Unified v. Qurio, IPR2015-01940, Paper 1

Filed on behalf of: Unified Patents Inc. By: P. Andrew Riley

Joshua D. Goldberg Christopher C. Johns Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P. 901 New York Avenue, NW Washington, DC 20001–4413 Telephone: 202-408-4000 E–mail: [email protected]

Jonathan Stroud Unified Patents Inc. 1875 Connecticut Ave. NW, Floor 10 Washington, D.C., 20009 Telephone: 202-805-8931 Email: [email protected]

UNITED STATES PATENT AND TRADEMARK OFFICE

____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________

UNIFIED PATENTS INC.,

Petitioner

v.

QURIO HOLDINGS, INC., Patent Owner

____________

IPR2015-01940 Patent 8,102,863

High-Speed WAN to Wireless LAN Gateway ____________

PETITION FOR INTER PARTES REVIEW OF U.S. PATENT 8,102,863

ii

TABLE OF CONTENTS

I. INTRODUCTION ................................................................................... 1

II. MANDATORY NOTICES ....................................................................... 2

A. Real Party-in-Interest ....................................................................................... 2

B. Related Matters ................................................................................................. 3

C. Lead and Back-Up Counsel, and Service Information ............................. 3

III. FEE PAYMENT ....................................................................................... 3

IV. STATEMENT OF PRECISE RELIEF REQUESTED .......................... 4

A. Claims for Which Review Is Requested ...................................................... 4

B. Statutory Grounds of Challenge .................................................................... 4

C. The Level of Ordinary Skill in the Art at the Time of the Claimed Invention ............................................................................................ 4

V. THE ’863 PATENT .................................................................................. 5

A. Overview of the Disclosure ............................................................................ 5

B. Prosecution History .......................................................................................... 6

VI. GROUNDS FOR STANDING ................................................................. 7

VII. STATEMENT OF PRECISE RELIEF REQUESTED FOR EACH CLAIM CHALLENGED .............................................................. 8

A. Claims for Which Review is Requested ...................................................... 8

B. Statutory Grounds of Challenge .................................................................... 8

C. Claim Construction .......................................................................................... 8

VIII. CLAIMS 1-15 and 17-21 OF THE ’863 PATENT ARE UNPATENTABLE UNDER 35 U.S.C. § 103(a) ...................................... 9

A. Chen is Prior Art Under 35 U.S.C. § 102(e) ............................................... 9

iii

B. Karaoguz is Prior Art Under 35 U.S.C. § 102(a) .................................... 10

C. Margis is Prior Art Under 35 U.S.C. § 102(e) ......................................... 10

D. Candelore is Prior Art Under 35 U.S.C. § 102(a) ................................... 10

E. Krishnaswamy is Prior Art Under 35 U.S.C. § 102(a) ........................... 10

F. Ground 1: Chen in view of Karaoguz and Candelore renders claims 1, 3, 4, 7-15, and 17-21 obvious ..................................................... 11

1. Implementation of Chen’s Encoding .............................................. 15

2. Implementation of Chen’s session keys ......................................... 18

G. Ground 2: Chen in view of Karaoguz, Candelore, and Krishnaswamy renders claim 2 obvious .................................................... 33

H. Ground 3: Margis in view of Chen and Candelore renders claims 1, 3-10, 15, and 17-19 obvious ....................................................... 36

1. Implementation of Margis’ Content Distribution System ......... 38

2. Implementation of Margis’ DRM protection ................................ 41

I. Ground 4: Margis in view of Chen, Candelore, and Krishnaswamy renders claim 2 obvious .................................................... 56

IX. CONCLUSION....................................................................................... 59

iv

TABLE OF AUTHORITIES

Page(s)

Cases

Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc) ............................................................ 8

Qurio Holdings, Inc. v. Comcast Corporation et al., 1-14-cv-07488 (N.D. Ill.) ...................................................................................... 3

Qurio Holdings, Inc. v. DirecTV, et al., 1-14-cv-07502 (N.D. Ill.) ...................................................................................... 3

Qurio Holdings, Inc. v. DIRECTV, et al., 3-15-cv-00930 (N.D. Cal.) .................................................................................... 3

Qurio Holdings, Inc. v. DISH Network Corporation, et al., 1-14-cv-07504 (N.D. Ill.) ...................................................................................... 3

Federal Statutes

35 U.S.C. § 102(a) ................................................................................................... 10

35 U.S.C. § 102(e) ............................................................................................... 9, 10

35 U.S.C. § 103(a) ....................................................................................... 4, 8, 9, 23

35 U.S.C. § 122(b) ..................................................................................................... 6

35 U.S.C. § 311 ...................................................................................................... 4, 8

Regulations

37 C.F.R § 1.56(c) ...................................................................................................... 7

37 C.F.R. § 42.8(b)(1) ................................................................................................ 2

37 C.F.R. § 42.15(a) ................................................................................................... 3

37 C.F.R. § 42.100(b) ................................................................................................ 8

37 C.F.R. § 42.103(a) ................................................................................................. 3

v

37 C.F.R. § 42.104(a) ................................................................................................. 7

vi

LIST OF EXHIBITS

Exhibit Description EX1001 U.S. Patent No. 8,102,863 B1 to Gregory Morgan Evans EX1002 Declaration of Jon Weissman, Ph.D. EX1003 U.S. Patent No. 7,424,024 to Chen, et al (“Chen”) EX1004 U.S. Patent Application Publication No. 2005/0232284 to Karaoguz,

et al. (“Karaoguz”) EX1005 U.S. Patent Application Publication No. 2005/0169473 to Brant L.

Candelore (“Candelore”) EX1006 U.S. Patent Application Publication No. 2006/0105764 to

Krishnaswamy, et al (“Krishnaswamy”) EX1007 U.S. Patent No. 7,945,934 to Margis, et al. (“Margis”) EX1008 “Application Note AN-2036, Frequently Asked Questions Regarding

Finisar’s 1000BASE-T SFPs (FCMJ-8520/8521-3),” Revision B, Finisar Corporation, March 4, 2004.

EX1009 Internet Archive’s Wayback Machine archive of “Network Connection Speeds Reference,” located at http://web.archive.org/web/20060210045734/http://www.ertyu.org/steven_nikkel/netspeeds.html, 10 Feb 2006.

EX1010 “What LinkSec Should Know About Bridges,” Norman Finn, presented at IEEE P802 Link Security Executive Committee Study Group (ECSG), March, 2003.

EX1011 Excerpts of Prosecution History for U.S. Patent No. 8,102,863 EX1012 Affidavit of Christopher Butler and Exhibit EX1013 U.S. Patent Application Publication No. 2005/0130586 to Gnuschke,

et al. (“Gnuschke”) EX1014 U.S. Patent Application Publication No. 2003/0126086 to Reem

Safadi (“Safadi”) EX1015 “Home Interoperability Framework for the Digital Home,” Intel

Technology Journal, Vol. 6, Issue 4, Nov. 15, 2002. EX1016 Petitioner’s Voluntary Interrogatory Responses EX1017 Newton’s Telecom Dictionary (18th ed. 2002).

IPR2015-01940U.S. Patent 8,102,863

1

I. INTRODUCTION

Petitioner Unified Patents Inc. (“Unified”) requests Inter Partes Review

(“IPR”) of claims 1–15 and 17–21 of U.S. Patent No. 8,102,863 (“the ’863 patent”)

assigned to Qurio Holdings, LLC (“Qurio”) (EX1001).

The ’863 patent, which has a filing date of Jun. 27, 2006, describes an

electronic gateway for connecting a higher-speed network to a lower-speed

network. EX1001 at Abstract. The ’863 patent suggests that it uniquely solves the

problem of Fiber-to-the-Home (FTTH) networks being faster than the home

networks they connect to, id. at 1:31-42, by using a “data cache” and an “offload

engine.” Id.

Both of these were well-known long ago. The claimed “offload engine” and

“data cache” are basic systems for buffering data—systems electronic devices have

used for decades. For example, devices called “bridges” buffered data to connect

networks operating at different speeds long before the filing of the ’863 patent. See

EX1010 at 4 (“A bridge is buffered, and can support ports of different speeds in

different parts of the network, i.e. high speed in the ‘core’ and low speed at the

‘edge’”). Other facets—such as “cross-layer” elements—were concededly

“apparent to one having ordinary skill in the art.” EX1001 at 6:12-15. Thus,

interconnecting two networks having different speeds was not an unsolved

problem when the ’863 patent was applied for.

IPR2015-01940U.S. Patent 8,102,863

2

Nor was the identified reason for allowance, an amendment-added “[Digital

Rights Management] DRM function [] adapted to encode the identified data . . .

and provide license keys for decoding the encoded data,” new or non-obvious at

the time of filing. EX1011 at 86. As multiple references make clear, such DRM

functionality and key provisioning functions were well-known at the time. See,

e.g., EX1013 at ¶¶ [0032], [0035], [0036], [0043]; EX1014 at ¶¶ [0002], [0008],

[0011]; and EX1015 at 15, col. 2, ¶ 5.

Long before the ’863 patent’s effective filing date, myriad prior art patents

and printed publications disclosed the claimed combination of elements. As this

petition demonstrates, the disclosures of Chen (EX1003), Margis (EX1007),

Karaoguz (EX1005), and Candelore (EX1006), among other patents and

publications, warrant cancellation of claims 1-15 and 17-21.

II. MANDATORY NOTICES

A. Real Party-in-Interest

Pursuant to 37 C.F.R. § 42.8(b)(1), Petitioner certifies that Unified is the real

party-in-interest, and further certifies that no other party exercised control or could

exercise control over Unified’s participation in this proceeding, the filing of this

petition, or the conduct of any ensuing trial. In this regard, Unified has submitted

voluntary discovery. See EX1016 (Petitioner’s Voluntary Interrogatory

Responses).

IPR2015-01940U.S. Patent 8,102,863

3

B. Related Matters

Upon information and belief, the ’863 patent was asserted in the following

cases: Qurio Holdings, Inc. v. DIRECTV, et al., 3-15-cv-00930 (N.D. Cal.); Qurio

Holdings, Inc. v. DISH Network Corporation, et al., 1-14-cv-07504 (N.D. Ill.),

Qurio Holdings, Inc. v. DirecTV, et al., 1-14-cv-07502 (N.D. Ill.), and Qurio

Holdings, Inc. v. Comcast Corporation et al., 1-14-cv-07488 (N.D. Ill.), the first of

which was transferred to the Northern District of California.

C. Lead and Back-Up Counsel, and Service Information

The signature block of this petition designates lead counsel, backup counsel,

and service information for each petitioner. Unified designates P. Andrew Riley

(Reg. No. 66,290) as lead counsel and designates Joshua L. Goldberg (Reg. No.

59,369) and Christopher C. Johns (Reg. No. 68,664) as backup counsel. All can be

reached at Finnegan, Henderson, Farabow, Garrett & Dunner, LLP, 901 New York

Avenue, NW, Washington, DC 20001-4413 (phone: 202.408.4000; fax:

202.408.4400). Unified also designates as backup counsel Jonathan Stroud (Reg.

No. 72,518). Petitioner consents to e-mail service at [email protected].

III. FEE PAYMENT

The required fees are submitted under 37 C.F.R. §§ 42.103(a) and 42.15(a).

If any additional fees are due during this proceeding, the Office may charge such

fees to Deposit Account No. 06–0916.

IPR2015-01940U.S. Patent 8,102,863

4

IV. STATEMENT OF PRECISE RELIEF REQUESTED

A. Claims for Which Review Is Requested

Petitioner requests IPR and cancellation of claims 1-15 and 17-21 of the

’863 patent under 35 U.S.C. § 311.

B. Statutory Grounds of Challenge

Petitioner requests that the Board hold claims 1–15 and 17-21 unpatentable

as follows:

Ground Proposed Statutory Rejections for the ’863 Patent

Exhibit No(s).

