UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`
`NETFLIX INC. AND HULU, LLC,
`Petitioners,
`
`v.
`
`DIVX, LLC,
`Patent Owner.
`____________
`
`Case IPR2020-00614
`Patent 7,295,673
`____________
`
`EXHIBIT 2008
`
`DECLARATION OF SETH NIELSON, PH.D.
`
`DivX, LLC Exhibit 2008
`Page 2008 - 1
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`I.
`
`II.
`
`TABLE OF CONTENTS
`
`Page
`
`INTRODUCTION ............................................................................................................... 1
`
`QUALIFICATIONS ............................................................................................................ 2
`
`III.
`
`APPLICABLE LEGAL STANDARDS ............................................................................ 10
`
`A.
`
`B.
`
`C.
`
`Priority Date of the Patent ..................................................................................... 10
`
`Level of Ordinary Skill in the Art ......................................................................... 10
`
`My Understanding of Legal Standards .................................................................. 12
`
`IV.
`
`THE CLAIMED INVENTION REDUCES THE PROCESSING AND
`SPECIALIZATION REQUIREMENTS FOR VIDEO ENCRYPTION. ......................... 14
`
`A.
`
`B.
`
`C.
`
`D.
`
`The Invention’s “Bounded Encryption Approach” Allows Partial Frame
`Encryption With Reduced Peak Processing Requirements. .................................. 16
`
`The Invention Allows Efficient Partial Encryption Without Special Decoders. ... 19
`
`The Invention Allowed Partial Frame Encryption On Low Power Consumer
`Devices. ................................................................................................................. 22
`
`Licensed Products Enjoying The Benefits Of The Invention Were Incorporated
`Into Millions Of Popular Consumer Video Devices. ............................................ 22
`
`V.
`
`THE PETITIONED GROUND FAILS TO SHOW THE “FRAME
`[ENCRYPTION][DECRYPTION] FUNCTION” (ALL CLAIMS). ................................ 24
`
`A.
`
`B.
`
`C.
`
`D.
`
`The Board Correctly Construes “Frame Encryption Function” To Require
`Specifying The Encryption Location Within The Frame. ..................................... 24
`
`The Petition And Dr. McDaniel’s Implicit Construction Of “Frame Encryption
`Function” Is Incorrect. ........................................................................................... 26
`
`Fetkovich Is Not Shown To Disclose The Claimed “Frame Decryption
`Function.”. ............................................................................................................. 29
`
`Demos And Ueno, Like Fetkovich, Are Not Shown To Disclose The Claimed
`“Frame Decryption Function.” .............................................................................. 34
`
`VI.
`
`THE PETITIONED GROUND FAILS TO SHOW THE “SYNCHRONIZED FRAME
`DECRYPTION STREAM” (ALL CLAIMS). .................................................................. 36
`
` i
`
`DivX, LLC Exhibit 2008
`Page 2008 - 2
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`A.
`
`B.
`
`C.
`
`The “Synchronized Frame Decryption Stream” Requires Decryption
`Information For Every Encrypted Frame. ............................................................. 36
`
`Fetkovich Has No “Synchronized Frame Decryption Stream.” ............................ 40
`
`The POSITA Would Not Have Modified Fetkovich In View Of Ueno To Add
`“A Synchronized Frame Decryption Stream.” ...................................................... 41
`
`1.
`
`2.
`
`The POSITA Would Not Have Modified Fetkovich To Achieve
`“Dynamically Changing Encryption Parameters” As Proposed. .............. 42
`
`The POSITA Would Not Have Modified Fetkovich To Improve
`Synchronization As Proposed. ................................................................... 45
`
`a.
`
`b.
`
`Ueno Does Not Teach Sending An Encryption Key With Each
`Frame To Achieve Synchronization. ............................................. 46
`
`The POSITA Would Not Have Supplemented Or Replaced
`Fetkovich’s Own Solution In Light Of Ueno. ............................... 48
`
`3.
`
`Petitioner’s Modifications Are Reverse-Engineered Hindsight. ............... 52
`
`D.
`
`Even If Motivation For It Were Shown, The Combination Is Not Shown To
`Meet The “Synchronized Frame Decryption Stream.” .......................................... 54
`
`VII.
