Intertrust Tech Corp v. AMC Entertainment Holdings Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Intertrust Technologies Corporation (Delaware)
  • Defendant: AMC Entertainment Holdings, Inc. (Delaware)
  • Plaintiff’s Counsel: Quinn Emanuel Urquhart & Sullivan, LLP; Ward, Smith & Hill, PLLC
• Case Identification: 2:19-cv-00265, E.D. Tex., 08/07/2019
• Venue Allegations: Plaintiff alleges venue is proper because Defendant AMC Entertainment Holdings, Inc. has committed acts of infringement in the Eastern District of Texas and maintains regular and established places of business in the district, including specific movie theater locations in Tyler and Lufkin.
• Core Dispute: Plaintiff alleges that Defendant's use of Digital Cinema Initiatives (DCI)-compliant digital cinema equipment infringes eleven patents related to digital rights management (DRM), secure computing, and protected content distribution.
• Technical Context: The dispute centers on the foundational security architecture for digital cinema, a technology critical for the secure distribution and exhibition of high-value motion pictures in commercial theaters.
• Key Procedural History: The complaint alleges that the Defendant had pre-suit knowledge of each of the asserted patents and its alleged infringement of them "at least by on or about April, 2018," over a year before the complaint was filed. This allegation of pre-suit notice forms the basis for the claims of willful infringement.

Case Timeline

Date	Event
1995-02-13	Earliest Priority Date for U.S. Patent No. 6,640,304
1996-08-12	Earliest Priority Date for U.S. Patent No. 6,157,721
1999-06-08	Earliest Priority Date for U.S. Patent No. 6,785,815
1999-12-14	Earliest Priority Date for U.S. Patent No. 7,340,602
2000-06-07	Earliest Priority Date for U.S. Patent No. 8,526,610
2000-12-05	U.S. Patent No. 6,157,721 Issued
2001-06-11	Earliest Priority Date for U.S. Patent Nos. 7,694,342 & 8,931,106
2002-03-25	Earliest Priority Date for U.S. Patent Nos. 8,191,157 & 8,191,158
2003-10-28	U.S. Patent No. 6,640,304 Issued
2004-08-31	U.S. Patent No. 6,785,815 Issued
2005-01-21	Earliest Priority Date for U.S. Patent No. 7,406,603
2005-01-21	Earliest Priority Date for U.S. Patent No. 9,569,627
2005-01-01	Original Digital Cinema Initiatives (DCI) specification released
2008-03-04	U.S. Patent No. 7,340,602 Issued
2008-07-29	U.S. Patent No. 7,406,603 Issued
2010-04-06	U.S. Patent No. 7,694,342 Issued
2012-05-29	U.S. Patent Nos. 8,191,157 & 8,191,158 Issued
2013-09-03	U.S. Patent No. 8,526,610 Issued
2015-01-06	U.S. Patent No. 8,931,106 Issued
2017-02-14	U.S. Patent No. 9,569,627 Issued
2018-04-01	Alleged pre-suit notice of infringement provided to Defendant
2019-08-07	Complaint Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 6,157,721 - Systems and methods using cryptography to protect secure computing environments

The Invention Explained

• Problem Addressed: The patent addresses the security risks posed by harmful computer programs like viruses and Trojan horses, particularly in networked environments where "load modules" or other executable code fragments can be downloaded from an external source and executed on a local computer (’721 Patent, col. 1:17-2:65).
• The Patented Solution: The invention proposes a system where a trusted "verifying authority" tests and digitally signs executable "load modules" to certify their authenticity and safety. A secure computing environment can then verify this digital signature before executing the code, thereby distinguishing between trusted and untrusted software. The system also contemplates different "assurance levels" corresponding to environments with varying degrees of tamper resistance (e.g., software-based vs. hardware-based security) (’721 Patent, Abstract; col. 4:60-65).
• Technical Importance: This framework provided a method for establishing trust in distributed computing environments, which was becoming critical with the rise of the internet and technologies like Java that relied on executing downloaded code (’721 Patent, col. 3:5-9).