1

Claims 1, 3, 4, 7–15, and 17–21 are obvious under § 103(a) over U.S. Patent No. 7,424,024 to Chen, et al. (“Chen”) in view of U.S. Patent Application Publication No. 2005/0232284 to Karaoguz, et al. (“Karaoguz”) and U.S. Patent Application Publication No. 2005/0169473 to Brant L. Candelore (“Candelore”)

EX1003, EX1004, EX1005

2

Claim 2 is obvious under § 103(a) over Chen in view of Karaoguz, Candelore, and U.S. Patent Application Publication No. 2006/0105764 to Krishnaswamy, et al. (“Krishnaswamy”)

EX1003, EX1004, EX1005, EX1006

3

Claims 1, 3–10, 15, and 17–19 are obvious under § 103(a) over in view of U.S. Patent No. 7,945,934 to Margis, et al. (“Margis”) in view of Chen and Candelore

EX1007, EX1003, EX1004

4 Claim 2 is obvious under § 103(a) over Margis in view of Chen, Candelore, and Krishnaswamy

EX1007, EX1003, EX1004, EX1006

C. The Level of Ordinary Skill in the Art at the Time of the Claimed Invention

The ’863 patent lists a filing date of June 27, 2006. At that time, a person

having ordinary skill in the art (hereafter, “POSA”) of inter-networking (i.e., in the

IPR2015-01940U.S. Patent 8,102,863

5

art for the ’863 patent) would have had (i) a B.S. degree in computer engineering,

computer science, or equivalent training, and (ii) approximately two years of

experience or research related to computer networking. See EX1002 (EXPERT

Decl.) at ¶ 21.

V. THE ’863 PATENT

A. Overview of the Disclosure

The ’863 patent describes a gateway that connects a Wide Area Network (a

WAN) with a Wireless Local Area Network (WLAN). EX1001 at Abstract. The

WAN may be, for example, a high-speed network such as the Internet. Id. at 2:59-

60. The WAN may be connected to the gateway using a high-speed connection. Id.

at 2:59-3-14. The connection may be a fiber-optic connection, but it can also be an

Ethernet connection or other type of high-speed connection. Id. at 2:59-3-14. The

WLAN may operate using known wireless standards, such as IEEE 802.11

(colloquially referred to as “wireless” or “Wi-Fi”). Id. at 3:15-18. An 802.11b

network (a type of 802.11 network) operates at a maximum of 11 megabits per

second (“mbps”). EX1009 (“Network Connection Speeds Reference”) at 2. Other

types of wireless technology can be used as well. EX1001 at 3:15-18 (“The WLAN

16 may operate, for example, according to one or more of the suite of IEEE 802.11

standards”) (emphasis added); see also id., claim 4 (the only dependent claim

requiring the use of IEEE 802.11 wireless networks).

IPR2015-01940U.S. Patent 8,102,863

6

B. Prosecution History

The application was filed on June 27, 2006, EX1011 at 278-316, with a

Request for Nonpublication under 35 U.S.C. § 122(b). EX1011 at 316.

After four Office Actions, the Examiner mailed a first Notice of Allowance

on January 12, 2011. EX1011 at 260-65. In particular, the Examiner identified that

the claims were allowable because of an inability to find prior art

which teaches, either solely or in combination with

another reference, the limitation of the DRM function is

adapted to encode the identified data such that encoded

data is transmitted to the corresponding one of the

plurality of user devices within the WLAN, and provide

license keys for decoding the encoded data to desired

ones of the plurality of user devices having permission to

consume the encoded data, in combination with all the

other limitations.

Id. at 264 (emphasis added). Applicant did not dispute the Examiner’s findings, as

Applicant failed to file any comments in response to the Reasons for Allowance.

Applicant filed a Request for Continued Examination on January 26, 2011.

EX1011 at 106-15. Applicant then filed an Information Disclosure Statement on

April 7, 2011. Id. at 102-04. The April 2011 IDS listed U.S. Patent No. 7,656,849,

which was also invented by Gregory Evans—the same inventor named on the ’863

patent—and was also prosecuted by the same law firm. EX1011 at 102. The April

IPR2015-01940U.S. Patent 8,102,863

7

2011 IDS stated that “no item of information contained in the information

disclosure statement was known to any individual designated in 37 CFR 1.56(c)

more than three months prior to the filing of the information disclosure statement.”

Id. at 104 (emphases added). However, the ’849 patent issued on January 2, 2010 –

more than 15 months prior to the filing of the April 2011 IDS and in contradiction

to the statement in that IDS.

The Examiner mailed a second Notice of Allowance on September 27, 2011.

EX1011 at 81-87. The Examiner again identified that the claims were allowable

because of an inability to find prior art containing those DRM elements identified

in the Notice of Allowance mailed January 12, 2011. Id. at 86. Applicant again did

not dispute these findings, as Applicant failed to file any comments on the reasons

for allowance. But, as explained below, these elements were well-known in the art

at the time of filing.

VI. GROUNDS FOR STANDING

Petitioner certifies that the ’863 patent is available for IPR and that the

Petitioner is not barred or estopped from requesting IPR challenging the ’863

patent on the grounds identified. See 37 C.F.R. § 42.104(a). Specifically: (1)

Petitioner is not the owner of the ’863 patent; (2) Petitioner is not barred or

estopped from requesting IPR; and (3) Petitioner has not been served with a

complaint alleging infringement of the ’863 patent.

IPR2015-01940U.S. Patent 8,102,863

8

VII. STATEMENT OF PRECISE RELIEF REQUESTED FOR EACH CLAIM CHALLENGED

A. Claims for Which Review is Requested

Petitioner respectfully requests review under 35 U.S.C. § 311 of claims 1-15

and 17-21 of the ’863 patent, and their cancellation as unpatentable.

B. Statutory Grounds of Challenge

Claims 1-15 and 17-21 are challenged as unpatentable under 35 U.S.C.

§ 103(a). The claim construction, reasons for unpatentability, and specific evidence

supporting this request are detailed below.

C. Claim Construction

Claim terms are given their ordinary and customary meaning as understood

by a POSA. Phillips v. AWH Corp., 415 F.3d 1303, 1312-13 (Fed. Cir. 2005) (en

banc). A claim in an unexpired patent subject to inter partes review receives the

“broadest reasonable construction in light of the specification of the patent in

which it appears.” 37 C.F.R. § 42.100(b). The majority of the claims are common

terms that deserve their ordinary and customary meaning. Unified suggests the

following term from the claims of the ’863 patent requires construction.1

1 The broadest reasonable interpretation should be applied to any claim terms not

addressed below.

IPR2015-01940U.S. Patent 8,102,863

9

a. “License key”

Independent claim 1 recites that the DRM function will “provide license

keys for decoding the encoded data to desired ones of the plurality of user devices

having permission to consume the encoded data.” Independent claim 17 similarly

recites “providing a license key for decoding the encoded data to the corresponding

one of the plurality of user devices if the corresponding one of the plurality of user

devices has permission to consume the encoded data.” EX1001 at 8:6-8; 9:26-10:2

In light of the specification, this phrase should be construed to mean “data that

enables a device to decrypt content.” See EX1001 at 4:45-47; EX1002 at ¶¶ 24-25.

VIII. CLAIMS 1-15 and 17-21 OF THE ’863 PATENT ARE UNPATENTABLE UNDER 35 U.S.C. § 103(a)

A. Chen is Prior Art Under 35 U.S.C. § 102(e)

U.S. Patent No. 7,424,024 (EX1003, “Chen”) was filed on August 12, 2004,

is a continuation-in-part of U.S. Patent Application no. 09/773,103, filed on

January 31, 2001, and claims priority to U.S. Provisional Patent Application Nos.

60/179,024, filed on January 31, 2000, and 60/189,870, filed on March 16, 2000.

Chen is prior art under at least 35 U.S.C. § 102(e) based on at least its filing date of

August 12, 2004.

IPR2015-01940U.S. Patent 8,102,863

10

B. Karaoguz is Prior Art Under 35 U.S.C. § 102(a)

U.S. Patent Application Publication No. 2004/0232284 (EX1004,

“Karaoguz”) published on October 20, 2005, and is prior art under at least 35

U.S.C. § 102(a).

C. Margis is Prior Art Under 35 U.S.C. § 102(e)

U.S. Patent No. 7,945,934 (EX1007, “Margis”) was filed on June 15, 2005,

and claims priority to U.S. Provisional Patent Application No. 60/580,099, filed on

June 15, 2004. Margis is prior art under at least 35 U.S.C. § 102(e) based on its

filing date of June 15, 2005.

D. Candelore is Prior Art Under 35 U.S.C. § 102(a)


“Candelore”) published on August 4, 2005 from an application filed on October

13, 2004. Candelore claims priority to U.S. Provisional Patent Application No.

60/541,339, filed on February 3, 2004, and is prior art under at least 35 U.S.C.

§ 102(a).

E. Krishnaswamy is Prior Art Under 35 U.S.C. § 102(a)


“Krishnaswamy”) published on May 18, 2006, was filed on November 16, 2004,

and is prior art under at least 35 U.S.C. § 102(a).

IPR2015-01940U.S. Patent 8,102,863

11

F. Ground 1: Chen in view of Karaoguz and Candelore renders claims 1, 3, 4, 7-15, and 17-21 obvious

Just like the ’863 patent, Chen discloses a “home gateway system.” EX1003

at 3:3-6. It shows an exemplary embodiment of a gateway connecting home

devices with a broadband network connection, such as an ADSL connection, a

cable modem connection, or a fiber optic connection, in Figure 4:

See also id. at 3:27-32, 8:43-52. The gateway in Chen provides “gateway

functionality between a . . . wireless (WiLAN) 12 and other networks such as the

IPR2015-01940U.S. Patent 8,102,863

12

Internet 24 and the PSTN 22.” Id. at 5:3-13. Just like the system that the ’863

patent claims employs, Chen’s gateway interconnects “these different networks

using different network protocols and/or operating at different transmission

capacities.” Id. at 5:6-9 (emphasis added). The gateway uses one network interface

to connect to the Internet at one speed—such as the ADSL speed of 9 mbps—to

wireless network devices using at a second slower speed—such as the Bluetooth

speed of 0.723 mbps. Id. at Fig. 4, 7:10-26, 10:1-33 (listing the ADSL speed);

EX1009 at 1 (listing the Bluetooth speed). One system for connecting to the

wireless devices is a Wireless module 107 in the gateway. EX1003 at Fig. 6B:

The gateway is configured to store information in a “receive and transmit,”

or transceiver, buffer 102 (“XCIVER buffer 102”) as it arrives from the broadband

network. Buffers, such as transceiver buffer 102, act as temporary storage locations

IPR2015-01940U.S. Patent 8,102,863

13

or “data caches” for information when it is sent or received and additionally serve

the purpose of flow control. See Newton’s Telecom Dictionary (EX1017) at 113

(defining a buffer as “a temporary storage location for information being sent or

received, and serves the purpose of flow control. Usually located between two

different devices that have different abilities or speeds for handling the data”); see

also Expert Declaration (EX1002) at ¶ 33. Indeed, such buffers have long been

used in network equipment interconnecting two networks having different speeds.

EX1010 at 4.

Data passing through wireless module 107 (i.e., to or from devices

connected via wireless module 107) may be processed through a security module

109 that contains a firewall for filtering and inspecting data. EX1003 at 23:50-67,

25:11-14.

The software architecture 140 for the gateway (i.e., the software that drives

the gateway) uses a session manager 142—implemented using corresponding

session manager software architecture 150—to manage information receipt,

storage, and transmission. EX1002 at ¶ 35. For example, session manager software

architecture 150 comprises a latency management module 158, which “manages

latency of information on the network layer 156” and “sends and receives protocol

data units to and from the ADSL ATU-R 104 and/or wireless RF module 107.”

