Microsoft's Patent Problem

Fortune.com ^ | Tuesday, July 22, 2003 | Roger Parloff

[glorgau]

This is why MicroSoft is retaining $50 billion in cash. It has to be on hand for puny little eventualities like this.

[lelio]

Microsoft argued in court that crucial phrases in InterTrust's patents were too vague to be enforceable,

Anyone have a link to the patents involved?

Speaking of software patents, what ever happened to British Telecom's attempt to patent the hyperlink in the late 90's?

[Nick Danger]

This is what a real infringement case looks like. The comparison with SCO could not be more clear.

No one has ever heard of this outfit "InterTrust Technologies." Their CEO has not been in the news, threatening Oceans of Blood and Seas of Fire. They haven't threatened Windows users with having to buy licenses from them. They did their talking in the courtroom.

If settlement talks fail and InterTrust prevails in court, it would be entitled to a court order halting sales of all those products (Windows XP operating system, Office XP Suite, Windows Media Player, Xbox videogame console, and .NET networked computing platform, to name just a few.)

Where's the Gartner Group to spread FUD throughout the land? Where's Laura DiDio? Where are all the CNET and ZDNET reporters to warn everyone that this little company might prevail — halting the sale of Windows, Office, and .NET?

Here's where we find out who the honest Research Houses and the honest Trade Journalists are.

Gates wanted FUD. And it's FUD he shall have.

[glorgau]

From the Intertrust Patent Portfolio:

Here is a link that searches the U.S Patent Office DB: Intertrust patents

[Salo]

So, are you going to ping the Tarnished Turkey? :-)

[Southack]

United States Patent 6,427,140
Ginter , et al. July 30, 2002

---

Systems and methods for secure transaction management and electronic rights protection


Abstract
The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the "electronic highway."

[Southack]

Shear's Patent - Click Here

One major problem with Shear's patent is that it only dates back to February of 1995.

The way Patent Law works is that **any** mention of any of the "patented" techniques in any trade publication prior to the patent date can invalidate the whole patent, at least if they are mentioned by someone besides the patent inventor (the inventor himself gets a one year grace period if he/she has published something prior to the patent date).

[Southack]

Claims

---

We claim:

1. A method for automated negotiation, including the following steps: creating a first rule set at a first site, the first rule set designed to participate in an automatic negotiation with a second rule set;

transmitting the first rule set from the first site to a second site,

at the second site, performing an automated negotiating process including:

comparing information present in or specified by the first rule set to a first requirement specified by a second rule set present at the second site;

if the comparison results in a first outcome, carrying out a first action, the first action including:

creating a secure container consisting of protected content and having an associated third rule set, the third rule set being created as a result of an interaction between the first rule set and the second rule set;

transmitting the secure container from the second site to the first site; and

using a rule from the third rule set to govern an aspect of access to or use of the protected content; and

if the comparison results in a second outcome, carrying a second action, which is different in at least one respect from the first action.

2. The method of claim 1, in which the first outcome consists of an agreement between a requirement specified by the second rule set and an offer specified by the first rule set.

3. The method of claim 2, in which the automated negotiation process is carried out in a computing environment which is at least in part secure.

4. The method of claim 3, in which the comparing step includes the following substeps:

comparing first information present in or specified by the first rule set to the first requirement;

determining that the first information does not match the first requirement;

comparing second information present in or specified by the first rule set to a second requirement specified by the second rule set; and

determining that the second information matches the second requirement.

5. The method of claim 4, in which:

the first requirement includes a requirement that a first payment method be used;

the second requirement includes a requirement that a second payment method be used;

the first information identifies a payment method other than the first payment method; and

the second information identifies the second payment method.

6. The method of claim 4, in which:

the first requirement includes a requirement that first specified identification information be provided, and further specifies a first price; and

the second requirement specifies a second price which is higher than the first price, but requires provision of less identification information than the first specified identification information.

7. The method of claim 4, in which the first action includes associating a digital signature with the contents of the secure container.

8. The method of claim 1, in which the step of creating a first rule set is performed at least in part in a secure environment present at the first site.

9. The method of claim 8, in which the automated negotiating step is performed at least in part in a secure environment present at the second site.

10. A method for automated negotiation, including the following steps:

creating a first rule set at a first site;

creating a second rule set at a second site;

transmitting the first rule set from the first site to a third site;

transmitting the second rule set to the third site;

at the third site, performing the following steps:

comparing a requirement specified by the first rule set to a requirement specified by the second rule set and determining that the requirements are consistent;

based at least in part on the results of the comparison, creating a third rule set, the third rule set including at least one rule specified at least in part by the first rule set and the second rule set;

associating the third rule set with a secure container;

encapsulating protected content into the secure container; and

transmitting the secure container to the first site.

11. The method of claim 10, in which the first site is associated with a first party, the second site is associated with a second party, and the third site is associated with a neutral negotiator.

12. The method of claim 11, further including:

prior to the steps of transmitting the first rule set and the second rule set to the third site, a communication between the first party and the second party, the

communication resulting in agreement to use the neutral negotiator for the negotiation.

13. The method of claim 12, in which the first rule set includes a request to gain access to content owned or controlled by the second party.

14. The method of claim 13, in which the first rule set includes a specification of a first price the first party is willing to or desires to pay for the content access.

15. The method of claim 14, in which the second rule set includes a specification of a second price the second party requires or desires in order to grant access to the content.

16. The method of claim 15, in which the comparing step includes comparing the first price to the second price and determining whether the first price is equal to or exceeds the second price.

