08845805 (P.T.A.B. Jun. 2, 2014)

Apple Inc. v Achates Reference Publishing, Inc.

Patent Trial and Appeal BoardJun 2, 2014

08845805 (P.T.A.B. Jun. 2, 2014)

Trials@uspto.gov Paper 80 571-272-7822 Entered: June 2, 2014 UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ APPLE INC. Petitioner v. ACHATES REFERENCE PUBLISHING, INC. Patent Owner ____________ Case IPR2013-00081 Patent 5,982,889 Before HOWARD B. BLANKENSHIP, JUSTIN T. ARBES, and GREGG I. ANDERSON, Administrative Patent Judges. ARBES, Administrative Patent Judge. FINAL WRITTEN DECISION 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73 Case IPR2013-00081 Patent 5,982,889 2 I. BACKGROUND Petitioner Apple Inc. (“Apple”) filed a Petition (Paper 1) (“Pet.) seeking inter partes review of claims 1-4 of U.S. Patent No. 5,982,889 (“the ’889 patent”) pursuant to 35 U.S.C. §§ 311-19. On June 3, 2013, we instituted an inter partes review of claims 1-4 on four grounds of unpatentability (Paper 21) (“Dec. on Inst.”). Patent Owner Achates Reference Publishing, Inc. (“Achates”) filed a Patent Owner Response (Paper 36) (“PO Resp.”), which included a statement of material facts. Apple filed a Reply (Paper 49) (“Pet. Reply”) and a response (Paper 50) (“Pet. SOF Resp.”) to the statement of material facts. Achates filed a Motion to Exclude (Paper 57) (“Mot. to Exclude”) certain testimony submitted by Apple in the proceeding. Apple filed an Opposition to the Motion to Exclude (Paper 61) (“Exclude Opp.”), and Achates filed a Reply (Paper 62) (“Exclude Reply”). Apple filed a Motion for Observation (Paper 64) (“Obs.”) on certain email communications between Achates’ two declarants, Mr. Dmitry Radbel and Dr. Xin Wang. Achates filed a response (Paper 69) (“Obs. Resp.”). Achates also filed a Motion to Seal (Paper 68) (“Mot. to Seal”) the email communications, and Apple filed an opposition (Paper 74) (“Seal Opp.”). An oral hearing was held on February 26, 2014, and a transcript of the hearing is included in the record (Paper 79) (“Tr.”). We have jurisdiction under 35 U.S.C. § 6(c). This final written decision is issued pursuant to 35 U.S.C. § 318(a) and 37 C.F.R. § 42.73. Case IPR2013-00081 Patent 5,982,889 3 For the reasons that follow, we determine that Apple has shown by a preponderance of the evidence that claims 1-4 of the ’889 patent are unpatentable. A. The ’889 Patent The ’889 patent 1 relates to “distributing and installing computer programs and data.” Ex. 1001, col. 1, ll. 6-9. The ’889 patent describes a need in the art to prevent piracy of information products, such as, for example, when a user obtains a computer program improperly or when a user purchases one copy of a program and installs it on multiple computers without authorization. Id. at col. 1, ll. 12-60. The ’889 patent discloses methods of “distributing one or more information products together . . . while reserving to the publisher the ability to control which products are actually installed on an end-user’s computer.” Id. at col. 1, l. 66-col. 2, l. 4. 1 U.S. Patent No. 6,173,403 B1 (“the ’403 patent”), a continuation-in-part of U.S. Patent Application No. 08/845,805, which issued as the ’889 patent, is the subject of related Case IPR2013-00080. Case IPR2013-00081 Patent 5,982,889 4 Figure 1 of the ’889 patent, reproduced below, depicts the interaction between a publisher and end-user (e.g., an individual purchasing a piece of software). As shown in Figure 1, in steps 101-102, the publisher creates a set of information products and other files. Id. at col. 3, ll. 34-40; col. 5, ll. 45-50. The ’889 patent describes a “plurality of web pages that constitute some of the legislative, administrative and judicial materials associated with patent law,” where the web pages include hyperlinks to each other, as an exemplary information product. Id. at col. 2, l. 64-col. 3, l. 1; col. 4, ll. 9-15. In step 103, the publisher encrypts the information products with a string as the Case IPR2013-00081 Patent 5,982,889 5 encryption key. Id. at col. 8, ll. 36-45. In step 104, the information products are distributed to the end-user (e.g., on a CD-ROM or electronically over the Internet) along with an “installer” program that runs on the end-user’s computer and allows the publisher to “control how and under what circumstances the information products are installed on the end-user’s computer.” Id. at col. 2, ll. 39-48; col. 8, l. 65-col. 9, l. 3. The installer knows the cryptosystem and key for decrypting the information products. Id. at col. 8, ll. 57-59. In steps 105-106, the end-user receives the information products and runs the installer. Id. at col. 9, ll. 4-15. In step 107, the installer checks to see whether the end-user’s computer has a previously-stored, encrypted “token” indicating that the publisher granted authorization earlier to install the information products (e.g., when an end-user has a subscription to receive multiple products over time). Id. at col. 9, ll. 16-31. In step 108, the end-user is asked whether he or she wants to subscribe to the information products. Id. at col. 10, ll. 56-62. If so, in steps 109-110, the end-user “acquires the installer[’]s cooperation to decrypt and install the respective information products” by transmitting information to the publisher, receiving a “launch code” from the publisher in response, and entering the “launch code” into the installer. Id. at col. 10, l. 63-col. 11, l. 9; Fig. 4. Specifically, the end-user contacts the publisher (e.g., via telephone or the Internet) and provides (1) the end-user’s name and address; (2) the end-user’s method of payment; (3) the name of the requested information products; and (4) a serial number R generated by the installer. Id. at col. 11, ll. 10-33. After verifying the payment, the publisher provides to the end-user a “launch code” comprising “(1) a[n] authentication code; (2) an indication of Case IPR2013-00081 Patent 5,982,889 6 the name of the end-user; (3) a list of the information products to which the end-user has been granted access; and (4) an indication of when the authorization for each information product expires,” encrypted using R as the key. Id. at col. 11, ll. 34-49. The end-user enters the launch code into the installer, and the installer decrypts the launch code using R as the key to extract the authentication code contained therein. Id. at col. 11, ll. 47-54. If the authentication code matches what the installer expects, the launch code is authentic. Id. at col. 11, ll. 50-65; col. 12, ll. 25-49. The information products can be installed in step 111 and, if necessary, the encrypted “token” on the end-user’s computer is updated in step 112 (the “token” contains the same four pieces of information as the launch code). Id.; col. 9, ll. 40-47. By generating a new R each time the installer requests a launch code, the disclosed method “prevent[s] the end-user from using a single launch code to install the information products on multiple computers.” Id. at col. 11, l. 66-col. 12, l. 2. B. Illustrative Claim Claim 1 of the ’889 patent is the only independent claim at issue: 1. A method comprising the steps of: generating a string, R; encrypting a first authentication code, an indicium of an end-user’s identity, an indicium of a first information product, and an indicium of a second information product with said string, R, as the key to create a launch code; decrypting said launch code with said string, R, to recover said authentication code, said indicium of said end-user’s identity, said indicium of said first information product and said indicium of said second information product; and Case IPR2013-00081 Patent 5,982,889 7 installing said first information product and said second information product onto a computer associated with said end-user. C. Prior Art The pending grounds of unpatentability in this inter partes review are based on the following prior art: 1. U.S. Patent No. 5,864,620, filed Apr. 24, 1996, issued Jan. 26, 1999 (“Pettitt”) (Ex. 1006); 2. U.S. Patent No. 5,933,497, filed Jan. 29, 1993, issued Aug. 3, 1999 (“Beetcher”) (Ex. 1007) (claims priority to U.S. Patent Application No. 07/629,295, filed Dec. 14, 1990); and 3. U.S. Patent No. 5,949,876, filed Jan. 8, 1997, issued Sept. 7, 1999 (“Ginter”) (Ex. 1005) (claims priority to U.S. Patent Application No. 08/388,107, filed Feb. 13, 1995). D. Pending Grounds of Unpatentability This inter partes review involves the following grounds of unpatentability: Reference(s) Basis Claims Ginter 35 U.S.C. § 102(e) 1-3 Pettitt and Beetcher 35 U.S.C. § 103(a) 1-4 Beetcher and Ginter 35 U.S.C. § 103(a) 1-4 2 2 As explained below, Apple asserts that claim 4 is unpatentable based on the combination of Beetcher and Ginter in two respects: one relying on Beetcher