EX1003 at 17:33-38. Session manager 142 enables communications across

IPR2015-01940U.S. Patent 8,102,863

14

different layers of the network stack, such as transport layer 154 and network layer

156, and receives data from the broadband network connection and transmits the

data to other devices over a wireless network. See also EX1003 at Figs. 7 and 8:

The gateway can also encrypt data sent from, and received via, wireless

module 107. See EX1003 at 29:21-23 (“security interface for providing secure

communications via the wired communications interface and via the wireless

communications interface”). For example, Chen’s security module 109 may

encrypt such data using wireless WEP encryption (e.g., using 64- or 128-bit WEP

keys) or using “per session security keys (e.g., encryption keys)” created every

time a user desires to log in. EX1003 at 26:22-44. Chen’s security module 109 also

includes a firewall for inspecting and filtering incoming data. EX1003 at 25:11-14.

IPR2015-01940U.S. Patent 8,102,863

15

The firewall performs stateful inspections of incoming data because the firewall

filters information based on “transactions taking place through it.” EX1003 at

23:56-67; Expert Declaration (EX1002) at ¶ 36. Transactions are a well-known

technique for updating the state of a system (i.e. stateful processing) such that each

subsequent transaction sees the result of prior ones. EX1002 at ¶ 36. The firewall

also performs stateless inspections of incoming data because the firewall filters

data traffic using “User Datagram Protocol (‘UDP’) port numbers,” which is a

stateless protocol and thus does not take into account the transactions taking place

through it. EX1003 at 23:56-67; EX1002 at ¶ 36. In contrast to transactions, each

UDP packet is independent and does not depend on any prior UDP packets (i.e.

stateless processing). EX1002 at ¶ 36.

1. Implementation of Chen’s Encoding

To the extent that the gateway in Chen’s encrypting information received

from a wide-area network before sending it to client devices does not constitute

encoding the identified data, such that encoded data is transmitted to the

corresponding one of the plurality of user devices within the wireless network,

Karaoguz teaches these elements.

Karaoguz, like Chen and the ’863 patent, teaches a “gateway” 118 that

connects a high-speed network connection with a lower-speed home network. See

EX1004 at Fig. 2. Karaoguz explains that the high-speed connection may be a T3

IPR2015-01940U.S. Patent 8,102,863

16

connection. Id. at ¶ [0028]. T3 connections operate at 44.736 mbps. EX1009 at 2.

Karaoguz also notes that the wireless interface for connecting to access devices

122, 124, and 126 may operate using the 802.11b standard. EX1004 at ¶ [0064].

The 802.11b standard operates at a maximum of 11 mbps. EX1009 at 2, EX1002 at

¶ 38.

Karaoguz also teaches

encoding received data into a format

compatible with access devices, for

example, laptop 117 and mobile

device 124 having digital rights

management systems 158 and 156,

respectively. See EX1004 at Fig. 3C.

Paragraph [0083] of Karaoguz

explains that each digital rights management systems 158 and 156 “may be used to

regulate access to and the conversion of multimedia information into alternate

formats according to privileges granted by the media-rights owner.” Processor 151

in gateway 118 may interact with digital rights management functionality 154 to

convert a video in “Windows Media Video (WMV) format” to another format

using the “functionality 154 associated with the gateway 118.” EX1004 at ¶ [0083]

and Fig. 3C.

IPR2015-01940U.S. Patent 8,102,863

17

Karaoguz recognizes that hardware and software manufacturers all use

different encoding standards that are incompatible with one another, and its system

enables conversion between these standards. EX1004 at ¶ [0011].

It would have been obvious to modify Chen’s security module 109 to

provide functionality to encode the identified data such that encoded data is

transmitted to the corresponding one of the plurality of user devices within the

wireless network. EX1002 at ¶ 42. Such a modification would combine known

elements—i.e., modifying security module 109 to enable it to encode data in

different formats and transmit it to devices over a network. Id. Furthermore, both

Chen and Karaoguz are concerned with the security problem of restricting device

access to content. Id. Moreover, this combination is obvious because it would

provide a more desirable system, one where multiple disparate devices having

different encoding systems can use the same data, thus easily solving two problems

associated with a network of electronic devices. Id.

Therefore, it would have been obvious to POSA to modify Chen’s security

module 109 to provide functionality to enable encoding data and transmitting it to

one of the plurality of user devices in a wireless network, as in Karaoguz. EX1002

at ¶ 43. POSA would have had a reasonable likelihood of success when combining

the two, because the modification of Chen’s security module 109 to enable it to

encode data and transmit it to another device (as in Karaoguz) would be a

IPR2015-01940U.S. Patent 8,102,863

18

straightforward software modification well within the skill of POSA that would

yield nothing more than predictable results, such as enabling two devices having

different encoding systems to use the same data. Id.

2. Implementation of Chen’s session keys

As explained above, Chen teaches a security module 109 that encrypts data

sent over a wireless network using session keys. EX1003 at 26:25-27. These “per

session security keys” may be created each time a user wishes to log in. EX1003 at

26:22-25 (“security module 109 also includes a security server [that] creates and

manages dynamic per session security keys (e.g., encryption keys) each time users

desire a login”) (emphases added).

To the extent that Chen’s security module 109 creating and managing “per

session security keys” usable for encrypting and decrypting data does not

constitute providing license keys to devices having permission to decode encoded

data, Candelore teaches these elements.

Candelore relates

discloses a system for

encrypting digital content

received over a television

cable network.

Candelore teaches a

IPR2015-01940U.S. Patent 8,102,863

19

gateway set-top box that receives content in a digital television signal. EX1005 at

¶ [0047]. The set-top box may encrypt the received content in multiple ways—e.g.,

using two different DRM formats—and distribute the content to multiple devices.

Id. at Fig. 3 at ¶ [0051]. For example, in one embodiment, the gateway set-top box

may receive packets of data in a digital television signal, duplicate the packets,

encrypt the first duplicate packets and the second duplicate packets (according to

first and second DRM methods, respectively), and replace the packets in the digital

television signal with the encrypted first duplicate packets and the encrypted

second duplicate packets for sending to separate set-top boxes. EX1005, ¶ [0052];

see also Fig. 4 (depicting the encrypted first and second packets being inserted into

a stream for sending to devices); see also Fig. 6 (depicting a gateway set-top box

400 that receives and encrypts the content using two separate DRM schemes for

delivery to two separate devices).

Candelore teaches sending Entitlement Control Messages comprising

decryption keys for decrypting encrypted content to set-top boxes that have

permission to decrypt the content. EX1005 at ¶¶ [0026], Table 1:

,

IPR2015-01940U.S. Patent 8,102,863

20

and [0043] (“[a]uthorized set-top boxes receive Entitlement Control Messages

(ECM) that are used to get access criteria and descrambling keys. The set-top box

attempts to apply the keys to the content”). Candelore further teaches that digital

content can be shared between the set top box and authorized devices using

Ethernet or IEEE1394 (aka “FireWire”) connections. EX1005, ¶ [0028].

It would thus have been obvious at the time of the invention to modify

Chen’s security module 109 to enable it to provide license keys for decoding

encoded data to devices having permission to consume the encoded data, as in

Candelore. Chen and Candelore both teach gateways for receiving content from a

broadband network, protecting the content by encryption using security keys, and

sending the encrypted content to multiple devices. EX1003 at 5:3-13, 26:22-44,

29:21-23; EX1005 at ¶¶ [0013]-[0015], [0056]-[0057], and Fig. 6; EX1002 at ¶ 49.

Combining Chen and Candelore would combine simple and known elements—i.e.,

combining Chen’s security module 109 with the providing of descrambling keys to

authorized devices, as in Candelore. EX1002 at ¶ 49.

Both Chen and Candelore are focused on the security problem of restricting

device access to content via encryption methods, and Chen discloses a set-top box

embodiment as does Candelore. Id. One of skill in the art would be motivated to

combine Chen and Candelore because it would provide a more desirable system,

where multiple disparate devices can connect, interact, and use the same data. Id.

IPR2015-01940U.S. Patent 8,102,863

21

Therefore, it would have been obvious to POSA to modify Chen’s security module

109 to have it provide license keys for decoding encoded data to devices with

permission to accept the encoded data, as in Candelore. EX1002 at ¶ 49. POSA

would have had a reasonable likelihood of success, as modifying Chen’s security

module 109 to provide license keys (as in Candelore) would be a straightforward

software modification yielding nothing more than predictable results to one of skill

in the art. EX1002 at ¶ 49.

As further explained below, 2 the combination of Chen, Candelore, and

Karaoguz teach all elements of claims 1, 3, 4, 7-15, and 17-21 of the ’863 patent.

[1.P] A gateway interconnecting a Wide Area Network (WAN) to a lower speed Wireless Local Area Network (WLAN) comprising:

Chen teaches a gateway 100’ that connects an in-home wireless network (the claimed “lower speed Wireless Local Area Network (WLAN)”) to the Internet via an ADSL or other broadband connection (the claimed “Wide Area Network (WAN)”). See, e.g., Fig. 6B. For example, see EX1003 (Chen) at 14:29-31: “FIG. 6B is a block diagram illustrating an exemplary wireless, integrated phone-based home gateway interface hardware architecture 100’.”

[1.A] an adaptable cross-layer offload engine;

Chen teaches a session manager 142 that receives and manages Protocol Data Units (i.e. data arriving from the wireless and wired network) to the gateway. See, e.g., Fig. 7. Session manager 142, which is implemented using corresponding session manager software architecture 150, manages receipt, storage, and transmission of information (the claimed “adaptable . . . offload engine”). Id. Session manager software architecture 150 comprises a latency

2 All emphasis in the claim charts in this petition is added unless otherwise noted.

IPR2015-01940U.S. Patent 8,102,863

22

management module 158, which manages latency of information on the network layer 156 and sends and receives protocol data units to and from the ADSL ATU-R 104 and/or wireless RF module 107. Transport layer 154 and network layer 156, also part of session manager software architecture 150, communicate with one another using protocol data units (PDUs). Transport layer 154 may send and receive PDUs to and from the network layer 156 (the claimed “cross-layer”). See, e.g., Fig. 8. For example, see EX1003 at 16:56-17:2: “FIG. 7 is a block diagram illustrating an exemplary home gateway interface software architecture 140. The home gateway interface software architecture 140 includes a session manager 142, a service manager 144, an interface manager 146 and a display manager 148.” See also id. at 17:7-38: “The session controller module 152 also sends and receives session control and status information to and from a transport layer 154 that is in communications with a network layer 156. . . . The transport layer 154 sends and receives transport layer protocol data units (“PDU”) to and from the network layer 156 . . . . The network layer 156 sends network layer PDUs to a latency management module 158. The latency management module 158 manages latency of information on the network layer 156. The latency management module 158 sends and receives protocol data units to and from the ADSL ATU-R 104 and/or wireless RF module 107.”

[1.B] a data cache associated with the offload engine;

Chen discloses a Buffer 102. Buffer 102 is associated with the session manager 142 because it works with the rest of the gateway to temporarily store incoming and outgoing data (the claimed “data cache associated with the offload engine”) in the form of Protocol Data Units that arrive to it. See, e.g., EX1003 Fig. 7. For example, see EX1003 at 13:38-43: “The exemplary integrated phone-based home gateway interface

IPR2015-01940U.S. Patent 8,102,863

23

architecture 100 includes a receive and transmit or transceiver (“XCIVER”) buffer 102, an ADSL ATU-R 104, a splitter 106 including a high-pass filter and a low pass filter, a POTS telephone module 108, an RJ-11 interface 110 and a RJ-45 interface 111.”

[1.C] a network interface communicatively coupling the offload engine to the WAN and providing a first data rate; and

Chen teaches that the gateway has a component for connecting to the Internet (the claimed “a network interface communicatively coupling the offload engine to the WAN”). For example, see EX1003 at 7:10-13: “FIG. 2 is a block diagram 26 illustrating an Asymmetric Digital Subscriber Line (‘ADSL’) component 28 of the phone-based home gateway interface 18. The ADSL component 28 is illustrated as integral to the phone-based home gateway interface 18 . . . However, the phone-based home gateway interface 18 may also include a symmetric, other or equivalent communications component and the present invention is not limited to the ADSL component 28.”

