Claim Terms
`
`Defendants’ Preliminary Claim Constructions
`Exhibit A
`
`Proposed Construction and Supporting Evidence
`
`1. “defined interaction” (all asserted
`claims); “interaction with a host
`computing device in a defined way”
`(’802 Patent, claims 38-39)
`
`
`
`Construction: Indefinite under 35 U.S.C. § 112.
`
`Intrinsic Evidence:
`
`“In particular, the modular device can include a security module that is adapted to enable
`performance of one or more security operations on data, and a target module that is adapted to
`enable a defined interaction with a host computing device.” ’135 Patent, Abstract; ’802 Patent,
`Abstract (“In particular, the peripheral device can be adapted to enable, in a single integral
`peripheral device, performance of one or more security operations on data, and a defined
`interaction with a host computing device that has not previously been integrated with security
`operations in a single integral device.”)
`
`“In particular, the modular device can include a security module that is adapted to enable
`performance of one or more security operations on data, and a target module that is adapted to
`enable a defined interaction with a host computing device.” ’135 Patent at 3:27-31; ’802 Patent
`at 3:27-33 (“In particular, the peripheral device can be adapted to enable, in a single integral
`peripheral device, performance of one or more security operations on data, and a defined
`interaction with a host computing device that has not previously been integrated with security
`operations in a single integral device.”).
`
`“The peripheral device can also be implemented so that the security operations are performed
`in-line, i.e., the security operations are performed between the communication of data to or
`from the host computing device and the performance of the defined interaction.’).” ’802 Patent
`at 3:40-45.
`
`“A peripheral device according to the invention can advantageously enable application of
`security operations to a wide variety of interactions with a host computing device. In particular,
`a peripheral device according to the invention can accomplish this without necessity to use two
`peripheral devices: one that performs the security operations and one that performs the defined
`interaction. This can, for example, minimize the possibility that the device adapted to perform
`the defined interaction will be used with the host computing system without proper application
`
`
`
`IPR: IPR2017-00824 Ex 2001
`SPEX TECHNOLOGIES, INC 1
`
`

`

`of security operations to that interaction.” ’802 Patent at 3:49-59.
`
`“The target module is adapted to enable a defined interaction with a host computing device
`(examples of which are given below).” ’135 Patent at 4:18-20.
`
`“In another embodiment of the invention, a modular device includes a security module that is
`adapted to enable performance of one or more security operations on data, and a target module
`that is adapted to enable a defined interaction with a host computing device (such as the
`interactions discussed above with respect to exemplary embodiments of the target module of
`the previously discussed embodiment of the invention).” ’135 Patent at 4:40-47.
`
`“In yet another embodiment of the invention, a modular device that is adapted to enable
`communication with a host computing device, and that includes a security module that is
`adapted to enable performance of one or more security operations on data and a target module
`that is adapted to enable a defined interaction with a host computing device, is further adapted
`to enable provision of the type of a target module to a host computing device in response to a
`request from the host computing device for information regarding the type of the modular
`device.” ’135 Patent at 4:56-65.
`
`“In still another embodiment of the invention, a modular device that is adapted to enable
`communication with a host computing device, and that includes a security module that is
`adapted to enable performance of one or more security operations on data and a target module
`that is adapted to enable a defined interaction with a host computing device, is further adapted
`to enable the security module and/or the target module to be operably connected to the host
`computing device in response to an instruction from the host computing device.” ’135 Patent at
`5:1-9.
`
`“In another embodiment of the invention, a security module is adapted to enable
`communication with a host computing device, performance of one or more security operations
`on data, and communication with a target module that is adapted to enable a defined interaction
`with a host computing device.” ’135 Patent at 5:13-18.
`
`“The security module is also adapted to enable performance of one or more security operations
`on data, and communication with a target module that is adapted to enable a defined interaction
`with a host computing device.” ’135 Patent at 5:32-36.
`
`
`
`
`2
`
`
`
`2
`
`

