`571-272-7822
`
`Paper 80
`Entered: June 2, 2014
`
`
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`APPLE INC.
`Petitioner
`
`v.
`
`ACHATES REFERENCE PUBLISHING, INC.
`Patent Owner
`____________
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`
`Before HOWARD B. BLANKENSHIP, JUSTIN T. ARBES, and
`GREGG I. ANDERSON, Administrative Patent Judges.
`
`ARBES, Administrative Patent Judge.
`
`
`
`FINAL WRITTEN DECISION
`35 U.S.C. § 318(a) and 37 C.F.R. § 42.73
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`I. BACKGROUND
`
`Petitioner Apple Inc. (“Apple”) filed a Petition (Paper 1) (“Pet.)
`
`seeking inter partes review of claims 1-4 of U.S. Patent No. 5,982,889 (“the
`
`’889 patent”) pursuant to 35 U.S.C. §§ 311-19. On June 3, 2013, we
`
`instituted an inter partes review of claims 1-4 on four grounds of
`
`unpatentability (Paper 21) (“Dec. on Inst.”).
`
`Patent Owner Achates Reference Publishing, Inc. (“Achates”) filed a
`
`Patent Owner Response (Paper 36) (“PO Resp.”), which included a
`
`statement of material facts. Apple filed a Reply (Paper 49) (“Pet. Reply”)
`
`and a response (Paper 50) (“Pet. SOF Resp.”) to the statement of material
`
`facts.
`
`Achates filed a Motion to Exclude (Paper 57) (“Mot. to Exclude”)
`
`certain testimony submitted by Apple in the proceeding. Apple filed an
`
`Opposition to the Motion to Exclude (Paper 61) (“Exclude Opp.”), and
`
`Achates filed a Reply (Paper 62) (“Exclude Reply”).
`
`Apple filed a Motion for Observation (Paper 64) (“Obs.”) on certain
`
`email communications between Achates’ two declarants, Mr. Dmitry Radbel
`
`and Dr. Xin Wang. Achates filed a response (Paper 69) (“Obs. Resp.”).
`
`Achates also filed a Motion to Seal (Paper 68) (“Mot. to Seal”) the email
`
`communications, and Apple filed an opposition (Paper 74) (“Seal Opp.”).
`
`An oral hearing was held on February 26, 2014, and a transcript of the
`
`hearing is included in the record (Paper 79) (“Tr.”).
`
`We have jurisdiction under 35 U.S.C. § 6(c). This final written
`
`decision is issued pursuant to 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73.
`
`
`
`
`2
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`For the reasons that follow, we determine that Apple has shown by a
`
`preponderance of the evidence that claims 1-4 of the ’889 patent are
`
`unpatentable.
`
`
`
`A. The ’889 Patent
`
`The ’889 patent1 relates to “distributing and installing computer
`
`programs and data.” Ex. 1001, col. 1, ll. 6-9. The ’889 patent describes a
`
`need in the art to prevent piracy of information products, such as, for
`
`example, when a user obtains a computer program improperly or when a
`
`user purchases one copy of a program and installs it on multiple computers
`
`without authorization. Id. at col. 1, ll. 12-60. The ’889 patent discloses
`
`methods of “distributing one or more information products together . . .
`
`while reserving to the publisher the ability to control which products are
`
`actually installed on an end-user’s computer.” Id. at col. 1, l. 66-col. 2, l. 4.
`
`
`1 U.S. Patent No. 6,173,403 B1 (“the ’403 patent”), a continuation-in-part of
`U.S. Patent Application No. 08/845,805, which issued as the ’889 patent, is
`the subject of related Case IPR2013-00080.
`
`
`
`
`3
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`Figure 1 of the ’889 patent, reproduced below, depicts the interaction
`
`between a publisher and end-user (e.g., an individual purchasing a piece of
`
`software).
`
`
`
`As shown in Figure 1, in steps 101-102, the publisher creates a set of
`
`information products and other files. Id. at col. 3, ll. 34-40; col. 5, ll. 45-50.
