Trials@uspto.gov
`Tel: 571-272-7822
`
`Paper 10
`Entered: December 9, 2024
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`ROKU, INC.,
`Petitioner,
`v.
`VIDEOLABS, Inc.,
`Patent Owner.
`
`IPR2024-01026
`Patent 8,667,304 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Before KARL D. EASTHOM, STACEY G. WHITE, and BRIAN P.
`MURPHY, Administrative Patent Judges.
`
`MURPHY, Administrative Patent Judge.
`
`
`
`DECISION
`Granting Institution of Inter Partes Review
`35 U.S.C. § 314
`
`
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`
`I. INTRODUCTION
`Roku, Inc. (“Petitioner”) filed a Petition pursuant to 35 U.S.C. § 311
`requesting institution of inter partes review of claims 5–8 and 16–19 (the
`“challenged claims”) of U.S. Patent No. 8,667,304 B2 (Ex. 1001; “the ’304
`patent”). Paper 2 (“Pet.”). VideoLabs, Inc. (“Patent Owner”) timely filed a Patent
`Owner Preliminary Response. Paper 6 (“Prelim. Resp.”). Pursuant to
`authorization from the Board, Petitioner filed a Reply to Patent Owner’s
`Preliminary Response addressing “unforeseeable” claim construction issues, and
`Patent Owner filed a Sur-Reply. Papers 7, 8.
`We have jurisdiction under 35 U.S.C. § 314, which provides that an inter
`partes review may not be instituted “unless . . . there is a reasonable likelihood that
`the petitioner would prevail with respect to at least 1 of the claims challenged in
`the petition.” Under § 314, the Board may not institute review on fewer than all
`claims challenged in the petition. SAS Inst., Inc. v. Iancu, 138 S. Ct. 1348, 1359–
`60 (2018). If the Board institutes a review, it will institute “on all of the
`challenged claims and on all grounds of unpatentability asserted for each claim.”
`37 C.F.R. § 42.108(a). Upon consideration of the Petition, the Preliminary
`Response, Reply, Sur-Reply, and the evidence of record, for the reasons set forth
`below, we conclude Petitioner has demonstrated a reasonable likelihood of
`prevailing with respect to at least one challenged claim in the ’304 patent.
`Accordingly, we institute an inter partes review of claims 5–8 and 16–19 of the
`’304 patent on all grounds set forth in the Petition. See 37 C.F.R. § 42.108(a).
`A. Real Parties in Interest and Related Matters
`Petitioner, Roku, Inc., identifies itself as the real party in interest. Pet. 7.
`Patent Owner, VideoLabs, Inc., identifies itself as the real party in interest. Paper
`5, 2.
`
` 2
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`
`The parties identify the following related matters:
`
`VideoLabs, Inc. v. ASUSTeK Computer Inc., No. 6-22-cv-00720 (W.D. Tex.)
`(pending);
`VideoLabs, Inc. v. HP Inc., No. 6-23-cv-00641 (W.D. Tex.) (pending); and
`VideoLabs, Inc., et al. v. Roku, Inc., No. 1-23-cv-01136 (D. Del.) (pending).
`Pet. 7; Paper 5, 2.
`B. The ’304 Patent
`The ’304 patent, titled “Methods and Apparatuses for Secondary Conditional
`Access Server,” is directed to techniques “for bridging two security systems so that
`a primary security system can control premium content distribution to external
`devices secured by a secondary security system.” Ex. 1001, 2:59–62. The ’304
`patent discloses a plurality of embodiments. In one embodiment:
`[T]he primary security system is a broadcast CA [conditional access]
`system, used to secure the distribution of premium content only to
`legitimate subscribers; and the secondary security system includes a
`digital rights management system used to secure the distribution of
`premium content only to the legitimate devices of the subscriber.
