C::
`Cn
`
`PTO/SB/16 (12-04)
`Approved for use through 07/31/2006. OMB 0651-003;()
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERC!l- O
`Under the Paperwork Redudion Ad of 1995, no persons are required to respond to a colledion of information unless it displays a valid OMB control numberO- C")
`crio
`PROVISIONAL APPLICATION FOR PATENT COVER SHEET
`:j ~
`~
`This is a request for filing a PROVISIONAL APPLICATION FOR PATENT under 37 CFR 1.53(c).
`c:> Express Mail Label No._E_V_5_02_7_8_73_4_5_U_S___________________
`... ~
`C' 0
`,......~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~--.v"co
`INVENTOR($)
`;.. CO
`Family Name or Surname
`Residence
`(Citv and either State or Foreign Country) ,....
`
`Given Name (first and middle [if any])
`
`Priscilla M.
`
`Lu
`
`San Carlos, CA.
`
`separately numbered sheets attached hereto
`Additional inventors are being named on the
`TITLE OF THE INVENTION 1500 characters maxi:
`
`VIDEONLINE SECURITY NETWORK
`
`Direct all correspondence to:
`CORRESPONDENCE ADDRESS
`[Z] The address corresponding to Customer Number:
`OR
`f71 Firm or
`~ Individual Name
`
`IP Strategy Group, P.C.
`
`32,986
`
`Address P.O. Box 700640
`
`Country USA
`
`City
`
`San Jose
`
`I State CA
`I Zip 95170
`I Telephone 408-257-5500
`I Fax 408-257-5550
`ENCLOSED APPLICATION PARTS (check all that apply)
`D Application Data Sheet. See 37 CFR 1.76
`D CD(s), Number of CDs - - - - -
`0 Other (specify) ___________ _
`[Z] Specification Number of Pages _7 _______ _
`
`[{] Drawing(s) Number of Sheets
`_1 ______ _
`Application Size Fee: If the specification and drawings exceed 100 sheets of paper, the application size fee due is $250 ($125 for
`small entity) for each additional 50 sheets or fraction thereof. See 35 U.S.C. 41 (a)(1 )(G) and 37 CFR 1.16(s).
`
`METHOD OF PAYMENT OF FILING FEES AND APPLICATION SIZE FEE FOR THIS PROVISIONAL APPLICATION FOR PATENT
`
`Applicant claims small entity status. See 37 CFR 1.27.
`
`TOTAL FEE AMOUNT 1$)
`
`A check or money order is enclosed to cover the filing fee and application size fee (if applicable).
`
`1
`
`$100.00
`
`1
`
`D
`D
`[£]
`Payment by credit card. Form PT0-2038 is attached
`[{] The Director is hereby authorized to charge the filing fee and application size fee (if applicable) or credit any overpayment to Deposit
`Account Number: 502284-IVU
`A duplicative copy of this form is enclosed for fee processing.
`
`The invention was made by an agency of the United States Government or under a contract with an agency of the United States Government.
`[{] No.
`
`D Yes, the name of the U.S. Government agency and the Government contract number a re : - - - - - - - - - - - - - - - -
`
`SIGNATURE /David C. Ashby/
`
`Date 2/16/2005
`
`TELEPHONE 408-257-5500
`
`TYPED or PRINTED NAME David C. Ashby
`
`REGISTRATION NO. -'3""6'-"4-"3=2 _____ _
`(if appropriate)
`Docket Number: -'l'""V""U~-P""'0-"04-'P ______ _
`USE ONLY FOR FILING A PROVISIONAL APPLICATION FOR PATENT
`This colledion of information is required by 37 CFR 1.51. The information is required to obtain or retain a benefit by the public which is to file (and by the USPTO
`to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.11 and 1.14. This colledion is estimated to take 8 hours to complete,
`including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any comments
`on the amount of lime you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent
`and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
`If you need assistance in completing the form, call 1-800-PT0-9199 and select option 2.
`
`DISH, Exh. 1019, p. 1
`
`