as teaching the majority of the claim limitations, and one relying on Ginter as teaching the majority of the claim limitations. See infra Section II.G.2. A trial was instituted on both bases. See Dec. on Inst. 22-23, 30. Case IPR2013-00081 Patent 5,982,889 8 II. ANALYSIS A. Claim Interpretation In the Decision on Institution, we interpreted various claim terms of the ’889 patent as follows: Term Interpretation “authentication code” (claim 1) a code for authenticating data “installing” (claim 1) placing in a position so as to be ready for use “launch code” (claim 1) password “token” (claim 2) a data structure indicating that an end-user’s computer is granted access to certain information products Dec. on Inst. 7-11. The parties agree with these interpretations, see PO Resp. 1, and we incorporate our previous analysis for purposes of this decision. B. Section 315(b) Achates argues in its Patent Owner Response that Apple’s Petition is time-barred under 35 U.S.C. § 315(b), which provides that an inter partes review may not be instituted based on a petition “filed more than 1 year after the date on which the petitioner, real party in interest, or privy of the petitioner is served with a complaint alleging infringement of the patent.” PO Resp. 44-51. Achates contends that QuickOffice, Inc. (“QuickOffice”), one of Apple’s co-defendants in Achates Reference Publishing, Inc. v. Symantec Corp., Case No. 2:11-cv-00294-JRG-RSP (E.D. Tex.) (“the related litigation”), was served with a complaint alleging infringement of the Case IPR2013-00081 Patent 5,982,889 9 ’889 patent on June 20, 2011—more than one year before December 14, 2012, the filing date of the Petition in this proceeding. PO Resp. 45, 56. Achates made a substantially similar argument in its Preliminary Response, and we concluded that the Petition was not time-barred. See Paper 14 at 6-21; Dec. on Inst. 12-18. We reach the same conclusion now. 3 Whether a non-party is a “privy” for purposes of an inter partes review proceeding is a “highly fact-dependent question” that takes into account how courts generally have used the term to “describe relationships and considerations sufficient to justify applying conventional principles of estoppel and preclusion.” Office Patent Trial Practice Guide, 77 Fed. Reg. 48,756, 48,759 (Aug. 14, 2012) (“Trial Practice Guide”). Whether parties are in privity depends on whether the relationship between a party and its alleged privy is “sufficiently close such that both should be bound by the trial outcome and related estoppels.” Id. Depending on the circumstances, a number of factors may be relevant to the analysis, including whether the non-party “exercised or could have exercised control over a party’s participation in a proceeding” or whether the non-party is responsible for funding and directing the proceeding. Id. at 48,759-60. We also find guidance in the Supreme Court’s decision in Taylor v. Sturgell, 553 U.S. 880 (2008), which sets forth the general rule under federal common law that a person not a party to a lawsuit is not bound by a judgment in that suit, subject to certain exceptions, including the following: [N]onparty preclusion may be justified based on a variety of pre-existing “substantive legal relationship[s]” between the person to be bound and a party to the judgment. Qualifying 3 Also, in an earlier Order, we denied Achates’s request for additional discovery on the Section 315(b) issue. Paper 17. Case IPR2013-00081 Patent 5,982,889 10 relationships include, but are not limited to, preceding and succeeding owners of property, bailee and bailor, and assignee and assignor. These exceptions originated “as much from the needs of property law as from the values of preclusion by judgment.” 553 U.S. at 894 (citations omitted); see Trial Practice Guide at 48,759 (citing Taylor). Achates contends that QuickOffice had a pre-existing substantive legal relationship with Apple and, therefore, is a privy of Apple under Taylor. PO Resp. 44-51. In support of its position, Achates cites a publicly available software development kit (SDK) agreement that Apple allegedly enters into with iPhone application developers like QuickOffice. Id. at 46-47. The SDK agreement includes a clause requiring the developer to indemnify Apple for third party patent infringement claims: To the extent permitted by law, You agree to indemnify, defend and hold harmless Apple, its directors, officers, employees, independent contractors and agents (each an “Apple Indemnified Party”) from any and all claims, losses, liabilities, damages, expenses and costs (including without limitation attorneys fees and court costs) (collectively “Losses”) incurred by an Apple Indemnified Party as a result of Your breach of this Agreement, a breach of any certification, covenant, representation or warranty made by You in this Agreement, any claims that Your Applications violate or infringe any third party intellectual property or proprietary rights, or otherwise related to or arising from Your use of the SDK, Your Application(s) or Your development of Applications. . . . In no event may You enter into any settlement or like agreement with a third party that affects Apple’s rights or binds Apple in any way, without the prior written consent of Apple. Case IPR2013-00081 Patent 5,982,889 11 Ex. 2006 § 6 (emphasis added). According to Achates, the fact that co-defendant QuickOffice would be obligated to indemnify Apple for infringement claims against the “same accused instrumentality” (i.e., a QuickOffice application), and would be prevented from settling in the litigation without Apple’s consent, means that QuickOffice and Apple are in privity with each other. PO Resp. 44-51. Apple acknowledges that it entered into “at least one form of an agreement related to app[lication] development with [QuickOffice],” but does not admit that the agreement included the indemnification provision cited by Achates. Pet. SOF Resp. ¶¶ 129-30. We first note that Achates provides no evidence that QuickOffice had any role in the filing or funding of the Petition in this proceeding, or that QuickOffice exercised control or could have exercised control over Apple’s participation in this proceeding. See Trial Practice Guide, 77 Fed. Reg. at 48,759. Achates’s sole evidence is the indemnification language in the SDK agreement and the fact that Apple and QuickOffice were co-defendants. Even assuming that the specific indemnification provision of the SDK agreement applies to QuickOffice (and Achates has not shown that it does), we are not persuaded that the provision is indicative of QuickOffice being a privy of Apple. The agreement does not give the developer the right to intervene or control Apple’s defense to any charge of patent infringement, nor has Achates argued that to be the case for QuickOffice in the related litigation. Notably, indemnification is not one of the “substantive legal relationships” cited in Taylor (e.g., assignee-assignor), and is significantly different from those relationships, which involve successive interests in the same property. Case IPR2013-00081 Patent 5,982,889 12 Further, as Apple points out, Achates’s actions in the related litigation refute its allegations of privity. See Pet. Reply 14. Achates accuses Apple of infringing the ’889 patent based on Apple’s own actions as well as those of QuickOffice, and likewise accused QuickOffice of infringement based on activities relating to the Apple App Store as well as other systems (e.g., the Amazon Appstore for Android). See Ex. 1037 ¶¶ 51-52; Ex. 1038 at 84-90. Achates also is continuing to assert the ’889 patent against Apple in the related litigation even after settling with the co-defendant application developers, including QuickOffice. See PO Resp. 57. Thus, at least according to Achates, there is a distinct basis for liability against Apple, different from that against the developers. As such, it does not appear that Apple would be estopped by any judgment against the developers. For instance, even if a judgment were obtained against one or more of the developers, Apple would still be exposed to an adverse judgment based on its own actions and would assert its own defenses independent of the developers. This further indicates that the relationship between Apple and the developers, such as QuickOffice, is not of the type that would make the developers privies of Apple. We are not persuaded that the Petition is time-barred under Section 315(b) on the basis that QuickOffice is a privy of Apple. C. Credibility of Mr. Schneier As an initial matter, Achates in its Patent Owner Response challenges the credibility of Apple’s declarant, Bruce Schneier. PO Resp. 51-55. Mr. Schneier provided testimony regarding the ’889 patent and the prior art Case IPR2013-00081 Patent 5,982,889 13 in a declaration submitted with Apple’s Petition. Ex. 1003. 