`
`PETITIONER FAILS TO SHOW CLAIMS 5 OR 18 ARE OBVIOUS. ......................... 56
`
`VIII. PETITIONER FAILS TO SHOW CLAIMS 10 OR 19 ARE OBVIOUS. ....................... 58
`
`IX.
`
`CONCLUSION ................................................................................................................. 60
`
`
`
` ii
`
`DivX, LLC Exhibit 2008
`Page 2008 - 3
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`I.
`
`INTRODUCTION
`
`I, Seth Nielson, declare as follows:
`
`1.
`
`I have been retained on behalf of DivX, LLC (“DivX” and/or “Patent
`
`Owner”) for the above-captioned inter partes review to provide my expert opinions
`
`and expert knowledge. I understand that this proceeding involves U.S. Patent No.
`
`7,295,673 (“the ’673 patent”), EX1001. I understand that the ’673 patent is currently
`
`assigned to DivX.
`
`2.
`
`I understand that the present Petition for inter partes review challenges
`
`claims 1-6, 9-10, 13-19 (“the challenged claims” or “claims”) of the ’673 patent and
`
`was filed by Netflix Inc. and Hulu LLC (“Petitioners”) on February 29, 2020.
`
`3.
`
`I have been asked to provide my independent review, analysis, insights,
`
`and opinions regarding technical aspects of the ’673 patent and the Petition
`
`challenging the patentability of its claims. In particular, I have been asked to provide
`
`my analysis, insights, and opinions regarding the state of the art at the time of the
`
`alleged invention and how a person of ordinary skill in the art would have understood
`
`the ’673 patent disclosure at that time.
`
`4.
`
`In preparing this declaration, I have reviewed all of the references cited
`
`herein and in the Petition. In particular, I have reviewed and am familiar with the
`
`’673 patent and its prosecution history, and the references cited against it, discussed
`
`further below.
`
`
`
`1
`
`DivX, LLC Exhibit 2008
`Page 2008 - 4
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`5.
`
`In this declaration, I set forth the independent opinions that I have
`
`reached and the basis for those opinions in view of the information currently
`
`available to me. Such opinions are based, at least in part, on my experience for the
`
`past two decades with image and video processing, including video encryption. I
`
`reserve the right to supplement or revise my opinions should additional documents
`
`or other information be provided to me.
`
`6.
`
`I am being compensated at an hourly rate of $500/hour for my work on
`
`this case. My compensation is not dependent upon my opinions, my testimony, or
`
`the outcome of this case.
`
`II. QUALIFICATIONS
`
`7. My curriculum vitae (“CV”), a copy of which is provided as Attachment
`
`A hereto, provides details on my education, experience, publications that I have
`
`authored in the previous ten years, and a list of all cases in which, during the previous
`
`four years.
`
`8.
`
`I received a B.S. in Computer Science in 2000 and an M.S. in Computer
`
`Science in 2004, both from Brigham Young University in Provo, Utah. I received
`
`my Ph.D. in Computer Science in 2009 from Rice University in Houston, Texas.
`
`While working towards my Ph.D. at Rice University, I studied and published
`
`research related to networking and computer security. I am the recipient of the
`
`
`
`2
`
`DivX, LLC Exhibit 2008
`Page 2008 - 5
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`Brown Fellowship and a Graduate Fellowship from the Rice University Computer
`
`Science Department. I was also a John and Eileen Tietze Fellow at Rice University.
`
`9.
`
`I am a subject matter expert in cyber security, including the sub-fields
`
`of applied cryptography and network security. I am the Founder and Chief Scientist
`
`of Crimson Vista, a boutique computer security research and consulting company.
`
`Furthermore, I am an Adjunct Assistant Professor at the University of Texas at
`
`Austin, where I teach courses on computer security in both the Computer Science
`
`department and the Law School. I am also a Distinguished Scholar and
`
`Cybersecurity Fellow at the university’s Robert Strauss Center for International
`
`Security and Law.
`
`10.
`
`In all, I have twenty years of technical experience across engineering,
`
`consulting, and academic employment, engagements, and appointments.
`
`11. From 2001 through 2003, I worked as a software engineer at
`
`Metrowerks (formerly Lineo, Inc.), where I had substantial responsibilities relating
`
`to software architecture, computer networking, and technical project management.
`
`I also worked with our Set Top Box (STB) team investigating digital standards for
`
`transmitting video and audio data, including MPEG video streams.