`
`The ’889 patent describes a “plurality of web pages that constitute some of
`
`the legislative, administrative and judicial materials associated with patent
`
`law,” where the web pages include hyperlinks to each other, as an exemplary
`
`information product. Id. at col. 2, l. 64-col. 3, l. 1; col. 4, ll. 9-15. In step
`
`103, the publisher encrypts the information products with a string as the
`
`
`
`
`4
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`encryption key. Id. at col. 8, ll. 36-45. In step 104, the information products
`
`are distributed to the end-user (e.g., on a CD-ROM or electronically over the
`
`Internet) along with an “installer” program that runs on the end-user’s
`
`computer and allows the publisher to “control how and under what
`
`circumstances the information products are installed on the end-user’s
`
`computer.” Id. at col. 2, ll. 39-48; col. 8, l. 65-col. 9, l. 3. The installer
`
`knows the cryptosystem and key for decrypting the information products.
`
`Id. at col. 8, ll. 57-59.
`
`In steps 105-106, the end-user receives the information products and
`
`runs the installer. Id. at col. 9, ll. 4-15. In step 107, the installer checks to
`
`see whether the end-user’s computer has a previously-stored, encrypted
`
`“token” indicating that the publisher granted authorization earlier to install
`
`the information products (e.g., when an end-user has a subscription to
`
`receive multiple products over time). Id. at col. 9, ll. 16-31. In step 108, the
`
`end-user is asked whether he or she wants to subscribe to the information
`
`products. Id. at col. 10, ll. 56-62. If so, in steps 109-110, the end-user
`
`“acquires the installer[’]s cooperation to decrypt and install the respective
`
`information products” by transmitting information to the publisher, receiving
`
`a “launch code” from the publisher in response, and entering the “launch
`
`code” into the installer. Id. at col. 10, l. 63-col. 11, l. 9; Fig. 4. Specifically,
`
`the end-user contacts the publisher (e.g., via telephone or the Internet) and
`
`provides (1) the end-user’s name and address; (2) the end-user’s method of
`
`payment; (3) the name of the requested information products; and (4) a serial
`
`number R generated by the installer. Id. at col. 11, ll. 10-33.
`
`After verifying the payment, the publisher provides to the end-user a
`
`“launch code” comprising “(1) a[n] authentication code; (2) an indication of
`
`
`
`
`5
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`the name of the end-user; (3) a list of the information products to which the
`
`end-user has been granted access; and (4) an indication of when the
`
`authorization for each information product expires,” encrypted using R as
`
`the key. Id. at col. 11, ll. 34-49. The end-user enters the launch code into
`
`the installer, and the installer decrypts the launch code using R as the key to
`
`extract the authentication code contained therein. Id. at col. 11, ll. 47-54.
`
`If the authentication code matches what the installer expects, the launch
`
`code is authentic. Id. at col. 11, ll. 50-65; col. 12, ll. 25-49. The information
`
`products can be installed in step 111 and, if necessary, the encrypted “token”
`
`on the end-user’s computer is updated in step 112 (the “token” contains the
`
`same four pieces of information as the launch code). Id.; col. 9, ll. 40-47.
`
`By generating a new R each time the installer requests a launch code, the
`
`disclosed method “prevent[s] the end-user from using a single launch code
`
`to install the information products on multiple computers.” Id. at col. 11,
`
`l. 66-col. 12, l. 2.
`
`
`
`
`
`
`B. Illustrative Claim
`
`Claim 1 of the ’889 patent is the only independent claim at issue:
`
`1. A method comprising the steps of:
`
`generating a string, R;
`
`encrypting a first authentication code, an indicium of an
`end-user’s identity, an indicium of a first information product,
`and an indicium of a second information product with said
`string, R, as the key to create a launch code;
`
`decrypting said launch code with said string, R, to
`recover said authentication code, said indicium of said
`end-user’s identity, said indicium of said first information
`product and said indicium of said second information product;
`and
`
`6
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`installing said first information product and said second
`information product onto a computer associated with said
`end-user.