`

`“In a further particular embodiment of the system, the modular device further includes a target
`module which is adapted to enable communication with a security module, as well as to enable
`a defined interaction with a host computing device (examples of which are discussed above
`with respect to exemplary embodiments of the target module of previously discussed
`embodiments of the invention).” ’135 Patent at 5:36-42.
`
`“A modular device according to the invention can advantageously enable application of
`security operations to a wide variety of interactions with a host computing device. In particular,
`a modular device according to the invention can accomplish this without necessity to use
`multiple peripheral devices that each include security functionality in addition to the primary
`functionality of the peripheral device. This can, for example, facilitate use of peripheral devices
`having security capability that operate in a predictable, reliable and consistent (yet secure)
`manner, since a single security module can be used to provide security to multiple types of
`interaction with a host computing device. This can also enable ease and flexibility in use of
`secure peripheral devices, since the same security module can be used with a variety of target
`modules. Moreover, the provision of in-line security in a modular device according to the
`invention enables a more secure exchange of data between a host computing device and the
`modular device, overcoming the problems identified above in previous systems for performing
`security operations on data exchanged between such devices. Additionally, implementing a
`modular device according to the invention so that the performance of security operations by the
`modular device is transparent can reduce or eliminate the need to modify aspects of the
`operation of the host computing device (e.g., device drivers of the host computing device),
`making implementation and use of a data security system including the modular device simpler
`and easier. Thus, the possibility that a user will use the system incorrectly (e.g., fail to apply
`security operations to an interaction with the host computing device, or apply the security
`operations incorrectly or incompletely) is reduced. Making the security operations transparent
`can also enhance the security of those operations.” ’135 Patent at 3:48-4:13; ’802 Patent at
`3:49-4:10 (“A peripheral device according to the invention can advantageously enable
`application of security operations to a wide variety of interactions with a host computing
`device. In particular, a peripheral device according to the invention can accomplish this without
`necessity to use two peripheral devices: one that performs the security operations and one that
`performs the defined interaction. This can, for example, minimize the possibility that the device
`adapted to perform the defined interaction will be used with the host computing system without
`proper application of security operations to that interaction. Moreover, the provision of in-line
`security in a peripheral device according to the invention enables a more secure exchange of
`data between a host computing device and the peripheral device, overcoming the problems
`
`
`
`3
`
`
`
`3
`
`

`

`identified above in previous systems for performing security operations on data exchanged
`between such devices. Additionally, implementing a modular device according to the invention
`so that the performance of security operations by the modular device is transparent can reduce
`or eliminate the need to modify aspects of the operation of the host computing device (e.g.,
`device drivers of the host computing device), making implementation and use of a data security
`system including the modular device simpler and easier. Thus, the possibility that a user will
`use the system incorrectly (e.g., fail to apply security operations to an interaction with the host
`computing device, or apply the security operations incorrectly or incompletely) is reduced.
`Making the security operations transparent can also enhance the security of those operations.”).
`
`“The particular manner in which operation of the operating system software is suspended so
`that the modular device can establish its identity can depend on the characteristics of the
`operating system software and/or the device interface. However, for many combinations of
`operating system software and device interface, the operating system software waits for
`confirmation that the device connected to the device interface is ready for further interaction
`with the operating system software before the operating system software seeks to identify the
`type of the device connected to the interface (the standard for PCMCIA interfaces, for example,
`specifies such operation). In such cases, the modular device can be configured to delay
`informing the operating system software that the modular device is ready for further interaction
`until the modular device has established its identity.” ’135 Patent at 10:11-25; ’802 Patent at
`7:44-59 (“The particular manner in which operation of the operating system software is
`suspended so that the peripheral device can establish its identity can depend on the
`characteristics of the operating system software and/or the device interface. However, for many
`combinations of operating system software and device interface, the operating system software
`waits for confirmation that the device connected to the device interface is ready for further
`interaction with the operating system software before the operating system software seeks to
`identify the type of the device connected to the interface (the standard for PCMCIA interfaces,
`for example, specifies such operation). In such cases, the peripheral device can be configured to
`delay informing the operating system software that the peripheral device is ready for further
`interaction until the peripheral device has established its identity.”).
`
`“Since use of the data security system is easier (e.g., a user need not provide input to cause the
`host driver to be appropriately tailored to enable desired interaction with a security device), the
`possibility that a user will use the system incorrectly (e.g., fail to apply security operations to an
`interaction with the host computing device, or apply the security operations incorrectly or
`incompletely) is reduced.” ’135 Patent at 11:4-11; ’802 Patent at 8:28-35 (“Since use of the
`
`
`
`4
`
`
`
`4
`
`

