 

TTkT tnsit iti/ii f*5it^c if\ f hp in/^rwi/c o 
\JM\JL* UiaX. llJUJLrCllCo IU UJC W JJluUWo 1 VI CXI la 

to be used in acquiring licenses. 



J 75. The method of claim 72 wherein said at 
j least one acceptable clearinghouse is a 
rights and permissions clearinghouse. 

This clearinghouse is a license 
clearinghouse responsible for mapping 
rights and permissions onto requested 
content or narrowcasts and binding them to 
the requesting client environment or user of 
this environment. 



89. The method of claim 48 wherein said 
receiving appliance is a personal computer. 

Windows Media Player and the 
Individualized DRM client run on a 
personal computer. 


2^3482.02 


. -ir 
• i! 

Exhibit b:; 
148 " 


INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,1 12,181 


91 


4. 


5 | A method for securely narrowcasting 

selected digital information to specified 
5 | recipients including: 


7 
8 


Infringing products include Windows 
Media Player and Windows Media Rights. 
Manager 


9 I 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 


20 
21 
22 
23 
24 
25 
26 
27 
28 


293482.02 


(a) receiving selected digital information in 
a secure container at a receiving appliance 
remote from a sending appliance, the 
receiving appliance having a secure node, 
the receiving appliance being associated 
with a receiving entity 


(i) the digital information having 
been selected at least in part based 
on thedigital information's 
membership in a first class, 


(ii) the first class membership 
having been determined at least in 
part using rights management 
information 


I (b) the receiving entity having been 
selected at least in part based on said 
receiving entity's membership in a second 
class, 


(i) the second class membership 
having been determined at least in 
part on the basis of information 
derived from the recipient entity's 
creation, use of, or interaction with 
rights management information 


(c) receiving at the receiving appliance 
1 rules and controls in a secure container. 


(i) the rules and controls having 
been associated with the selected 
digital information; and 


(d) using at the receiving appliance the 
selected digital information in accordance 


This claim pertains to Windows Media 
Player with Individualized.DRM Client and 
Windows Media Rights Manager used in 
the context of a narrowcast simulcast, pay- 
per-view (hear) media distribution service, 
and/or subscription services. The content 
is delivered in a Protected Windows Media 
File. 


Narrowcast content is received in a 
Protected Windows Media File. Receiving 
appliance is user's PC with individualized 
DRM client (secure node). 


The digital information is media that is 
narrowcast to licensed recipients (for 
example, a sold-out concert is narrowcast 
on the Internet to "the class of* licensed (or 
ticketed) viewers). 


These narrowcast streams are licensed to 
users who have acquired licenses and 
whose PCs (appliances) support WMPs 
that have individualized DRM clients. This 
attribute is included in the signed WMA 
file header and is used in the process of 
acquiring licenses for access to the media. 
Media that are licensed to the recipient 
have their licenses bound to the recipient's 
individualization module. 


The recipient is selected for this content 
based on the fact that the recipient is a 
member of the class of recipients who has a 
license for the narrowcast media. 


The recipient class is determined by the 
license bound to the user's device that 
supports WMP and individualized DRM 
clients. The recipient's machine must 
indicate support for individualization in 
challenges that are sent as part of requests 
for media in this narrowcast class. 


Receives a protected Windows Media File 


Receives a license that is bound to the file 
as well as to the specific DRM client 
individualization information. 


Recipient's machine uses WMP and the 
individualized DRM client to access the 


.Exhibft B 
149' 


3 
4 
5 


with the mles and controls, 


(i) the rules and controls being - 
enforced by the receiving appliance 
secure node. 


nafrowcast media in accordance with all 
rules associated with the media and 
contained in the media license - in 
particular, requirements that 
individualization be supp orted 


The WMP and DRM client enforce the ' 
rules embedded in the Protected Windows 
Media File License. 


104. The method of claim 91 wherein said 
received selected digital information 
7 |1 includes entertainment information. 


The digital information is Windows Media, 
which encodes audio/visual entertainment 
content 


8 


10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


! 109. The method of claim 91 wherein said 
I rules and controls at least in part use digital 
certificate information. 


The; license contains a digital certificate. 
The DRM client uses the certificate in the 
license to verify this signature and to verify 
that the header has not been tampered with. 


1 14. The method of claim 91 wherein said 
I rules and controls specify at least one 
clearinghouse acceptable to rightsholders. 