Key Claims at a Glance

• The complaint asserts independent claim 9 (Compl. ¶29).
• Claim 9 recites a method with the following essential elements:
  • receiving a load module,
  • determining whether the load module has an associated digital signature,
  • if it does, authenticating the digital signature using at least one public key secured behind a tamper resistant barrier and therefore hidden from the user; and
  • conditionally executing the load module based at least in part on the results of the authentication.

U.S. Patent No. 6,640,304 - Systems and methods for secure transaction management and electronic rights protection

The Invention Explained

• Problem Addressed: The patent’s background section identifies the need for a comprehensive framework to enable secure electronic commerce and rights management for digital content distributed over networks. This framework, termed a "virtual distribution environment" (VDE), must protect the rights of content creators and distributors while allowing for flexible and efficient commercial transactions (’304 Patent, col. 1:21-2:48).
• The Patented Solution: The invention describes a system architecture for a VDE where digital content is packaged in secure containers with associated rules and controls. These controls are enforced by a secure processing unit (SPU) on a user's device, which can monitor usage of the content and report that information back to rights holders or a central clearinghouse for purposes like billing or auditing (’304 Patent, Abstract; col. 7:51-8:13).
• Technical Importance: This architecture provided a foundational blueprint for building a trusted digital marketplace, balancing strong content protection with flexible distribution and a variety of usage and payment models (’304 Patent, col. 2:49-3:2).

Key Claims at a Glance

• The complaint asserts independent claim 24 (Compl. ¶38).
• Claim 24 recites a method with the following essential elements:
  • receiving the digital file;
  • receiving a first entity's control information separately from the digital file;
  • using the first entity's control information to govern, at least in part, a use of the digital file at the computing system; and
  • reporting information relating to the use of the digital file to the first entity;
  • wherein at least one aspect of the computing system is designed to impede a user's ability to tamper with at least one aspect of the system's performance of the using and reporting steps.

U.S. Patent No. 6,785,815 - Methods and systems for encoding and protecting data using digital signature and watermarking techniques

• Technology Synopsis: The patent describes a method for managing the use of electronic data by associating a file with a digital signature and a "check value" (e.g., a hash). The system verifies the authenticity of the check value using the signature, and then verifies the authenticity of the file itself using the check value before granting a request to use the file (’815 Patent, Abstract).
• Asserted Claims: Independent claim 42 (Compl. ¶47).
• Accused Features: The complaint alleges that the Composition Play List (CPL) is digitally signed and contains check values (KeyID and Hash Elements), which the Image Media Block (IMB) uses to verify the CPL's signature and the integrity of the movie files (DCP) (Compl. ¶48).

U.S. Patent No. 7,340,602 - Systems and methods for authenticating and protecting the integrity of data streams and other data

• Technology Synopsis: The patent discloses a method for fault-tolerant authentication of a block of data, such as a data stream. It involves generating a "progression of check values," where each check value is derived from a portion of the data and a prior check value, allowing portions of the data to be authenticated before the entire block is received (’602 Patent, Abstract).
• Asserted Claims: Independent claim 25 (Compl. ¶58).
• Accused Features: The complaint alleges that the DCI-compliant equipment's process of logging and distributing log records of movie showings infringes. It asserts that each log record includes a check value (a hash of the prior record's header), generating a series of check values that facilitate fault-tolerant authentication of the log data (Compl. ¶¶59, 13).

U.S. Patent No. 7,406,603 - Data protection systems and methods

• Technology Synopsis: The patent describes a method for protecting electronic media from unauthorized use by evaluating whether software modules that process the content are operating in an authorized manner. This evaluation can include checking the software's system calls, data channels, or timing characteristics for anomalies before granting or denying a request to use the content (’603 Patent, Abstract).
• Asserted Claims: Independent claim 1 (Compl. ¶69).
• Accused Features: The complaint alleges that the IMB's Security Manager identifies secure processing blocks, verifies their digital certificates, and evaluates whether content is directed to authorized channels permitted by a Trusted Device List and restrictions in the Key Delivery Message (KDM) (Compl. ¶70).

