UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`AMAZON.COM, INC., AMAZON DIGITAL SERVICES, INC., AMAZON
`FULFILLMENT SERVICES, INC., HULU, LLC, and NETFLIX, INC.,
`Petitioners
`v.
`UNILOC LUXEMBOURG, S.A.,
`Patent Owner
`
`Case IPR2017-00948
`Patent No. 8,566,960
`
`SUPPLEMENTAL DECLARATION OF
`DR. AVIEL RUBIN IN SUPPORT OF PETITIONERS'
`OPPOSITION OF PATENT OWNER'S CONTINGENT
`MOTION TO AMEND
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 1
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`AMAZON.COM, INC., AMAZON DIGITAL SERVICES, INC., AMAZON
`FULFILLMENT SERVICES, INC., HULU, LLC, and NETFLIX, INC.,
`Petitioners
`v.
`UNILOC LUXEMBOURG, S.A.,
`Patent Owner
`
`Case IPR2017-00948
`Patent No. 8,566,960
`
`SUPPLEMENTAL DECLARATION OF
`DR. AVIEL RUBIN IN SUPPORT OF PETITIONERS'
`OPPOSITION OF PATENT OWNER'S CONTINGENT
`MOTION TO AMEND
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 1
`
`
`
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`1. My name is Dr. Aviel Rubin.
`
`2.
`
`I have been engaged by Petitioners Amazon.com, Inc., Amazon Digi-
`
`tal Services, Inc., Amazon Fulfillment Services, Inc., Hulu, LLC, and Netflix, Inc.
`
`to investigate and opine on certain issues relating to U.S. Patent No. 8,566,960 (Ex.
`
`5
`
`1001) (“the ’960 Patent”) in connection with IPR2017-00948.
`
`3.
`
`I possess the knowledge, skills, experience, training, and education to
`
`form an expert opinion in this matter. Ex. 1030 is a copy of my curriculum vitae.
`
`This declaration supplements my previous declaration in this matter, dated Febru-
`
`ary 17, 2017 (Ex. 1002), and incorporates the information and opinions presented
`
`10
`
`in my earlier declaration.
`
`4.
`
`I understand that Patent Owner, Uniloc Luxembourg, S.A. (“Uniloc”),
`
`has filed a Contingent Motion to Amend Claims 1, 22, and 25 of U.S. Patent No.
`
`8,566,960 in IPR2017-00948 (Paper 17) (the “Motion to Amend”). I understand
`
`that the Motion to Amend includes proposed substitute claims 26-28, which pur-
`
`15
`
`port to amend original claims 1, 22, and 25 of the ʼ960 patent, respectively. I have
`
`reviewed the Motion to Amend, including the proposed substitute claims.
`
`5.
`
`In forming my opinions, I have studied and relied on the information
`
`and evidence identified in my previous declaration, as well as the additional infor-
`
`mation and evidence identified in this declaration, including U.S. Patent 7,752,139
`
`20
`
`(“Hu”) (Ex. 1026), U.S. Patent 5,490,216 (“the ʼ216 patent”) (Ex. 1010), U.S. Pa-
`
`2
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 2
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`tent 8,234,302 (“Goodwin”) (Ex. 1032), International Patent Publication No.
`
`WO2007/046706 A1 (“Birdstep”) (Ex. 1033), the ’960 Patent (Ex. 1001), and the
`
`Motion to Amend.
`
`6.
`
`I have also considered U.S. Provisional Patent Application No.
`
`5
`
`60/988,778 (Ex. 2005) and U.S. Patent Application No. 12/272,570 (Ex. 2004),
`
`which I understand are the applications that became the ʼ960 patent.
`
`7.
`
`This declaration is based on the information currently available to me.
`
`To the extent that additional information becomes available, I reserve the right to
`
`continue my investigation and study, which may include a review of documents
`
`10
`
`and information that may be produced, as well as testimony from depositions that
`
`may not yet be taken.
`
`8.
`
`I have formulated my opinions from the perspective of a person of or-
`
`dinary skill in the art (“POSITA”) at the time of the earliest possible priority date
`
`of the claims (in November 2007). As in my earlier declaration submitted in this
`
`15
`
`matter, it remains my opinion that POSITA would have possessed a bachelor’s de-
`
`gree in computer science and/or electrical engineering or comparable experience,
`
`plus at least two years of experience using DRM, cryptography, and content distri-
`
`bution or related software technology. (Ex. 1002, ¶¶ 33-38.)