`Id. at 2:64–3:3 (emphasis added). In another embodiment “the secondary security
`system includes another broadcast CA system, used to secure the re-distribution of
`premium content only to the legitimate local subscribers” of the second broadcast
`CA system. Id. at 3:7–10 (emphasis added). Either way, the secondary security
`system acts as a bridge because it is both an authorized client of the primary
`security system, from which it receives protected content, and a server of protected
`content to secondary clients, such as authorized subscriber devices in a digital
`rights management (“DRM”) system or authorized local subscribers in a second
`broadcast CA system.
` Figure 2A of the ’304 patent depicts an embodiment of the claimed
`invention. We reproduce below annotated Figure 2A from the Petition:
`
` 3
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`
`
`Pet. 10. The primary CA server (253, red) controls access to the content in the
`primary security domain (251), which is “typically a broadcast CA system.” Ex.
`1001, 7:8–13. Only an authorized client of the primary security domain, such as
`set top box (257), can access (decrypt) the primary CA server-protected content.
`Id. at 7:13–17. Secondary CA Server (255, blue) is a bridge that acts as an
`authorized client of the primary security domain “and as a control information
`provider of the secondary security domain (261).”1 Id. at 7:37–39. “[T]he
`secondary CA access clients (e.g., 271, 273, . . . 279, green) in the secondary
`
`
`1 Quotations from patent documents may omit or de-emphasize bold numerals.
`
` 4
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`security domain (261) may access the content secured in the secondary security
`domain under the control of the secondary CA server (255),” for example by
`receiving control words from the secondary CA server that permit the secondary
`clients to decrypt the content. Id. at 7:26–31, 44–52.
`C.
`Illustrative Claim
`Claims 5 and 8 are the independent claims challenged in this Petition.
`Claim 5, reproduced below, illustrates the claimed subject matter:
`5[pre.i]2 A non-transitory machine readable medium
`containing executable computer program instructions which
`when executed by a data processing system cause a client
`system in a second security domain to present content provided
`by a first conditional access server
`5[pre.ii] wherein the first conditional access server has
`authenticated a client device of the first conditional access
`server through a first authentication process using a first root of
`trust for a first security domain and
`5[pre.iii] wherein a second conditional access server is
`configured to substitute the first security domain with the
`second security domain for client devices under a second root
`of trust, the method comprising:
`5[a] receiving, at a second conditional access client of the
`second conditional access server, an authentication through a
`second authentication process which is independent of the first
`authentication process and wherein the second authentication
`process uses the second root of trust for the second security
`domain which is independent of and different than the first root
`of trust; and
`5[b] receiving, at the second conditional access client, content
`that is in an access controlled format specified by the second
`conditional access server in the second security domain, the
`
`
`2 We adopt Petitioner’s claim limitation identifiers for convenience.
`
`
` 5
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`
`second conditional access client being in the second security
`domain.
`Ex. 1001, 25:41–64 (emphasis added).
`D. Asserted Grounds of Unpatentability
`Petitioner asserts claims 5–8 and 16–19 are unpatentable on the following
`grounds:
`Claim(s) Challenged
`5-6, 8, 16-17, 19 (Ground 1)
`5-6, 8, 16-17, 19 (Ground 2)
`7, 18 (Ground 3)
`
`Pet. 9. Petitioner relies on the Declaration testimony of Anthony J. Wasilewski,
`Ph.D. in support of the asserted unpatentability of the challenged claims. Ex.
`1003. Patent Owner relies on the Declaration testimony of Sam Malek, Ph.D. in
`opposition. Ex. 2001.
`
`
`
`35 U.S.C. §
`1023
`103
`103
`
`Reference(s)/ Basis
`Russ4
`Russ
`Russ, Robert5
`
`II. ANALYSIS
`A. Level of Ordinary Skill in the Art
`Petitioner describes a person of ordinary skill in the art (“POSA”) as
`someone having “a bachelor’s degree in computer science, electrical engineering,
`or a related field, and approximately two or more years of experience in multi-
`
`
`3 The Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284 (2011)
`(“AIA”), includes revisions to 35 U.S.C. §§ 102, 103 that became effective after
`the filing of the application that led to the challenged patent. Hence, this inter
`partes review is governed by the pre-AIA provisions of 35 U.S.C. §§ 102, 103.