U.S. Patent No. 7,694,342 - Systems and methods for managing and protecting electronic content and applications

• Technology Synopsis: The patent discloses a method of managing electronic content using a system of dual digital certificates. An application program has a first certificate from a first entity (e.g., an association of content providers), and the electronic content has a second certificate from a second entity, with the content's rules permitting rendering only by an application with the first certificate (’342 Patent, Abstract).
• Asserted Claims: Independent claim 1 (Compl. ¶80).
• Accused Features: The complaint alleges the DCI-compliant equipment has a digital certificate from DCI (an association of studios), and the KDM is a digital certificate from the content owner. The KDM allegedly includes a rule requiring the DCI certificate for rendering (Compl. ¶81).

U.S. Patent No. 8,191,157 - Systems and methods for secure transaction management and electronic rights protection

• Technology Synopsis: The patent describes a method performed by an electronic appliance with a secure processing unit. The appliance receives encrypted content, a separately delivered encrypted key, and a separately delivered electronic object with usage rules. The appliance uses a second key stored in its secure unit to decrypt the first key, uses that key to decrypt the content, and grants usage requests based on the rules (’157 Patent, Abstract).
• Asserted Claims: Independent claim 69 (Compl. ¶91).
• Accused Features: The complaint alleges the DCI system receives the encrypted DCP and the KDM separately, with the KDM containing the keys and usage rules. The IMB uses its private key, stored in "secure silicon," to decrypt the content keys from the KDM (Compl. ¶92).

U.S. Patent No. 8,191,158 - Systems and methods for secure transaction management and electronic rights protection

• Technology Synopsis: The patent discloses a method where an electronic appliance receives and stores an encrypted content item and, separately, a rule specifying permitted uses. The appliance uses a decryption key stored in a secure processing unit to decrypt the content after determining a user's request corresponds to a permitted use (’158 Patent, Abstract).
• Asserted Claims: Independent claim 4 (Compl. ¶100).
• Accused Features: The complaint alleges the DCI system receives the encrypted DCP and the KDM (containing the rules) separately. The IMB's private key is allegedly stored in "secure silicon" and used for decryption (Compl. ¶101).

U.S. Patent No. 8,526,610 - Methods and Apparatus for Persistent Control and Protection of Content

• Technology Synopsis: The patent describes a streaming media player that receives a digital bit stream containing encrypted content and a secure container. The secure container holds control information, usage rules, and a decryption key. A control arrangement in the player opens the container, extracts the key, and decrypts the content when allowed by the rules (’610 Patent, Abstract).
• Asserted Claims: Independent claim 1 (Compl. ¶109).
• Accused Features: The infringement allegations map the components of the DCI-compliant equipment to the elements of the claimed streaming media player (Compl. ¶110).

U.S. Patent No. 8,931,106 - Systems and methods for managing and protecting electronic content and applications

• Technology Synopsis: The patent describes a method where a rendering application, which is associated with a first digital certificate attesting to its security, requests permission from a rights management engine to render a piece of electronic content. The engine checks separately received conditions (which require the first digital certificate) before allowing decryption and rendering (’106 Patent, Abstract).
• Asserted Claims: Independent claim 17 (Compl. ¶120).
• Accused Features: The complaint alleges the DCI equipment is associated with a DCI-issued certificate. The separately received KDM allegedly includes a condition requiring this certificate for rendering (Compl. ¶121).

U.S. Patent No. 9,569,627 - Systems and methods for governing content rendering, protection, and management applications

• Technology Synopsis: The patent describes a method where a "secure control application" in a "protected processing environment" receives a request from a separate "governed application." The secure application extracts secret information (e.g., decryption keys) from a secure container and sends the unencrypted secret information to the governed application to enable content decryption (’627 Patent, Abstract).
• Asserted Claims: Independent claim 1 (Compl. ¶131).
• Accused Features: The complaint alleges the IMB's Security Manager is a protected processing environment with a higher security level than the Media Decryptor. The Security Manager allegedly has access to the IMB key, uses it to access content keys, and sends those keys to the Media Decryptor (Compl. ¶132).

III. The Accused Instrumentality

Product Identification

• The accused instrumentalities are the Digital Cinema Initiatives (DCI)-compliant equipment suites that Defendant AMC uses in its movie theaters to show movies and other digital content (Compl. ¶15).