`
`
`
`C. Prior Art
`
`The pending grounds of unpatentability in this inter partes review are
`
`based on the following prior art:
`
`1. U.S. Patent No. 5,864,620, filed Apr. 24, 1996, issued
`Jan. 26, 1999 (“Pettitt”) (Ex. 1006);
`
`2. U.S. Patent No. 5,933,497, filed Jan. 29, 1993, issued
`Aug. 3, 1999 (“Beetcher”) (Ex. 1007) (claims priority to U.S.
`Patent Application No. 07/629,295, filed Dec. 14, 1990); and
`
`3. U.S. Patent No. 5,949,876, filed Jan. 8, 1997, issued
`Sept. 7, 1999 (“Ginter”) (Ex. 1005) (claims priority to U.S.
`Patent Application No. 08/388,107, filed Feb. 13, 1995).
`
`
`
`D. Pending Grounds of Unpatentability
`
`This inter partes review involves the following grounds of
`
`unpatentability:
`
`Reference(s)
`
`Basis
`
`Claims
`
`Ginter
`
`35 U.S.C. § 102(e) 1-3
`
`Pettitt and Beetcher
`
`35 U.S.C. § 103(a) 1-4
`
`Beetcher and Ginter
`
`35 U.S.C. § 103(a) 1-42
`
`
`2 As explained below, Apple asserts that claim 4 is unpatentable based on
`the combination of Beetcher and Ginter in two respects: one relying on
`Beetcher as teaching the majority of the claim limitations, and one relying
`on Ginter as teaching the majority of the claim limitations. See infra Section
`II.G.2. A trial was instituted on both bases. See Dec. on Inst. 22-23, 30.
`
`
`
`
`7
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`II. ANALYSIS
`
`A. Claim Interpretation
`
`In the Decision on Institution, we interpreted various claim terms of
`
`the ’889 patent as follows:
`
`Term
`
`Interpretation
`
`“authentication code” (claim 1)
`
`a code for authenticating data
`
`“installing” (claim 1)
`
`placing in a position so as to be
`ready for use
`
`“launch code” (claim 1)
`
`password
`
`“token” (claim 2)
`
`a data structure indicating that
`an end-user’s computer is
`granted access to certain
`information products
`
`Dec. on Inst. 7-11. The parties agree with these interpretations, see PO
`
`Resp. 1, and we incorporate our previous analysis for purposes of this
`
`decision.
`
`
`
`B. Section 315(b)
`
`Achates argues in its Patent Owner Response that Apple’s Petition is
`
`time-barred under 35 U.S.C. § 315(b), which provides that an inter partes
`
`review may not be instituted based on a petition “filed more than 1 year after
`
`the date on which the petitioner, real party in interest, or privy of the
`
`petitioner is served with a complaint alleging infringement of the patent.”
`
`PO Resp. 44-51. Achates contends that QuickOffice, Inc. (“QuickOffice”),
`
`one of Apple’s co-defendants in Achates Reference Publishing, Inc. v.
`
`Symantec Corp., Case No. 2:11-cv-00294-JRG-RSP (E.D. Tex.) (“the
`
`related litigation”), was served with a complaint alleging infringement of the
`
`
`
`
`8
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`’889 patent on June 20, 2011—more than one year before December 14,
`
`2012, the filing date of the Petition in this proceeding. PO Resp. 45, 56.
`
`Achates made a substantially similar argument in its Preliminary Response,
`
`and we concluded that the Petition was not time-barred. See Paper 14 at
`
`6-21; Dec. on Inst. 12-18. We reach the same conclusion now.3
`
`Whether a non-party is a “privy” for purposes of an inter partes
`
`review proceeding is a “highly fact-dependent question” that takes into
`
`account how courts generally have used the term to “describe relationships
`
`and considerations sufficient to justify applying conventional principles of
`
`estoppel and preclusion.” Office Patent Trial Practice Guide, 77 Fed. Reg.