`4 US Patent No. 6,748,080 B2 issued June 8, 2004, filed May 24, 2002 (Ex. 1005,
`“Russ”).
`5 US Patent No. 7,546,641 issued June 9, 2009, filed Feb. 13, 2004 (Ex. 1006,
`“Robert”).
`
` 6
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`media content distribution and management. Additional education could substitute
`for professional experience, and vice versa.” Pet. 14–15. Patent Owner and it’s
`expert, Dr. Sam Malek, apply Petitioner’s proposed definition for purposes of its
`Preliminary Response. Prelim. Resp. 5 (citing Malek Dec. Ex. 2001 ¶ 38). 6
`In determining the level of ordinary skill in the art, various factors may be
`considered, including the “type of problems encountered in the art; prior art
`solutions to those problems; rapidity with which innovations are made;
`sophistication of the technology; and educational level of active workers in the
`field.” In re GPAC, Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995) (citing Custom
`Accessories, Inc. v. Jeffrey-Allan Indus., Inc., 807 F.2d 955, 962 (Fed. Cir. 1986)).
`“These factors are not exhaustive but are merely a guide to determining the level of
`ordinary skill in the art.” Daiichi Sankyo Co. v. Apotex, Inc., 501 F.3d 1254, 1256
`(Fed. Cir. 2007). There is uncontested evidence in the record before us that
`reflects the knowledge and experience of a POSA.
`We adopt Petitioner’s proposal for purposes of institution, which the prior
`art of record supports. See Okajima v. Bourdeau, 261 F.3d 1350, 1355 (Fed. Cir.
`2001); In re GPAC Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995); In re Oelrich, 579
`
`
`6 Contrary to Patent Owner’s contention that Petitioner does not show that Dr.
`Wasilewski “qualifies as a POSITA,” his physics degree, background, and
`experience in systems involving multi-media content distribution and management
`and/or related fields, including as an inventor of over 50 patents in fields that
`include encryption, MPEG systems, and transfer of digital content, including Russ
`(Ex. 1005), along with extensive engineering experience in related fields, is more
`than adequate on this preliminary record to qualify Dr. Wasilewski as an artisan of
`ordinary skill. Compare Prelim. Resp. 5, with Ex. 1003 ¶¶ 4–19 and Ex. 1004.
`
`
` 7
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`F.2d 86, 91 (CCPA 1978).
`B. Claim Construction
`We construe claim terms using “the same claim construction standard that
`would be used to construe the claim in a civil action under 35 U.S.C. 282(b).” 37
`C.F.R. § 42.100(b). In this context, claim terms “are generally given their ordinary
`and customary meaning” as understood by a POSA at the time of the invention.
`Phillips v. AWH Corp., 415 F.3d 1303, 1312–13 (Fed. Cir. 2005) (en banc).
`“Importantly, the person of ordinary skill in the art is deemed to read the claim
`term not only in the context of the particular claim in which the disputed term
`appears, but in the context of the entire patent, including the specification.” Id. at
`1313. The “specification ‘is always highly relevant to the claim construction
`analysis. Usually, it is dispositive; it is the single best guide to the meaning of a
`disputed term.’” Id. at 1315 (citation omitted). Accordingly, when construing a
`disputed claim limitation, “we look principally to the intrinsic evidence of record,
`examining the claim language itself, the written description, and the prosecution
`history, if in evidence.” DePuy Spine, Inc. v. Medtronic Sofamor Danek, Inc., 469
`F.3d 1005, 1014 (Fed. Cir. 2006) (citing Phillips, 415 F.3d at 1312–17).