Karaoguz teaches that gateway 118 may be connected to a modem that enables a T3 connection, which operates at 44.736 mbps (the claimed “providing a first data rate”). See, e.g., EX1009 at 2.3 For example, see EX1004 (Karaoguz) at ¶ [0028]: “The gateway 118 may comprise an integrated DSL modem, cable modem or other high-speed modem that may be required for handling a connection such as a T1 or T3 connection. Alternatively, the gateway 118 may be coupled to an external DSL modem, cable modem or other high-speed modem that may be capable of handling connections such as a T1 or a T3 connection.”

[1.D] a wireless interface Karaoguz teaches a wireless interface 120 (the claimed 3 EX1009 is cited in these charts merely to demonstrate the speed of each type of

connection, rather than in the combination under § 103(a).

IPR2015-01940U.S. Patent 8,102,863

24

associated with the offload engine and adapted to communicate with a plurality of user devices within the WLAN, the wireless interface providing a second data rate that is less than the first data rate of the network interface;

“a wireless interface . . . adapted to communicate with a plurality of user devices within the WLAN”) inside of gateway 118 (the claimed “associated with the offload engine”). See, e.g., Fig. 3C. Wireless interface 120 may be implemented using a variety of different protocols, including 802.11b. 802.11b operates at a maximum of 11 mbps, which is less than the T3 connection in Karaoguz (the claimed “wireless interface providing a second data rate that is less than the first data rate of the network interface”). EX1009 at 2. For example, see EX1004 at ¶ [0102]: “In a representative embodiment of the present invention, the wireless local area networks may include data networks such as, for example, Institute of Electrical and Electronics Engineer (IEEE) 802.11a/b/g/n compliant wireless networks such as those located in homes, hot spots or an office. Such local area networks may operate in unlicensed radio frequency spectrum such as in, for example, the 2.4 and 5 gigahertz regions.”

[1.E] wherein the offload engine is adapted to: See [1.A] above. [1.F] receive incoming data from the WAN via the network interface at the first data rate;

Karaoguz teaches that gateway 118 may be connected to a modem that enables a T3 connection, which operate at 44.736 mbps (the claimed “receive incoming data from the WAN via the network interface at the first data rate”). See, e.g., EX1009 at 2. For example, see EX1004 at ¶ [0028]: “The gateway 118 may comprise an integrated DSL modem, cable modem or other high-speed modem that may be required for handling a connection such as a T1 or T3 connection. Alternatively, the gateway 118 may be coupled to an external DSL modem, cable modem or other high-speed modem that may be capable of handling connections such as a T1 or a T3 connection.”

[1.G] store the incoming data in the data cache; and

Chen discloses a Buffer 102. Buffer 102 temporarily stores incoming and outgoing data. See, e.g., Fig. 6B. For example, see EX1003 at 13:38-43: “The exemplary integrated phone-based home gateway interface

IPR2015-01940U.S. Patent 8,102,863

25

architecture 100 includes a receive and transmit or transceiver (“XCIVER”) buffer 102, an ADSL ATU-R 104, a splitter 106 including a high-pass filter and a low pass filter, a POTS telephone module 108, an RJ-11 interface 110 and a RJ-45 interface 111.”

[1.H] transmit the incoming data from the data cache to a corresponding one of the plurality of user devices in the WLAN via the wireless interface at the second data rate;

Karaoguz teaches that wireless interface 120 communicates with wireless devices. See, e.g., Fig. 3C. Wireless module 120 may be implemented using a variety of different protocols, including 802.11b. 802.11b operates at a maximum of 11 mbps (the claimed “transmit . . . via the wireless interface at the second data rate”). EX1009 at 2. For example, see EX1004 at ¶ [0081]: “As shown in FIG. 3C, the broadband access gateway 118 is communicatively coupled to a wireless interface 120 that may correspond, for example, to the wireless interface 120 of FIGS. 1 and 2. The wireless interface 120 may permit the gateway 118 to communicate with wireless access devices such as, for example, the access device 124 and the laptop 117 that may be within the coverage area of the gateway 118.”

[1.I] further wherein the gateway further comprises: See [1.P] above. [1.J] a rule check engine adapted to inspect the incoming data from the WAN based upon at least one rule prior to transmitting the incoming data to the corresponding one of the plurality of user devices in the WLAN, the at least one rule comprises at least one Digital Rights Management (DRM) rule and the rule check engine operates to identify data to be processed by a DRM

Chen discloses a security module 109 that includes a firewall for filtering and inspecting incoming data (the claimed “rule check engine adapted to inspect the incoming data from the WAN based upon at least one rule prior to transmitting the incoming data to the corresponding one of the plurality of user devices in the WLAN”). See, e.g., EX1003 at Fig. 6B. For example, see EX1003 at 25:11-14: “In one embodiment of the present invention, the security module 109 includes a firewall that provides at least IP address filtering, TCP/UDP port filtering, and MAC/LLC address filtering.” Karaoguz teaches that its gateway 118 may access a received file and convert it into an alternate format using digital rights management functionality 154 (the

IPR2015-01940U.S. Patent 8,102,863

26

function and initiate the DRM function for the identified data; and

claimed “the at least one rule comprises at least one Digital Rights Management (DRM) rule and the rule check engine operates to identify data to be processed by a DRM function and initiate the DRM function for the identified data”). See, e.g., EX1004 at Fig. 3C. For example, see EX1004 at ¶ [0083]: “For instance, a video clip encoded in Windows Media Video (WMV) format that is protected using digital rights management may be accessed and converted to an alternate format using the digital rights management functionality 154 associated with the gateway 118.”

[1.K] the DRM function initiated by the rule check engine based on the at least one DRM rule, the DRM function being adapted to encode the identified data such that encoded data is transmitted to the corresponding one of the plurality of user devices within the WLAN, and

Karaoguz teaches that its gateway 118 may access a received file and convert it into an alternate format using digital rights management functionality 154 (the claimed “the DRM function initiated by the rule check engine based on the at least one DRM rule”). See, e.g., Fig. 3C. After conversion, gateway 118 may send the file to a device over wireless interface 120 (the claimed “encoded data is transmitted to the corresponding one of the plurality of user devices within the WLAN”). Id. For example, see EX1004 at ¶ [0083]: “For instance, a video clip encoded in Windows Media Video (WMV) format that is protected using digital rights management may be accessed and converted to an alternate format using the digital rights management functionality 154 associated with the gateway 118.” See also id. at ¶ [0081]: “As shown in FIG. 3C, the broadband access gateway 118 is communicatively coupled to a wireless interface 120 that may correspond, for example, to the wireless interface 120 of FIGS. 1 and 2. The wireless interface 120 may permit the gateway 118 to communicate with wireless access devices such as, for example, the access device 124 and the laptop 117 that may be within the coverage area of the gateway 118.”

[1.L] provide license keys for decoding the

Candelore teaches that the DRM systems have the ability to deliver decryption keys to authorized set-top

IPR2015-01940U.S. Patent 8,102,863

27

encoded data to desired ones of the plurality of user devices having permission to consume the encoded data.

boxes using Entitlement Control. For example, see EX1005 (Candelore) at ¶ [0043]: “Authorized set-top boxes receive Entitlement Control Messages (ECM) that are used to get access criteria and descrambling keys. The set-top box attempts to apply the keys to the content.”

[3.] The gateway of claim 1 wherein the network interface is coupled to the WAN via a Fiber-to-the-Home (FTTH) connection.

Chen teaches that the gateway may be connected to a broadband network using a fiber-optic cable and that the gateway may be in a home. For example, see EX1003 at 3:27-33: “The phone-based home gateway interface 18 and gateway interface 212 (FIG. 15) may also be connected to other computer networks 24 such as the Internet, an intranet, etc. via coaxial cable, fiber optic cable other connection media or other connection interfaces such as wireless interfaces. The gateway interface 212 may also be connected to the PSTN 22.”

[4.] The gateway of claim 1 wherein the wireless interface operates according to one of the plurality of IEEE 802.11 standards.

Karaoguz teaches a wireless interface 120 inside of gateway 118. See, e.g., Fig. 3C. Wireless interface 120 may be implemented using a variety of different protocols, including 802.11b. 802.11b operates at a maximum of 11 mbps, which is less than the T3 connection in Karaoguz. EX1009 at 2. For example, see EX1004 at ¶ [0102]: “In a representative embodiment of the present invention, the wireless local area networks may include data networks such as, for example, Institute of Electrical and Electronics Engineer (IEEE) 802.11a/b/g/n compliant wireless networks such as those located in homes, hot spots or an office. Such local area networks may operate in unlicensed radio frequency spectrum such as in, for example, the 2.4 and 5 gigahertz regions.”

[7.] The gateway of claim 1 wherein the rule check engine performs a stateful inspection of the incoming data.

Chen teaches that the firewall in security module 109 may inspect data traffic, and may have information on “transactions” that are taking place through the firewall. A firewall that has information on transactions that are taking place through it performs a “stateful inspection,”

IPR2015-01940U.S. Patent 8,102,863

28

in that the firewall maintains information about the transactions. For example, see EX1003 at 23:56-59: “To implement filtering, a firewall is designed to interpret the type of data traffic that is being sent through it. The more information that a firewall has about transactions taking place through it, the more security it can provide.” See also id. at 25:11-14: “In one embodiment of the present invention, the security module 109 includes a firewall that provides at least IP address filtering, TCP/UDP port filtering, and MAC/LLC address filtering.”

[8.] The gateway of claim 1 wherein the rule check engine performs a stateless inspection of the incoming data.

Chen teaches that the firewall in security module 109 may inspect data traffic based on particular information included in each packet, known as packet filtering. The packet filtering may be done based on, for example, MAC addresses or network addresses. Such an inspection is stateless, if the inspection is performed without using information about a transaction. For example, see EX1003 at 23:60-67: “Firewall security mechanisms include packet filtering. Packet filtering includes using the content of data packets passing through the firewall to determine if a packet should be allowed to pass through the firewall. For example, data-link layer addresses such as MAC and LLC addresses, network addresses such as IP addresses and source and destination transmission port numbers, such as TCP or User Datagram Protocol (‘UDP’) port numbers are used to filter data traffic.” See also id. at 25:11-14: “In one embodiment of the present invention, the security module 109 includes a firewall that provides at least IP address filtering, TCP/UDP port filtering, and MAC/LLC address filtering.”

[9.] The gateway of claim 1 wherein the at

Chen teaches that the firewall in security module 109 may inspect and filter data traffic based on the data

IPR2015-01940U.S. Patent 8,102,863

29

least one rule further comprises at least one intrusion detection rule for detecting malicious network traffic.

being suspicious or dangerous or containing malicious/hostile attacks. For example, see EX1003 at 23:50-59: “As is known in the art, firewalls are a security feature used to protect a network from potentially hostile attacks from outside the network. For example, a firewall may protect LAN 12 from malicious attacks from the Internet 24 or another network 22. Firewalls typically provide security services by filtering out data traffic that may be inappropriate, suspicious or dangerous. To implement filtering, a firewall is designed to interpret the type of data traffic that is being sent through it. The more information that a firewall has about transactions taking place through it, the more security it can provide.”

[10.] The gateway of claim 1 wherein the at least one rule further comprises at least one content rule identifying a type of content to block from entering the WLAN.

Chen teaches that the firewall in security module 109 may inspect data traffic and filter it from being received by other devices, based on the data being “inappropriate.” For example, see EX1003 at 23:50-59: “As is known in the art, firewalls are a security feature used to protect a network from potentially hostile attacks from outside the network. For example, a firewall may protect LAN 12 from malicious attacks from the Internet 24 or another network 22. Firewalls typically provide security services by filtering out data traffic that may be inappropriate, suspicious or dangerous. To implement filtering, a firewall is designed to interpret the type of data traffic that is being sent through it. The more information that a firewall has about transactions taking place through it, the more security it can provide.”