`
`UNITED STATES PROVISIONAL PATENT APPLICATION
`
`For
`
`VIDEONLINE SECURITY NETWORK
`
`Inventors:
`
`Priscilla M. Lu
`
`Prepared by:
`
`IP STRATEGY GROUP (IPSG, P.C.)
`PO BOX 700640
`SAN JOSE, CA 95170
`(408) 257-5500
`www.ipsglaw.com
`
`Docket No.: IVU-P004Pl
`
`"Express Mail" mailing label number: ~E~V~5~0=27~8~7~34~5~U~S~-------­
`Date of Deposit: February 16. 2005
`I hereby certify that I am causing this paper or fee to be deposited with the United States
`Postal Service "Express Mail Post Office to Addressee" service on the date indicated above
`and that this paper or fee has been addressed to the Commissioner for Patents, P.O. Box
`1450, Alexandria, VA 22313-1450
`
`Cassandra Reynolds
`(Typed or printed name of person mailing paper or fee)
`
`I Cassandra Reynolds/
`(Signature of person mailing paper or fee)
`
`IVU-P004P
`
`DISH, Exh. 1019, p. 2
`
`

`
`VIDEONLINE SECURITY NETWORK
`
`RELATED APPLICATIONS
`
`[0001]
`
`This application is a continuation-in-part of U.S. Ser. No. 10/949,825 filed
`
`September 24, 2004 claiming the benefit of U.S. Prov. No. 60/586,657 filed July 9, 2004
`
`and U.S. Prov. No. 60/506,088 filed September 24, 2003. All applications incorporated
`
`herein by reference and all priorities claimed.
`
`DESCRIPTION
`
`[0002]
`
`The invention described herein may be used in conjunction with the
`
`inventions set forth in the Related Applications identified above. Consequently, the
`
`disclosures in the Related Applications identified above are incorporated herein by
`
`reference.
`
`[0003]
`
`A ViDeOnline Secured Network for content distribution uses enhanced
`
`techniques for protecting the multi-media content files using industry standard Digital
`
`Rights Management (DRM). Microsoft, DIVX, Real and other industry supported DRM
`
`are supported by the network under the same secured convention for protecting the keys
`
`used in decryption and DRM. Utilizing a protective scheme for encrypting content files
`
`and providing licenses for their use, the network and client device ensure secure delivery
`
`and access to protected material.
`
`[0004]
`
`A multi-media file, for example video (MPEG 1, 2 or 4), audio (MP3,
`
`AAC) or JPEG photos, is encrypted using Rijndael Encryption, AES approved symmetric
`
`block-ciphering encryption before being stored on a Content Server. The encryption key,
`
`C-Key, used to encrypt the media, is separately stored on the license server.
`
`Subsequently a license is created and delivered to a user describing the valid use of the
`
`encrypted media file along with the C-Key to allow the file to be decrypted by the proper
`
`player program. Every time a license is created, the C-Key is uniquely encrypted inside
`
`the license using a combination of the Media Content ID, the device ID of the authorized
`
`viewing device, the user's personal identification code, PIC, a transaction ID, and TKey.
`
`[0005]
`
`Devices that are capable reading DRM licenses and accessing encrypted
`
`content contain two components, a license manager and a ORM capable payer. In
`
`IVU-P004P
`
`2
`
`DISH, Exh. 1019, p. 3
`
`

`
`devices with embedded operating systems it is possible to combine both the license
`
`manager and the player in a single application. When the device uses a general purpose
`
`operating system such as a PC, it is desirable for the license manager to be implemented
`
`using a separate secure processor. The ViDeOnline Service provides a SmartKey for this
`
`purpose.
`
`[0006]
`
`A media file's license is encrypted using PKI and the I 024 bit Public key
`
`of the license manager of the recipient device. Additionally, a unique AES lock is
`
`created to protect the C-Key inside the license. To open the C-Key lock requires
`
`knowledge of the ContentID, Device ID, PIC and TKey. Since the TKey is unique for
`
`each license transaction, the lock for the C-Key is guaranteed to be unique for every
`
`license.
`
`[0007]
`
`The license for a given media file is separately created at the time the
`
`content is downloaded or retrieved by the user. There are three parts to the content
`
`license:
`
`o Public Part: Content ID which uniquely identifies the content, the ViDeOnline
`
`service URL, and publicly accessible ORM license attributes of media stream
`
`o Device Part: the encrypted C-Key and an optional S-Key (Session Key) which is
`
`used only used in conjunction with the SmartKey to securely pass information
`
`across the USB connection.
`
`o Protected License Part (PKI encrypted): License attributes, for example the
`
`transaction type showing whether the content was sold or rented, and if rented
`
`what type of rental, the rental date and duration of the license. Other transaction
`
`based information such as time and date, or remaining play count is also stored
`
`here.
`
`[0008]
`
`The Public Part is information that can be accessed by anyone. It contains
`
`the name of the movie and user-readable ORM information. This information is for
`
`display purposes. The actual ORM information is encrypted in the License Part. The
`
`Device Part contains information that the device needs in order to obtain permission to
`
`play the content and unlock the C-Key to decrypt the content. The License Part contains
`
`the ORM attributes for the content. It is used by the license manager for the device to
`
`validate access to the content file. The license part also contains the transaction key (T-
`
`IVU-P004P
`
`3
`
`DISH, Exh. 1019, p. 4
`
`

