DCT
8:19-cv-00988
Uniloc 2017 LLC v. Microsoft Corp
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: Uniloc 2017 LLC (Delaware)
- Defendant: Microsoft Corporation (Washington)
- Plaintiff’s Counsel: FEINBERG DAY ALBERTI LIM & BELLOLI LLP
- Case Identification: Uniloc 2017 LLC v. Microsoft Corporation, 8:19-cv-00988, C.D. Cal., 05/23/2019
- Venue Allegations: Plaintiff alleges venue is proper because Defendant has committed acts of infringement and maintains regular and established places of business within the Central District of California.
- Core Dispute: Plaintiff alleges that Defendant’s Microsoft PlayReady digital rights management technology infringes a patent related to managing the reputation of networked devices.
- Technical Context: The technology concerns systems for determining the trustworthiness of remote computer devices based on their past behavior, a critical function for securing digital content and online services against malicious actors.
- Key Procedural History: The complaint alleges that Plaintiff provided Defendant with notice of infringement via a letter on May 23, 2019, the same day the lawsuit was filed, which may form the basis for allegations of post-filing willful infringement.
Case Timeline
| Date | Event |
|---|---|
| 2011-12-02 | U.S. Patent No. 8,881,273 Priority Date |
| 2014-11-04 | U.S. Patent No. 8,881,273 Issue Date |
| 2019-05-23 | Complaint Filing Date |
| 2019-05-23 | Date of Uniloc's Notice Letter to Microsoft |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 8,881,273 - "Device Reputation Management"
- Patent Identification: U.S. Patent No. 8881273, "Device Reputation Management," issued November 4, 2014.
The Invention Explained
- Problem Addressed: The patent addresses the challenge of securing computer networks against unauthorized intrusions, noting that a small minority of malicious users are responsible for a large number of attacks, and that conventional identifiers like IP addresses are inadequate for reliably identifying the source device. (’273 Patent, col. 1:33-42, col. 2:10-19).
- The Patented Solution: The invention describes a centralized "device reputation server" that aggregates reports of attacks from multiple service-providing servers. When a client device requests access to a service, the service provider can query the reputation server to assess the client's trustworthiness based on a history of its involvement in prior attacks. This reputation is tied to the device itself via a "digital fingerprint," allowing a device's malicious activity on one part of the network to impact its access rights across the entire ecosystem. ('273 Patent, Abstract; col. 2:1-9).
- Technical Importance: This approach sought to create a more persistent and reliable security framework by tying reputation to the physical device rather than to easily changed network identifiers, thereby making it harder for malicious actors to evade detection. ('273 Patent, col. 2:10-19).
Key Claims at a Glance
- The complaint asserts infringement of independent claim 1. (Compl. ¶13).
- The essential elements of independent claim 1 are:
- Receiving data representing one or more attacks by one or more perpetrating devices.
- Receiving a request for a reputation of the subject device through a computer network.
- Determining whether the subject device is one of the perpetrating devices.
- Retrieving data representing one or more of the attacks that are associated with the subject device.
- Quantifying a measure of trustworthiness of the subject device based on the attack data.
- Sending data representing the measure of trustworthiness in response to the request.
III. The Accused Instrumentality
Product Identification
- The complaint identifies Microsoft PlayReady, a "content access and protection technology," and the electronic devices that use it as the "Accused Infringing Devices." (Compl. ¶¶6, 12).
Functionality and Market Context
- Microsoft PlayReady is a digital rights management (DRM) system used to control the distribution and use of digital audio/video content. (Compl. ¶14). The system involves client devices requesting licenses from servers to play protected content. (Compl. ¶16). Features like "SecureStop" and "SecureStop2" are used to report on the state of media playback, including unexpected terminations that the complaint alleges can be "malicious" and represent "attacks." (Compl. ¶15). The system allegedly uses this information to manage device reputation, which influences whether a license is issued, declined, or issued with greater restrictions. (Compl. ¶¶16, 19). The diagram titled "PlayReady SecureStop, SecureStop2" illustrates data being sent from devices in an account to a "Secure Stop Service," which in turn interacts with "Service Logic." (Compl. p. 5).