[11.] The gateway of claim 1 further comprising a file format conversion function adapted to convert the incoming data that is in a

Karaoguz teaches that gateway 118 may convert data from a first format to a second format that is suitable for delivery and/or display on an access device. See, e.g., Fig. 5. The conversion may include reducing resolution or bitrate, which leads to a smaller file.

IPR2015-01940U.S. Patent 8,102,863

30

first file format to a second file format having lesser bandwidth requirements.

For example, see EX1004 at ¶ [0051]: “Automatic format conversion by the gateway 118 may include converting data from a first format to at least a second format suitable for delivery and/or display on an access device. This may permit data that would otherwise be incompatible with a first access device to be played on that first access device. For the location-aware services based on QoS, data was converted from a first format 128 kbps to a second format 96 kbps to achieve and/or maintain a particular QoS, but the data type remained the same. In this case, the audio format and/or its data type may be different. For example, if the audio format was MP3, then after the conversion, the format remained WAV and/or the sampling rate may have decreased from 128 kbps [to] 96 kbps.”

[12.] The gateway of claim 1 further comprising a conversion function adapted to convert the incoming data corresponding to a media file having a first quality to a media file having a lesser quality, thereby reducing bandwidth requirements for transferring the media file over the WLAN.

Karaoguz teaches that gateway 118 may convert data from a first format to a second format that is suitable for delivery and/or display on an access device. See, e.g., Fig. 5. The conversion may include reducing resolution or bitrate, which leads to a smaller file. For example, see EX1004 at ¶ [0051]: “Automatic format conversion by the gateway 118 may include converting data from a first format to at least a second format suitable for delivery and/or display on an access device. This may permit data that would otherwise be incompatible with a first access device to be played on that first access device. For the location-aware services based on QoS, data was converted from a first format 128 kbps to a second format 96 kbps to achieve and/or maintain a particular QoS, but the data type remained the same. In this case, the audio format and/or its data type may be different. For example, if the audio format was MP3, then after the conversion, the format remained WAV and/or the sampling rate may have decreased from 128 kbps [to] 96 kbps.”

[13.] The gateway of claim 1 wherein the rule check engine is further adapted to: inspect the

Karaoguz teaches that gateway 118 may convert data from a first format to a second format that is suitable for delivery and/or display on an access device. See, e.g., Fig. 5. The conversion may include reducing

IPR2015-01940U.S. Patent 8,102,863

31

incoming data to identify data in a specified file format; and initiate a file format conversion function adapted to convert the identified data to a new file format having lesser bandwidth requirements prior to transmission of the identified data over the WLAN.

resolution or bitrate, which leads to a smaller file. For example, see EX1004 at ¶ [0051]: “Automatic format conversion by the gateway 118 may include converting data from a first format to at least a second format suitable for delivery and/or display on an access device. This may permit data that would otherwise be incompatible with a first access device to be played on that first access device. For the location-aware services based on QoS, data was converted from a first format 128 kbps to a second format 96 kbps to achieve and/or maintain a particular QoS, but the data type remained the same. In this case, the audio format and/or its data type may be different. For example, if the audio format was MP3, then after the conversion, the format remained WAV and/or the sampling rate may have decreased from 128 kbps [to] 96 kbps.”

[14.] The gateway of claim 1 wherein the rule check engine is further adapted to: inspect the incoming data to identify data corresponding to a media file in a specified file format; and initiate a conversion function adapted to reduce a quality of the media file prior to transmission of the identified data over the WLAN.

Karaoguz teaches that gateway 118 may convert data from a first format to a second format that is suitable for delivery and/or display on an access device. See, e.g., Fig. 5. The conversion may include reducing resolution or bitrate, which leads to a smaller file. For example, see EX1004 at ¶ [0051]: “Automatic format conversion by the gateway 118 may include converting data from a first format to at least a second format suitable for delivery and/or display on an access device. This may permit data that would otherwise be incompatible with a first access device to be played on that first access device. For the location-aware services based on QoS, data was converted from a first format 128 kbps to a second format 96 kbps to achieve and/or maintain a particular QoS, but the data type remained the same. In this case, the audio format and/or its data type may be different. For example, if the audio format was MP3, then after the conversion, the format remained WAV and/or the sampling rate may have decreased from 128 kbps [to] 96 kbps.”

[15.] The gateway of claim 1 wherein the

Chen discloses a Buffer 102. Buffer 102 temporarily stores both incoming and outgoing data. Chen also

IPR2015-01940U.S. Patent 8,102,863

32

offload engine is further adapted to: receive outgoing data from one of the plurality of user devices within the WLAN at the second data rate provided by the wireless interface; buffer the outgoing data in the data cache; and transmit the outgoing data from the data cache to a desired end point via the network interface at the first data rate of the network interface.

teaches that the gateway has a component for connecting to the Internet, and that this component may upload data at the same speed that it downloads data (the claimed “transmit the outgoing data from the data cache to a desired end point via the network interface at the first data rate of the network interface”). For example, see EX1003 at 7:10-13: “FIG. 2 is a block diagram 26 illustrating an Asymmetric Digital Subscriber Line (‘ADSL’) component 28 of the phone-based home gateway interface 18. The ADSL component 28 is illustrated as integral to the phone-based home gateway interface 18 . . . However, the phone-based home gateway interface 18 may also include a symmetric, other or equivalent communications component and the present invention is not limited to the ADSL component 28.” See also id. at 13:38-43: “The exemplary integrated phone-based home gateway interface architecture 100 includes a receive and transmit or transceiver ("XCIVER") buffer 102, an ADSL ATU-R 104, a splitter 106 including a high-pass filter and a low pass filter, a POTS telephone module 108, an RJ-11 interface 110 and a RJ-45 interface 111.”

[17.A] A method of interconnecting a Wide Area Network (WAN) and a lower speed Wireless Local Area Network (WLAN) comprising: receiving incoming data from the WAN at a first data rate;

See [1.F] above.

[17.B] offloading the incoming data to a data cache; See [1.G] above.[17.C] inspect the incoming data from the WAN based upon at least one Digital Rights Management (DRM) rule to identify data to be processed by a DRM function;

See [1.J] above.

[17.D] encoding, by the DRM function, the identified data to provided encoded data;

See [1.K] above.

[17.E] transmitting the incoming data, including the encoded data, from the data cache to a corresponding one of a plurality of user devices within the WLAN at a second data rate of the WLAN that is less than the first data rate of the WAN; and

See [1.H] above.

[17.F] providing a license key for decoding the encoded data to the corresponding one of the plurality of user devices if the

See [1.L] above.

IPR2015-01940U.S. Patent 8,102,863

33

corresponding one of the plurality of user devices has permission to consume the encoded data. [18.] The method of claim 17 wherein transmitting the incoming data from the data cache comprises transmitting the incoming data from the data cache according to an adaptable cross-layering scheme.

See [1.A] above.

[19.] The method of claim 17 wherein receiving the incoming data comprises receiving the incoming data from the WAN via a Fiber-to-the-Home (FTTH) connection.

See [3] above.

[20.] The method of claim 17 further comprising: inspecting the incoming data to identify data in a specified file format; converting the identified data to a new file format having lesser bandwidth requirements; and transmitting the identified data in the new file format to the corresponding one of the plurality of user devices within the WLAN.

See [13] above.

[21.] The method of claim 17 further comprising: inspecting the incoming data to identify data corresponding to a media file in a specified file format; reducing a quality of the media file, thereby reducing bandwidth requirements of the media file; and transmitting the reduced quality media file to the corresponding one of the plurality of user devices in the WLAN.

See [12] above.

G. Ground 2: Chen in view of Karaoguz, Candelore, and

Krishnaswamy renders claim 2 obvious

Krishnaswamy discloses a wireless communication device comprising a

Distributed Network Information Base (DNIB) and a Service Agent. EX1006 at

¶ [0013]. The wireless communication device may be, for example, an access

point, a base station, a wireless interface, or any other device that receives and

transmits information wirelessly. Id. at ¶ [0028]. The DNIB stores network

information and the Service Agent may communicate network information stored

in the DNIB between non-adjacent layers of a protocol stack. Id. at ¶¶ [0013],

[0029]. These “cross-layer optimization techniques” may be used to address

IPR2015-01940U.S. Patent 8,102,863

34

quality-of-service and bandwidth constraints in computer networks. EX1006 at

¶ [0014]; EX1002 at ¶ 51. For example, the Service Agent may communicate

information directly from the physical layer to the network layer. EX1006 at

¶ [0014]. Figure 2 demonstrates that the physical and network layers are

non-adjacent layers:

The cross-layer technique used by the Service Agent in Krishnaswamy

enables it to “maintain (or even enhance) performance of currently active

application-layer applications as network conditions change.” EX1006 at ¶ [0029].

It would have been obvious to optimize the session manager software

architecture 150 in Chen to communicate network information between

IPR2015-01940U.S. Patent 8,102,863

35

non-adjacent layers of a protocol stack, as cross-layer communication was a

well-known optimization at the time of filing for the ’863 patent. EX1002 at ¶ 53.

It combines known elements—i.e., Chen’s session manager software architecture

150 with the cross-layer communication optimization techniques of

Krishnaswamy. Furthermore, Chen and Krishnaswamy both teach using common

wireless techniques to transmit information. The gateway in Chen would benefit

from the cross-layer communication optimization techniques in Krishnaswamy, as

it would help to maintain or improve network performance. Id. For example, both

Chen and Krishnaswamy relate to sending and receiving multimedia data. EX1003

at 1:26-31 (“data, voice, and video”) and 59-62 (“voice, video and data”); 7:1-9

(“audio or video communications”), and EX1006 at ¶ [0002] (“real-time,

multimedia videoconferencing”), ¶ [0013] (“optimize multimedia performance”)

and ¶ [0037] (“multimedia streaming application in which a packetized video

stream is communicated between end-nodes”); EX1002 at ¶ 53.

For similar reasons, POSA would have had a reasonable likelihood of

success modifying Chen’s session manager software architecture 150 to enable

cross-layer communication, as it would be a straightforward software modification

yielding nothing more than predictable results to a POSA, addressing network

constraints, improving speeds and network performance, and maintaining or

enhancing the performance of active application-layer communications. EX1006 at

IPR2015-01940U.S. Patent 8,102,863

36

¶¶ [0014], [0029], EX1002 at ¶ 53. Therefore, it would have been obvious to

POSA to modify Chen’s session manager software architecture 150 to enable it to

communicate network information between non-adjacent layers of a protocol

stack, as in Krishnaswamy. EX1002 at ¶ 53.

[2.] The gateway of claim 1 wherein the offload engine comprises a number of protocol stack layers from a protocol stack of the gateway and is implemented in a cross-layer architecture enabling communication between non-adjacent layers in the protocol stack.

Krishnaswamy teaches a Distributed Network Information Base (DNIB) that stores network information, and a Service Agent that communicates network information stored in the DNIB between non-adjacent layers of a protocol stack. See, e.g., Fig. 2. For example, see EX1006 (Krishnaswamy) at ¶ [0013]: “In accordance with some embodiments of the present invention, at least some wireless communication devices 102, including access points 108 and base stations 110, may include a service agent (SA) 104 and a distributed network information base (DNIB) 106. Distributed network information bases (DNIB) 106 may store network information in a distributed fashion. Service agents 104 may communicate network information stored in their associated distributed network information base 106 directly between non-adjacent layers of a protocol stack. In some embodiments, service agents 104 utilize the network information to at least maintain or enhance performance of currently active application-layer applications as network conditions change. In some embodiments, service agents 104 may help optimize multimedia performance as network conditions change and may dynamically respond to changes in link quality, as further discussed below.”