`
`48,756, 48,759 (Aug. 14, 2012) (“Trial Practice Guide”). Whether parties
`
`are in privity depends on whether the relationship between a party and its
`
`alleged privy is “sufficiently close such that both should be bound by the
`
`trial outcome and related estoppels.” Id. Depending on the circumstances,
`
`a number of factors may be relevant to the analysis, including whether the
`
`non-party “exercised or could have exercised control over a party’s
`
`participation in a proceeding” or whether the non-party is responsible for
`
`funding and directing the proceeding. Id. at 48,759-60. We also find
`
`guidance in the Supreme Court’s decision in Taylor v. Sturgell, 553 U.S. 880
`
`(2008), which sets forth the general rule under federal common law that a
`
`person not a party to a lawsuit is not bound by a judgment in that suit,
`
`subject to certain exceptions, including the following:
`
`[N]onparty preclusion may be justified based on a variety of
`pre-existing “substantive legal relationship[s]” between the
`person to be bound and a party to the judgment. Qualifying
`
`
`3 Also, in an earlier Order, we denied Achates’s request for additional
`discovery on the Section 315(b) issue. Paper 17.
`
`
`
`
`9
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`relationships include, but are not limited to, preceding and
`succeeding owners of property, bailee and bailor, and assignee
`and assignor. These exceptions originated “as much from the
`needs of property law as from the values of preclusion by
`judgment.”
`
`553 U.S. at 894 (citations omitted); see Trial Practice Guide at 48,759 (citing
`
`Taylor).
`
`Achates contends that QuickOffice had a pre-existing substantive
`
`legal relationship with Apple and, therefore, is a privy of Apple under
`
`Taylor. PO Resp. 44-51. In support of its position, Achates cites a publicly
`
`available software development kit (SDK) agreement that Apple allegedly
`
`enters into with iPhone application developers like QuickOffice. Id. at
`
`46-47. The SDK agreement includes a clause requiring the developer to
`
`indemnify Apple for third party patent infringement claims:
`
`To the extent permitted by law, You agree to indemnify,
`defend and hold harmless Apple, its directors, officers,
`employees, independent contractors and agents (each an
`“Apple Indemnified Party”) from any and all claims, losses,
`liabilities, damages, expenses and costs (including without
`limitation attorneys
`fees and court costs)
`(collectively
`“Losses”) incurred by an Apple Indemnified Party as a result
`of Your breach of this Agreement, a breach of any certification,
`covenant, representation or warranty made by You in this
`Agreement, any claims that Your Applications violate or
`infringe any third party intellectual property or proprietary
`rights, or otherwise related to or arising from Your use of the
`SDK, Your Application(s) or Your development of
`Applications.
`
`. . .
`
`In no event may You enter into any settlement or like
`agreement with a third party that affects Apple’s rights or binds
`Apple in any way, without the prior written consent of Apple.
`
`
`
`
`10
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`Ex. 2006 § 6 (emphasis added). According to Achates, the fact that
`
`co-defendant QuickOffice would be obligated to indemnify Apple for
`
`infringement claims against the “same accused instrumentality” (i.e., a
`
`QuickOffice application), and would be prevented from settling in the
`
`litigation without Apple’s consent, means that QuickOffice and Apple are in
`
`privity with each other. PO Resp. 44-51. Apple acknowledges that it
`
`entered into “at least one form of an agreement related to app[lication]
`
`development with [QuickOffice],” but does not admit that the agreement
`
`included the indemnification provision cited by Achates. Pet. SOF Resp.
`
`¶¶ 129-30.
`
`
`
`We first note that Achates provides no evidence that QuickOffice had
`
`any role in the filing or funding of the Petition in this proceeding, or that
`
`QuickOffice exercised control or could have exercised control over Apple’s
`
`participation in this proceeding. See Trial Practice Guide, 77 Fed. Reg. at
`
`48,759. Achates’s sole evidence is the indemnification language in the SDK
`
`agreement and the fact that Apple and QuickOffice were co-defendants.