` At Petitioner’s request, we authorized the parties to file a five-page Reply
`and Sur-Reply “related only to claim construction issues.” Ex. 3002. As stated in
`our email instructions to counsel, we consider only the parties’ arguments bearing
`on claim construction and disregard everything else. 7 The parties direct our
`attention in particular to the proper construction of an “independent” second root
`of trust in context of the recited claim limitation: “ . . . receiving, at a second
`conditional access client of the second conditional access server, an authentication
`
`
`7 The parties are reminded of the Board’s sanction authority for non-compliance.
`35 U.S.C. § 316(a)(6); 37 C.F.R. § 42.12(a)(1).
`
` 8
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`through a second authentication process which is independent of the first
`authentication process and wherein the second authentication process uses the
`second root of trust for the second security domain which is independent of and
`different than the first root of trust.” We refer to this disputed claim limitation
`hereafter as the “independent authentication” limitation.
`Petitioner proposes the following construction: “authentication processes
`that are performed by independent roots of trust—i.e., roots of trust with trust
`determinations that are independent of the outcome of the other.” Reply 3 (citing
`Ex. 1001, 8:16–38 (“the secondary CA server follows rules (e.g., CA messages) of
`the primary CA server to manage a secondary subscriber management system”));
`see also id. at 4 (“‘Independent’ . . . identifies how the first and second roots of
`trust arrive are used to arrive at their first and second authentication
`determinations, without relying on the output of the other.”). Petitioner also asserts
`that Patent Owner’s patentability argument hinges on a construction of
`“independent” such that “‘independent’ as used to modify the first and second
`roots of trust must be construed as independently controlled,” which Petitioner
`asserts is inconsistent with the ’304 patent claim language and specification. Id. at
`1. Patent Owner, for its part, denies that it is advocating for a construction where
`the two roots of trust are “independently controlled.” Sur-Reply 2–3. Patent
`Owner does not offer a construction of the “independent authentication” limitation,
`citing an unilluminating description where “the client authentication in the
`secondary security domain is completely independent from the client
`authentication in the primary security domain.” Id. at 3 (citing Ex. 1001, 8:33–35).
`On the present record, we determine that no explicit construction of claim
`terms is necessary to determine whether to institute an inter partes review in this
`case. See, e.g., Wellman, Inc. v. Eastman Chem. Co., 642 F.3d 1355, 1361 (Fed.
`
` 9
`
`
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`Cir. 2011) (“[C]laim terms need only be construed ‘to the extent necessary to
`resolve the controversy.’”) (quoting Vivid Techs., Inc. v. Am. Sci. & Eng’g, Inc.,
`200 F.3d 795, 803 (Fed. Cir. 1999)). The parties are ordered to propose and
`support a specific plain meaning or other construction of the “independent
`authentication” limitation in their briefs, with reference to the following claim
`language:
`5[a] receiving, at a second conditional access client of the second
`conditional access server, an authentication through a second
`authentication process which is independent of the first
`authentication process and wherein the second authentication
`process uses the second root of trust for the second security domain
`which is independent of and different than the first root of trust.
`The parties are ordered to analyze the relevant claim language, and cite to the
`specification and prosecution history in support of their claim construction where
`applicable. The parties are further ordered to address the question of whether an
`“independent” “second authentication process” and “second root of trust” requires
`a conditional access server that manages a secondary subscriber management
`system where a “client” of the conditional access server does not subscribe to the
`primary subscriber management system. See Ex. 1001, 8:3–38 (e.g.,
`“authentication methods used by the secondary CA server in the secondary
`subscriber management system are independent from those used by the primary
`CA server”).
`C. Asserted Anticipation of Claims 5–6, 8, 16–17, 19 By Russ (Ground 1)
`Petitioner contends that claims 5, 6, 8, 16, 17, and 19 of the ’304 patent are
`anticipated by Russ. Pet. 17–47. Petitioner provides detailed claim charts
`mapping the language recited in the challenged claims to the disclosures in Russ
`with citations to Dr. Wasilewski’s testimony in support. Id. at 20–47. Given the
`similarities in claim language, Petitioner addresses claims 16, 17, and 19 by
`
`10
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`providing cross-citations to its argument and evidence regarding claims 5, 6, and 8.