`
`12. During the 2004 fall semester of my Ph.D. program at Rice University,
`
`I identified a security vulnerability in the Google Desktop Search that could have
`
`allowed hackers to compromise users’ computers and obtain private information.
`
`
`
`3
`
`DivX, LLC Exhibit 2008
`Page 2008 - 6
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`After contacting Google and assisting them in closing the vulnerability, we
`
`published the details of our investigation.
`
`13.
`
`In 2005, I completed an internship at Google, where I designed and
`
`implemented a solution to privacy loss in Google Web Accelerator. The Google
`
`Web Accelerator was designed to increase the speed of browsing the Internet. Once
`
`installed on a user’s computer, the browser would request all content through a
`
`Google Proxy. The proxy performed pre-fetching and extensive caching in order to
`
`provide fast and responsive service to the user. At the time of my internship, news
`
`reports had identified odd problems in which users of the Accelerator were accessing
`
`other individual’s private pages. During my internship, I designed and implemented
`
`a prototype solution for this issue in C++.
`
`14. From 2005 through 2011, I worked as a Security Analyst and later a
`
`Senior Security Analyst for Independent Security Evaluators. There, I developed a
`
`parallel-processing based security tool, developed a FIPS-certified encryption
`
`library, developed hardware-accelerated encryption algorithms, developed
`
`encrypted file-system prototypes, developed an encryption library for an ISE client,
`
`performed port-scanning analyses, evaluated security protocols using formal
`
`methods and hand analysis, and evaluated security failures.
`
`15.
`
`I also designed and managed the implementation of a secure
`
`communication technology that splits trust between multiple SSL Certificate
`
`
`
`4
`
`DivX, LLC Exhibit 2008
`Page 2008 - 7
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`Authorities, so that if one Certificate Authority is compromised, the communication
`
`stream can still be safely authenticated. My work on the secure communications
`
`technology project led to the issuance of multiple patents. In total, I wrote hundreds
`
`of thousands of lines of code in C, C++, and Python, including projects where I had
`
`to implement the same functionality in two separate languages.
`
`16.
`
`In 2011, I began work as a Research Scientist at Harbor Labs and
`
`continued with that consulting firm until fall 2015. I worked with a wide range of
`
`clients, specializing in network security, network communications, software
`
`architecture, and programming languages. I analyzed an extensive collection of
`
`commercial software, including software related to secure email, cloud-based
`
`multimedia delivery, document signing, anti-virus and anti-intrusion, high-
`
`performance routing, networking protocol stacks in mobile devices, PBX
`
`telecommunications software, VoIP, and peer-to-peer communications. I also
`
`analyzed security considerations for potential technology acquisitions, re-created
`
`heuristic signatures for 1995-era viruses, and re-created a 1995-era network for
`
`testing virus scanners of that time period in gateway virus scanning. I managed
`
`teams that reviewed technologies for compliance with various standards, such as
`
`HIPAA, and for security vulnerabilities.
`
`17. Also at Harbor Labs, I reviewed technology and source code for
`
`multiple clients related to accusations of theft and/or misappropriation of trade
`
`
`
`5
`
`DivX, LLC Exhibit 2008
`Page 2008 - 8
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`secrets. These engagements included an analysis of C, C++, Java, Python, and other
`
`source code languages in high-frequency trading, e-commerce, and other similar
`
`systems.
`
`18.
`
`I also assessed the security and privacy technologies and policies
`
`provided by a third-party vendor to the Center for Copyright Infringement (CCI).
`
`CCI represents content owners, such as the RIAA and the MPAA, in finding and
`
`reducing piracy online. Because this process necessarily involves collecting
`
`information about private individuals, I was asked to investigate and determine that
`
`the information collected from online computing devices was adequately
`
`safeguarded and protected.
`
`19. During my final year at Harbor Labs, I was engaged as the principal
`
`consultant with a large biomedical device firm in a twelve-month analysis of the
`
`security of their products. Notably, medical devices were for some time not
`
`considered significant threats in terms of computer security. However, recent
`
`demonstrations by security researchers of the various ways in which a malicious
`
`individual might harm a person using a medical device has shifted the thinking in
`
`the industry. Accordingly, I was engaged to assist this company in the analysis of
`
`their products, their process, and their future roadmap in order to ensure that patients
`
`are not harmed. I and my team analyzed design documents, hardware, and a broad
`
`range of additional resources in order to expose potential problems. The security of
`
`
`
`6
`
`DivX, LLC Exhibit 2008
`Page 2008 - 9
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`these systems depends, in part, on the architecture and deployment of the networks
`
`in which they operate.