`
`Even assuming that the specific indemnification provision of the SDK
`
`agreement applies to QuickOffice (and Achates has not shown that it does),
`
`we are not persuaded that the provision is indicative of QuickOffice being a
`
`privy of Apple. The agreement does not give the developer the right to
`
`intervene or control Apple’s defense to any charge of patent infringement,
`
`nor has Achates argued that to be the case for QuickOffice in the related
`
`litigation. Notably, indemnification is not one of the “substantive legal
`
`relationships” cited in Taylor (e.g., assignee-assignor), and is significantly
`
`different from those relationships, which involve successive interests in the
`
`same property.
`
`
`
`
`11
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`Further, as Apple points out, Achates’s actions in the related litigation
`
`refute its allegations of privity. See Pet. Reply 14. Achates accuses Apple
`
`of infringing the ’889 patent based on Apple’s own actions as well as those
`
`of QuickOffice, and likewise accused QuickOffice of infringement based on
`
`activities relating to the Apple App Store as well as other systems (e.g., the
`
`Amazon Appstore for Android). See Ex. 1037 ¶¶ 51-52; Ex. 1038 at 84-90.
`
`Achates also is continuing to assert the ’889 patent against Apple in the
`
`related litigation even after settling with the co-defendant application
`
`developers, including QuickOffice. See PO Resp. 57. Thus, at least
`
`according to Achates, there is a distinct basis for liability against Apple,
`
`different from that against the developers. As such, it does not appear that
`
`Apple would be estopped by any judgment against the developers. For
`
`instance, even if a judgment were obtained against one or more of the
`
`developers, Apple would still be exposed to an adverse judgment based on
`
`its own actions and would assert its own defenses independent of the
`
`developers. This further indicates that the relationship between Apple and
`
`the developers, such as QuickOffice, is not of the type that would make the
`
`developers privies of Apple.
`
`We are not persuaded that the Petition is time-barred under Section
`
`315(b) on the basis that QuickOffice is a privy of Apple.
`
`
`
`C. Credibility of Mr. Schneier
`
`As an initial matter, Achates in its Patent Owner Response challenges
`
`the credibility of Apple’s declarant, Bruce Schneier. PO Resp. 51-55.
`
`Mr. Schneier provided testimony regarding the ’889 patent and the prior art
`
`
`
`
`12
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`in a declaration submitted with Apple’s Petition. Ex. 1003.4 Achates argues
`
`that Mr. Schneier is not credible for two reasons. First, Mr. Schneier billed
`
`Apple for less than 45 hours of work, which is “nowhere near enough time
`
`to read and analyze all of the references cited in his declarations at the level
`
`of diligence that this proceeding requires,” according to Achates. PO Resp.
`
`51-53. For instance, Achates points to the size of Ginter (324 pages) and the
`
`declarations themselves (931 numbered paragraphs) to argue that Mr.
`
`Schneier “could not have performed his obligation to this matter
`
`conscientiously in the time spent.” Id. Achates’s estimate of 45 hours,
`
`however, is based on an estimate from Mr. Schneier as to the total amount
`
`Mr. Schneier billed to Apple. Ex. 1045 at 63:15-24; see PO Resp. 52.
`
`Achates does not point to any statement from Mr. Schneier regarding the
`
`number of hours he actually spent reviewing the prior art and performing the
`
`analysis in his declaration. Mr. Schneier testified that he read the prior art
`
`references at issue (Ginter, Pettitt, and Beetcher) multiple times and fully
`
`understood them. Ex. 1045 at 76:16-22, 77:21-78:5. Moreover, Achates’s
`
`contention is not that Mr. Schneier lacks knowledge of the prior art or did
`
`not in fact perform the analysis in his declaration—just that Mr. Schneier did
`
`not spend sufficient time on the matter. We decline Achates’s invitation to
`
`give Mr. Schneier’s testimony less weight on that basis.
`
`
`4 Apple submitted its Petition, and Exhibits 1003 and 1041 (declarations
`from Mr. Schneier regarding the ’889 patent and related ’403 patent), on
`December 14, 2012. In response to an instruction from Board administrative
`staff that documents should be in portrait rather than landscape orientation,
`Apple submitted revised copies on December 17, 2012, also numbered as
`Exhibits 1003 and 1041. See Paper 5. To ensure the clarity of the record,
`the original versions filed on December 14, 2012 will be expunged.