`
`3
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 3
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`I.
`
`The Substitute Claims.
`
`9.
`
`I have reviewed proposed substitute claims 26-28 in Appendix A of
`
`the Motion to Amend.
`
`10.
`
`I understand that that the underlined text in substitute claims 26-28
`
`5
`
`represents claim language that Uniloc proposes to add to original claims 1, 22, and
`
`25, respectively, and that the text surrounded by double brackets in substitute
`
`claims 26-28 represents claim language that Uniloc proposes to delete from origi-
`
`nal claims 1, 22, and 25, respectively.
`
`11.
`
`I understand that substitute claim 26 is proposed to replace original
`
`10
`
`claim 1 as follows (Motion to Amend, Appx. A, at vii-viii):
`
`
`
`4
`
`
`
`
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 4
`
`
`
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`
`
`
`
`12.
`
`I understand that substitute claim 27 is proposed to replace original
`
`5
`
`claim 22 as follows (Motion to Amend, Appx. A, at viii-ix):
`
`
`
`5
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 5
`
`
`
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`
`
`13.
`
`I understand that substitute claim 28 is proposed to replace original
`
`claim 25 as follows (Motion to Amend, Appx. A, at ix-xi):
`
`6
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 6
`
`
`
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`
`
`
`
`7
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 7
`
`
`
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`
`
`II. The Substitute Claims Use Conventional, Generic Hardware to Imple-
`ment Licensing Restrictions.
`
`5
`
`14. Proposed substitute claims 26-28 do not recite or require any specific
`
`computer technology. For the reasons explained below, the substitute claims de-
`
`scribe generalized, non-technical operations and include only generic computer
`
`technology that would have been considered conventional by a POSITA in No-
`
`vember 2007.
`
`10
`
`15. Substitute claim 26 claims a system for adjusting a license for a digital
`
`product over time. The only computer hardware recited in claim 26 is a series of
`
`generic “modules” for carrying out fundamental computing functions that would
`
`have been well-known to a POSITA, such as a “communication module,” a “pro-
`
`cessor module,” and a “memory module.” Claim 26 does not specify any particu-
`
`15
`
`lar type of communication hardware, processor, or memory. Similarly, the specifi-
`
`8
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 8
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`cation describes the modules in generic terms (Ex. 2004 at 3:5-4:9, 11:14-13:6)
`
`and states that a “module” lacks specificity and may refer to any hardware, soft-
`
`ware, or combination of the two (Ex. 2004 at 16:29-31, 17:19-29).
`
`16. Substitute claim 27 claims a method for adjusting a license for a digi-
`
`5
`
`tal product over time and does not recite any computer hardware or specific com-
`
`puter technology used to carry out the claimed method.
`
`17. The steps of substitute claim 27 could be performed by a human men-
`
`tally or using a pen and paper, for example, with manual bookkeeping procedures
`
`and simple calculations. A person could use a notebook and pen to maintain rec-
`
`10
`
`ords of license data, allowed copy counts, and devices authorized to use certain
`
`software, review those records upon receiving a request to add another device
`
`(such as a written or oral request), compare license and device records to license
`
`and device identity data included in the request, and allow access for a previously
`
`recorded device or adjust the allowed copy count, compare the device count with
`
`15
`
`the maximum number of permitted devices, and then grant or deny authorization
`
`accordingly. None of those steps would necessarily require hardware implementa-
`
`tion or any specific computer technology.
`
`18. Substitute claim 28 recites a computer program product for adjusting a
`
`license for a digital product over time. The only computer hardware recited in
`
`20
`
`claim 28 is a generic “non-transitory computer-readable medium” and a generic
`
`9
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 9
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`“computer” for executing various generic pieces of code. Those generic compo-
`
`nents would have been well known to a POSITA by November 2007.