`

`data security system is easier (e.g., a user need not provide input to cause the host driver to be
`appropriately tailored to enable desired interaction with a security device), the possibility that a
`user will use the system incorrectly (e.g., fail to apply security operations to an interaction with
`the host computing device, or apply the security operations incorrectly or incompletely) is
`reduced.”).
`
`“The modular device driver can have previously been installed on a data storage device (e.g.,
`hard disk) of the host computing device (in FIG. 6, the modular device driver is shown stored in
`the memory section 606b of the memory device 606 of the host computing device 601), or can
`be made accessible to the host computing device via an appropriate interface (such as a floppy
`disk drive, CD-ROM drive or network connection) at a time when the user wishes to initiate
`interaction between the host computing device and the modular device.” ’135 Patent at 12:28-
`37; ’802 Patent at 9:5-14 (“The peripheral device driver can have previously been installed on a
`data storage device (e.g., hard disk) of the host computing device (in FIG. 6, the peripheral
`device driver is shown stored in the memory section 606b of the memory device 606 of the host
`computing device 601), or can be made accessible to the host computing device via an
`appropriate interface (such as a floppy disk drive, CD-ROM drive or network connection) at a
`time when the user wishes to initiate interaction between the host computing device and the
`peripheral device.”).
`
`“In such an implementation, the modular device driver can be implemented to automatically
`cause one or more predetermined security operations to be performed based upon a user-
`specified interaction with the target module, or the modular device can be configured to cause
`such security operations to be performed any time a specified interaction with the target module
`occurs.” ’135 Patent at 16:9-16; ’802 Patent 12:64-13:4 (“In such an implementation, the
`peripheral device driver can be implemented to automatically cause one or more predetermined
`security operations to be performed based upon a user-specified interaction with the target
`functionality, or the peripheral device can be configured to cause such security operations to be
`performed any time a specified interaction with the target functionality occurs.”).
`
`“A target module of a modular device according to the invention can also be embodied as a
`biometric module, which is defined herein as any module that is adapted to receive input data
`regarding a physical characteristic of a person based upon a physical interaction of the person
`with the module.” ’135 Patent at 17:19-25; ’802 Patent at 14:9-15 (“Target functionality of a
`peripheral device according to the invention can also be embodied as a biometric device, which
`is defined herein as any device that is adapted to receive input data regarding a physical
`
`
`
`5
`
`
`
`5
`
`

`

`characteristic of a person based upon a physical interaction of the person with the device.”).
`
`“In the security module 800, the interface control device 802 mediates the interaction between
`the host computing device, the target module and the cryptographic processing device 801.”
`’135 Patent at 20:1-4; ’802 Patent at 16:40-43 (“In the peripheral device 800, the interface
`control device 802 mediates the interaction between the host computing device, the target
`functionality 807 and the cryptographic processing device 801.”).
`
`“A set of configuration registers is maintained for the host computing device I/O interface, the
`cryptographic processing device interface, and the target module interface. In particular, the
`content of the host computing device I/O interface configuration registers is such that the
`interaction of the host computing device with the modular device is the same as if the security
`functionality were not present (unless the data security system is operating in security
`functionality only mode).” ’135 Patent at 20:62-21:3; ’802 Patent at 17:36-42 (“A set of
`configuration registers is maintained for the host computing device I/O interface, the
`cryptographic processing device interface, and the target functionality interface. In particular,
`the content of the host computing device I/O interface configuration registers is such that the
`interaction of the host computing device with the peripheral device is the same as if the security
`functionality were not present (unless the data security system is operating in security
`functionality only mode).”).
`
`Extrinsic Evidence:
`
`Declaration of Mark T. Jones, Ph.D. In addition to providing relevant background information,
`Dr. Jones may offer one or more of the following opinions regarding claim construction:
`
`
`1. There is no particular meaning for “defined interaction” (or “interaction with a host
`computing device in a defined way”) in the field of computing.
`
`2. The specifications of the Asserted Patents do not define the meaning of the term
`“defined interaction” (or “interaction with a host computing device in a defined way”).
`
`3. The specifications of the Asserted Patents do not differentiate a “defined” interaction
`or a “defined way” from, e.g., “undefined” interactions or interactions that are not
`performed in a “defined way.”
`
`
`
`
`6
`
`
`
`6
`
`