`
`
`
`
`13
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`Second, Achates argues that Mr. Schneier has “hostility towards the
`
`patent system” and is a member of the Electronic Frontier Foundation (EFF),
`
`which shows a “level[] of bias that should be more than sufficient to raise
`
`concerns about his qualifications to serve as an unbiased technology expert.”
`
`PO Resp. 53-55 (citing a book co-authored by Mr. Schneier, Ex. 2016, and
`
`various EFF web pages, Exs. 2017-2020). We have reviewed Mr.
`
`Schneier’s curriculum vitae (Exhibit 1004) and find that he is well qualified
`
`to testify regarding the matters addressed in his declaration (Exhibit 1003).
`
`Indeed, Achates’s declarant, Mr. Radbel, testified that Mr. Schneier is a “top
`
`cryptologist” and has a “great reputation as a cryptologist.” Ex. 2032 at
`
`167:9-25. As explained herein, we find Mr. Schneier’s testimony persuasive
`
`and give it substantial weight. We do not give it less weight based on a
`
`purported bias against patents in general.
`
`
`
`D. Level of Ordinary Skill in the Art
`
`In its Petition, Apple contends that a person of ordinary skill in the art
`
`at the time when the application that issued as the ’889 patent was filed
`
`(April 1997) would have had “extensive familiarity with cryptographic
`
`techniques published in the literature and known in the field,” and “would
`
`have gained this level of familiarity through graduate level studies in
`
`mathematics, engineering or computer science, or through work experience
`
`in academia (either as a professor or a graduate student), for a technology
`
`company or for a government,” relying on the testimony of Mr. Schneier.
`
`Pet. 4 (citing Ex. 1003 ¶¶ 36-38). Achates does not dispute this argument in
`
`
`
`
`14
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`its Patent Owner Response.5 Mr. Radbel, however, concludes that a person
`
`of ordinary skill in the art would have had “the ability to select and make use
`
`of well-known cryptographic techniques at a high level,” but not
`
`“comprehensive knowledge of cryptography, including Mr. Schneier’s book
`
`on the subject.” Ex. 2013 ¶¶ 17, 19. Mr. Radbel further testifies that a
`
`person of ordinary skill in the art would have had “an undergraduate degree
`
`in engineering or computer science plus two years of experience in software
`
`engineering,” but not necessarily “graduate level training.” Id. Dr. Wang
`
`agrees with Mr. Radbel’s assessment of the level of ordinary skill. Ex. 2014
`
`¶ 8.
`
`The parties’ declarants appear to agree that the person of ordinary
`
`skill in the art would have been familiar with the basic cryptographic
`
`techniques of the time, but dispute the depth of that knowledge. A skilled
`
`artisan would have been aware of basic cryptographic techniques and also
`
`the predominant literature on cryptography of the time. See In re GPAC
`
`Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995) (“The person of ordinary skill in
`
`the art is a hypothetical person who is presumed to know the relevant prior
`
`art.”). As to that person’s level of education or equivalent experience, we
`
`are persuaded that Mr. Radbel understates the appropriate level of skill. The
`
`’889 patent describes various problems with software piracy and various
`
`technical solutions to such problems. Ex. 1001, col. 1, ll. 12-60. It also
`
`
`5 Achates argued in its Preliminary Response that “the proper level of
`skill should be a person with at least five years of experience and[/]or
`academic training in professional software development having experience
`with client-server software and operating systems, and at least a basic
`working knowledge of computer security and cryptography.” Paper 14
`at 23.
`
`
`
`
`15
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`assumes a fairly deep knowledge of encryption, decryption, and the use of
`
`keys for performing those functions. See id. at col. 8, l. 35-col. 12, l. 49.