H. Ground 3: Margis in view of Chen and Candelore renders claims

1, 3-10, 15, and 17-19 obvious

Margis discloses a system with a portable media device, a content

distribution system, and a content source, and corresponding methods for

IPR2015-01940U.S. Patent 8,102,863

37

presenting media on the device. EX1007 at Abstract. A content distribution system

400 enables bidirectional communication between content sources 300 and

portable media devices 100. See id. at Fig. 7:

Content distribution system 400, in some embodiments, comprises one or

more access points 410A-N for communicating with content sources 300, and may

comprise access points 410A1-AM for communicating with portable media

devices 100. Id. at 20:16-21. These access points may be implemented to enable

wired and wireless access. Id. at 21:4-31. For example, portable media devices 100

may be connected to content distribution system 400 using wireless networks such

as IEEE 802.11. Id. at 21:4-12. An 802.11b network (a type of 802.11 network)

operates at a maximum of 11 mbps. EX1009 at 2, EX1002 at ¶ 55. Content sources

IPR2015-01940U.S. Patent 8,102,863

38

300 may be connected to content distribution system 400 using a wired network

technology such as 1000Base-X or 1000Base-T Ethernet. Id. at 21:4-9, 17-26.

1000Base-X and 1000Base-T Ethernet operate at 1 gigabit per second (or 1000

mbps). EX1009 at 2-3. These connections may be implemented using fiber-optic

communication or copper-communication connections, as 1000Base-X refers to a

fiber-optic connection while 1000Base-T refers to a copper-wire connection.

EX1008 (“Application Note AN-2036”) at 2-3 (“The ‘T’ represents twisted pair

copper cable (for example Cat 5), and the ‘X’ represents fiber optic cable”),

EX1002 at ¶ 55.

The media devices 100 can receive content 200 from content sources 300

through content distribution system 400. EX1007 at 20:9-11. Content distribution

system 400 may buffer content 200 when transmitted from a content source 300 to

a portable media device 100. Id. at 5:26-34. Content 200 may, in some

embodiments, be encrypted or protected using Digital Rights Management (DRM)

techniques. Id. at 6:49-54.

1. Implementation of Margis’ Content Distribution System

As explained above, Margis’ content distribution system 400 enables

bidirectional communication between content sources 300 and portable media

devices 100, and may send content that is encrypted and/or protected. EX1007 at

5:26-34, 6:49-54, and 20:9-11. To the extent that Margis does not teach a rule

IPR2015-01940U.S. Patent 8,102,863

39

check engine adapted to inspect incoming data based upon at least one rule, Chen

teaches these elements.

Chen discloses a gateway that operates as part of a “home gateway system.”

EX1003 at 3:3-6. One exemplary embodiment of a gateway connects home devices

with a broadband network connection, such as an ADSL connection, a cable

modem connection, or a fiber optic connection. See EX1003 at 3:27-32 and 8:43-

52. The gateway in Chen provides “gateway functionality between a . . . wireless

(WiLAN) 12 and other networks such as the Internet 24 and the PSTN 22.” Id. at

5:3-13. Just like the problems that the ’863 patent purports to solve, connecting

“these different networks using different network protocols and/or operating at

different transmission capacities.” EX1003 at 5:6-9 (emphasis added).

Chen also teaches a buffer 102. Buffer 102 is associated with the session

manager 142, as it works with the rest of the gateway to temporarily store

incoming and outgoing data. EX1002 at ¶ 59.

Chen’s security module 109 may encrypt such data using wireless WEP

encryption (e.g., using 64- or 128-bit WEP keys) or using “per session security

keys (e.g., encryption keys)” created every time a user desires to log in. EX1003 at

26:22-44. Chen’s security module 109 also includes a firewall for inspecting and

filtering incoming data. EX1003 at 25:11-14. The firewall may provide IP address

filtering, port filtering, and MAC address filtering. Id. The firewall may perform a

IPR2015-01940U.S. Patent 8,102,863

40

stateful inspection because the firewall filters information based on “transactions

taking place through it,” and may also perform a stateless inspection because the

firewall may filter data traffic using “User Datagram Protocol (‘UDP’) port

numbers.” EX1003 at 23:56-67; EX1002 at ¶ 60.

It would have been obvious at the time of the invention to modify Margis’

content distribution system 400 to enable it to inspect incoming data based upon at

least one rule, like the security module 109 in Chen. Such a modification would

merely combine known elements–i.e., modifying Margis’ content distribution

system 400 to have the filtering and firewall features of security module 109.

EX1002 at ¶ 61. Furthermore, both Margis and Chen are focused on the security

problem of restricting device access to content via encryption methods. Id. And a

POSA would be motivated to combine these elements because doing so would

provide a desirable, safer, and more secure system, one where malicious data could

be filtered out before reaching any portable media device. Id. Therefore, it would

have been obvious to POSA to modify Margis’ content distribution system 400 to

provide functionality to inspect incoming data based upon at least one rule, as in

Chen. Id. POSA would have had a reasonable likelihood of success because the

modification of Margis’ content distribution system 400 to enable it enable it to

inspect incoming data based upon at least one rule (as in Chen) would be a

IPR2015-01940U.S. Patent 8,102,863

41

straightforward modification that would yield nothing more than predictable results

to one of skill in the art. Id.

2. Implementation of Margis’ DRM protection

As explained above, Margis’ content distribution system 400 enables

bidirectional communication at different speeds between content sources 300 and

portable media devices 100, and may shuttle content that is protected using DRM

techniques between the content sources and the media devices. EX1007 at 5:26-34,

6:49-54, and 20:9-11. To the extent one may argue Margis does not explicitly

disclose that content distribution system 400 is configured to use a DRM function

adapted to encode identified data such that the encoded data is transmitted to a

portable media device or provide license keys for decoding the encoded data,

Candelore teaches these elements.

Candelore relates to a system for encrypting digital content received over a

television cable network. Candelore teaches a gateway set-top box that receives

content in a digital

television signal. EX1005

at ¶ [0047]. The set-top

box may encrypt the

received content in

multiple ways—e.g.,

IPR2015-01940U.S. Patent 8,102,863

42

using two different DRM formats—and distribute the content to multiple devices.

Id. at Fig. 3 at ¶ [0051]. For example, in one embodiment, the gateway set-top box

may receive packets of data as part of a digital television signal, duplicate the

packets, encrypt the first duplicate packets and the second duplicate packets

according to first and second DRM methods, respectively, and replace the packets

in the digital television signal with the encrypted first duplicate packets and the

encrypted second duplicate packets for sending to separate set-top boxes. EX1005,

¶ [0052]; see also Fig. 4(depicting the encrypted first and second packets being

inserted into a stream for sending to devices), and Fig. 6, (depicting a gateway set-

top box 400 receiving and encrypting the content using two separate DRM

schemes for delivery to two separate devices.

Candelore teaches sending Entitlement Control Messages comprising

decryption keys for decrypting encrypted content to set-top boxes that have

permission to decrypt the content. See EX1005 at ¶¶ [0026], Table 1:

,

and [0043] (“[a]uthorized set-top boxes receive Entitlement Control Messages

(ECM) that are used to get access criteria and descrambling keys. The set-top box

attempts to apply the keys to the content”). Candelore further teaches that digital

IPR2015-01940U.S. Patent 8,102,863

43

content can be shared between the set-top box and authorized devices using

Ethernet or IEEE1394 (aka “FireWire”) connections. EX1005, ¶ [0028].

It would have been obvious at the time of the invention to modify Margis’

content distribution system 400 to enable it to provide license keys for decoding

encoded data to devices having permission to decode and consume the data, as in

Candelore. EX1002 at ¶ 65. Margis and Candelore both teach gateways (e.g.,

Margis’ content distribution system 400; Candelore’s gateway set-top box 400)

that receive content from one network and send it to multiple devices on a second

network. EX1007 at 20:9-11; EX1005 at ¶¶ [0013]-[0015], [0056]-[0057], and Fig.

6; EX1002 at 65. This would predictably combine known elements—i.e., Margis’

content distribution system 400 and providing descrambling keys to authorized

set-top boxes as in Candelore—in known ways available to a POSA. EX1002 at

¶ 65. Furthermore, both Margis and Candelore are focused on the security problem

of restricting device access to content via encryption methods, and both disclose an

embodiment for delivering television content. Id. Moreover, a POSA would be

motivated to combine these elements because it would result in a more desirable

single system, where multiple devices having different encoding systems can use

the same data. Id. Therefore, it would have been obvious to a POSA to modify

Margis’ content distribution system 400 to enable it to provide license keys for

decoding encoded data to devices having permission to consume the encoded data,

IPR2015-01940U.S. Patent 8,102,863

44

as in Candelore. Id. A POSA would have had a reasonable likelihood of success

because the modification of Margis’ content distribution system 400 to enable it to

provide license keys (as in Candelore) would be a straightforward modification

that would yield nothing more than predictable results to one of skill in the art,

including enabling multiple disparate devices having different encoding systems to

use the same data. Id.

As detailed below, the combination of Margis, Chen, and Candelore teaches

all elements of claims 1, 3-10, 15, and 17-19 of the ’863 patent.

[1.P] A gateway interconnecting a Wide Area Network (WAN) to a lower speed Wireless Local Area Network (WLAN) comprising:

Margis teaches content distribution system 400 (the claimed “gateway”) that connects content sources with portable media devices. See Fig. 7.

[1.A] an adaptable cross-layer offload engine;

Chen teaches an session manager 142 that receives and manages Protocol Data Units (i.e. data arriving from the wireless and wired network) to the gateway. See, e.g., Fig. 7. Session manager 142, which is implemented using corresponding session manager software architecture 150, manages receipt, storage, and transmission of information (the claimed “adaptable . . . offload engine”). Id. Session manager software architecture 150 comprises a latency management module 158, which manages latency of information on the network layer 156 and sends and receives protocol data units to and from the ADSL ATU-R 104 and/or wireless RF module 107. Transport layer 154 and network layer 156, also part of session manager software architecture 150, communicate with one another using protocol data units (PDUs). Transport layer 154 may send and receive PDUs to and from the network layer 156 (the claimed “cross-layer”).

IPR2015-01940U.S. Patent 8,102,863

45

See, e.g., Fig. 8. For example, see EX1003 (Chen) at 16:56-17:2: “FIG. 7 is a block diagram illustrating an exemplary home gateway interface software architecture 140. The home gateway interface software architecture 140 includes a session manager 142, a service manager 144, an interface manager 146 and a display manager 148.” See also id. at 17:7-38: “The session controller module 152 also sends and receives session control and status information to and from a transport layer 154 that is in communications with a network layer 156. . . . The transport layer 154 sends and receives transport layer protocol data units (“PDU”) to and from the network layer 156 . . . . The network layer 156 sends network layer PDUs to a latency management module 158. The latency management module 158 manages latency of information on the network layer 156. The latency management module 158 sends and receives protocol data units to and from the ADSL ATU-R 104 and/or wireless RF module 107.”

[1.B] a data cache associated with the offload engine;

Margis discloses that content distribution system 400 may buffer content when it is transmitted from the content source 300 to a portable media device 100. For example, see EX1007 at 5:26-34: “To help ensure smooth presentation, the viewing content 200 preferably is buffered when transmitted from the content source 300 to the portable media device 100. The buffering can be provided in any conventional manner, including via, for example, the portable media device 100 and/or the content source 300. When configured to communicate by way of a content distribution system 400 (shown in FIG. 7), the buffering likewise can be associated with the content distribution system 400, as desired.” Chen discloses a Buffer 102. Buffer 102 is associated with the session manager 142 because it works with the

IPR2015-01940U.S. Patent 8,102,863

46

rest of the gateway to temporarily store incoming and outgoing data (the claimed “data cache associated with the offload engine”) in the form of Protocol Data Units that arrive to it. See, e.g., EX1003 Fig. 7. For example, see EX1003 (Chen) at 13:38-43: “The exemplary integrated phone-based home gateway interface architecture 100 includes a receive and transmit or transceiver (“XCIVER”) buffer 102, an ADSL ATU-R 104, a splitter 106 including a high-pass filter and a low pass filter, a POTS telephone module 108, an RJ-11 interface 110 and a RJ-45 interface 111.”