`

`4. The Abstract of the ‘802 Patent says “The defined interactions can provide a variety
`of types of functionality (e.g., data storage, data communication, data input and output,
`user identification).” The ‘802 Patent specification also says “The defined interactions
`can provide a variety of types of functionality (e.g., data storage, data communication,
`data input and output, user identification), as described further below.” Neither of these
`are a definition of “defined interaction.”
`
`5. The specifications of the Asserted Patents may purport to give non-limiting examples
`of defined interactions, but these do not clarify the actual scope of the term “defined
`interaction” (or “interaction with a host computing device in a defined way”).
`
`6. The language of the asserted claims distinguishes between “defined interaction” (or
`“interaction with a host computing device in a defined way”) and other claim limitations
`(e.g., “communication”, “function” or “operation”), exemplifying the ambiguity in the
`term “defined interaction” (or “interaction with a host computing device in a defined
`way”).
`
`7. The file histories of the Asserted Patents do not define or otherwise clarify the
`meaning of the term “defined interaction” (or “interaction with a host computing device
`in a defined way”).
`Construction: Any device that operates outside of a host computing device and that is
`connected to the host computing device
`
`Intrinsic Evidence:
`
`“FIG. 1 is a block diagram of a prior art system for enabling a host computing device to provide
`secured data to, and retrieve secured data from, a portable device. In FIG. 1, a system 100
`includes a host computing device 101 and a portable device 102. The host computing device
`101 and portable device 102 are adapted to enable communication between the devices 101 and
`102. The host computing device 101 includes a security mechanism 101a (which can be
`embodied by appropriately configured hardware, software and/or firmware, such as, for
`example, a general purpose microprocessor operating in accordance with instructions of one or
`more computer programs stored in a data storage device such as a hard disk) which can be
`directed to perform one or more cryptographic operations.” ’802 patent at 1:52-65.
`
`“FIG. 2 is a block diagram of another prior art system for enabling a host computing device to
`7
`
`
`2. “peripheral device” (’802 Patent, all
`asserted claims)
`
`
`
`7
`
`

`

`provide secured data to, and retrieve secured data from, a portable device. In FIG. 2, a system
`200 includes a host computing device 201, a portable device 202 and a security device 203. The
`host computing device 201, the portable device 202 and security device 203 are adapted to
`enable communication between the devices 201 and 202, and between the devices 201 and 203.
`The security device 203 includes appropriately configured hardware, software and/or firmware
`which can be directed to perform one or more cryptographic operations.
`In the system 200, if it is desired to provide secured data from the host computing device 201 to
`the portable device 202, the host computing device 201 first causes data to be transferred to the
`security device 203, where appropriate cryptographic operations are performed on the data. The
`secured data is then transferred back to the host computing device 201, which, in turn, transfers
`the secured data to the portable device 202. Similarly, the host computing device 201 can
`receive secured data from the portable device 202 by, upon receipt of secured data, transferring
`the secured data to the security device 203, which performs appropriate cryptographic
`operations on the data to convert the data into a form that enables the data to be accessed and/or
`modified by a person who is authorized to do so, then transfers the unsecured data back to the
`host computing device 201.” Id. at 2:22-47.
`“A peripheral device according to the invention can advantageously enable application of
`security operations to a wide variety of interactions with a host computing device. In particular,
`a peripheral device according to the invention can accomplish this without necessity to use two
`peripheral devices: one that performs the security operations and one that performs the defined
`interaction. This can, for example, minimize the possibility that the device adapted to perform
`the defined interaction will be used with the host computing system without proper application
`of security operations to that interaction. Moreover, the provision of in-line security in a
`peripheral device according to the invention enables a more secure exchange of data between a
`host computing device and the peripheral device, overcoming the problems identified above in
`previous systems for performing security operations on data exchanged between such devices.
`Additionally, implementing a modular device according to the invention so that the
`performance of security operations by the modular device is transparent can reduce or eliminate
`the need to modify aspects of the operation of the host computing device (e.g., device drivers of
`the host computing device), making implementation and use of a data security system including
`the modular device simpler and easier. Thus, the possibility that a user will use the system
`incorrectly (e.g., fail to apply security operations to an interaction with the host computing
`device, or apply the security operations incorrectly or incompletely) is reduced. Making the
`security operations transparent can also enhance the security of those operations.” Id. at 3:49-
`4:10.
`
`
`
`8
`
`
`
`8
`
`