`
`Contrary to Mr. Radbel’s assertion that a person of ordinary skill only would
`
`have needed a “high level” knowledge of cryptographic techniques,
`
`sufficient, for example, to call software routines “without necessarily
`
`understanding how such routines work,” see Ex. 2013 ¶ 17, a skilled artisan
`
`would need some knowledge of how the cryptographic techniques work to
`
`choose the appropriate techniques and properly use them. We also take into
`
`account the sophistication of the technology at the time, as exemplified by
`
`the prior art references of record and Mr. Schneier’s book from 1996
`
`(Exhibit 1024). Based on all of the evidence, we conclude that a person of
`
`ordinary skill in the art at the time of the ’889 patent would have been
`
`familiar with the basic cryptographic techniques and literature of the time,
`
`and would have had some graduate-level or equivalent experience working
`
`with such techniques.
`
`
`
`E. Ground Based on Ginter
`
`With respect to the alleged ground of unpatentability based on Ginter,
`
`we have reviewed Apple’s Petition, Achates’s Patent Owner Response, and
`
`Apple’s Reply, as well as the evidence discussed in each of those papers.
`
`We are persuaded, by a preponderance of the evidence, that claims 1-3 are
`
`anticipated by Ginter under 35 U.S.C. § 102(e).
`
`
`
`1. Ginter
`
`Ginter discloses computer systems providing a “distributed virtual
`
`distribution environment (VDE)” that “help[s] to ensure that information is
`
`
`
`
`16
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`accessed and used only in authorized ways.” Ex. 1005, Abstract. Electronic
`
`content is stored in “objects” (also called “containers”) for distribution to
`
`users, and access to the content is regulated via a permissions record (PERC)
`
`associated with the content and provided to the user (separately or with the
`
`object). Id. at col. 13, l. 46-col. 14, l. 20; col. 58, l. 61-col. 59, l. 11; Fig.
`
`5A; col. 147, ll. 33-59 (“no end user may use or access a VDE object unless
`
`a permissions record 808 has been delivered to the end user”). PERC 808
`
`“specifies the rights associated with the object 300 such as, for example,
`
`who can open the container 302, who can use the object’s contents, who can
`
`distribute the object, and what other control mechanisms must be active.”
`
`Id. at col. 58, l. 67-col. 59, l. 5. “For example, permissions record 808 may
`
`specify a user’s rights to use, distribute and/or administer the container 302
`
`and its content.” Id. at col. 59, ll. 5-7. For certain types of objects, the
`
`PERC is encrypted along with the object using a symmetric key and later
`
`decrypted on the user’s machine. Id. at col. 199, ll. 1-6; col. 129, ll. 50-54;
`
`col. 133, ll. 50-53; col. 208, l. 65-col. 209, l. 20. Ginter discloses that the
`
`PERC can contain an “Object ID” that identifies the VDE object, as well as
`
`multiple “key blocks” that store decryption keys utilized to access content in
`
`“data blocks” within the object. Id. at col. 127, l. 45-col. 128, l. 2; col. 151,
`
`ll. 9-35; Fig. 26A. Ginter also discloses the use of a “validation tag” for
`
`“confirming the identity and correctness of received, VDE protected,
`
`information,” and a “digital signature” to be verified against an expected
`
`digital signature. Id. at col. 12, ll. 27-33; col. 151, ll. 9-35; col. 215, ll. 7-63.
`
`
`
`
`
`
`17
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`
`2. Claims 1-3 are Anticipated by Ginter
`
`Ginter discloses generating a “string, R” (the symmetric key),
`
`encrypting an “indicium of an end-user’s identity” (the PERC specifying
`
`“who” can open the container, use the object’s contents, etc.) and an
`
`indicium of a first “information product” (the Object ID or key block) to
`
`create the PERC, decrypting the PERC, and installing the first information
`
`product onto the end-user’s computer, as recited in claim 1. See Pet. 24-30;
`
`Ex. 1003 ¶¶ 121-75.