`
`Key). This key is uniquely generated for each license issued by the service. The license
`
`part is encrypted using the public key of the license manager.
`
`[0009]
`
`The license is created and delivered in real time either when the download
`
`occurs, or at a later time when the user wishes to access the content. The license is
`
`encrypted using the public key of the license manager. Additionally, the C-Key is
`
`uniquely encrypted so that only the specific owner on the specified device using the
`
`registered license manager may open it. This is done using information known
`
`independently by these various components. The user knows the PIC, the device
`
`contributes the device ID, and the license manager contributes the content ID and the T(cid:173)
`
`Key. The PIC, device ID, Content ID and T-Key are all combined to generate the key
`
`which unlocks the C-Key.
`
`[001 O]
`
`Players without a Smart Key
`
`[0011]
`
`Players that do not use a Smart Key are required to provide secure storage
`
`for encryption keys, device ID and licenses. Downloading to a player without a
`
`ViDeOnline Smart Key requires pre-registration of both the user and the device with the
`
`ViDeOnline network. Upon registration, the user is assigned a Personal Identification
`
`Code (PIC). The PIC is used to associate the registered user with the user's billing
`
`identification (credit card). It is also used to identify the user when ORM encoded
`
`content is accessed. The user also registers the specific device authorized to playback
`
`ORM encoded content. This player could be PC, mobile players or Personal Video
`
`Recorder (PVR). When the player is authorized, the device identification, Device ID is
`
`tagged to the player. During device registration and at regular intervals after that the
`
`device and ViDeOnline service exchange license manager public keys. It is important
`
`that the Device ID and private key be stored in a secure location within the device.
`
`[0012]
`
`Once registration of the user and device is complete, the service maintains
`
`the following information:
`
`• PIC identifying the user for billing and ORM purposes
`
`• Device Id of the registered device, and
`
`• The public key associated with the license manager in the device.
`
`[0013]
`
`When the user requests a ORM license for media content the ViDeOnline
`
`service:
`
`IVU-P004P
`
`4
`
`DISH, Exh. 1019, p. 5
`
`

`
`• Retrieves the Content ID of the requested content file,
`
`• Creates a unique transaction key (T-Key) and session key (S-Key)
`
`• Creates a symmetric key by combining the Content ID, Device ID, PIC, and T-
`Key,
`
`• Retrieves the C-Key that was used to encrypt the content,
`
`• Encrypts the C-Key using the key created above,
`
`• Creates the license part containing the ORM business rules for accessing the
`
`content and the T-Key,
`
`• Encrypts the license part using the public key of the license manager in the device,
`
`• Constructs the full license by creating the public, device and license part,
`
`• And passes the full license to the player
`
`[0014] When the user accesses the content in his ORM Enabled player:
`
`• The license is verified by the license manager in the player by
`
`o Opening the license part using the players private key,
`
`o
`
`Interrogating the business roles in the license to validate the user's right to
`access the content, and
`
`o If the license is valid, the license manager extracts the T-Key from the
`
`license for use by the player.
`
`•
`
`If the license is validated by the player uses the Content ID from the content file,
`
`the T-Key, the Device ID and the user's PIC to unlock the C-Key
`
`• The player then decrypts and plays the content file.
`
`[0015]
`
`Note that the S-Key is not used when the license manager is contained
`
`within the player.
`
`[0016]
`
`[0017]
`
`Players with Smart Key
`The ViDeOnline service provides a ORM enabled multi-media player for
`
`PCs via a ViDeOnline service web site. This player uses a security feature, e.g. a secure
`
`processor, to provide the license management component that is external to the player. In
`
`one aspect, the ViDeOnline Service provides the SmartKey for this purpose, which is a
`
`USB device with a secure processor in it. The secure processor stores the public and
`
`private keys for the license manager as well as licenses. The SmartKey provides
`
`IVU-P004P
`
`5
`
`DISH, Exh. 1019, p. 6
`
`