`

`
`“FIG. 3A is a block diagram of a system 300 according to the invention. The system 300
`includes a host computing device 301 and a peripheral device 302 that communicate via a
`communications interface 303. Herein, ‘peripheral device’ can refer to any device that operates
`outside of a host computing device and that is connected to the host computing device. The
`peripheral device 302 includes a security mechanism 302a that enables security operations
`(examples of which are described in more detail below) to be performed on data that is stored
`within the host computing device 301, data that is transmitted from the host computing device
`301 to the peripheral device 302, or data that is transmitted from the peripheral device to the
`host computing device 301. As explained in more detail below, the peripheral device 302 also
`provides additional functionality (referred to herein as "target functionality") to the system 300,
`such as, for example, the capability to store data in a solid-state disk storage device, the
`capability to enable communications from the host computing device 301 to another device, the
`capability to accept biometric input to enable user authentication to the host computing device
`301, and the capability to receive and read a smart card inserted into the peripheral device 302.
`
`Generally, the communications interface 303 can be any embodied by any of a variety of
`communication interfaces, such as a wireless communications interface, a PCMCIA interface, a
`smart card interface, a serial interface (such as an RS-232 interface), a parallel interface, a SCSI
`interface or an IDE interface. Each embodiment of the communications interface 303 includes
`hardware present in each of the host computing device 301 and peripheral device 302 that
`operates in accordance with a communications protocol (which can be embodied, for example,
`by software stored in a memory device and/or firmware that is present in the host computing
`device 301 and/or peripheral device 302) appropriate for that type of communications interface,
`as known to those skilled in the art. Each embodiment of the communications interface 303 also
`includes mechanisms to enable physical engagement, if any, between the host computing
`device 301 and peripheral device 302.” ’802 Patent, 4:49-5:21. See also id. at Fig. 3A.
`
`“FIG. 3B is a perspective view of a physical implementation of the system 300 of FIG. 3A,
`according to one embodiment of the invention. In FIG. 3B, the peripheral device 302 is
`embodied as a card 312 that can be inserted into a corresponding slot 313 formed in a portable
`computer 311 that, in FIG. 3B, embodies the host computing device 301. Often a peripheral
`device according to the invention is a portable device, such as the card 312 shown in FIG. 3B.
`Herein, "portable device" can refer generally to any device that is capable of being easily
`carried by hand.” Id. at 5:40-49. See also id. at Fig. 3B.
`
`
`
`
`9
`
`
`
`9
`
`

`

`“FIG. 4 is a block diagram of a peripheral device 400 according to an embodiment of the
`invention. The peripheral device 400 includes security functionality 401, target functionality
`402 and a host interface 403 that are formed together as part of a single physical device. For
`example, the security functionality 401 and target functionality 402 can be enclosed in a single,
`card-like housing (designated in FIG. 4 by the numeral 404) conforming to a PCMCIA card or
`smart card standard.
`The peripheral device 400 can have a number of advantageous characteristics. The peripheral
`device 400 can be implemented in a manner that enables the security operations of the security
`functionality 401 to be performed in a manner that is transparent to a host computing device
`(and, depending upon the particular implementation of the peripheral device 400, to a user of a
`system including the peripheral device 400) of a system according to the invention, so that the
`host computing device (and, perhaps, user) is aware only of the presence of the target
`functionality 402. Additionally, the peripheral device 400 can be implemented so that security
`operations are performed "in-line," i.e., the security operations are performed between the
`communication of data to or from the host computing device and the performance of the target
`functionality provided by the peripheral device. Further, the peripheral device 400 enables a
`wide variety of secure target functionality to be easily provided to a host computing device.”
`Id. at 5:50-6:9. See also id. at Fig. 4.
`
`“FIG. 6 is a block diagram of a system 600, according to an embodiment of the invention,
`illustrating operation of the system 600 during a method according to the invention such as the
`method 500 of FIG. 5. The system 600 includes a host computing device 601 and a peripheral
`device 602. The host computing device 601 includes a display device 603a (e.g., a conventional
`computer display monitor) and user input device 603b (e.g., a keyboard, mouse, trackball,
`joystick or other appropriate device), referred to collectively hereinafter as user interface device
`603. The host computing device 601 also includes, mounted within a housing 604, a processing
`device 605, a memory device 606, an input/output (I/O) device 607 for enabling
`communication with the user interface device 603, and an input/output (I/O) device 608 for
`enabling communication with peripheral device 602. The devices 605, 606, 607 and 608 can
`each be implemented by conventional such devices and can communicate with each other via a
`conventional computer bus 609, as is well known and understood. The peripheral device 602
`includes security functionality 611, a memory device 612, an input/output (I/O) device 613 for
`enabling communication with the host computing device 601 and target functionality 614. The
`security functionality 611, memory device 612, I/O device 613 and target functionality 614 can
`each be implemented by conventional devices and can communicate with each other via a
`10
`
`
`
`
`
`10
`
`