4 Achates argues that Mr. Schneier is not credible for two reasons. First, Mr. Schneier billed Apple for less than 45 hours of work, which is “nowhere near enough time to read and analyze all of the references cited in his declarations at the level of diligence that this proceeding requires,” according to Achates. PO Resp. 51-53. For instance, Achates points to the size of Ginter (324 pages) and the declarations themselves (931 numbered paragraphs) to argue that Mr. Schneier “could not have performed his obligation to this matter conscientiously in the time spent.” Id. Achates’s estimate of 45 hours, however, is based on an estimate from Mr. Schneier as to the total amount Mr. Schneier billed to Apple. Ex. 1045 at 63:15-24; see PO Resp. 52. Achates does not point to any statement from Mr. Schneier regarding the number of hours he actually spent reviewing the prior art and performing the analysis in his declaration. Mr. Schneier testified that he read the prior art references at issue (Ginter, Pettitt, and Beetcher) multiple times and fully understood them. Ex. 1045 at 76:16-22, 77:21-78:5. Moreover, Achates’s contention is not that Mr. Schneier lacks knowledge of the prior art or did not in fact perform the analysis in his declaration—just that Mr. Schneier did not spend sufficient time on the matter. We decline Achates’s invitation to give Mr. Schneier’s testimony less weight on that basis. 4 Apple submitted its Petition, and Exhibits 1003 and 1041 (declarations from Mr. Schneier regarding the ’889 patent and related ’403 patent), on December 14, 2012. In response to an instruction from Board administrative staff that documents should be in portrait rather than landscape orientation, Apple submitted revised copies on December 17, 2012, also numbered as Exhibits 1003 and 1041. See Paper 5. To ensure the clarity of the record, the original versions filed on December 14, 2012 will be expunged. Case IPR2013-00081 Patent 5,982,889 14 Second, Achates argues that Mr. Schneier has “hostility towards the patent system” and is a member of the Electronic Frontier Foundation (EFF), which shows a “level[] of bias that should be more than sufficient to raise concerns about his qualifications to serve as an unbiased technology expert.” PO Resp. 53-55 (citing a book co-authored by Mr. Schneier, Ex. 2016, and various EFF web pages, Exs. 2017-2020). We have reviewed Mr. Schneier’s curriculum vitae (Exhibit 1004) and find that he is well qualified to testify regarding the matters addressed in his declaration (Exhibit 1003). Indeed, Achates’s declarant, Mr. Radbel, testified that Mr. Schneier is a “top cryptologist” and has a “great reputation as a cryptologist.” Ex. 2032 at 167:9-25. As explained herein, we find Mr. Schneier’s testimony persuasive and give it substantial weight. We do not give it less weight based on a purported bias against patents in general. D. Level of Ordinary Skill in the Art In its Petition, Apple contends that a person of ordinary skill in the art at the time when the application that issued as the ’889 patent was filed (April 1997) would have had “extensive familiarity with cryptographic techniques published in the literature and known in the field,” and “would have gained this level of familiarity through graduate level studies in mathematics, engineering or computer science, or through work experience in academia (either as a professor or a graduate student), for a technology company or for a government,” relying on the testimony of Mr. Schneier. Pet. 4 (citing Ex. 1003 ¶¶ 36-38). Achates does not dispute this argument in Case IPR2013-00081 Patent 5,982,889 15 its Patent Owner Response. 5 Mr. Radbel, however, concludes that a person of ordinary skill in the art would have had “the ability to select and make use of well-known cryptographic techniques at a high level,” but not “comprehensive knowledge of cryptography, including Mr. Schneier’s book on the subject.” Ex. 2013 ¶¶ 17, 19. Mr. Radbel further testifies that a person of ordinary skill in the art would have had “an undergraduate degree in engineering or computer science plus two years of experience in software engineering,” but not necessarily “graduate level training.” Id. Dr. Wang agrees with Mr. Radbel’s assessment of the level of ordinary skill. Ex. 2014 ¶ 8. The parties’ declarants appear to agree that the person of ordinary skill in the art would have been familiar with the basic cryptographic techniques of the time, but dispute the depth of that knowledge. A skilled artisan would have been aware of basic cryptographic techniques and also the predominant literature on cryptography of the time. See In re GPAC Inc., 57 F.3d 1573, 1579 (Fed. Cir. 1995) (“The person of ordinary skill in the art is a hypothetical person who is presumed to know the relevant prior art.”). As to that person’s level of education or equivalent experience, we are persuaded that Mr. Radbel understates the appropriate level of skill. The ’889 patent describes various problems with software piracy and various technical solutions to such problems. Ex. 1001, col. 1, ll. 12-60. It also 5 Achates argued in its Preliminary Response that “the proper level of skill should be a person with at least five years of experience and[/]or academic training in professional software development having experience with client-server software and operating systems, and at least a basic working knowledge of computer security and cryptography.” Paper 14 at 23. Case IPR2013-00081 Patent 5,982,889 16 assumes a fairly deep knowledge of encryption, decryption, and the use of keys for performing those functions. See id. at col. 8, l. 35-col. 12, l. 49. Contrary to Mr. Radbel’s assertion that a person of ordinary skill only would have needed a “high level” knowledge of cryptographic techniques, sufficient, for example, to call software routines “without necessarily understanding how such routines work,” see Ex. 2013 ¶ 17, a skilled artisan would need some knowledge of how the cryptographic techniques work to choose the appropriate techniques and properly use them. We also take into account the sophistication of the technology at the time, as exemplified by the prior art references of record and Mr. Schneier’s book from 1996 (Exhibit 1024). Based on all of the evidence, we conclude that a person of ordinary skill in the art at the time of the ’889 patent would have been familiar with the basic cryptographic techniques and literature of the time, and would have had some graduate-level or equivalent experience working with such techniques. E. Ground Based on Ginter With respect to the alleged ground of unpatentability based on Ginter, we have reviewed Apple’s Petition, Achates’s Patent Owner Response, and Apple’s Reply, as well as the evidence discussed in each of those papers. We are persuaded, by a preponderance of the evidence, that claims 1-3 are anticipated by Ginter under 35 U.S.C. § 102(e). 1. Ginter Ginter discloses computer systems providing a “distributed virtual distribution environment (VDE)” that “help[s] to ensure that information is Case IPR2013-00081 Patent 5,982,889 17 accessed and used only in authorized ways.” Ex. 1005, Abstract. Electronic content is stored in “objects” (also called “containers”) for distribution to users, and access to the content is regulated via a permissions record (PERC) associated with the content and provided to the user (separately or with the object). Id. at col. 13, l. 46-col. 14, l. 20; col. 58, l. 61-col. 59, l. 11; Fig. 5A; col. 147, ll. 33-59 (“no end user may use or access a VDE object unless a permissions record 808 has been delivered to the end user”). PERC 808 “specifies the rights associated with the object 300 such as, for example, who can open the container 302, who can use the object’s contents, who can distribute the object, and what other control mechanisms must be active.” Id. at col. 58, l. 67-col. 59, l. 5. “For example, permissions record 808 may specify a user’s rights to use, distribute and/or administer the container 302 and its content.” Id. at col. 59, ll. 5-7. For certain types of objects, the PERC is encrypted along with the object using a symmetric key and later decrypted on the user’s machine. Id. at col. 199, ll. 1-6; col. 129, ll. 50-54; col. 133, ll. 50-53; col. 208, l. 65-col. 209, l. 20. Ginter discloses that the PERC can contain an “Object ID” that identifies the VDE object, as well as multiple “key blocks” that store decryption keys utilized to access content in “data blocks” within the object. Id. at col. 127, l. 45-col. 128, l. 2; col. 151, ll. 9-35; Fig. 26A. Ginter also discloses the use of a “validation