`
`19. The computer technology identified in the substitute claims is limited
`
`to basic, well-known, and generic hardware or software such as “a communication
`
`5
`
`module,” “a processor module,” “a memory module,” a “computer-readable medi-
`
`um,” “a computer,” and “a computer program product” or computer “code.” None
`
`of those items would have been considered inventive or new by a POSITA. In-
`
`stead, all of the claimed limitations in the substitute claims individually or collec-
`
`tively would have implied the use of generic computer technology well known to a
`
`10
`
`POSITA.
`
`20. Substitute claims 26-28 also recite using a “device identity” to identi-
`
`fy the generic device requesting authorization to use a licensed digital product.
`
`Specifically, each claim recites “a device identity generated at the given device at
`
`least in part by sampling physical parameters of the given device.” (Motion to
`
`15
`
`Amend, Appx. A at vii-x.) Identifying a device using a device identity generated
`
`at least in part by sampling physical parameters of the device was well known by
`
`November 2007 (the earliest possible priority date for the ʼ960 patent) and would
`
`have been considered conventional by a POSITA at that time.
`
`21. For example, U.S. Patent 5,490,216 (“the ʼ216 patent”) (Ex. 1010) is-
`
`20
`
`sued on February 6, 1996, more than ten years before the earliest possible priority
`
`10
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 10
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`date for the ʼ960 patent. The ʼ216 patent is cited in, and incorporated by reference
`
`into, the specification of the ʼ960 patent. (Ex. 1001, ʼ960 patent at 4:45-48.) The
`
`ʼ216 patent is also cited in the specifications of both applications underlying the
`
`ʼ960 patent. (Ex. 2004 at 6:26-30; Ex. 2005 at 1:11-15, 2:49.) The ʼ216 patent is
`
`5
`
`prior art to the ʼ960 patent.
`
`22. The prior art ʼ216 patent discloses a DRM system that includes using
`
`physical parameters of a device to create a device identity to allow the DRM sys-
`
`tem to identify devices requesting access to a digital product. The ʼ216 patent dis-
`
`closed generating a unique ID based in part upon “system information” that identi-
`
`10
`
`fies the hardware of the user device platform. Such system information included
`
`CPU number, firmware parameters, the amount of system memory, or the type of
`
`processor. (Ex. 1010 at 12:12-19.)
`
`23.
`
`In addition to referencing the ʼ216 patent, the specification of the ʼ960
`
`patent lists numerous other well-known, conventional means for device identifica-
`
`15
`
`tion that could be used interchangeably in the substitute claims. (Ex. 1001 at 4:42-
`
`50, 9:20-10:67; Ex. 2004 at 14:1-16:21.) A POSITA would not have considered
`
`the use of such well-known physical parameters of a computer or other device for
`
`the conventional purpose of device identification to be inventive because the use of
`
`a device’s physical characteristics to create a device identity used to keep track of
`
`20
`
`device authorizations was not novel in November 2007. It was well known in sys-
`
`11
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 11
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`tems for setting and enforcing user device limits, as was the concept of using a de-
`
`vice’s physical parameters to create a device identity.
`
`24. Numerous other prior art references disclosed the use of physical pa-
`
`rameters to generate a device ID. For example, other publicly known systems veri-
`
`5
`
`fied a request based, in part, upon hardware information such as the user device’s
`
`microprocessor serial number (Ex. 1004 (Staruiala) at 8; Ex. 1027 (Cohen) at
`
`¶ [0079]), Media Access Control (“MAC”) address (Ex. 1004 (Staruiala) at 8; Ex.
`
`1019 (Singer) at ¶ [0078]), or “unique computer serial number that is specific only
`
`to that computer” (Ex. 1028 (Ferrante) at 1:51-57).
`
`10
`
`25. Substitute claims 26-28 also specify that a request for authorization to
`
`use the digital product on a device includes (1) license data associated with the dig-
`
`ital product, and (2) a device identity generated at least in part by sampling physi-
`
`cal parameters of the device. A POSITA would not have considered communi-
`
`cating license data and a device identity together, rather than sequentially in sepa-
`
`15
`
`rate communications, to be novel or inventive because DRM systems including
`
`such combined communications were known in the field. Hu provides one such
`
`example. (Ex. 1026 at 6:15-39, Fig. 2 step 2-3.) Other examples include Goodwin
`
`(Ex. 1032 at 5:1-10, 6:9-27) and Birdstep (Ex. 1033 at 6, 13).