The signed header contains at least oiie 
URL that indicates to the Windows Media 
Rights Manager the license clearinghouse 
to be used in acquiring licenses. 


1117. The method of claim 1 14 wherein said 
| at least one acceptable clearinghouse is a 
rights and permissions clearinghouse. 


This clearinghouse is a license 
clearinghouse responsible for mapping 
rights and permissions onto requested 
content or narrowcasts and binding them to 
the requesting client environment or user of 
this environment. ' 


131. The method of claim 91 wherein said 
receiving appliance is a personal computer. 


Windows Media Player and the 
individualized DRM client run on a 
personal computer. ' 


293482.02 


Exhibit B jj 

150 il 


4 
5 
6 
7 
8 
9 
10 
11 
12 

14 
15 
16 
17 
18 
19 

20 

21 

22 

23 

24 

25 

26 

27 

28 


293482.02 


INTER TR UST TECHNOLOGIES CORP. v. MICROSOFT CORP. 

INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6389,402 



1- 

Products infringing: Microsoft Visual Studio 
.NET, ;NET License Cpmpiler; .NET 
Framework SDK, and .NET Common 
Language Runtime 

A methqd including 

A rnethod for producing a third .NET 
component (application) that incorporates first 
and second .NET component whose 
distribution is license controlled. 

creatine? a first secure container including a 
first governed item and having associated a 
first control; 

The firvt vpmrp cfiYitainpr 19 a flrct ^ion#*H 
.NET component that includes a license 
control. The governed item is the .NET 
component- 

The first control is the set of declarative 
statements comprising the 
LicenseProviderAttribute of a first .NET 
licensed component that provides for a design- 
time license to use the control. This attribute 
also specifies the type of license validation that 
occurs. 

creating a second secure container including a 
second governed item and having associated a 
second control; 

The second secure container is the second 
signed .NET component that includes a license 
control. The governed item is the .NET 
component. 

The second control is the set of declarative 
statements comprising the 
LicenseProviderAttribute of a second .NET 
licensed component that provides for a design- 
time license to use the control. This attribute 
also specifies the type of license validation that 
occurs. 

transferring the first secure container from a 
first location to a second location; 

The creator distributes a signed and licensed 
.NET. component. 

An application developer at a second location 
downloads a first .NET component for 
inclusion into an application. 

transferring the second secure container from a 
1hird location to the second location; 

A creator distributes a signed and licensed 
,NET component from a different location. 

Application developer downloads a second 
.NET component for inclusion into an 
application. 

. Exhibjt B 
151 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 


) 


at the second location, obtaining access to at 
least a portion of the first governed item, the, 
access being governed at least in part by the 
first control; 


At the second location, the application 
developer uses the .NET runtime that includes 
the LicenseManager to access a first governed 
item. . 

Whenever a class (control or component) is 
instantiated (here, an instance of the first .NET 
licensed component), the license manager 
accesses the proper validation mechanism for 
the control or component. 

The first control comprises the declarative 
statement(s) (including licensing statements, 
and code access security statements) of t&e first 
.NET component 


at the second location, obtaining access to at 
least a portion of the second governed item, the 
access being governed at least in part by the 
second control; 


At the second location, the application " 
developer uses the .NET runtime thatincludes" 
the LicenseManager to access a second 
governed item. 

Whenever a class (control or component) is 
instantiated (here, an instance of the second 
.NET licensed component), the license 
manager accesses the proper validation 
mechanism for the control or component. 
The second control comprises the declarative 
statements) (including licensing statements, 
and code access security statements) of the 
second NET component. \ 


it the second location, creating a third secure 
;ontainer including at least a portion of the first 
joveraed item and at least a portion of the 
second governed item and having associated at 
east one control, the creation being governed 
it least in part by the first control and the 
second control. 


At the second location, the application 
developer uses the .NET runtime that includes 
the LicenseManager to access a first governed 
item and second governed item to construct an 
application, the third secure container. 

Creation governance is accomplished by 
invoking the .NET runtime to access the first 
governed item, and the second governed item. 

Whenever a class (control or component) is 
instantiated the license manager accesses the 
proper validation mechanism for the control or 
component. 

The portions of the first governed item and 
second governed item that are being included 
in the third secure container will typically 
include the governed items themselves, ie. the 
.NET components. 

The associated control in this case is the 
LicenseProviderAttribuie, created and inserted 
into the application. : 


Exhibit B 
152