`Id. at 44–47.
`Anticipation under 35 U.S.C. § 102 requires “the presence in a single prior
`art disclosure of all elements of a claimed invention arranged as in the claim.”
`Therasense, Inc. v. Becton, Dickinson & Co., 593 F.3d 1325, 1332 (Fed. Cir.
`2010); Net MoneyIN, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1369 (Fed. Cir. 2008).
`To anticipate a patent claim under 35 U.S.C. § 102, “a reference must describe,
`either expressly or inherently, each and every claim limitation and enable one of
`skill in the art to practice an embodiment of the claimed invention without undue
`experimentation.” American Calcar, Inc. v. Am. Honda Motor Co., 651 F.3d 1318,
`1341 (Fed. Cir. 2011) (citing In re Gleave, 560 F.3d 1331, 1334 (Fed. Cir. 2009)).
`“[E]xtrinsic evidence may be considered when it is used to explain, but not expand,
`the meaning of a reference.” In re Baxter Travenol Labs., 952 F.2d 388, 390 (Fed.
`Cir. 1991) (citing Scripps Clinic & Research Foundation v. Genentech, Inc., 927
`F.2d 1565, 1576–77 (Fed. Cir. 1991)). We conclude that, at this stage of the
`proceeding and based on the present record, Petitioner has provided sufficient
`evidence and argument to establish a reasonable likelihood that Russ anticipates
`the challenged claims of the ’304 patent.
`We begin with a discussion of Russ.
`1. The Russ Patent (Ex. 1005)
`The Russ patent is titled “Apparatus For Entitling Remote Client Devices,”
`and it is directed to a “master-receiver in a subscriber television network [that]
`receives service instances and entitlement information from a headend . . . and re-
`transmits service instances to a client-receiver after dynamic encryption scheme
`determination.” Ex. 1005, Abstract (code 57). We reproduce below Petitioner’s
`annotated version of Russ Figure 1:
`
`
`
`
`11
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`
`
` Pet. 17 (Ex. 1005, Fig. 1). In digital broadband delivery system 100, headend 102
`(red) communicates with content providers 114 to obtain services such as
`broadcasts or video-on-demand, and to serve them to subscribers. Ex. 1005, 5:35–
`51. The headend provides services to subscriber 108 (a) by establishing a
`communication path with digital subscriber communication terminal (“DSCT”)
`110 (blue) to provide service instances to client-receiver device 122 (green), for
`example a laptop computer. Id. at 5:52–6:32, 6:51–61, 8:38-9:25.
`DSCT 110 manages a local network at the subscriber location and acts as the
`entitlement authority that grants and deletes entitlements to service instances for
`client-receiver device 122 based on information provided by the headend. Id. at
`17:61-18:40, 18:60-65. The encryption scheme by which the DSCT and client-
`receiver communicate is determined dynamically after the client-receiver joins the
`
`
`
`
`12
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`DSCT’s local network, or for example “when the user of the client-receiver 122
`changes from one user channel to another or requests a different type of content.”
`Id. at 3:17-20, 16:64-17:60. Depending on the device classification of the client-
`receiver, e.g., a laptop, PDA, or set-top box, the DSCT communicates with the
`client-receiver to negotiate and determine an operative encryption scheme, such as
`secure socket layer or Digital Transmission Content Protection (“DTCP”)
`encryption protocols that are “known to those skilled in the art.” Id. at 17:4-14.
`Alternatively, the headend “can also send an EMM [Entitlement Management
`Message] to the DSCT instructing the processor to no longer determine the
`encryption scheme for the client-receiver.” Id. at 25:17–19. “In that case, the
`headend determines the encryption scheme used to communicate information
`between the DSCT and the client-receiver.” Id. at 25:19–22.