`
`26. Additionally, taking two pieces of data communicated separately in a
`
`20
`
`prior art reference and placing both of those pieces of data together in a single
`
`12
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 12
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`communication is not novel nor inventive, absent some specific problem that need-
`
`ed to be overcome in communicating the pieces of information together. Here,
`
`there were no issues that would have precluded communicating license data and a
`
`device identity in a single communication in November 2007, and the ’960 patent
`
`5
`
`does not identify any such issues nor any special steps that would need to be taken
`
`to communicate those two pieces of data together. Therefore, combining them into
`
`a single communication would have been considered simple and routine by a
`
`POSITA.
`
`III. Substitute Claims 26-28 Would Have Been Obvious to a POSITA.
`
`10
`
`27.
`
`In my opinion, substitute claims 26-28 would have been obvious to a
`
`POSITA in view of DeMello and Hu. Substitute claims 26-28 make five primary
`
`changes to the original independent claims addressed in my first declaration.
`
`These changes are: (1) the substitute claims recite that the authorization request re-
`
`ceived from the device includes both “license data” and “a device identity”; (2) the
`
`15
`
`substitute claims specify that the device identity is generated at the device; (3) the
`
`substitute claims remove claim language reciting that license data verification be
`
`based at least in part on the device identity; (4) the substitute claims specify deter-
`
`mining whether the device is on a record in response to (i.e., after) verifying li-
`
`cense data; and (5) the substitute claims recite temporarily adjusting the allowed
`
`20
`
`copy count from its current number to a different number. It is my opinion that the
`
`13
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 13
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`substitute claims bearing those changes would have been obvious to a POSITA in
`
`the 2007 time frame, at least in part for the reasons discussed below.
`
`A.
`
`The Prior Art
`
`28. DeMello (Ex. 1003) issued on May 16, 2006, more than a year before
`
`5
`
`the earliest possible priority date for the ʼ960 patent. I understand that DeMello is
`
`prior art to the ʼ960 patent.
`
`29. A detailed description of DeMello is contained in my previous decla-
`
`ration. Below, I further discuss some of the specific disclosures in DeMello that
`
`are relevant to the amended claim limitations. DeMello discloses a DRM system
`
`10
`
`that uses a unique hardware ID to uniquely identify a device requesting access to a
`
`digital product. (Ex. 1003 at 22:44-51.) The hardware ID is derived from physical
`
`parameters (hardware components) that uniquely identify the device. (Ex. 1003 at
`
`22:44-51.)
`
`30. DeMello discloses that the activation server in the DRM system stores
`
`15
`
`a “machine ID” in a database. (Ex. 1003 at Fig. 8 (step 186), 14:23-29.) In some
`
`embodiments, DeMello discloses that the machine ID that is stored is generated
`
`from the hardware ID. (Ex. 1003 at 13:62-66.) DeMello does not specify how to
`
`compute the machine ID from a hardware ID, but a POSITA would have under-
`
`stood that a one-way function (such as a cryptographic hash function or a cyclic
`
`20
`
`redundancy check function) could be used given that the device must provide the
`
`14
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 14
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`hardware ID in an authorization request and that is then compared to a machine ID
`
`in a server database and the machine ID therefore should be easily producible from
`
`the hardware ID input. (Ex. 1003 at 22:44-53; Fig. 8, (steps 156-164).) As a
`
`POSITA would have known, such one-way functions can be used to add user pri-
`
`5
`
`vacy protection by inhibiting unauthorized authentication attempts that could occur
`
`if an attacker acquired the original hardware_id from the server database.
`
`31.
`
`In other embodiments DeMello uses the two ID terms, hardware ID
`
`and machine ID, interchangeably. (See, e.g,. Ex. 1003 at 30:9-11 (“The Us-
`
`ersDevices is a list of all Hardware IDs (i.e., Machine IDs) . . . .”).) Therefore, a
`
`10
`
`POSITA would have understood that a hardware ID generated on the user device
`
`can be used and stored as the machine ID on the server.
`
`32. Other references similarly disclosed generating on the client device
`
`the device ID that is stored in the DRM system.