`
`Achates does not argue these limitations, but makes three arguments
`
`regarding the remaining limitations of claim 1. First, Achates argues that
`
`Ginter does not disclose “decrypting said launch code . . . to recover said
`
`authentication code,” as recited in claim 1. PO Resp. 4-9. Achates contends
`
`that the first item in Ginter identified by Apple as an “authentication code”
`
`(the digital signature) is not contained in the PERC and, therefore, the PERC
`
`cannot be decrypted to recover it, and the second item identified by Apple
`
`(the validation tag) is not an “authentication code.” Id. at 5-9; see Pet.
`
`25-26; Ex. 1003 ¶ 141. Ginter expressly discloses a PERC including a
`
`digital signature. Ex. 1005, col. 12, ll. 27-33. Figure 75D depicts user rights
`
`table (URT) 3160 as including a digital signature, and Ginter states that URT
`
`3160 “may itself be a PERC 808.” Id. at col. 248, ll. 36-38, Fig. 75D. Thus,
`
`Achates’s factual assertion that the PERC in Ginter lacks a digital signature
`
`is not correct. See Tr. 47:24-48:5 (acknowledging the description of Figure
`
`75D in Ginter). Mr. Radbel also acknowledged that the PERC could have a
`
`
`
`
`18
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`digital signature in the “particular construct” shown in Figure 75D. Ex.
`
`2032 at 279:14-18.6
`
`Second, Achates contends that the PERC in Ginter is not a “launch
`
`code” comprising indicia of multiple “information product[s],” as recited in
`
`claim 1. PO Resp. 9-15 (citing Ex. 2013 ¶¶ 55-64). Apple’s position is that
`
`the Object ID and key blocks in the PERC both satisfy the “indici[a]”
`
`limitations of claim 1. Pet. 25-26. As to the Object ID, Achates contends
`
`that (1) Object ID field 940 in Ginter is a single field that identifies the VDE
`
`object and, therefore, cannot be both an indicium of a first information
`
`product and an indicium of a second information product, (2) Object ID field
`
`940 identifies the “totality” of elements in the VDE object container, not
`
`“just” information content 304, and (3) Object ID field 940 has the same
`
`datum regardless of whether the container’s content is changed or deleted,
`
`which shows that Object ID field 940 is not an “indicium” of a particular
`
`information product. PO Resp. 9-13. As to the key blocks, Achates argues
`
`that (1) the VDE accesses the datum in the key block to use as a key to
`
`decrypt the corresponding data blocks, not “as a pointer to—or indicium
`
`of—the data block,” and (2) Ginter permits two key blocks to have the same
`
`key, which shows that the key block is not an “indicium” of a particular
`
`information product. Id. at 13-15.
`
`Achates’s arguments are not persuasive, as they are based on two
`
`incorrect premises. See Pet. Reply 3-4. The first incorrect premise is that an
`
`“indicium” of an information product can only identify content within a file
`
`
`6 Because we agree with Apple as to the PERC in Ginter having a digital
`signature, we need not determine whether the validation tag also is an
`“authentication code.”
`
`
`
`
`19
`
`
`
`
`
`Case IPR2013-00081
`Patent 5,982,889
`
`and must uniquely identify only one information product. See id. There is
`
`no prohibition in claim 1 on the indicium indicating other things, and the
`
`indicium need not be a “pointer.” See Ex. 2032 at 304:18-305:2 (Mr. Radbel
`
`stating that he does not “consider indicium to be a pointer”). The only
`
`requirement is that it be an “indicium,” or “indication,” of an information
`
`product. Mr. Radbel acknowledged that the Object ID in Ginter is used to
`
`find the correct content, Ex. 2031 at 45:12-17, and the key blocks are
`
`associated with and used to access the data in the correct data block, Ex.
`
`1005 at 127:45-128:2. Achates’s second incorrect premise is that each
`
`information product must have a unique indicium. Again, claim 1 does not
`
`require that the particular content of the “indici[a]” be different from each
`
`other. We are persuaded by Mr. Schneier’s testimony that the key blocks
`
`and Object ID in Ginter are “indici[a]” of information products. See Pet. 25;
`
`Ex. 1003 ¶¶ 146-51, 168.
`
`Third, Achates is incorrect in its assertion that Apple’s analysis is
`
`based on “di