Functionality and Market Context

• The complaint describes the DCI-compliant equipment suite as a system that provides content protection and digital rights management for commercially distributed motion pictures (Compl. ¶16). The suite receives a digital bit stream containing two main components: a Digital Cinema Package (DCP) and a Key Delivery Message (KDM) (Compl. ¶17). The DCP contains the encrypted movie (video and audio tracks) and a Composition Play List (CPL) that acts as a "recipe" for assembling the final movie presentation (Compl. ¶18). The KDM is a separate, digitally signed container that holds the encrypted content keys, usage rules (e.g., temporal and equipment restrictions), and a Trusted Device List (TDL) (Compl. ¶19).
• A core component of the suite is an Image Media Block (IMB), which the complaint characterizes as a Secure Processing Block containing a private key (Compl. ¶¶20, 22). The IMB is alleged to verify the KDM's signature, decrypt the content keys using its private key, enforce the governance conditions from the KDM, and then send the decrypted content keys to a Media Decryptor to decrypt the movie content for projection (Compl. ¶¶22-23).
• The complaint alleges this technology was adopted by the cinema industry through specifications promulgated by the DCI and that widespread digital distribution of feature films now uses the DCI specification (Compl. ¶¶13-14). No probative visual evidence provided in complaint.

IV. Analysis of Infringement Allegations

‘721 Patent Infringement Allegations

Claim Element (from Independent Claim 9)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
(a) receiving a load module,	AMC receives software and/or firmware updates for the Image Media Block (IMB) of its DCI-compliant equipment suite.	¶30	col. 3:21-25
(b) determining whether the load module has an associated digital signature,	As part of the software update or secure boot process, the equipment suite locates a digital signature associated with the software.	¶30	col. 4:31-35
(c) if the load module has an associated digital signature, authenticating the digital signature using at least one public key secured behind a tamper resistant barrier and therefore hidden from the user; and	The equipment suite authenticates the signature in a secured manner using a public key.	¶30	col. 6:4-9
(d) conditionally executing the load module based at least in part on the results of authenticating step (c).	If the authentication is successful, the equipment performs the software update.	¶30	col. 4:36-38

• Identified Points of Contention:
  • Scope Questions: A central question may be whether a "software and/or firmware update" for a specialized device like an IMB (Compl. ¶30) constitutes a "load module" within the meaning of the ’721 Patent. The patent's specification, filed in 1996, discusses load modules in the context of general-purpose computers and preventing harm from sources like computer viruses and Java applets (Compl. ¶30; ’721 Patent, col. 1:17-2:65), which may suggest a different technological context than firmware management.
  • Technical Questions: The infringement allegation hinges on the claim requirement that the public key is "secured behind a tamper resistant barrier and therefore hidden from the user" (’721 Patent, col. 22:13-15). An evidentiary question will be what specific technical facts demonstrate that the DCI-compliant equipment's update process meets this specific structural and security limitation as described in the patent.

‘304 Patent Infringement Allegations

Claim Element (from Independent Claim 24)	Alleged Infringing Functionality	Complaint Citation	Patent Citation
receiving the digital file;	The DCI-compliant equipment suite receives the Digital Cinema Package (DCP), which contains the encrypted movie.	¶39	col. 57:57-58:1
receiving a first entity's control information separately from the digital file;	The equipment suite receives the Key Delivery Message (KDM) separately from the DCP.	¶39	col. 18:5-13
using the first entity's control information to govern, at least in part, a use of the digital file at the computing system; and	The KDM contains usage parameters and equipment rules that govern the use and playback of the movie content contained in the DCP.	¶¶19, 39	col. 57:59-62
reporting information relating to the use of the digital file to the first entity;	The equipment suite generates and transmits log reports to rights owners and other entities in the content distribution channel.	¶39	col. 55:16-24
wherein at least one aspect of the computing system is designed to impede the ability of a user of the computing system to tamper with at least one aspect of the computing system's performance of one or more of said using and reporting steps.	The IMB component of the DCI-compliant equipment suite is alleged to be a Secure Processing Block that provides a secure execution environment for enforcing the usage and reporting functions.	¶¶22, 39	col. 21:20-22:6

• Identified Points of Contention:
  • Scope Questions: A potential issue is whether the combination of DCI-compliant movie theater equipment constitutes a "computing system" as that term is used in the patent (’304 Patent, col. 327:23). The patent describes a "virtual distribution environment" for electronic appliances generally, and the scope may be disputed as applied to a highly specialized, single-purpose system for cinematic exhibition.
  • Technical Questions: Claim 24 requires that the system be "designed to impede the ability of a user...to tamper with...said...reporting steps." The complaint alleges that log reports are generated and transmitted (Compl. ¶39). An evidentiary question will be what specific designs or features of the DCI-compliant suite are intended to prevent a user from tampering with the generation or transmission of these log reports, as required by this specific claim limitation.