`
`33. For example, Hu (Ex. 1026) is entitled “Method and System for Man-
`
`15
`
`aging Software Licenses and Reducing Unauthorized Use of Software.” Hu issued
`
`on July 6, 2010, from an application filed on December 27, 2005. I understand that
`
`Hu is prior art to the ʼ960 patent.
`
`34. Hu discloses a DRM system for managing software licenses. In Hu’s
`
`system, a user creates a user account on a server, and the user’s account infor-
`
`20
`
`mation is associated with a software license. (Ex. 2026 at 6:10-31.) The user ac-
`
`15
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 15
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`count is also associated with user account authentication information to authenti-
`
`cate the user. (Ex. 1026 at 6:18-31.) The account authentication information con-
`
`veys to the server whether the requesting user is licensed to use the software, so the
`
`account authentication information constitutes license data associated with the
`
`5
`
`software.
`
`35.
`
`In Hu’s system, when the user requests authorization to run licensed
`
`software on a device—such as a computer—the device sends account authentica-
`
`tion information to the server together with a “computer_id.” (Ex. 1026 at 6:31-
`
`39.) The computer_id is generated at the computer at least in part by sampling
`
`10
`
`physical parameters of the device, i.e., using “information that uniquely identifies
`
`the computer,” including physical parameters like a MAC address or “a basket of
`
`hardware identifiers such as motherboard and hard drive serial numbers.” (Ex.
`
`1026 at 6:31-39.) Those are all parameters assigned by the manufacturer and
`
`stored in the computer’s hardware that can uniquely identify a computer.
`
`15
`
`36. The system then determines whether to authorize the computer to use
`
`the licensed software based on the license and device information in the request.
`
`(Ex. 1026 at 6:55-7:10.) Upon receiving the combined communication that in-
`
`cludes the license-associated user account information and the device-identifying
`
`computer_id from the user’s computer, the server authenticates the user by the user
`
`20
`
`account information and determines whether to enable or disable the software
`
`16
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 16
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`based on the computer_id and the license terms, including the number of comput-
`
`ers that can be authorized under the license. (Ex. 1026 at 6:21-39, 6:55-7:10.)
`
`37. Hu also suggests optionally using a one-way function on the comput-
`
`er_id to protect user privacy. Specifically, Hu discloses that the hardware-derived
`
`5
`
`computer_id “may be run through a one-way transformation algorithm such as a
`
`CRC32 so that the vendor would not be able to reverse-engineer the computer’s
`
`hardware identity from the stored computer_ids.” (Ex. 1026 at 6:39-43.) A POSI-
`
`TA would have known that a CRC32 is a one-way error-detection function.
`
`38. The optional use of a one-way CRC32 function as disclosed in Hu is
`
`10
`
`similar to the optional use of a one-way function to create a machine ID indicated
`
`in DeMello. In each case, a POSITA would have known that a one-way function
`
`could be added to enhance user privacy protection, but a POSITA would not have
`
`considered the use of a one-way function to be necessary for the DRM authentica-
`
`tion process or to be a significant change in the disclosed authentication schemes.
`
`15
`
`Further, a POSITA would have known that such one-way functions could have
`
`been applied to the hardware ID on the device before sending it to the activation
`
`server because the output of a collision-resistant one-way function is unique, thus,
`
`it need not be generated at the server. This transform protects the underlying phys-
`
`ical parameters from being revealed outside the device. A POSITA would have
`
`20
`
`recognized advantages in carrying out the one-way function at the user device be-
`
`17
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 17
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`cause of improved security from transmitting only the transformed ID rather than
`
`the original hardware parameters.
`
`B.
`
`Sending License Data and a Device Identity in a Single
`Communication Would Have Been Obvious to a POSITA.
`
`5
`
`39. Substitute claims 26-28 recite that the request for authorization re-
`
`ceived from the device seeking to use the digital product comprises both license
`
`data and a device identity.
`
`40. DeMello discloses that the client device seeking to use the digital
`
`product sends license data to the server in the form of PASSPORT credentials.