`
`20.
`
`In March 2016, I founded Crimson Vista, Inc., a boutique technology
`
`consulting firm, with an emphasis in computer security topics. As the Chief Scientist
`
`of the company, I have consulted on computer-security topics such as the security
`
`of communications networks for financial technology (“FinTech”) companies,
`
`effective protections for website applications from intruders, and reverse
`
`engineering mobile phone security mechanisms.
`
`21.
`
`In addition to these kinds of consulting engagements, I provide training
`
`at data conferences such as Enterprise Data World and the Data Architecture
`
`Summit. I teach data specialists how to protect data and privacy in their applications
`
`and how to be aware of data security issues in practice.
`
`22. Through Crimson Vista, I also support the Crypto Done Right project,
`
`which aims to assist technology professionals in the correct and effective use of
`
`cryptography in their products and services. In 2019, I co-authored a book on
`
`Cryptography entitled, Practical Cryptography in Python: Learning Correct
`
`Cryptography by Example.
`
`23. At Crimson Vista, I also conduct research and development projects. In
`
`2018, I was awarded a grant from the United States Army for research into
`
`
`
`7
`
`DivX, LLC Exhibit 2008
`Page 2008 - 10
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`Ransomware Mitigation. We completed our research, in conjunction with Brigham
`
`Young University, in 2019.
`
`24.
`
`In addition to my consulting work, I maintain academic ties. In 2014, I
`
`received an appointment as a Lecturer at Johns Hopkins University and, in 2015, I
`
`advanced to an Adjunct Associate Research Scientist. From 2016 to 2019, I was
`
`also the Director of Advanced Research Projects for the Information Security
`
`Institute. During my time at Johns Hopkins University, I taught the Network
`
`Security and Advanced Network Security courses for which I created the curriculum
`
`from scratch. I published a paper about my curriculum entitled, “PLAYGROUND:
`
`Preparing Students for the Cyber Battleground.”
`
`25. One of the components of the students’ lab work is to create a protected
`
`“sandbox” for running untrusted code. The sandbox must provide access to the
`
`system in a manner that cannot be exploited. Conversely, the other half of their
`
`assignment is to design exploitative code that attempts to bypass and/or neutralize
`
`the protections of the sandbox environment. This experimental framework enables
`
`the students to learn about creating, identifying, and neutralizing malware such as
`
`viruses.
`
`26.
`
`In addition to my course instruction, I have also mentored Masters
`
`students at Johns Hopkins in their capstone projects. These projects include
`
`networking security and privacy concerns across a wide range of technologies
`
`
`
`8
`
`DivX, LLC Exhibit 2008
`Page 2008 - 11
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`including iOS security, Bitcoin, SSL vulnerabilities, and Twitter “botnets.” These
`
`are all contemporary issues in practical computer security.
`
`27. Although capstone projects from Masters students are not required to be
`
`publishable papers, I have had two different student teams with published results.
`
`These papers include “Potential forensic analysis of IoT data: an overview of the
`
`state-of-the-art and future possibilities” and “Cracking a Continuous Flow Reactor:
`
`A Vulnerability Assessment for Chemical Additive Manufacturing Devices.”
`
`28.
`
`In 2018, another group of students and I produced a technical report
`
`from their capstone entitled, “Securing ADS-B Based Airborne Collision Avoidance
`
`Systems.” This project added a cryptographic protocol on top of an otherwise
`
`unsecured communications system to protect the data transfer and prevent an
`
`attacker from faking the safety messages. Our work has been submitted to an
`
`industry partner that is promoting our design and submitting it for consideration with
`
`the FAA.
`
`29.
`
`I have since left Johns Hopkins University and have now taken an
`
`appointment as an Adjunct Assistant Professor at the University of Texas at Austin.
`
`In my new position, I teach the Network Security and Privacy class to
`
`undergraduates. My curriculum includes security topics related to cryptography and
`
`key management. I also teach the Technology of Cybersecurity in the Law School.