[1.C] a network interface communicatively coupling the offload engine to the WAN and providing a first data rate; and

Margis teaches that Content Distribution System 400 has access points 410A-N for communicating with Content Sources 300A-N. Margis further teaches that “one or more wired and . . . wireless communication networks” can be used to connect portable media device 100 and content source 300 with one another. See Fig. 7. For example, see EX1007 at 20:5–21: “The portable media device 100 and the content source 300 can be configured to communication in any conventional manner, including directly and/or indirectly via one or more wired and/or wireless communication networks (or systems). Turning to FIG. 7, for example, a plurality of portable media devices 100 are shown as communicating with a plurality of content sources 300 via a content distribution system 400. The content distribution system 400 includes a plurality of conventional access points 410 for providing wired and/or wireless access to the content distribution system 400 and/or the content sources 300. As shown in FIG. 7, the content sources 300A-N can access the content distribution system 400 via access points 410A-N; whereas, access points 410A1-M, 410B1-P are configured to provide the portable media devices 100A1-N, 100B1-P with access to the content distribution system 400.”

IPR2015-01940U.S. Patent 8,102,863

47

See also id. at 21:4-9: “The content distribution system 400 can be provided as a conventional wired and/or wireless communication network, including a telephone network, a local area network (LAN), a wide area network (WAN), a campus area network (CAN), personal area network (PAN) and/or a wireless local area network (WLAN), of any kind.”

[1.D] a wireless interface associated with the offload engine and adapted to communicate with a plurality of user devices within the WLAN, the wireless interface providing a second data rate that is less than the first data rate of the network interface;

Margis discloses that Content Distribution System 400 has access points 410A1-410AM for communicating with portable media devices 100A1-100AM. Margis further teaches that one or more different networks can be used to connect portable media device 100 and content source 300 with one another. See Fig. 7. For example, see EX1007 at 20:5–21: “The portable media device 100 and the content source 300 can be configured to communication in any conventional manner, including directly and/or indirectly via one or more wired and/or wireless communication networks (or systems). Turning to FIG. 7, for example, a plurality of portable media devices 100 are shown as communicating with a plurality of content sources 300 via a content distribution system 400. The content distribution system 400 includes a plurality of conventional access points 410 for providing wired and/or wireless access to the content distribution system 400 and/or the content sources 300. As shown in FIG. 7, the content sources 300A-N can access the content distribution system 400 via access points 410A-N; whereas, access points 410A1-M, 410B1-P are configured to provide the portable media devices 100A1-N, 100B1-P with access to the content distribution system 400.” See also id. at 21:4–9: “The content distribution system 400 can be provided as a conventional wired and/or wireless communication network, including a telephone network, a local area network (LAN), a wide area network (WAN), a campus area network (CAN), personal area network (PAN) and/or a wireless local

IPR2015-01940U.S. Patent 8,102,863

48

area network (WLAN), of any kind.” [1.E] wherein the offload engine is adapted to: See [1.A] above. [1.F] receive incoming data from the WAN via the network interface at the first data rate;

Margis teaches content distribution system 400 receiving data from a content source 300 over a high-speed connection. See Fig. 7. The connection between content distribution system 400 may be implemented using an access point that operates at 1000 mbps (the claimed “first data rate”). For example, see EX1007 at 21:17-26: “Preferably being configured to support high-speed data communications among the portable media devices 100A1-M, 100B1-M and the content sources 300A-N, the content distribution system 400 preferably comprises a high-speed Ethernet network, such as any type of Fast Ethernet (such as 100Base-X and/or 100Base-T) communication network and/or Gigabit (such as 1000Base-X and/or 1000Base-T) Ethernet communication network, with a typical data transfer rate of at least approximately one hundred megabits per second (100 Mbps).”

[1.G] store the incoming data in the data cache; and

Margis discloses that content distribution system 400 may buffer content when it is transmitted from the content source 300 to a portable media device 100. For example, see EX1007 at 5:26-34: “To help ensure smooth presentation, the viewing content 200 preferably is buffered when transmitted from the content source 300 to the portable media device 100. The buffering can be provided in any conventional manner, including via, for example, the portable media device 100 and/or the content source 300. When configured to communicate by way of a content distribution system 400 (shown in FIG. 7), the buffering likewise can be associated with the content distribution system 400, as desired.” Chen discloses a Buffer 102. Buffer 102 is associated with the session manager 142 because it works with the rest of the gateway to temporarily store incoming and

IPR2015-01940U.S. Patent 8,102,863

49

outgoing data (the claimed “data cache associated with the offload engine”). For example, see EX1003 at 13:38-43: “The exemplary integrated phone-based home gateway interface architecture 100 includes a receive and transmit or transceiver (“XCIVER”) buffer 102, an ADSL ATU-R 104, a splitter 106 including a high-pass filter and a low pass filter, a POTS telephone module 108, an RJ-11 interface 110 and a RJ-45 interface 111.”

[1.H] transmit the incoming data from the data cache to a corresponding one of the plurality of user devices in the WLAN via the wireless interface at the second data rate;

Margis discloses content distribution system 400 sending data to a portable media device 100 over a wireless connection. See Fig. 7. The connection between content distribution system 400 may be implemented using an wireless access point that operates at 11mbps (the claimed “second data rate”). See EX1009 at 2. For example, see EX1007 at 21:4-16: “The content distribution system 400 can be provided as a conventional wired and/or wireless communication network, including a telephone network, a local area network (LAN), a wide area network (WAN), a campus area network (CAN), personal area network (PAN) and/or a wireless local area network (WLAN), of any kind. Exemplary wireless local area networks include wireless fidelity (Wi-Fi) networks in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 802.11, Bluetooth networks in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 802.15.1, and/or wireless metropolitan-area networks (MANs), which also are known as WiMax Wireless Broadband, in accordance with IEEE Standard 802.16.”

[1.I] further wherein the gateway further comprises: See [1.P] above. [1.J] a rule check engine adapted to inspect the incoming data from the WAN based upon at least one rule prior to

Chen discloses a security module 109 that includes a firewall for filtering and inspecting incoming data (the claimed “rule check engine adapted to inspect the incoming data from the WAN based upon at least one rule prior to transmitting the incoming data to the

IPR2015-01940U.S. Patent 8,102,863

50

transmitting the incoming data to the corresponding one of the plurality of user devices in the WLAN, the at least one rule comprises at least one Digital Rights Management (DRM) rule and the rule check engine operates to identify data to be processed by a DRM function and initiate the DRM function for the identified data; and

corresponding one of the plurality of user devices in the WLAN”). See, e.g., Fig. 6B. For example, see EX1003 at 25:11–14: “In one embodiment of the present invention, the security module 109 includes a firewall that provides at least IP address filtering, TCP/UDP port filtering, and MAC/LLC address filtering.” Margis teaches that content received from a content source 300 may be sent to portable media device 100 in encrypted and/or protected format using DRM controls (the claimed “the at least one rule comprises at least one Digital Rights Management (DRM) rule”). The content 200 may be encrypted in any manner (the claimed “the rule check engine operates to identify data to be processed by a DRM function and initiate the DRM function for the identified data”). For example, see EX1007 at 6:46-62: “By streaming the viewing content 200 to the portable media device 100, loss, such as by theft, of the portable media device 100 therefore does not also result in loss of the viewing content 200. To help further ensure the security of the viewing content 200, the viewing content 200 preferably is streamed to the portable media device 100 in an encrypted format and/or can be provided with one or more other digital rights management (DRM) controls. Thereby, the viewing content 200 can be protected against any unauthorized use, copying, and/or dissemination, and/or, even if intercepted or otherwise stolen, the encrypted viewing content 200 will not be readily usable. The viewing content 200 can be encrypted in any conventional manner, including the use of proprietary encryption techniques. By streaming the viewing content 200 from the content source 300, the quantity and complexity of the components comprising the portable media device 100 can be reduced.” 6:46-62.

[1.K] the DRM function Margis teaches that content received from a content

IPR2015-01940U.S. Patent 8,102,863

51

initiated by the rule check engine based on the at least one DRM rule, the DRM function being adapted to encode the identified data such that encoded data is transmitted to the corresponding one of the plurality of user devices within the WLAN, and

source 300 may be sent to portable media device 100 in encrypted format in any manner (the claimed “DRM function being adapted to encode the identified data such that encoded data is transmitted to the corresponding one of the plurality of user devices within the WLAN”). For example, see EX1007 at 6:46-62: “By streaming the viewing content 200 to the portable media device 100, loss, such as by theft, of the portable media device 100 therefore does not also result in loss of the viewing content 200. To help further ensure the security of the viewing content 200, the viewing content 200 preferably is streamed to the portable media device 100 in an encrypted format and/or can be provided with one or more other digital rights management (DRM) controls. Thereby, the viewing content 200 can be protected against any unauthorized use, copying, and/or dissemination, and/or, even if intercepted or otherwise stolen, the encrypted viewing content 200 will not be readily usable. The viewing content 200 can be encrypted in any conventional manner, including the use of proprietary encryption techniques. By streaming the viewing content 200 from the content source 300, the quantity and complexity of the components comprising the portable media device 100 can be reduced.”

[1.L] provide license keys for decoding the encoded data to desired ones of the plurality of user devices having permission to consume the encoded data.

Candelore teaches that the DRM systems have the ability to deliver decryption keys to authorized set-top boxes using Entitlement Control. For example, see EX1005 at ¶ [0043]: “Authorized set-top boxes receive Entitlement Control Messages (ECM) that are used to get access criteria and descrambling keys. The set-top box attempts to apply the keys to the content.”

[3.] The gateway of claim 1 wherein the network interface is coupled to the WAN via

Chen teaches that the gateway may be connected to a broadband network using a fiber-optic cable and that the gateway may be in a home.

IPR2015-01940U.S. Patent 8,102,863

52

a Fiber-to-the-Home (FTTH) connection.

For example, see EX1003 at 3:27-33: “The phone-based home gateway interface 18 and gateway interface 212 (FIG. 15) may also be connected to other computer networks 24 such as the Internet, an intranet, etc. via coaxial cable, fiber optic cable other connection media or other connection interfaces such as wireless interfaces. The gateway interface 212 may also be connected to the PSTN 22.”

[4.] The gateway of claim 1 wherein the wireless interface operates according to one of the plurality of IEEE 802.11 standards.

Margis discloses content distribution system 400 sending data to a portable media device 100 over a wireless connection. See Fig. 7. For example, see EX1007 at 21:4-16: “The content distribution system 400 can be provided as a conventional wired and/or wireless communication network, including a telephone network, a local area network (LAN), a wide area network (WAN), a campus area network (CAN), personal area network (PAN) and/or a wireless local area network (WLAN), of any kind. Exemplary wireless local area networks include wireless fidelity (Wi-Fi) networks in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 802.11, Bluetooth networks in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 802.15.1, and/or wireless metropolitan-area networks (MANs), which also are known as WiMax Wireless Broadband, in accordance with IEEE Standard 802.16.”

[5.] The gateway of claim 1 wherein the first data rate provided by the network interface is at least 1 Gigabit per second (Gbps).

Margis teaches content distribution system 400 receiving data from a content source 300 over a high-speed connection. See Fig. 7. The connection may be a 1000 mbps connection. For example, see EX1007 at 21:17-26: “Preferably being configured to support high-speed data communications among the portable media devices 100A1-M, 100B1-M and the content sources 300A-N, the content distribution system 400 preferably comprises a high-speed Ethernet network, such as any type of Fast Ethernet (such as 100Base-X and/or

IPR2015-01940U.S. Patent 8,102,863

53

100Base-T) communication network and/or Gigabit (such as 1000Base-X and/or 1000Base-T) Ethernet communication network, with a typical data transfer rate of at least approximately one hundred megabits per second (100 Mbps).”

[6.] The gateway of claim 5 wherein the second data rate provided by the WLAN is less than or equal to 500 Megabits per second (Mbps).