tag” for “confirming the identity and correctness of received, VDE protected, information,” and a “digital signature” to be verified against an expected digital signature. Id. at col. 12, ll. 27-33; col. 151, ll. 9-35; col. 215, ll. 7-63. Case IPR2013-00081 Patent 5,982,889 18 2. Claims 1-3 are Anticipated by Ginter Ginter discloses generating a “string, R” (the symmetric key), encrypting an “indicium of an end-user’s identity” (the PERC specifying “who” can open the container, use the object’s contents, etc.) and an indicium of a first “information product” (the Object ID or key block) to create the PERC, decrypting the PERC, and installing the first information product onto the end-user’s computer, as recited in claim 1. See Pet. 24-30; Ex. 1003 ¶¶ 121-75. Achates does not argue these limitations, but makes three arguments regarding the remaining limitations of claim 1. First, Achates argues that Ginter does not disclose “decrypting said launch code . . . to recover said authentication code,” as recited in claim 1. PO Resp. 4-9. Achates contends that the first item in Ginter identified by Apple as an “authentication code” (the digital signature) is not contained in the PERC and, therefore, the PERC cannot be decrypted to recover it, and the second item identified by Apple (the validation tag) is not an “authentication code.” Id. at 5-9; see Pet. 25-26; Ex. 1003 ¶ 141. Ginter expressly discloses a PERC including a digital signature. Ex. 1005, col. 12, ll. 27-33. Figure 75D depicts user rights table (URT) 3160 as including a digital signature, and Ginter states that URT 3160 “may itself be a PERC 808.” Id. at col. 248, ll. 36-38, Fig. 75D. Thus, Achates’s factual assertion that the PERC in Ginter lacks a digital signature is not correct. See Tr. 47:24-48:5 (acknowledging the description of Figure 75D in Ginter). Mr. Radbel also acknowledged that the PERC could have a Case IPR2013-00081 Patent 5,982,889 19 digital signature in the “particular construct” shown in Figure 75D. Ex. 2032 at 279:14-18. 6 Second, Achates contends that the PERC in Ginter is not a “launch code” comprising indicia of multiple “information product[s],” as recited in claim 1. PO Resp. 9-15 (citing Ex. 2013 ¶¶ 55-64). Apple’s position is that the Object ID and key blocks in the PERC both satisfy the “indici[a]” limitations of claim 1. Pet. 25-26. As to the Object ID, Achates contends that (1) Object ID field 940 in Ginter is a single field that identifies the VDE object and, therefore, cannot be both an indicium of a first information product and an indicium of a second information product, (2) Object ID field 940 identifies the “totality” of elements in the VDE object container, not “just” information content 304, and (3) Object ID field 940 has the same datum regardless of whether the container’s content is changed or deleted, which shows that Object ID field 940 is not an “indicium” of a particular information product. PO Resp. 9-13. As to the key blocks, Achates argues that (1) the VDE accesses the datum in the key block to use as a key to decrypt the corresponding data blocks, not “as a pointer to—or indicium of—the data block,” and (2) Ginter permits two key blocks to have the same key, which shows that the key block is not an “indicium” of a particular information product. Id. at 13-15. Achates’s arguments are not persuasive, as they are based on two incorrect premises. See Pet. Reply 3-4. The first incorrect premise is that an “indicium” of an information product can only identify content within a file 6 Because we agree with Apple as to the PERC in Ginter having a digital signature, we need not determine whether the validation tag also is an “authentication code.” Case IPR2013-00081 Patent 5,982,889 20 and must uniquely identify only one information product. See id. There is no prohibition in claim 1 on the indicium indicating other things, and the indicium need not be a “pointer.” See Ex. 2032 at 304:18-305:2 (Mr. Radbel stating that he does not “consider indicium to be a pointer”). The only requirement is that it be an “indicium,” or “indication,” of an information product. Mr. Radbel acknowledged that the Object ID in Ginter is used to find the correct content, Ex. 2031 at 45:12-17, and the key blocks are associated with and used to access the data in the correct data block, Ex. 1005 at 127:45-128:2. Achates’s second incorrect premise is that each information product must have a unique indicium. Again, claim 1 does not require that the particular content of the “indici[a]” be different from each other. We are persuaded by Mr. Schneier’s testimony that the key blocks and Object ID in Ginter are “indici[a]” of information products. See Pet. 25; Ex. 1003 ¶¶ 146-51, 168. Third, Achates is incorrect in its assertion that Apple’s analysis is based on “disjoint parts of Ginter without regard to their relationship.” PO Resp. 3-4. Achates does not develop this argument with respect to the particular limitations of claims 1-3 or explain sufficiently why the particular portions of Ginter cited for the limitations of these claims relate to different embodiments, rather than the same preferred embodiment. We are persuaded, by a preponderance of the evidence, that claim 1, as well as dependent claims 2 and 3, which Achates does not argue separately in its Patent Owner Response, are anticipated by Ginter. Case IPR2013-00081 Patent 5,982,889 21 3. Conclusion Based on the record evidence, in light of the arguments presented, Apple has shown, by a preponderance of the evidence, that claims 1-3 are anticipated by Ginter. F. Ground Based on Pettitt With respect to the alleged ground of unpatentability based on Pettitt, we have reviewed Apple’s Petition, Achates’s Patent Owner Response, and Apple’s Reply, as well as the evidence discussed in each of those papers. We are persuaded, by a preponderance of the evidence, that claims 1-4 are unpatentable over Pettitt and Beetcher under 35 U.S.C. § 103(a). 1. Pettitt Pettitt discloses a system for “controlling distribution of software in a multitiered distribution chain” and “distinguishing authorized users from unauthorized users.” Ex. 1006, col. 1, ll. 7-10. Case IPR2013-00081 Patent 5,982,889 22 Figure 2 of Pettitt is reproduced below. Figure 2 depicts the entities involved in providing software 13: author 12, license clearing house (LCH) 14, distributor 16, reseller 17, and user 18. Software 13 is packed into a digital shipping container 20, encrypted with a master key, and provided to user 18 (e.g., sold by reseller 17 to the public). Id. at col. 3, ll. 28-56. To purchase a license and unlock the container, user 18 sends authorization request 30, which includes information identifying the software, user, and desired method of payment. Id. at col. 4, ll. 10-19. The distribution entities communicate with each other to validate the user’s payment and authorize the transaction. Id. at col. 4, ll. 20-62. If authorized, LCH 14 creates a reply envelope 34 including: 1. information identifying the software, 2. information identifying the user, 3. the digital signature of the reseller, Case IPR2013-00081 Patent 5,982,889 23 4. the digital signature of the distributor, 5. a master key that unlocks the software container 20 (if the transaction has been authorized), and 6. a digital authorization certificate. Id. at col. 4, l. 63-col. 5, l. 5. LCH 14 encrypts the contents of the reply envelope with the reseller’s public key and “digitally signs the envelope with the signature of LCH 14 by hashing the contents of the reply envelope and encrypting the result of the hash with the LCH’s private key.” Id. at col. 5, ll. 14-24. LCH 14 then sends the reply envelope back through the distribution chain. Id. at col. 5, ll. 24-28. Reseller 17 authenticates the digital signature, decrypts the reply envelope using the reseller’s public key, and sends the contents of the reply envelope to user 18. Id. at col. 5, ll. 45-55. User 18 then “uses the authorization certificate and the master key to unlock the software container 20 and install the software.” Id. at col. 5, ll. 56-63. Because the digital authorization certificate is derived from the user’s information and, therefore, is different for each user, possession of the digital authorization certificate is “the user’s proof of purchase, and proof that s/he is an authorized user.” Id. at col. 5, ll. 58-63. 