`
`
`
`9
`
`DivX, LLC Exhibit 2008
`Page 2008 - 12
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`30.
`
`In addition to my work in consulting and academia, I have also provided
`
`expertise and guidance to government bodies. In early 2019, I testified in front of
`
`both the Maryland House of Delegates and the Maryland State Senate on matters
`
`relating to a Ransomware bill. I have also advised government antitrust agents on
`
`the key features of certain hardware security modules.
`
`III. APPLICABLE LEGAL STANDARDS
`
`31. When considering the ’673 patent and stating my opinions, I rely on the
`
`following legal standards as described to me by the attorneys for DivX.
`
`A.
`
`32.
`
`Priority Date of the Patent
`
`I understand that the analysis of alleged obviousness of the Patent
`
`should be performed from the perspective of a POSITA as of the priority date of the
`
`Patent. The Patent claims priority to October 23, 2002.
`
`33. Because all of the references relied upon for the Petition’s grounds are
`
`alleged to quality as prior art as of the priority date of October 23, 2002, I have not
`
`had the occasion, and have not been asked, to form an opinion on the priority date
`
`of the ’673 Patent.
`
`B.
`
`Level of Ordinary Skill in the Art
`
`34.
`
`I understand that various factors should be considered when determining
`
`the person of ordinary skill in the art in connection with a particular patent. I
`
`understand that these include, without limitation: (a) the educational level of the
`
`
`
`10
`
`DivX, LLC Exhibit 2008
`Page 2008 - 13
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`inventors and that of practitioners and other inventors in the art (e.g., degrees,
`
`subjects, etc.); (b) the type of problems encountered in the art; (c) prior art solutions
`
`to such problems; (d) the speed at which innovations are made in the art; and (e) the
`
`sophistication of the invention.
`
`35. Dr. McDaniel opines that a Person of Ordinary Skill In The Art
`
`(“POSITA”) would have
`
`A bachelor’s degree in electrical engineering, computer science, or a
`similar field with at least two years of experience in streaming video
`security (which would include experience with video encoding and
`cryptography), or a person with a master’s degree in electrical
`engineering, computer science, or a similar field with a specialization
`in streaming video security.
`
`Ex. 1003 [McDaniel Decl.] ¶ 60.
`
`36.
`
`I disagree with Dr. McDaniel to the extent that he specializes the level
`
`of ordinary skill to “streaming video.” The Patent explains that the field of invention
`
`is “encryption and efficient decryption of video information.” Patent, 1:15-17. The
`
`Patent does not explain that it is, and I do not believe that it is, limited to “streaming
`
`video.” Therefore, a specialization in “streaming video” is overly specialized as
`
`relative to the field of the Patent. Rather, the POSITA would generally have some
`
`generalized knowledge in video security.
`
`
`
`11
`
`DivX, LLC Exhibit 2008
`Page 2008 - 14
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`37. As further discussed below, my opinions as stated in this declaration are
`
`valid even if the Board adopts a slightly different level of ordinary skill in the art,
`
`including if the Board adopts the level of ordinary skill proposed by Dr. McDaniel.
`
`C. My Understanding of Legal Standards
`
`38.
`
`I understand that a patent claim is unpatentable if the claimed invention
`
`would have been obvious to a person of ordinary skill in the art at the time of the
`
`purported invention.
`
`39.
`
`I understand that an obviousness analysis involves comparing a claim to
`
`the prior art to determine whether the claimed invention would have been obvious
`
`to a person of ordinary skill in the art at the time of the invention in view of the prior
`
`art and in light of the general knowledge in the art as a whole. I also understand that
`
`obviousness is ultimately a legal conclusion based on underlying facts of four
`
`general types, all of which must be considered: (1) the scope and content of the prior
`
`art; (2) the level of ordinary skill in the art; (3) the differences between the claimed
`
`invention and the prior art; and (4) any objective indicia of non-obviousness.
`
`40.
`
`I also understand that obviousness may be established under certain
`
`circumstances by combining or modifying the teachings of the prior art. Specific
`
`teachings, suggestions, or motivations to combine any first prior art reference with
`
`a second prior art reference can be explicit or implicit, but must have existed before
`
`the date of purported invention. I understand that prior art references themselves
`
`
`
`12
`
`DivX, LLC Exhibit 2008
`Page 2008 - 15
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`may be one source of a specific teaching or suggestion to combine features of the
`
`prior art, but that such suggestions or motivations to combine art may come from the
`
`knowledge that a person of ordinary skill in the art would have had.