Margis discloses content distribution system 400 sending data to a portable media device 100 over a wireless connection. See Fig. 7. The connection between content distribution system 400 may be implemented using an wireless access point that uses IEEE 802.11, which operates at 11mbps (the claimed “second data rate”). See EX1009 at 2. For example, see EX1007 at 21:4-16: “The content distribution system 400 can be provided as . . . a wireless local area network (WLAN), of any kind. Exemplary wireless local area networks include wireless fidelity (Wi-Fi) networks in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 802.11 . . . .”

[7.] The gateway of claim 1 wherein the rule check engine performs a stateful inspection of the incoming data.

Chen teaches that the firewall in security module 109 may inspect data traffic, and may have information on “transactions” that are taking place through the firewall. A firewall that has information on transactions that are taking place through it performs a “stateful inspection,” in that the firewall maintains information about the transactions. For example, see EX1003 at 23:56-59: “To implement filtering, a firewall is designed to interpret the type of data traffic that is being sent through it. The more information that a firewall has about transactions taking place through it, the more security it can provide.” See also id. at 25:11-14: “In one embodiment of the present invention, the security module 109 includes a firewall that provides at least IP address filtering, TCP/UDP port filtering, and MAC/LLC address filtering.”

[8.] The gateway of Chen teaches that the firewall in security module 109

IPR2015-01940U.S. Patent 8,102,863

54

claim 1 wherein the rule check engine performs a stateless inspection of the incoming data.

may inspect data traffic based on particular information included in each packet, known as packet filtering. The packet filtering may be done based on, for example, MAC addresses or network addresses. Such an inspection is stateless, in the inspection is performed without using information about a transaction. For example, see EX1003 at 23:60-67: “Firewall security mechanisms include packet filtering. Packet filtering includes using the content of data packets passing through the firewall to determine if a packet should be allowed to pass through the firewall. For example, data-link layer addresses such as MAC and LLC addresses, network addresses such as IP addresses and source and destination transmission port numbers, such as TCP or User Datagram Protocol (‘UDP’) port numbers are used to filter data traffic.” See also id. at 25:11-14: “In one embodiment of the present invention, the security module 109 includes a firewall that provides at least IP address filtering, TCP/UDP port filtering, and MAC/LLC address filtering.”

[9.] The gateway of claim 1 wherein the at least one rule further comprises at least one intrusion detection rule for detecting malicious network traffic.

Chen teaches that the firewall in security module 109 may inspect and filter data traffic based on the data being suspicious or dangerous or containing malicious/hostile attacks. For example, see EX1003 at 23:50-59: “As is known in the art, firewalls are a security feature used to protect a network from potentially hostile attacks from outside the network. For example, a firewall may protect LAN 12 from malicious attacks from the Internet 24 or another network 22. Firewalls typically provide security services by filtering out data traffic that may be inappropriate, suspicious or dangerous. To implement filtering, a firewall is designed to interpret the type of data traffic that is being sent through it. The more information that a firewall has about transactions taking place through it, the more security it can

IPR2015-01940U.S. Patent 8,102,863

55

provide.” [10.] The gateway of claim 1 wherein the at least one rule further comprises at least one content rule identifying a type of content to block from entering the WLAN.

Chen teaches that the firewall in security module 109 may inspect data traffic and filter from being received by other devices, based on the data being “inappropriate.” For example, see EX1003 at 23:50-59: “As is known in the art, firewalls are a security feature used to protect a network from potentially hostile attacks from outside the network. For example, a firewall may protect LAN 12 from malicious attacks from the Internet 24 or another network 22. Firewalls typically provide security services by filtering out data traffic that may be inappropriate, suspicious or dangerous. To implement filtering, a firewall is designed to interpret the type of data traffic that is being sent through it. The more information that a firewall has about transactions taking place through it, the more security it can provide.”

[15.] The gateway of claim 1 wherein the offload engine is further adapted to: receive outgoing data from one of the plurality of user devices within the WLAN at the second data rate provided by the wireless interface; buffer the outgoing data in the data cache; and transmit the outgoing data from the data cache to a desired end point via the network interface at the first data rate of the network interface.

Margis teaches that the portable media devices 100 may also update data to content sources 300 using the same access points 410A1-410AM that are used for downloading data from content sources 300. See Fig. 7. For example, see EX1007 at 20:53-57: “Similarly, one or more of the portable media devices 100A1-M, 100B1-M can transmit upload content 260A1-M, 260B1-M to one or more of the content sources 300A-N as upload content 260A-N, respectively, via the content distribution system 400.”

See also id. at 13:23-28: “The portable media device 100 of FIG. 3B is shown as being configured to support two-way communications with the content source (shown in FIGS. 2A-B). The portable media device 100 thereby can transmit (or upload) upload content 260 as illustrated in FIG. 3B.”

[17.A] A method of interconnecting a Wide Area Network (WAN) and a lower speed Wireless Local Area Network (WLAN) comprising: receiving incoming data from the WAN at a first data rate;

See [1.F] above.

IPR2015-01940U.S. Patent 8,102,863

56

[17.B] offloading the incoming data to a data cache; See [1.G] above.[17.C] inspect the incoming data from the WAN based upon at least one Digital Rights Management (DRM) rule to identify data to be processed by a DRM function;

See [1.J] above.

[17.D] encoding, by the DRM function, the identified data to provided encoded data;

See [1.K] above.

[17.E] transmitting the incoming data, including the encoded data, from the data cache to a corresponding one of a plurality of user devices within the WLAN at a second data rate of the WLAN that is less than the first data rate of the WAN; and

See [1.H] above.

[17.F] providing a license key for decoding the encoded data to the corresponding one of the plurality of user devices if the corresponding one of the plurality of user devices has permission to consume the encoded data.

See [1.L] above.

[18.] The method of claim 17 wherein transmitting the incoming data from the data cache comprises transmitting the incoming data from the data cache according to an adaptable cross-layering scheme.

See [1.A] above.

[19.] The method of claim 17 wherein receiving the incoming data comprises receiving the incoming data from the WAN via a Fiber-to-the-Home (FTTH) connection.

See [3] above.

I. Ground 4: Margis in view of Chen, Candelore, and Krishnaswamy

renders claim 2 obvious

Krishnaswamy discloses a wireless communication device that comprises a

Distributed Network Information Base (DNIB) and a Service Agent. EX1006 at

¶ [0013]. The wireless communication device may be, for example, an access

point, a base station, a wireless interface, or any other device that receives and

transmits information wirelessly. Id. at ¶ [0028]. The DNIB stores network

information and the Service Agent may communicate network information stored

in the DNIB between non-adjacent layers of a protocol stack. Id. at ¶¶ [0013],

[0029]. These “cross-layer optimization techniques” may be used to address

IPR2015-01940U.S. Patent 8,102,863

57

quality-of-service and bandwidth constraints in computer networks, which results

in a more efficient network. EX1006 at ¶ [0014]; EX1002 at ¶ 67. For example, the

Service Agent may communicate information directly from the physical layer to

the network layer. EX1006 at ¶ [0014]. Figure 2 (reproduced above) demonstrates

that the physical and network layers are non-adjacent layers. The cross-layer

technique used by the Service Agent in Krishnaswamy enables it to “maintain (or

even enhance) performance of currently active application-layer applications as

network conditions change.” EX1006 at ¶ [0029].

It would have been obvious to optimize the session manager software

architecture 150 in Chen to communicate network information between

non-adjacent layers of a protocol stack, as cross-layer communication was a

well-known optimization at the time of filing for the ’863 patent. EX1002 at ¶ 69.

This optimization combines known elements—i.e., Chen’s session manager

software architecture 150 with the cross-layer communication optimization

techniques of Krishnaswamy. Moreover, Chen and Krishnaswamy both teach using

common wireless techniques to transmit information. The gateway in Chen would

benefit from the cross-layer communication optimization techniques in

Krishnaswamy as it would help to maintain or improve network performance.

EX1002 at ¶ 69. For example, both Chen and Krishnaswamy relate to sending and

receiving multimedia data. EX1003 at 1:26-31 (“data, voice, and video”) and 59-

IPR2015-01940U.S. Patent 8,102,863

58

62 (“voice, video and data”); 7:1-9 (“audio or video communications”), and

EX1006 at ¶ [0002] (“real-time, multimedia videoconferencing”), ¶ [0013]

(“optimize multimedia performance”) and ¶ [0037] (“multimedia streaming

application in which a packetized video stream is communicated between end-

nodes”); EX1002 at ¶ 69. For similar reasons, POSA would have had a reasonable

likelihood of success, because the modification of Chen’s session manager

software architecture 150 to enable cross-layer communication would be a

straightforward software modification that would yield nothing more than

predictable results to one of skill in the art, including addressing network

constraints, improved speeds and network performance, and maintained or

enhanced performance of active application-layer communications. EX1006 at

¶¶ [0014], [0029], EX1002 at ¶ 69. Therefore, it would have been obvious to

POSA to modify Chen’s session manager software architecture 150 to enable it to

communicate network information between non-adjacent layers of a protocol

stack, as in Krishnaswamy. EX1002 at ¶ 69.

[2.] The gateway of claim 1 wherein the offload engine comprises a number of protocol stack layers from a protocol stack of the gateway and is implemented in a cross-layer architecture enabling

Krishnaswamy teaches a Distributed Network Information Base (DNIB) that stores network information, and a Service Agent that communicates network information stored in the DNIB between non-adjacent layers of a protocol stack. See, e.g., Fig. 2. For example, see EX1006 (Krishnaswamy) at ¶ [0013]: “In accordance with some embodiments of the present invention, at least some wireless communication devices 102, including access points 108 and base stations 110,

IPR2015-01940U.S. Patent 8,102,863

59

communication between non-adjacent layers in the protocol stack.

may include a service agent (SA) 104 and a distributed network information base (DNIB) 106. Distributed network information bases (DNIB) 106 may store network information in a distributed fashion. Service agents 104 may communicate network information stored in their associated distributed network information base 106 directly between non-adjacent layers of a protocol stack. In some embodiments, service agents 104 utilize the network information to at least maintain or enhance performance of currently active application-layer applications as network conditions change. In some embodiments, service agents 104 may help optimize multimedia performance as network conditions change and may dynamically respond to changes in link quality, as further discussed below.”

IX. CONCLUSION

For these reasons, challenged claims 1-15 and 17-21 are unpatentable and

should be cancelled. Petitioner respectfully requests that the Board grant this

petition for inter partes review and institute trial. 4 The undersigned attorneys

welcome a telephone call should the Office have any requests or questions. If there

are any additional fees due in connection with the filing of this paper, please charge

the required fees to our Deposit Account No. 06-0916.

4 Petitioner reserves the right to apply additional prior art and arguments,

depending on what arguments and/or amendments Patent Owner might present.

Petitioner also reserves the right to cite and apply any additional art it might

discover as relevant to the issued claims or any amended claims, as the inter partes

review proceeds.

IPR2015-01940U.S. Patent 8,102,863

60

Dated: September 22, 2015 Respectfully submitted,

By: /P. Andrew Riley/ P. Andrew Riley Reg. No. 66,290 Finnegan, Henderson, Farabow, Garrett & Dunner, LLP 901 New York Avenue, NW Washington, DC 20001-4413 Telephone: 202.408.4266 Facsimile: 202.408.4400 E-mail: [email protected] Joshua L. Goldberg, Backup Counsel Reg. No. 59,369 Finnegan, Henderson, Farabow, Garrett & Dunner, LLP 901 New York Avenue, NW Washington, DC 20001-4413 Telephone: 202.408.6092 Facsimile: 202.408.4400 E-mail: [email protected] Christopher C. Johns, Backup Counsel Reg. No. 68,664 Finnegan, Henderson, Farabow, Garrett & Dunner, LLP 901 New York Avenue, NW Washington, DC 20001-4413 Telephone: 202.408.4155 Facsimile: 202.408.4400 E-mail: [email protected] Jonathan Stroud, Backup Counsel Reg. No. 72,518 Unified Patents Inc. 1875 Connecticut Ave. NW, Floor 10 Telephone: 202.805.8931 Facsimile: 650.887.0349 E-mail: [email protected]

Documents

Unified v. Qurio, IPR2015-01940, Paper 1