2. Claims 1-4 are Unpatentable Over Pettitt and Beetcher Claim 1 Pettitt teaches generating a “string, R” (the reseller’s public key), encrypting an “indicium of an end-user’s identity” (information identifying the user) and an “indicium of a first information product” (information identifying the software) to create a “launch code” (the reply envelope), decrypting the “launch code,” and installing the first information product Case IPR2013-00081 Patent 5,982,889 24 onto the end-user’s computer, as recited in claim 1. See Pet. 33-35. Apple relies on Beetcher for the “second information product” limitations of claim 1, as Pettitt refers only to a user purchasing a single piece of software. See id. at 36-38; Ex. 1006, col. 2, l. 59-col. 3, l. 1; col. 4, ll. 8-19. In its Patent Owner Response, Achates makes two arguments regarding claim 1. First, Achates argues that Pettitt does not teach “decrypting said launch code . . . to recover said authentication code,” as recited in claim 1. PO Resp. 19-27. Achates contends that Pettitt’s LCH digital signature and digital authorization certificate, each cited by Apple in the Petition as an “authentication code,” are not authentication codes recovered by decrypting the reply envelope in Pettitt. Id. As to the digital authorization certificate, Achates acknowledges that the certificate is part of the reply envelope and that the “reseller does recover the certificate by decrypting the encrypted reply envelope.” Id. at 23. Achates’s position, however, is that the digital authorization certificate is not an “authentication code” for two reasons: (1) the digital authorization certificate is used to unlock and install the software and distinguish authorized from unauthorized users, not to authenticate data, and (2) the digital authorization certificate is not used to authenticate the reply envelope because the reseller authenticates the encrypted reply envelope with the LCH digital signature before the reseller decrypts the reply envelope. Id. at 23-27. In support of its position, Achates relies on Dr. Wang, who explains why he believes that “Pettitt’s digital authorization certificate is not an authentication code.” Ex. 2014 ¶¶ 19-23. We are persuaded that Pettitt’s decryption of the reply envelope to recover the digital authorization certificate constitutes “decrypting said Case IPR2013-00081 Patent 5,982,889 25 launch code . . . to recover said authentication code,” as recited in claim 1. See Pet. 34; Ex. 1003 ¶¶ 207-208. As explained above, we interpret “authentication code” to mean “a code for authenticating data.” See supra Section II.A. The digital authorization certificate is generated by hashing the other five items identified in Pettitt as being part of the reply envelope and encrypting the result with the private key of the LCH. Ex. 1006, col. 5, ll. 6-8. Therefore, the digital authorization certificate is a digital signature, and a function of a digital signature is to authenticate data, as Dr. Wang agrees. See Ex. 2034 at 254:15-21, 257:17-23. Pettitt specifies that the digital authorization certificate is “use[d]” to unlock the software container and install the software. Ex. 1006, col. 5, ll. 56-58. Specifically, the user would validate the digital authorization certificate by decrypting the originally encrypted hash (e.g., with the LCH’s public key), generating a new hash from the same five elements used to create the original hash, and comparing the new and original hashes. See Pet. Reply 6; Ex. 2034 at 193:3-194:8, 263:10-15. Thus, the digital authorization certificate authenticates the data that has been “digitally signed” with it. Further, as Achates acknowledges, the digital authorization certificate is part of the encrypted reply envelope, and is recovered when the reply envelope is decrypted. See Ex. 1006, col. 4, l. 63-col. 5, l. 8; col. 5, ll. 51-63 (“reseller 17 decrypts the reply envelope . . . and passes the contents onto the user 18”); PO Resp. 23. Therefore, we are persuaded that Pettitt teaches “decrypting said launch code . . . to recover said authentication code,” as recited in claim 1. 7 7 Because we agree with Apple that the digital authorization certificate in Pettitt is an “authentication code” recovered by the decryption of a launch Case IPR2013-00081 Patent 5,982,889 26 We also note that, in its Motion for Observation, Apple cites an email communication between Dr. Wang and Mr. Radbel where Dr. Wang stated: “I am still struggling with their statements like the authorization certificate does not authenticate data. . . . I thought we agreed during the call that we are not going to use this line of argument.” Obs. 1 (citing Ex. 1067 at 1). Although the specific “statements” referenced in the email are unknown, we agree with Apple that Dr. Wang’s statement that he was “struggling” with “statements like the authorization certificate does not authenticate data” is inconsistent with his later opinion in his declaration that “a person of ordinary skill in the art would not consider the digital authorization certificate to be . . . a code for authenticating data.” See id.; Ex. 2014 ¶¶ 22-23. For this and the other reasons explained above, we find Mr. Schneier’s testimony to be more credible than that of Dr. Wang. Second, Achates argues that Pettitt and Beetcher do not teach the limitations of claim 1 pertaining to multiple “indici[a]”—namely, decrypting a launch code to recover indicia of first and second information products, and installing the first and second information products. PO Resp. 27-32. According to Achates, Mr. Schneier provides “no reason” why a skilled artisan would modify Pettitt’s reply envelope to be “capable of authorizing the installation of multiple information products.” Id. at 28. We first note that claim 1 does not recite “authorizing” the installation of any information products. The claim only recites “decrypting” the launch code to recover the indicia of the first and second information products, and “installing said first information product and said second information code, as recited in claim 1, we need not determine whether the LCH digital signature also is an “authentication code.” Case IPR2013-00081 Patent 5,982,889 27 product onto a computer associated with said end-user.” Moreover, we disagree that Mr. Schneier gives “no reason” for the proposed combination. Mr. Schneier testifies as follows: I also believe that including more specific indications of more than one information product in the reply envelope of Pettitt would have been obvious to a person of ordinary skill in the art in 1997 because the inclusion of multiple such indicia was well known at the time and well within the skill of the art. A person of ordinary skill in the art also would have had good reasons to include a list of multiple indicia of information products in the same launch code, as doing so would more efficiently identify multiple information products for which the end-user was licensed. For example, . . . Beetcher explains that multiple software modules may be placed on a single distribution medium, and “[e]ach customer will receive a unique entitlement key enabling that customer to run only those software modules to which he is licensed.” In addition, a person of ordinary skill would have recognized that the Pettitt scheme could have been easily extended to authorize multiple software products. This could have been done, for example, by including multiple “master keys” and/or indicia corresponding to the different software products within the reply envelope sent by the reseller. Such master keys and indicia would be used in the same way as in the example in the patent, which sends a master key for one software product (e.g., it is used to unlock the software container if the transaction has been authorized). Extending Pettitt to include multiple indicia of software products, thus, would have been an obvious alteration of the Pettitt scheme to a person of ordinary skill in the art in April of 1997. Ex. 1003 ¶¶ 218-21 (citations omitted, emphasis added); see Pet. 36-38. We find Mr. Schneier’s analysis supported by the disclosures of the references and persuasive. In addition, Dr. Wang acknowledges that “Pettitt Case IPR2013-00081 Patent 5,982,889 28 leaves the illegal copying problem to others, and Beetcher addresses this problem with runtime checks.” Ex. 2014 ¶ 67; see Pet. Reply 6-7. Thus, Dr. Wang’s own analysis indicates a reason why a skilled artisan would have looked to Beetcher to provide something that the Pettitt system lacks. Achates also disputes Mr. Schneier’s conclusion that if the Pettitt system were modified to handle multiple software products by including multiple master keys and indicia in the reply envelope, the master keys and indicia would be “used in the same way as in the example in the patent.” PO Resp. 28-32 (citing Ex. 1003 ¶ 221). Achates contends that in Pettitt, there “can be” more than one distributor and more than one reseller, which may not carry all possible software products. Id. at 29. Achates then describes a hypothetical situation where a user requests one software product