`
`41.
`
`I understand that a reference may be relied upon for all that it teaches,
`
`including uses beyond its primary purpose, but also including teachings that lead
`
`away from the invention. I understand that a reference may be said to teach away
`
`when a person of ordinary skill, upon reading the reference, would be discouraged
`
`from following the path set out in the reference, although the mere disclosure of
`
`alternative designs does not teach away.
`
`42.
`
`I further understand that whether there is a reasonable expectation of
`
`success from combining references in a particular way is also relevant to the
`
`analysis.
`
`43.
`
`I understand that it is improper to use hindsight to combine references
`
`or elements of references to reconstruct the invention using the claims as a guide.
`
`My analysis of the prior art is made from the perspective of a person of ordinary skill
`
`in the art at the time of the invention.
`
`44.
`
`I am not offering any legal opinions in this declaration nor am I qualified
`
`to do so. I only consider such legal standards in framing my opinions and conclusions
`
`as well as placing assertions made by Petitioner in the Petition into the proper
`
`context. Additionally, from a subject matter perspective, I understand that the
`
`
`
`13
`
`DivX, LLC Exhibit 2008
`Page 2008 - 16
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`petitioner always has the burden of persuasion regarding a challenge of patentability
`
`of an invention under an inter partes review.
`
`IV. THE CLAIMED INVENTION REDUCES THE PROCESSING AND
`SPECIALIZATION REQUIREMENTS FOR VIDEO ENCRYPTION.
`
`45. The patent claims a novel approach to efficiently protecting compressed
`
`video from unauthorized access by only partially encrypting it yet still making it
`
`adequately secure.
`
`46. The person of ordinary skill in the art (POSITA) at the time of the
`
`invention was aware that computer security is an unpredictable, “ever-changing” art
`
`in which there is no generally accepted measure of when a certain level of security
`
`has been achieved, Ex2011 [Hofmeyr-1999], 2, and “researchers are still finding
`
`vulnerabilities in some of the oldest technologies used online,” EX2012 [Rossi-
`
`2015], 1. See EX2013 [Mirkovic-2010], 1, 3 (emphasizing “unpredictability and
`
`complexity” of cyber-security “challenges” and advocating “large-scale
`
`experimentation” to address them) (emphasis in original); Ex2014 [Benzel], 18.
`
`47. Encryption to protect valuable data from unauthorized access is one
`
`unpredictable aspect of computer security. See Ex2015 [Anderson-21001], 51, 59-
`
`50, 70-71 (explaining that in data security “[i]n general, the boundary between
`
`crypto and access control is a fault line where things can easily go wrong”).
`
`48. Encrypting less than all of a data stream, while still making the data as
`
`a whole adequately secure, adds more uncertainty. See Ex2016 [Gueron], 25 (noting
`
`
`
`14
`
`DivX, LLC Exhibit 2008
`Page 2008 - 17
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`that such “[a]rchitectural innovations bring performance gains but can also create
`
`new security vulnerabilities.”). Unsurprisingly, prior to the claimed invention there
`
`was a string of failed attempts to achieve this goal in video processing.
`
`49.
`
`In 1996, for example, an IEEE experimental study noted the need for an
`
`effective and efficient selective encryption method for secure video dissemination
`
`under the MPEG standard, and found that due to “[t]he very nature of MPEG
`
`encoding,” “commonly available software and hardware encryption mechanisms
`
`often c[ould] not encrypt entire MPEG streams without severely degrading
`
`performance and quality of service.” EX2017 [Agi], 1. The study’s authors tested,
`
`and rejected, numerous “previously proposed selective encryption schemes for
`
`MPEG video security” (including one the Petition cites as supposed evidence of
`
`obviousness, Pet., 6 (citing Ex. 1008)), as “inadequate for sensitive applications,”
`
`explaining that their experiments showed that each of these proposed schemes
`
`actually left valuable data “clearly visible even if the video sequence [wa]s
`
`‘encrypted.’” Id., 1–5. The authors then experimented with further “obvious ways
`
`of improvement,” but found through testing that their own proposed partial
`
`encryption scheme for effectively protecting video also failed to achieve that goal.