`2. Limitations 5[pre.i-pre.iii]
`Limitation 5[pre.i]: “A non-transitory machine readable medium
`containing executable computer program instructions which when executed by a
`data processing system cause a client system in a second security domain to
`present content provided by a first conditional access server”
`Petitioner asserts that Russ discloses a “non-transitory machine readable
`medium containing executable computer program instructions which when
`executed by a data processing system,” in the form of “software stored in memory
`and executed by a processor, secure element, and cryptographic device to
`implement logic steps.” Pet. 20–21 (citing Ex. 1003 ¶¶ 79–80; Ex. 1005, 3:23–40).
`Petitioner also asserts that Russ discloses “a client system in a second security
`domain to present content provided by a first conditional access server” because
`DSCT 110 “provides . . . service instances to client-receiver 122, to which it ‘has
`the authority and capacity to grant and delete entitlements.’” Id. (citing Ex. 1003
`
`13
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`¶¶ 71–78; Ex. 1005, 5:35–39, 8:49-51, 17:61–18:51); see also id. at 26 (citing Ex.
`1005, 26:61–67). Petitioner avers that headend 102 is a “first conditional access
`server” providing content. Id. at 21 (citing Ex. 1005, 8:8–37, 10:48–65); see also
`id. at 26–28 (citing Ex. 1005, 7:56–8:3, 8:8–37, 10:48–65, 17:61–18:66, Fig. 1).
`Petitioner further avers that DSCT 110 and client-receiver 122 are in “a second
`security domain,” because “they communicate securely with an encryption scheme
`that is specifically negotiated and established as between DSCT 110 and client-
`receiver 122” when it joins the DSCT’s local network at the subscriber location.
`Id. at 20–21 (citing Ex. 1003 ¶¶ 72–77; Ex. 1005, 16:64–17:34, 20:12–24); see
`also id. at 21–25 (further citing Ex. 1005, 7:58–8:3, 8:8–37, 8:49–9:7, 10:48–65,
`17:61–18:66, Figs. 1, 5).
`Patent Owner does not address limitation 5[pre.i]. Prelim. Resp. 22.
`On the present record, we determine Petitioner’s argument and supporting
`citations to Russ and the Wasilewski Declaration adequately support Petitioner’s
`assertion that Russ discloses limitation 5[pre.i].
`Limitation 5[pre.ii]: “wherein the first conditional access server has
`authenticated a client device of the first conditional access server through a first
`authentication process using a first root of trust for a first security domain and”
`Petitioner asserts that Russ discloses a headend (“the first conditional access
`server”) that “authenticates a DSCT 110 by verifying that DSCT 1[1]0’s unique
`serial number is in a database of serial numbers and corresponding keys that have
`been certified by the manufacturer, and then providing a new trusted DBDS 100
`public key to the DSCT 1[1]0; DBDS 100 registers DSCT 1[1]0 as a client to
`receive service instances” (“has authenticated a client device of the first
`conditional access server through a first authentication process using a first root
`of trust).” Pet. 28–29 (citing Ex. 1003 ¶¶ 81–85; Ex. 1005, 7:21–39, 7:56–8:3,
`
`14
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`10:39–47). Petitioner argues that a “POSA would have recognized [a “root of
`trust”] as at least including hardware, software, and/or firmware-based systems for
`establishing trustworthy identities of components or entities, as in Russ.” Id. at 29
`(citing Ex. 1003 ¶ 83); see also id. at 30–32 (mapping a “first root of trust” to Russ
`(citing Ex. 1005, 7:21–8:3, 10:39–47)). Petitioner further contends that the
`headend in Russ “implements conditional access authority (CAA) logic to control
`access to service instances for a plurality of DSCTs 110” through an exchange of
`public keys (“a first security domain”). Id. at 28–29 (citing Ex. 1003 ¶¶ 81–85);
`see also id. at 29–30 (mapping “a first security domain” to Russ (citing Ex. 1005,
`6:62–7:6, 8:8–22)).
`Patent Owner does not address limitation 5[pre.ii]. Prelim. Resp. 22.