from one distributor/reseller pair and a second software product from a different distributor/reseller pair, and the LCH generates and transmits the reply envelope in response to the first request before the second request arrives. Id. at 29-30. Then, when the second request arrives, the LCH would create a new reply envelope, not a “consolidated reply envelope.” Id. at 30. According to Achates, producing a consolidated reply envelope with master keys and indicia for multiple software products would require a “coordination function” at the LCH, as well as resolving various problems with transmission through the distribution chain and decryption of the reply envelope, all of which would amount to a “fundamental redesign” to the Pettitt system. Id. at 30-32. We are not persuaded that a person of ordinary skill in the art would have been incapable of combining, or have had no reason to combine, the teachings of Pettitt and Beetcher in the manner alleged. Pettitt discloses a Case IPR2013-00081 Patent 5,982,889 29 multitiered software distribution system comprising “one or more distributors” and “one or more optional resellers.” Ex. 1006, col. 3, ll. 28-32. Thus, the system may have only a single distributor and a single reseller (or even no reseller, as it is “optional”), and Achates’s hypothetical situation is not guaranteed to occur. In addition, as Apple points out, Achates’s hypothetical situation is merely attorney argument, unsupported by any testimony from Dr. Wang or Mr. Radbel or other evidence. See Pet. Reply 7-8. Dr. Wang also acknowledges that it would be possible to modify the Pettitt system to handle multiple information products. See id.; Ex. 2014 ¶ 67 (“if desired, Beetcher’s prepared software could be distributed on Pettitt’s system”); Ex. 2034 at 314:7-22. Thus, we are persuaded that combining the teachings of Pettitt and Beetcher is proper and that a person of ordinary skill in the art would have had reason to do so in the manner asserted by Apple and Mr. Schneier to arrive at the method of claim 1. Claim 2 As to claim 2, Achates argues that a person of ordinary skill in the art would not have had reason to combine the teachings of Pettitt and Beetcher. PO Resp. 32-35. Claim 2 recites, inter alia, “creating a token,” “encrypting said token,” and “storing said encrypted token on said computer.” As explained above, we interpret “token” to mean “a data structure indicating that an end-user’s computer is granted access to certain information products.” See supra Section II.A. In the Petition, Apple contends that when the reseller in Pettitt decrypts the reply envelope, it recreates the unencrypted reply envelope and sends the contents of the reply envelope (a “token”) to the user. Pet. 37-38. The contents of the unencrypted reply Case IPR2013-00081 Patent 5,982,889 30 envelope (e.g., the master key and digital authorization certificate) are stored in the memory of the user’s computer because they are used to unlock the software. Id. (citing Ex. 2003 ¶ 244). Apple further contends that although Pettitt does not teach encrypting the contents of the reply envelope in memory on the user’s computer, doing so would have been an obvious, logical step based on Beetcher and would have been obvious given the fact that Pettitt teaches encrypting the reply envelope at various stages for security. Id. Mr. Schneier testifies that a “person of ordinary skill would recognize that encrypting a locally stored token would help protect the contents of the token from theft.” Ex. 1003 ¶ 243 (citing Beetcher, Ex. 1007, col. 10, ll. 27-31, which teaches local storage of an encrypted entitlement key). Achates contends that storing the encrypted reply envelope on the user’s computer would not make sense because the encrypted reply envelope is encrypted with the public key of the reseller, so only the reseller, not the user, can decrypt it. PO Resp. 33. Pettitt, however, does not teach that the user ever receives the encrypted reply envelope. See Pet. Reply 8. Rather, the reseller decrypts the reply envelope and sends the contents to the user in unencrypted form. Ex. 1006, col. 5, ll. 51-55. Thus, it is the contents of the reply envelope that are stored on the user’s computer, and we agree that it would have been obvious based on Beetcher to encrypt those contents when they are stored there. Achates also asserts that because the reseller sends the master key (along with the other contents of the reply envelope) to the user, there is no reason for the user to back up the reply envelope locally once the user has used the master key to install the software. PO Resp. 33-34. In addition, Case IPR2013-00081 Patent 5,982,889 31 according to Achates, there is no need to save the encrypted reply envelope because the user can back up the software itself. Id. at 34-35. Again, Achates misstates Apple’s position, focusing on the encrypted reply envelope rather than the contents of the envelope that the user receives. In Pettitt, all of the contents are sent to the user, the master key and digital authorization certificate are used to unlock and install the software, and thereafter “the possession of the authorization certificate is the user’s proof of purchase, and proof that s/he is an authorized user.” Ex. 1006, col. 5, ll. 56-63. Thus, there are reasons for the user in Pettitt to store the token, including the digital authorization certificate, locally—namely, to install and unlock the software and provide proof of purchase. See Pet. Reply 8-9; Ex. 1003 ¶¶ 240-44. We also note that Achates does not dispute the underlying reasons provided by Mr. Schneier for why a person of ordinary skill in the art would have combined the teachings of Pettitt and Beetcher in the manner proposed. Mr. Schneier testifies that encrypting locally stored tokens was well known at the time and that a skilled artisan would have had reason to encrypt the token in Pettitt to ensure its security. Ex. 1003 ¶¶ 242-44. Dr. Wang agrees that it generally is a good practice to encrypt a file stored in nonvolatile storage to “protect the confidentiality of the file.” Ex. 2035 at 395:3-15, 400:1-6. We give Mr. Schneier’s analysis regarding the combination of Pettitt and Beetcher substantial weight, and conclude that Apple has shown “‘some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness.’” See KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 417-18 (2007) (citation omitted). Case IPR2013-00081 Patent 5,982,889 32 We are persuaded, by a preponderance of the evidence, that claims 1 and 2, as well as dependent claims 3 and 4, which Achates does not argue separately in its Patent Owner Response, would have been obvious over Pettitt and Beetcher. 3. Conclusion Based on the record evidence, in light of the arguments presented, Apple has shown, by a preponderance of the evidence, that claims 1-4 are unpatentable over Pettitt and Beetcher. G. Ground Based on Beetcher With respect to the alleged ground of unpatentability based on Beetcher, we have reviewed Apple’s Petition, Achates’s Patent Owner Response, and Apple’s Reply, as well as the evidence discussed in each of those papers. We are persuaded, by a preponderance of the evidence, that claims 1-4 are unpatentable over Beetcher and Ginter under 35 U.S.C. § 103(a). 1. Beetcher Beetcher discloses a system for “restricting the ability of a computer user to use licensed software in a manner inconsistent with the license.” Ex. 1007, col. 1, ll. 9-12. Case IPR2013-00081 Patent 5,982,889 33 Figure 1 of Beetcher is reproduced below. Figure 1 depicts various distributor and customer devices. The customer’s computer has machine serial number 105. Id. at col. 5, ll. 17-23. A “generic set of software modules” stored on software media 112 is distributed to the customer separately from encrypted entitlement key 111, which “contains information enabling system 101 to determine which software modules are entitled to execute on it.” Id. at col. 5, l. 65-col. 6, l. 7. The customer “load[s] the desired software modules from [software media 112 and] unit Case IPR2013-00081 Patent 5,982,889 34 110 into system 101, and store[s] the software modules on storage devices 106-108.” Id. at col. 6, ll. 11-15. Entitlement key 111 includes certain information, such as software version field 202, machine serial number field 204, and product entitlement flags 205, “each corresponding to a product number” for a product that the customer may be authorized to use. Id. at col. 6, ll. 20-40; Fig. 2. Entitlement key 111 is encrypted using a machine key derived from machine serial number 105. Id. at col. 5, ll. 44-50; col. 9, ll. 55-60. The customer receives encrypted entitlement key 111 and enters it into the computer. Id. at col. 9, ll. 51-52. The