`
`enhanced security by insuring that this valuable information can not be accessed by the
`
`PC user.
`
`[0018]
`
`Since the SmartKey contains the licenses for the content, use of the
`
`SmartKey allows content to be played on multiple offline devices provided that each
`
`device is registered with the ViDeOnline service and that the SmartKey is attached to the
`
`device when it accesses the content. This feature has previously only been available to
`
`online devices where the license is stored on a secure server on the Internet.
`
`[0019] When the license manager is external to the player in the SmartKey, a user
`
`is allowed to register multiple devices which may playback their ORM protected content.
`
`Each device is given an index value during registration. The service maintains the
`
`following information for users of SmartKey enabled devices:
`
`• PIC identifying the user for billing and ORM purposes,
`
`• The public key associated with the license manager in the device, and
`
`• Device Id and Index of each registered device.
`
`[0020] When the user requests a ORM license for media content the ViDeOnline
`
`service:
`
`• Retrieves the Content ID of the requested content file,
`
`• Creates a unique transaction key (T-Key) and session key (S-Key)
`
`• For each device registered by the user a symmetric key is created by combining
`
`the Content ID, Device ID of the device, PIC, and T-Key,
`
`• Retrieves the C-Key that was used to encrypt the content,
`
`• Encrypts the C-Key for each registered device using the keys created above and
`
`stores them in an array in the device part of the license,
`
`• Creates the license part containing the ORM business rules for accessing the
`
`content and the T-Key,
`
`• Encrypts the license part using the public key of the license manager in the device,
`
`• Constructs the full license by creating the public, device and license part,
`
`• And passes the full license to the player
`
`[0021] When the user accesses the content in his ORM Enabled player:
`
`• The user must plug the SmartKey into the USB port of the player device,
`
`IVU-P004P
`
`6
`
`DISH, Exh. 1019, p. 7
`
`

`
`• The player passes to the license manager in the SmartKey the ContentID of the
`
`file to be played,
`
`• The license manager verifies the license by
`
`o Opening the license part using its private key,
`
`o
`
`Interrogating the business roles in the license to validate the user's right to
`
`access the content, and
`
`o
`
`If the license is valid, the license manager extracts the T-Key from the
`
`license for use by the player.
`
`o The license manager encrypts the T-Key using the S-Key in the license
`
`and passes it back to the player
`
`•
`
`If the license is validated by the player decrypts the T-Key using the S-Key and
`
`uses the Content ID from the content file, the T-Key, the Device lD and the user's
`
`PIC to unlock the C-Key
`
`• The player then decrypts and plays the content file.
`
`IVU-P004P
`
`7
`
`DISH, Exh. 1019, p. 8
`
`

`
`Secured ViDeOnline~s Video Stream
`
`Public/private
`
`Key encrypted
`
`128 bit decryption key (CKey) encrypting
`128 byte-blocks at a time
`-Llc-;n-;;-i~f~-;:;;ti~n-----··---·-·--···----·-·---·-·-·---·-·-·--·----···--·· -·· --·1
`I
`Transaction Type (Purchase, Rental)
`
`l ................. !~;~;;~;:;.~_;;;::!;.;~~~;.~~~%t;~~.;Y.~°.;r.~;;;~.~~~i<>~.> ... 1
`
`' Content Key (CKey) encrypted specifically for the registered devices using the Device ID, i
`· Content ID, T-Key PIC. There is also an optional SKey (Session Key Used if an external
`'
`1 Smart Key is used)
`
`•-••••••u•u••u•u•-••••-·•••u••• ••••••-•u-••-u--•••••--••••••u-•-•••-••••••••U
`
`m•••·-------·----•-•••••••u•uuu•••••u•u••
`
`•••••u•u•u•u•u••••••-••••u ••••
`
`FIGURE 1
`
`IVU-P004P
`
`8
`
`DISH, Exh. 1019, p. 9
`
`

`
`PATENT APPLICATION SERIAL NO . - - - - - - - -
`
`U.S. DEPARTMENT OF COMMERCE
`PATENT AND TRADEMARK OFFICE
`FEE RECORD SHEET
`
`02/23/2005 DEKMAHU1 00000098 60654030
`01 FC:2005
`100.00 OP
`
`PT0-1556
`. (5/87)
`
`.BJ:ST AVAILABLE. COPY
`'.
`..
`
`DISH, Exh. 1019, p. 10