`On the present record, we determine Petitioner’s argument and supporting
`citations to Russ and the Wasilewski Declaration adequately support Petitioner’s
`assertion that Russ discloses limitation 5[pre.ii].
`Limitation 5[pre.iii]: “wherein a second conditional access server is
`configured to substitute the first security domain with the second security domain
`for client devices under a second root of trust, the method comprising:”
`Petitioner asserts Russ discloses that when the DSCT (“a second conditional
`access server”) receives a service instance from the headend, the DSCT “decrypts
`the service instance, then encrypts the service instance with an encryption scheme
`specifically negotiated between DSCT 110 and client-receiver 122 (“is configured
`to substitute the first security domain with the second security domain for client
`devices”). Pet. 32 (citing Ex. 1003 ¶¶ 86–90; Ex. 1005, 8:49–9:7, 15:46–54,
`19:50–20:19); see also id. at 33 (mapping “the first security domain” to Russ
`(citing Ex. 1005, 11:37–46, 13:12–34)), 34–36 (mapping “configured to substitute
`the first security domain with the second security domain for client devices” to
`
`15
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`Russ (further citing Ex. 1005, 15:46–54, 19:50–20:19, Fig. 6)). Petitioner argues
`that the client-receiver is “under a second root of trust established with DSCT 110
`via DTCP authentication and based on an Authentication and Key Exchange
`(AKE) using DTLA licensed certificates” (“under a second root of trust”). Id. at
`32 (citing Ex. 1003 ¶¶ 91–94). Petitioner further argues that a “POSA would have
`recognized that DTCP protocols include authentication and key and certificate
`exchange procedures that ensure communications are protected.” Id. at 32–33
`(citing Ex. 1003 ¶¶ 91–93; Ex. 1010 ¶ 9, Ex. 1011 ¶¶ 53, 107, 139–143, Fig. 17);
`see also id. at 34 (mapping “the second security domain” to Russ (citing Ex. 1005,
`16:64–17:34)).
`Patent Owner does not address limitation 5[pre.iii]. Prelim. Resp. 22.
`On the present record, we determine Petitioner’s argument and supporting
`citations to Russ and the Wasilewski Declaration adequately support Petitioner’s
`assertion that Russ discloses limitation 5[pre.iii].
`3. The “independent authentication” limitation 5[a]
`Petitioner maps the “independent authentication” limitation 5[a] to Russ’s
`disclosure of an embodiment where the DSCT dynamically determines a DTCP
`encryption protocol for communicating protected content to the client-receiver.
`Pet. 36–37 (citing Ex. 1005, 16:64–17:14). Petitioner also cites extrinsic evidence
`to support its assertion that the disclosed DTCP encryption protocol requires an
`authentication and key exchange between the DSCT and client-receiver, “thereby
`explaining what the phrase [DTCP encryption protocol] would have meant to one
`skilled in the art.” In re Baxter, 952 F.2d at 390; see also Ex. 1003 ¶¶ 91–92
`(“DTCP protocols require that devices undergo a handshaking process, known as
`an Authentication and Key Exchange (AKE), before protected communications are
`to take place. A [POSA] would have been familiar with such processes . . . .”)
`
`16
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`(citing Ex. 1010 ¶ 9; Ex. 1011 ¶¶ 53, 107; Ex. 1012 ¶ 41), 93–97. Petitioner
`asserts the extrinsic evidence demonstrates a “POSA would have recognized that
`DTCP protocols include authentication and key and certificate exchange
`procedures that ensure communications are protected.” Pet. 37 (citing Ex. 1003
`¶ 96; Ex. 1010 ¶ 9; Ex. 1011 ¶¶ 53, 107, 139–143, Fig. 17).
`Patent Owner argues that Petitioner has not provided sufficient evidence to
`establish that Russ discloses or teaches at least the “independent authentication”
`limitation. Prelim. Resp. 13–22. Patent Owner argues in particular that Russ does
`not disclose or teach a “second root of trust” because “Russ does not mention an
`‘Authentication and Key Exchange (AKE)’ or ‘DTLA [Digital Transmission
`Licensing Authority] licensed certificates’ at all.” Id. at 14 (citing Malek Dec. Ex.