V. Key Claim Terms for Construction

Term: "load module" (from ’721 Patent, Claim 9)

• Context and Importance: The plaintiff’s infringement theory for the ’721 Patent equates a "software and/or firmware update" with the claimed "load module" (Compl. ¶30). The viability of this theory may depend on whether the term is construed broadly enough to cover firmware for a dedicated hardware device, as opposed to user-facing application software. Practitioners may focus on this term because its construction could determine whether the patent applies to the accused secure boot and update processes.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The specification describes "load modules" as encompassing "executable computer programs or fragments thereof" (’721 Patent, col. 3:21-25), language that could be argued to cover any form of executable code, including firmware.
  • Evidence for a Narrower Interpretation: The patent’s background repeatedly frames the problem in the context of protecting users from malicious software like "computer viruses" and downloaded "Java applets" in general-purpose computing environments (’721 Patent, col. 1:17-2:65). This context could support an argument that "load module" refers to third-party application code introduced into a system by a user, not to foundational firmware installed by a manufacturer in a secure hardware block.

Term: "reporting information" (from ’304 Patent, Claim 24)

• Context and Importance: The complaint alleges that the generation and transmission of "Log reports" satisfies this limitation (Compl. ¶39). The definition of "reporting information" is critical because the infringement allegation requires not only that such information is reported, but also that the system is designed to prevent tampering with the reporting itself.
• Intrinsic Evidence for Interpretation:
  • Evidence for a Broader Interpretation: The specification discusses "reporting" in general terms related to tracking usage for billing and auditing within a "virtual distribution environment," which could broadly cover any form of usage log transmitted from the user's device to a rights holder (’304 Patent, col. 3:51-55).
  • Evidence for a Narrower Interpretation: The patent describes "reports and payments" flowing from a "VDE Content User" to a "Financial Clearinghouse" and "VDE Administrator" as part of a tightly integrated commercial ecosystem (see, e.g., ’304 Patent, Fig. 2). This may support a narrower construction requiring the "reporting" to be part of a specific, secure transactional feedback loop, potentially with features beyond what is present in the DCI system's logging functionality.

VI. Other Allegations

• Willful Infringement: For each of the eleven asserted patents, the complaint alleges that the Defendant had "actual knowledge" of the patent and its infringement because the Plaintiff brought the patent to the Defendant's attention "at least by on or about April, 2018," more than a year prior to the filing of the suit (Compl. ¶¶31, 40, 49, 60, 71, 82, 93, 102, 111, 122, 133). This allegation of pre-suit notice serves as the basis for the request for enhanced damages due to willful infringement (Compl. ¶¶53, 64, 75, 86, 115, 126, 137).

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of technological scope and evolution: can claims drafted in the 1990s and early 2000s for general-purpose secure computing and internet-based DRM be construed to cover the highly specialized, industry-standard digital cinema ecosystem that was developed and deployed years later? This question encompasses whether a "firmware update" is a "load module" ('721 Patent) and whether a commercial movie theater projection system is the "computing system" ('304 Patent) contemplated by the inventors.
• A second central issue will be one of technical and evidentiary specificity: what evidence will demonstrate that the accused DCI-compliant systems perform the precise functions required by the claims? This will likely focus on whether the systems employ a "tamper resistant barrier" for public keys as recited in claim 9 of the ’721 Patent, and whether they are specifically "designed to impede" tampering with "reporting steps" as required by claim 24 of the ’304 Patent.
• A third question will be the cumulative effect of asserting a large patent portfolio: how will the court and the defendant manage the complexity of construing claims and analyzing infringement across eleven distinct but technologically related patents, and does the plaintiff's multi-patent assertion strategy suggest an attempt to cover the entire DCI security architecture from multiple angles?