IV. Analysis of Infringement Allegations
'273 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| receiving data representing one or more attacks by one or more perpetrating devices | The Accused Infringing Devices' "Secure Stop Server" receives data from PlayReady clients, including "malicious Secure Stop messages (e.g., SecureStop2 messages)," which allegedly represent attacks by perpetrating devices. | ¶15 | col. 9:16-18 |
| receiving a request for a reputation of the subject device through a computer network | The server for the Accused Infringing Devices receives a "License Request" from a subject device over a computer network, which the complaint frames as a request for reputation. | ¶16 | col. 9:19-21 |
| determining whether the subject device is one of the perpetrating devices | After receiving a license request, the server and "Service Logic" determine if the subject device is a perpetrating device, which can result in revocation of the device’s license. | ¶¶19, 20 | col. 9:22-24 |
| retrieving data representing one or more of the attacks that are associated with the subject device | The server running the "Service Logic" retrieves data representing attacks (e.g., malicious SecureStop messages) from the "Secure Stop Service server." | ¶22 | col. 9:25-26 |
| quantifying a measure of trustworthiness of the subject device from the data representing one or more of the attacks that are associated with the subject device | The Accused Infringing Devices "measure quantifiably the trustworthiness of the subject devices" by monitoring attack frequency and severity. This is allegedly exemplified by assessing the "robustness" of SecureStop messages as "high" or "medium." | ¶¶23, 24 | col. 9:27-29 |
| and sending data representing the measure of trustworthiness of the subject device in response to the request | Data representing the trustworthiness is allegedly sent from the License Server to the subject device in the form of a full, partial, or declined license. A diagram shows that a license request results in either allowing or disallowing binding based on a security level check. (Compl. p. 9). | ¶25 | col. 9:29-30 |
- Identified Points of Contention:
- Scope Questions: The complaint alleges that routine system reports, such as "Secure Stop" messages indicating a user stopped playback or an application crashed, constitute "data representing one or more attacks." (Compl. ¶15). A central question will be whether the term "attack," in the context of the patent, can be construed to read on these types of standard operational events, or if it requires a higher showing of malicious or unauthorized activity.
- Technical Questions: The patent specification provides a numerical scale (e.g., 0.0 to 1.0) as an example of "quantifying a measure of trustworthiness." ('273 Patent, col. 5:6-8). The complaint alleges that Microsoft's qualitative assessment of "robustness" (e.g., "high," "medium") meets this limitation. (Compl. ¶24). This raises the question of whether a categorical label satisfies the "quantifying" requirement of the claim.
V. Key Claim Terms for Construction
The Term: "data representing one or more attacks"
- Context and Importance: This term's construction is critical, as it defines the trigger for the entire reputation management method. Plaintiff’s theory relies on interpreting system status messages from the accused PlayReady technology as data representing "attacks."
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The patent does not provide a rigid definition of "attack." The specification describes security failures generally, such as gaining unauthorized access to resources, which could support an interpretation that any non-compliant behavior posing a security risk constitutes an "attack." ('273 Patent, col. 1:39-42).
- Evidence for a Narrower Interpretation: The patent's background consistently frames the problem in terms of a "person with malicious intent" and "unauthorized intrusions." ('273 Patent, col. 1:39-42). This language may support an argument that an "attack" requires evidence of maliciousness, not merely a technical fault or a documented, expected system behavior like an application crash.
The Term: "quantifying a measure of trustworthiness"
- Context and Importance: Whether Microsoft's system "quantifies" anything will be a key dispute. The complaint points to qualitative tiers of "robustness" as evidence of quantification.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The plain meaning of "quantify" can include expressing as a determinate quantity. Parties may argue that assigning a device to one of several discrete, ordered categories (e.g., "low," "medium," "high") is a form of quantification.
- Evidence for a Narrower Interpretation: The specification provides a specific example of quantification as a numerical reputation "along a scale from entirely malicious to entirely trustworthy e.g., from 0.0 for malicious to 1.0 for trustworthy." ('273 Patent, col. 5:5-8). This could be used to argue that the patent teaches a numerical scoring system, not a qualitative one.
VI. Other Allegations
- Indirect Infringement: The complaint alleges inducement by asserting that Microsoft instructs customers on how to use the accused PlayReady system through training videos, brochures, and user guides available on its websites. (Compl. ¶27). It alleges contributory infringement by asserting that the accused technology is a material part of the invention, especially adapted for infringement, and not a staple article of commerce. (Compl. ¶28).
- Willful Infringement: The complaint alleges that Microsoft had notice of its infringement as of a letter dated May 23, 2019. (Compl. ¶29). This forms the basis for potential post-suit willfulness if infringement is found to have continued after that date.
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of definitional scope: can standard operational events within the accused DRM system, such as application crashes or user-initiated session terminations reported via "Secure Stop" messages, be construed as "attacks" within the meaning of the asserted patent claim?
- A key question of functional interpretation will be whether applying tiered policies (e.g., issuing a restricted license) or assigning a qualitative label (e.g., "high robustness") to a device meets the claim limitation of "quantifying a measure of trustworthiness," especially when the patent’s specification offers a numerical scale as its primary example.
- The case may also turn on an evidentiary question: does the complaint sufficiently allege that the accused PlayReady system identifies devices using a consistent identifier that links them to specific past "attacks," as is central to the patent’s concept of building a persistent device reputation?