`2001 ¶ 50). Patent Owner urges that, although Russ discloses a DTCP encryption
`scheme, Russ “never discloses using it for any authentication” because the
`headend authenticates the client-receiver when it joins the DSCT-managed local
`network at the subscriber location by “exchanging trusted keys without the need
`for DTLA certificates.” Id. at 15 (citing Ex. 2001 ¶ 54).
`a. “second root of trust”
`Russ expressly discloses and teaches a DTCP encryption scheme to protect
`content transmitted from the DSCT to a client-receiver, and Russ does not
`expressly disclose the use of AKE key exchange and a DTLA license certificate as
`a “second root of trust” for authenticating the client-receiver. Ex. 1005, 16:64–
`17:14. Nevertheless, Petitioner provides extrinsic evidence to explain the meaning
`of Russ’s disclosure to a POSA, who Petitioner asserts “would have recognized
`that DTCP protocols include authentication and key and certificate exchange
`procedures.” Pet. 37 (citing Ex. 1003 ¶ 96); see also In re Baxter, 952 F.2d at 390
`(extrinsic evidence may “explain, but not expand, the meaning of a reference”).
`
`17
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`Dr. Wasilewski, moreover, cites corroborating documentary evidence to support
`his opinion that “DTCP protocols require that devices undergo a handshaking
`process, known as an Authentication and Key Exchange (AKE),” including
`authentication of the client-receiver by the DSCT (via DTLA license certificate),
`and that a POSA “would have been familiar with such processes.” Ex. 1003
`¶¶ 91–92 (citing Ex. 1010 ¶ 9; Ex. 1011 ¶¶ 53, 107; Ex. 1012 ¶ 41). Dr.
`Wasilewski further opines that the DTCP/DTLA protocol and license certificate
`serves as a “second root of trust” that is “independent of and different than” the
`first root of trust in Russ “because headend 102 is not disclosed as using any
`DTCP-related protocols with respect to DSCT 110.” Id. ¶¶ 92–93.
`At this stage, Patent Owner disputes Petitioner’s evidence that a POSA
`would have recognized Russ’s disclosure of DTCP encryption as requiring AKE
`key exchange via DTLA license certificate as a “second root of trust” for
`authenticating the client-receiver. For example, Patent Owner relies on
`Dr. Malek’s opinion that “Russ discloses exchanging trusted keys without the need
`for DTLA certificates” to rebut Dr. Wasilewski’s sworn testimony. Prelim. Resp.
`15 (citing Ex. 2001 ¶ 54). Patent Owner and Dr. Malek, however, do not
`specifically address Petitioner’s extrinsic evidence that DTCP encryption requires
`an AKE key exchange and a DTLA license certificate. See Prelim. Resp. 15
`(citing Ex. 2001 ¶ 54) & n.1 (acknowledging that Petitioner cites two patent
`publications without addressing their teachings as relied upon by Petitioner, or
`Dr. Wasilewski’s testimony about them). Patent Owner also relies on Russ’s
`description of the headend authenticating the client-receiver with an exchange of
`trusted public keys when the receiver “device comes online,” but without
`explaining what impact, if any, the initial registration of the client-receiver would
`have on the use of AKE key exchange and DTLA license certificate authentication
`
`18
`
`
`
`

`

`Case IPR2024-01026
`Patent 8,667,304 B2
`
`in a DTCP encryption scheme. Id. at 15–16 (citing Ex. 1005, 26:29–48; Ex. 2001
`¶ 54).
`Accordingly, at this stage of the proceeding, Dr. Wasilewski’s testimony and
`corroborating evidence sufficiently establish that: i) Russ’s disclosed DTCP
`encryption scheme requires AKE key exchange and a DTLA license certificate as a
`“second root of trust” in a “second authentication process” for authenticating the
`client-receiver, and ii