`
`10
`
`The authentication procedure uses credentials that are associated with a persona,
`
`i.e., the “particular user.” (Ex. 1003 at 2:56-60.) The disclosed PASSPORT ID is
`
`the “persona ID associated with the user, which is provided by the user during ac-
`
`tivation.” (Ex. 1003 at 16:32-33.) The PASSPORT ID is associated with a user’s
`
`licenses to protected digital content. (Ex. 1003 at 14:22-51.) In DeMello, activa-
`
`15
`
`tion realizes “‘fully individualized’ titles that can only be opened by authenticated
`
`reader applications that are ‘activated’ for a particular user.” (Ex. 1003 at 6:17-
`
`22.) A POSITA would have recognized that PASSPORT credentials in DeMello
`
`would qualify as license data because those credentials associate a particular user
`
`with his or her individualized content licenses for using authorized digital prod-
`
`20
`
`ucts. During a request for access to protected content, a user enters PASSPORT
`
`18
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 18
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`credentials at the device, which are then transmitted to the server for authentica-
`
`tion. (Ex. 1003 at 22:33-46.) DeMello also discloses that the client device seeking
`
`to use the digital product sends the device identity to the server. (Ex. 1002 at
`
`¶ 22:46-53.) To the extent that DeMello does not disclose including both the li-
`
`5
`
`cense data and device identity in a single request, placing both of those pieces of
`
`data in a single request would have been obvious to a POSITA for the reasons dis-
`
`cussed below.
`
`41. As described above, Hu disclosed a DRM system in which a request
`
`from a device seeking authorization to use a digital product includes both license
`
`10
`
`data associated with the digital product (account authentication information) and a
`
`device identity (computer_id) generated at the device at least in part by sampling
`
`physical parameters of the device, such as a MAC address or motherboard and
`
`hard drive serial numbers. (Ex. 1026 at 6:10-39.)
`
`42. Hu was not novel in that regard. Other prior art references disclose a
`
`15
`
`device requesting authorization to use a digital product by sending a request that
`
`includes license data associated with the digital product and a device identity gen-
`
`erated at least in part by sampling physical parameters of the device. For example,
`
`this is also disclosed in Goodwin (Ex. 1032 at 5:1-10, Fig. 2) and Birdstep (Ex.
`
`1033 at 13-14).
`
`19
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 19
`
`
`
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`43. A POSITA would have been motivated to use Hu’s combined request
`
`that includes license and device identity information in the DeMello system to
`
`simplify the authentication process by eliminating an extra communication step.
`
`Like Hu, DeMello discloses that the device sends a license-associated user creden-
`
`5
`
`tial (PASSPORT) and a device identifier (hardware ID) generated by sampling
`
`physical parameters of the device when requesting authorization to use a digital
`
`product. A POSITA would have recognized that combining that information into a
`
`consolidated request for authorization, as disclosed by Hu, rather than sending the
`
`license and device identifying information separately would have streamlined and
`
`10
`
`simplified the authentication procedure in the DeMello system.
`
`44. A POSITA therefore would have been aware that it was both possible
`
`and desirable to combine the transmission of both the license data and device iden-
`
`tity into a single communication from the user device requesting authorization to
`
`use a digital product. Thus, it was not inventive in 2007 (the earliest possible pri-
`
`15
`
`ority date for the ’960 patent) to combine the communication of the license data
`
`and device identity into a single communication, and it would have been obvious
`
`to do so in view of DeMello and Hu.
`
`20
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 20
`
`
`
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`C. Generating a Device Identity on a User Device Was Disclosed
`in DeMello or Would Have Been Obvious to a POSITA.
`
`45. Substitute claims 26-28 also recite that the device identity is “generat-
`
`ed at the given device.”
`
`5
`
`46. DeMello discloses a DRM system that uses a unique hardware ID to
`
`uniquely identify a device requesting access to a digital product. (Ex. 1003 at
`
`22:44-51.) The hardware ID is generated on the device and is derived from physi-
`
`cal parameters (hardware components) that uniquely identify the device. (Ex. 1003
`
`at 22:44-51.) DeMello discloses that the activation server in the DRM system
`
`10
`
`stores a “machine ID” in a database. (Ex. 1003 at Fig. 8 (step_186), 14:23-29.) In
`
`some embodiments, DeMello discloses that the machine ID that is stored in the
`
`DRM system’s activation database is generated from the hardware ID. (Ex. 1003
`
`at 13:62-66.) But in other embodiments DeMello uses the two ID terms, hardware
`
`ID and machine ID, interchangeably. (See, e.g,. Ex. 1003 at 30:9-11 (“The Us-
`
`15
`
`ersDevices is a list of all Hardware IDs (i.e., Machine IDs) . . . .”).) DeMello fur-
`
`ther would have indicated to a POSITA that, in at least some embodiments, the
`
`machine ID is generated on the client device and transmitted from the user device
`
`to the server. (Ex. 1003 at 23:49-52 (disclosing that the machine ID is “uploaded”
`
`to the activation server).) Therefore, a POSITA would have understood that De-
`
`21
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 21
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`Mello discloses generating on the client device the “device identity” that is recited
`
`in the amended claims.