`

`conventional computer bus 615, as is well known and understood. The host computing device
`601 and the peripheral device 602 are shown in simplified form in FIG. 6 to facilitate clarity in
`illustration of this aspect of the invention; as described in more detail below and as understood
`by those skilled in the art, the host computing device 601 and the peripheral device 602 can--
`and typically will--include other devices not shown in FIG. 6.” Id. at 6:19-51. See also id. at
`Fig. 6.
`
`“Returning to FIG. 5, use of a system according to the invention begins when, as shown by step
`501, a user of the system connects a peripheral device according to the invention to a host
`computing device. Such connection can occur in any manner that enables the peripheral device
`to communicate with the host computing device. Frequently, this will occur as a result of a
`physical connection of the peripheral device to the host computing device. (In general, such
`physical connection can occur either before or after the host computing device begins
`operating; however, in the former case, subsequent steps of the method 500--with the exception
`of, depending upon the implementation of the peripheral device, the step 503--cannot be
`performed until the host computing device begins operating.) For example, the peripheral
`device can be embodied in a card or disk (e.g., a card conforming to a PCMCIA form factor as
`established by the appropriate standard) that is inserted into a corresponding socket formed in
`the host computing device. Or, the peripheral device can be embodied in a housing from which
`a cord extends, a plug of the cord being inserted into a mating receptacle formed in the host
`computing device. However, such physical connection need not necessarily occur; the
`peripheral device can also be connected to the host computing device by any type of wireless
`communication for which the host computing device contains an appropriate interface.
`Once connection between the peripheral device and the host computing device is made, the host
`computing device detects the presence of the peripheral device, as shown by step 502. Such
`detection of the presence of a peripheral device is typically enabled as a standard aspect of the
`operating system software of the host computing device.
`Typically, once the presence of a new peripheral device is detected by the operating system
`software of the host computing device, the operating system software (or companion software
`program) also identifies the type of the peripheral device. This can be accomplished, for
`example, by a standard software device driver (hereinafter, "host driver") for devices of the type
`that use the host computing device interface that is being used by the peripheral device 602. In
`FIG. 6, the host driver is shown stored in the memory section 606a of the memory device 606
`of the host computing device 601. (The Card Services or Socket Services programs that often
`are bundled with the Windows95™ operating system software for use in performing various
`11
`
`
`
`
`11
`
`

`

`"housekeeping" functions associated with a PCMCIA interface are examples of such drivers.)
`However, in the method 500, before the operating system software can perform such
`identification, the peripheral device according to the invention suspends operation of this aspect
`of the operating system software, so that the peripheral device can establish its identity, as
`shown by step 503, and explained further below. As will be apparent from that explanation,
`performance of the step 503 advantageously enables the peripheral device to assume the
`identity of the target functionality that is part of the peripheral device. Since, as described
`elsewhere herein, a peripheral device according to the invention can include a variety of types
`of target functionality, the peripheral device can take a variety of identities.” Id. at 6:52-7:43.
`See also id. at Fig. 5.
`“The peripheral device driver can have previously been installed on a data storage device (e.g.,
`hard disk) of the host computing device (in FIG. 6, the peripheral device driver is shown stored
`in the memory section 606b of the