customer’s computer then decodes encrypted entitlement key 111 using the machine key, stores the key in an encoded product key table, and stores the key and software version number in a product lock table. Id. at col. 6, l. 66-col. 7, l. 42. The encoded product key table and product lock table both are stored in random access memory (RAM), and the encoded product key table also is stored on a non-volatile storage device so that it can be recovered when the system is powered down and then re-initialized (i.e., the encoded product key table is persistent). Id. at col. 8, ll. 23-27, 43-46. Products are unlocked “on demand.” Id. at col. 10, ll. 20-39. “Upon first execution of a previously unentitled software product,” an unlock routine “fetches the encrypted entitlement key from the appropriate entry in [the] encoded product key table,” “obtains the machine key,” “decodes the entitlement key,” and sets the product lock table accordingly if the entitlement key indicates that the user is entitled to use the software. Id. Upon subsequent executions of the software product, the system checks the product lock table to determine if the software is entitled to execute. Id. at col. 10, ll. 48-62. Case IPR2013-00081 Patent 5,982,889 35 2. Claims 1-4 are Unpatentable Over Beetcher and Ginter Claims 1-3 Beetcher teaches generating a “string, R” (the machine key), encrypting an “indicium of an end-user’s identity” (the machine serial number) and indicia of first and second “information product[s]” (the entitlement flags) to create a “launch code” (the entitlement key), decrypting the “launch code,” and installing the first information product onto the end-user’s computer, as recited in claim 1. See Pet. 8-11. Apple relies on Ginter’s use of a digital signature for the “authentication code” limitations of claim 1 because the version number and machine serial number in Beetcher are used for purposes other than authenticating data. See id. at 10; Ex. 1007, col. 10, ll. 2-5, 56-60. Achates makes three arguments regarding claim 1. First, Achates argues that Beetcher and Ginter do not teach “decrypting said launch code . . . to recover said authentication code,” as recited in claim 1, because Ginter’s permissions record (PERC) does not include a digital signature that can be recovered by decrypting the PERC. PO Resp. 36-40. We disagree, for the reasons explained above. See supra Section II.E.2. In addition, Achates’s argument is directed to Ginter individually, but Apple’s position regarding the recited “decrypting” step is premised on the combination of Beetcher and Ginter. Apple relies on Beetcher for the underlying teaching of decrypting an encrypted “launch code” (the entitlement key) to recover the software version number and machine serial number, and, because those two values are not authentication codes, relies on Ginter’s teaching of a digital signature within an encrypted “launch code” (the PERC). See Pet. 13-14; Ex. 1003 ¶¶ 275-78. Given Ginter’s teaching of a digital signature Case IPR2013-00081 Patent 5,982,889 36 within a PERC, Achates does not explain sufficiently why the substitution proposed by Apple would not result in the recited “decrypting” step. See In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986) (“Non-obviousness cannot be established by attacking references individually where the rejection is based upon the teachings of a combination of references.”). Second, Achates argues that a person of ordinary skill in the art in 1997 would not have been motivated to include a digital signature in the entitlement key of Beetcher. PO Resp. 41-42. Achates contends that “public key cryptography was patented and the owner of the dominant patent was known to be litigious and the cost of its licenses high,” citing a 1997 article regarding U.S. Patent No. 4,405,829. Id. (citing Ex. 2015). Achates also points to the following testimony from Mr. Schneier: Q. Does the fact that the digital signatures were all patents in the 1997 time frame create a motivation not to use digital signatures? A. Of course. Ex. 1046 at 484:5-9. We first note that Mr. Schneier later testified during redirect examination that he “may have made a mistake” regarding the testimony cited above because at least one digital signature algorithm of the time was in the public domain. Id. at 494:4-495:7. Moreover, even assuming that Achates is correct, Achates’s argument is not that it would have been technically infeasible, or even technically difficult, for a person of ordinary skill in the art to use a digital signature in the context of Beetcher—just that the financial cost of doing so would have been high. We do not consider this to be a sufficient impediment to dissuade a skilled artisan from using Case IPR2013-00081 Patent 5,982,889 37 digital signatures. Indeed, Mr. Schneier testifies that digital signatures were “widely used in April 1997” in systems analogous to that of Beetcher, and provides detailed reasons why a person of ordinary skill in the art would have wanted to use a digital signature. See Ex. 1003 ¶¶ 275-78. Achates gives no basis for believing that testimony to be incorrect. Third, relying on its other arguments addressed above, Achates argues that “[t]he nature and number of mistakes that [Apple] and Mr. Schneier make in their interpretation of the reference[s] betrays the[] fact that their propositions are based almost entirely on hindsight.” PO Resp. 43. Achates further contends that a person of ordinary skill in the art would not have considered combining the references, citing Mr. Schneier’s testimony that if he were tasked with solving the problem of small-scale software piracy in 1997, he would not have “bother[ed]” with Ginter. Id. at 43-44 (citing Ex. 1045 at 350:17-352:3, Ex. 1046 at 392:7-18). As explained above, we do not agree that Apple and Mr. Schneier misread Ginter or the other references, and are persuaded by Mr. Schneier’s reasons as to why a person of ordinary skill in the art would have combined the teachings of Beetcher and Ginter. The cited portions of Mr. Schneier’s testimony, which address how Mr. Schneier would have built a system and only show that he would not have looked to Ginter because it is “long” and “complex” and has many “unnecessary things,” do not refute those reasons. See Ex. 1045 at 350:17-352:3; Ex. 1046 at 392:7-18. We are persuaded, by a preponderance of the evidence, that claim 1, as well as dependent claims 2 and 3, which Achates does not argue separately in its Patent Owner Response, would have been obvious over Beetcher and Ginter. Case IPR2013-00081 Patent 5,982,889 38 Claim 4 As to claim 4, Apple argues that claim 4 is unpatentable based on the combination of Beetcher and Ginter in two respects. First, as explained above, Apple relies on Beetcher as teaching all limitations of claim 4 other than the “authentication code” limitations, and relies on Ginter as teaching the use of an “authentication code.” Pet. 9-16. Second, Apple relies on Ginter as teaching all limitations of claim 4 other than “identical” strings R (for encrypting items to create a launch code) and T (for encrypting a token), and relies on Beetcher as teaching that limitation. Id. at 32-33. In the Decision on Institution, we determined that Apple had established a reasonable likelihood of prevailing based on Beetcher and Ginter for both reasons. Dec. on Inst. 22-23, 30. Achates does not argue claim 4 separately in its Patent Owner Response on either basis, instead relying on its arguments as to independent claim 1. See PO Resp. 15-16, 40, 42. After reviewing Apple’s arguments in the Petition, and Mr. Schneier’s supporting testimony, we are persuaded, by a preponderance of the evidence, that claim 4 would have been obvious over Beetcher and Ginter on both bases. See Pet. 9-16, 32-33; Ex. 1003 ¶¶ 194-99, 294-96, 298. 3. Conclusion Based on the record evidence, in light of the arguments presented, Apple has shown, by a preponderance of the evidence, that claims 1-4 are unpatentable over Beetcher and Ginter. Case IPR2013-00081 Patent 5,982,889 39 H. Apple’s Motion for Observation on Email Communications and Achates’s Motion to Seal Apple’s Motion for Observation on email communications between Mr. Radbel and Dr. Wang pertains to certain statements the witnesses made regarding the term “authentication code” used in the claims (citing Exs. 1067, 1068). See Obs. 1-3. We have considered Apple’s observations and Achates’s response, and have addressed them above where relevant. See supra Section II.F.2; Obs. 1-3; Obs. Resp. 1-4. Achates also moves to seal the email communications (Exhibits 1067 and 1068), as well as Apple’s Motion for Observation (Paper 64) 8 and Achates’s response (Paper 69). Mot. to Seal 2-4. In previous Orders, we ordered Achates to produce the emails, authorized Apple to file them as exhibits in this proceeding, and authorized Achates to file a motion to seal. See Papers 43, 52, 58, 63. There is a strong public policy in favor of making information filed in an inter partes review open to the public, especially because the proceeding determines the patentability of claims in an issued patent and, therefore, affects the rights of the public. Under 35 U.S.C. § 316(a)(1) and 37 C.F.R. § 42.14, the default rule is that all papers filed in an inter partes review are open and available for access by the public; a party, however, may file a motion to seal and the information at issue is sealed pending the outcome of the motion. It is, however, only “confidential information” that is protected from disclosure. 