`
`Id., 7–8. They recommended further experimentation on “a wide range of video
`
`samples” to gain “insight” into the “interesting issues” involved in making selective
`
`or partial video encryption “efficient” and “effective.” Id., 1, 7–8.
`
`
`
`15
`
`DivX, LLC Exhibit 2008
`Page 2008 - 18
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`50. Despite this technological unpredictability, and these failures of others,
`
`the ’673 Patent’s inventors devised an undisputedly novel approach to partial
`
`encryption that solved some of these difficult problems.
`
`A. The Invention’s “Bounded Encryption Approach” Allows Partial
`Frame Encryption With Reduced Peak Processing Requirements.
`
`51. One specific benefit of the claimed invention arises from its “bounded
`
`encryption approach” to protect streaming video. Patent, 10:30. As the inventors’
`
`disclosure explained, “the maximum processing power required to both decrypt and
`
`decode a frame increases proportionally to its size.” Patent, 3:39-41. In other words,
`
`the more data in a frame, the more processing power can be required to decrypt and
`
`decode it. Id. To ensure that the largest expected frames can be successfully
`
`decrypted at the playback device, adequate decrypting/decoding processing power
`
`is needed. Patent, 3:42-45. “This requirement may significantly increase system
`
`cost and complexity, even though only a relatively small percentage of received
`
`frames may necessitate use of the full extent of available peak processing power.”
`
`Id., 3:45-48.
`
`52. The ’673 Patent addresses this longstanding problem with a “unique
`
`approach” to protecting streaming video that uses “bounded encryption,” which
`
`involves “bounding the resources consumed during decryption, thereby reducing
`
`peak processing requirements” compared to those “that would otherwise be required
`
`using standard encryption techniques” for protected video. Id., 3:49-51, 5:25-27,
`
`
`
`16
`
`DivX, LLC Exhibit 2008
`Page 2008 - 19
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`10:29-34. The invention, inter alia, allows the frame to be only partially encrypted
`
`and the location and size of partial encryption specified for each frame, including by
`
`byte offset and number of bytes, with the frame decryption information being
`
`synchronized with the set of encrypted frames into a synchronized frame decryption
`
`stream and the protected stream being assembled using the set of encrypted frames
`
`and the frame decryption information. Patent, e.g., 6:25-35, 6:61-67, 7:25-8:4, 8:57-
`
`64, 9:23-39, 10:29-34. This “unique approach” of the invention allows the
`
`processing power necessary to decrypt each frame to be bounded in advance, since
`
`each frame is only encrypted at the byte offset within the frame and for a specified
`
`number of bytes. See also Patent, 1:16-20, 3:49-51, 10:30-34.
`
`53. The benefits of the Patent’s “bounded encryption” were not possible
`
`with prior art partial frame encryption methods like Petitioner’s Fetkovich reference.
`
`A system like Fetkovich teaches partially encrypting a frame based on a given frame
`
`substructure, such as slices or macroblocks, as opposed to a set number of bytes.
`
`EX1005 [Fetkovich], 5:28-37. For example, each frame may have eight different
`
`slices, and Fetkovich may encrypt every fourth slice. Id., 6:24-40. But the same
`
`unpredictability that exists with respect to frame size, Patent, 3:33-49, also exists
`
`with respect to frame substructures. See Section V.C, infra. In other words, just as
`
`a decryption processor must allocate enough resources to decrypt the largest possible
`
`frame in a full encryption system, it must allocate enough resources to decrypt the
`
`
`
`17
`
`DivX, LLC Exhibit 2008
`Page 2008 - 20
`Netflix Inc. et al. v. DivX, LLC, IPR2020-00614
`
`

`

`
`
`largest possible frame substructure in a system like Fetkovich. Id. Thus, the
`
`decryption processing power cannot be bounded at a pre-determined level because
`
`the frame substructure, just like the frame itself, can vary in size. Id.
`
`54.
`
`In the ’673 Patent, the inventors reported that this “[b]ounded
`
`protection” required “substantially less leak processing power... during the
`
`decryption process than would otherwise be required using standard encryption
`
`techniques.” Patent, 10:18-34, FIGS. 3, 10. In addition—and significantly, in light
`
`of the unpredictable effectiveness of partial or selective encryption, see EX2