`
`47.
`
`In addition, the computer_id in Hu’s combined request is a device
`
`identity generated at the device requesting authorization to use a digital product.
`
`5
`
`Hu discloses that the computer_id is sent from the computer requesting authoriza-
`
`tion to the authorization server (Ex. 1026 at 6:31-39), and a POSITA would have
`
`understood that the local software on the computer generates the computer_id at
`
`the computer because the computer_id is based on local hardware parameters and
`
`is sent from the computer to the server.
`
`10
`
`48. Whether using DeMello’s hardware ID or Hu’s computer_id, a POSI-
`
`TA would have been motivated to use those device identifiers created at the re-
`
`questing device to identify and verify the requesting device to simplify the DeMel-
`
`lo system by forgoing the additional step of generating a machine ID from the
`
`hardware ID information as disclosed in some embodiments in DeMello. Further-
`
`15
`
`more, DeMello’s system authenticates users using their PASSPORT credentials
`
`(Ex. 1003 at 13:30-35), which would have indicated to a POSITA that the hard-
`
`ware id did not require stringent privacy protections. In practice, and as seen in
`
`Hu, a POSITA would have known to apply the appropriate privacy protections
`
`given the architecture of their system. I know of other security mechanisms that
`
`20
`
`are both applicable to DeMello’s system and what a POSITA would have known to
`
`22
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 22
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`do to protect the privacy of the user. For example, applying database encryption
`
`techniques on the server that stores the device identifier.
`
`49. Combining the features of Hu as described with DeMello’s teaching
`
`of a DRM system would have represented no more than the combination of known
`
`5
`
`elements in a way that yields predictable results. In my opinion, it would have
`
`been obvious to use Hu’s computer_id and combined request in the DeMello sys-
`
`tem, and a POSITA would have reasonably expected to succeed in doing so given
`
`that the technology and techniques were well-known and well within the ordinary
`
`level of skill in the art.
`
`10
`
`D. DeMello Discloses Verifying that the License Data Associated
`with the Digital Product is Valid.
`
`50. Substitute claims 26-28 recite verifying “that the license data associ-
`
`ated with the digital product is valid,” and those claims delete claim language from
`
`the “verify” step of original claims 1, 22, and 25 reciting that verifying be based at
`
`15
`
`least in part on a device identity generated by sampling physical parameters of the
`
`given device.
`
`51. DeMello discloses verifying that the license data associated with the
`
`digital product is valid by authenticating PASSPORT credentials. (Ex. 1003 at
`
`16:32-35, 22:33-53.) The disclosed PASSPORT ID is the “persona ID associated
`
`20
`
`with the user, which is provided by the user during activation.” (Ex. 1003 at
`
`23
`
`Petitioners Amazon, Hulu, and Netflix
`Exhibit No. 1031, p. 23
`
`
`
` Supplemental Declaration of Dr. Aviel Rubin
`in Support of Petitioners
`
`
`
`16:32-33.) In DeMello, activation realizes “‘fully individualized’ titles that can
`
`only be opened by authenticated reader applications that are ‘activated’ for a par-
`
`ticular user.” (Ex. 1003 at 6:17-22.) The authentication procedure uses credentials
`
`that are associated with a persona, i.e., the “particular user.” (Ex. 1003 at 2:56-60.)
`
`5
`
`A POSITA would have recognized that authenticating PASSPORT credentials in
`
`DeMello can serve to verify license data because the disclosed digital products are
`
`individualized for licensed use for a particular user persona identified with the
`
`PASSPORT ID.
`
`10
`
`E. DeMello Discloses Determining Whether the Device is on a Rec-
`ord in Response to Verif
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