35 U.S.C. § 316(a)(7). In that regard, the Trial Practice Guide, 77 Fed. Reg. at 48,760, provides: 8 Apple’s exhibit list (Paper 65), filed with its Motion for Observation, also was filed under seal. Case IPR2013-00081 Patent 5,982,889 40 The rules aim to strike a balance between the public’s interest in maintaining a complete and understandable file history and the parties’ interest in protecting truly sensitive information. . . . Confidential Information: The rules identify confidential information in a manner consistent with Federal Rule of Civil Procedure 26(c)(1)(G), which provides for protective orders for trade secret or other confidential research, development, or commercial information. § 42.54. The standard for granting a motion to seal is “for good cause.” 37 C.F.R. § 42.54(a). Achates, as movant, bears the burden of proof in showing entitlement to the requested relief. 37 C.F.R. § 42.20(c). Achates must explain why the information sought to be sealed constitutes “confidential information.” Achates has not met its burden to show that the emails, and the papers citing the emails, contain “confidential information.” The emails contain discussions between Achates’s two declarants, Mr. Radbel and Dr. Wang, regarding their opinions on the prior art at issue in this proceeding. See Exs. 1067, 1068. They do not appear to contain any trade secrets, research information, or information that would be commercially sensitive. Achates makes three arguments in its Motion to Seal. First, Achates argues that the parties agreed not to permit discovery regarding the “process” of producing declarations and, therefore, had a “shared expectation that such information would be maintained confidentially and certainly not be made available to the public.” Mot. to Seal 2-3. We addressed this issue in ruling on Apple’s motion for additional discovery, and were not persuaded by Achates’s argument regarding an alleged agreement between the parties. See Paper 58 at 8. For the same reasons, we Case IPR2013-00081 Patent 5,982,889 41 are not persuaded that the emails should be sealed as “confidential information” based on the alleged agreement. Second, Achates argues that the emails contain “confidential communications with and at the direction of counsel,” and are “immune from discovery at least under the doctrine of work-product immunity.” Mot. to Seal 3 & n.1. Similar to the argument it made in connection with Apple’s motion for additional discovery, Achates does not cite any case law or explain in any detail why it believes the emails are privileged. See Paper 58 at 8. Moreover, Achates did not seek rehearing of our decision granting the motion for additional discovery, and produced the emails to Apple. We also note that, contrary to Achates’s assertion that the emails are confidential communications “with” counsel, the emails at issue are “directly” between Mr. Radbel and Dr. Wang, in accordance with the limited additional discovery we authorized. See id. at 9; Exs. 1067, 1068. Third, Achates contends that because Apple’s observations are “rank speculation and offer no insights into the credibility” of Mr. Radbel and Dr. Wang, the Board should not review them in its analysis and “there is no need to make [the emails] available to the public.” Mot. to Seal 3-4. Whether an opposing party’s position regarding a document ultimately has merit, however, is not the test for determining whether the document should be sealed. The test is whether the material contains “confidential information,” and Achates has not shown that the emails do. As Achates provides no basis for deeming the emails to contain “confidential information,” its Motion to Seal is denied. Papers 64, 65, and 69, and Exhibits 1067 and 1068, will be unsealed, and access to the Case IPR2013-00081 Patent 5,982,889 42 materials in the Patent Review Processing System (PRPS) will be changed from “Parties and Board Only” to “Public.” I. Achates’s Motion to Exclude In its Motion to Exclude, Achates seeks to exclude the declaration of Mr. Schneier (Exhibit 1003) submitted by Apple with the Petition. For the reasons discussed below, the motion is denied. With few exceptions, the Federal Rules of Evidence apply to inter partes review proceedings. 37 C.F.R. § 42.62(a). The rules governing inter partes review set forth the proper procedure for objecting to, and moving to exclude, evidence when appropriate. When a party objects to evidence that was submitted during a preliminary proceeding, such an objection must be served within ten business days of the institution of trial. 37 C.F.R. § 42.64(b)(1). The objection to the evidence must identify the grounds for the objection with sufficient particularity to allow correction in the form of supplemental evidence. Id. This process allows the party relying on the evidence to which an objection is served timely the opportunity to correct, by serving supplemental evidence within ten business days of the service of the objection. See 37 C.F.R. §§ 42.64(b)(1), 42.64(b)(2). If, upon receiving the supplemental evidence, the opposing party is still of the opinion that the evidence is inadmissible, the opposing party may file a motion to exclude such evidence. 37 C.F.R. § 42.64(c). Achates alleges various reasons why Mr. Schneier’s declaration (Exhibit 1003) should be excluded. Mot. to Exclude 1-8. The declaration, however, was submitted by Apple with its Petition for inter partes review (Paper 1). Because the evidence was submitted during a preliminary Case IPR2013-00081 Patent 5,982,889 43 proceeding, any objection to such evidence must have been served within ten business days of the institution of the trial. 37 C.F.R. § 42.64(b)(1). Achates does not allege that Apple was served with any objection within ten business days of the institution of trial (Paper 21, dated June 3, 2013) or at any other time. Instead, Achates submits that 37 C.F.R. § 42.64 does not apply “because the bases of the objections arose when [Apple] failed to update Mr. Schneier’s declaration as part of its Reply.” Mot. to Exclude 7. Achates does not point to any rule or authority in support of the theory that Apple had a duty to “update” a declaration that was submitted with the Petition for inter partes review. Moreover, Apple would have had the right to serve supplemental evidence for the purpose of correcting any evidentiary deficiencies in the declaration, had Apple been provided with proper and timely notice, as required by 37 C.F.R. § 42.64. Thus, we are not persuaded that Mr. Schneier’s declaration should be excluded. III. ORDER Apple has demonstrated, by a preponderance of the evidence, that: (1) claims 1-3 are anticipated by Ginter under 35 U.S.C. § 102(e); (2) claims 1-4 are unpatentable over Pettitt and Beetcher under 35 U.S.C. § 103(a); and (3) claims 1-4 are unpatentable over Beetcher and Ginter under 35 U.S.C. § 103(a). In consideration of the foregoing, it is hereby: ORDERED that claims 1-4 of the ’889 patent have been shown to be unpatentable; FURTHER ORDERED that Achates’s Motion to Exclude is denied; Case IPR2013-00081 Patent 5,982,889 44 FURTHER ORDERED that Achates’s Motion to Seal is denied; FURTHER ORDERED that Papers 64, 65, and 69, and Exhibits 1067 and 1068, are unsealed; and FURTHER ORDERED that the copies of Exhibits 1003 and 1041 filed on December 14, 2012, are expunged from the record of this proceeding. This is a final decision. Parties to the proceeding seeking judicial review of the decision must comply with the notice and service requirements of 37 C.F.R. § 90.2. Case IPR2013-00081 Patent 5,982,889 45 PETITIONER: Jeffrey P. Kushan Joseph A. Micallef SIDLEY AUSTIN LLP jkushan@sidley.com jmicallef@sidley.com PATENT OWNER: Brad D. Pedersen Eric H. Chadwick PATTERSON THUENTE PEDERSEN, P.A. prps@ptslaw.com chadwick@ptslaw.com Jason Paul DeMont KAPLAN BREYER SCHWARTZ & OTTESEN jpdemont@kbsolaw.com Vincent McGeary GIBBONS, P.C. vmcgeary@gibbonslaw.com