17. The method of claim 16, in which the first rule set includes a specification of a first payment method the first party is willing to use to pay for the content access.

18. The method of claim 17, in which the second rule set includes a specification of a second payment method the second party is willing to accept for payment for the content access.

19. The method of claim 18, in which the comparing step includes comparing the first payment method to the second payment method to determine whether they are consistent.

20. The method of claim 19, in which the first rule set includes a specification of first information the first party is willing to or desires to disclose in return for gaining access to the content.

21. The method of claim 20, in which the second rule set includes a specification of second information the second party desires or requires in return for providing access to the content.

22. The method of claim 21, in which the comparing step includes comparing the first information specification to the second information specification to determine whether they are consistent.

23. The method of claim 22, in which the second rule set also specifies a third price, which is lower than the second price, and further specifies that the third price may be used if the first party agrees to provide the second information, but that the second price must be used if the first party refuses to provide the second information, and

the comparing step includes determining whether the first party is willing to provide the second information and,

if the first party is willing to provide the second information, using the third price instead of the second price in the step of comparing price information.

24. A method for automated negotiation including the following steps:

generating a first rule set including a first rule from a first party which owns or at least in part controls governed content and a second rule from a second party which constitutes or includes a clearinghouse;

incorporating the governed content into a secure container;

storing the first rule set at a first site;

transmitting a second rule set from a second site to the first site, the second rule set including a third rule from a third party;

comparing at least a portion of the first rule set to at least a portion of the second rule set; and

based on the results of the comparison, providing access to the secure container to the third party.

25. The method of claim 24, further including: placing the second rule set in a secure container, the step of transmitting the second rule set from the second site to the first site constituting transmitting the secure container.

26. The method of claim 25, further including:

as a result of the comparison step, transmitting the secure container containing the governed content to the second site.

27. The method of claim 26, further including:

as a result of the comparison step, generating digital information specifying at least some of the terms agreed to in the negotiation.

28. The method of claim 27, further including:

associating a digital signature with the digital information.

29. A method of automated negotiation including:

creating a first rule set representing a negotiating position of a first party;

incorporating the first rule set into a first secure container;

creating a second rule set representing a negotiating position of a second party;

incorporating the second rule set into a second secure container;

selecting a negotiation site associated with a third party;

transmitting the first and the second secure containers to the negotiation site;

at the negotiation site, comparing an attribute of the first rule set to an attribute of the second rule set to determine whether the attributes are compatible and, depending on the results of the comparison, determining that the negotiation has succeeded, determining that the negotiation has failed, or determining that an additional comparison is required;

if the negotiation has succeeded, transmitting a third secure container to the first party, the third secure container containing governed content;

if the negotiation has failed, informing both parties of the failure, and not transmitting the third secure container to the first party; and

if an additional comparison is required, performing that comparison, and repeating until the negotiation either succeeds or fails.

30. The method of claim 29, in which the second party is a content distributor, and the second rule set includes a rule generated by a third party, the third party constituting an owner of at least some rights to the governed content.

[Nick Danger]

So, are you going to ping the Tarnished Turkey? :-)

I figure they'll all be here soon enough. This just broke today, apparently unexpectedly. The Munchkins probably haven't received official talking points yet. I'm sure the press office in Redmond is working on them now.

Here's my guess — they'll ignore the possibility of having to halt shipments, blowing that off with the loudest noise they can make every time it's brought up. Instead they'll pitch lemonade: "See, this is why Microsoft just indemnified its customers," forgetting all about the Sendo lawsuit.

Life works in mysterious ways. If I was a Microsoft shareholder, yesterday I would have been wondering, "What is this unlimited liability stuff? Couldn't one lawsuit clean us out?"

Then today, we see just the sort of lawsuit that could do it.

[Cold Heat]

I do not even use those trust features. It is not turned on and is not the default setting.

In fact, I use very little of MS security features except those that run without my knowledge.

I really do not see this as a killer problem. Just a very nasty nuisance.

[Nick Danger]

One major problem with Shear's patent is that it only dates back to February of 1995.

I wouldn't look to any 'quick and dirty' ways to kill this patent. Microsoft's lawyers aren't stupid; they threw all the easy ones at the judge already, and lost 33 to 0.

[Southack]

"The inability of conventional products to be shaped to the needs of electronic information providers and users is sharply in contrast to the present invention. Despite the attention devoted by a cross-section of America's largest telecommunications, computer, entertainment and information provider companies to some of the problems addressed by the present invention, only the present invention provides commercially secure, effective solutions for configurable, general purpose electronic commerce transaction/distribution control systems.

Controlling Electronic Content
The present invention provides a new kind of "virtual distribution environment" (called "VDE" in this document) that secures, administers, and audits electronic information use. VDE also features fundamentally important capabilities for managing content that travels "across" the "information highway."

So, did ATM machines exist before Shear first applied for this patent in 1995?!

[Salo]

Well, TT likes to say how much he stands on principle. If he is consistent, it sounds like he'll be on the "MS is toast and should pay up, and until they do, no one should use/deploy their products" side of the issue. I know there has not been any real proof shown yet, but that has not mattered in the SCO/IBM accusations.

Bush2k (should be Bush2k3 any day now - more secure, so I hear) will be the interesting one. He seems to have IBM convicted already also without so much as a hearing. It looks like MS is doing worse than IBM, so it will be hard to spin this.

I see this as a bad trend: bankrupted companies being purchased solely so their patents can be used as lawsuit fodder. *This* will hurt the software industry much more than the free/open vs. proprietary/closed software squabbles.

And it doesn't matter if it American lawyers/companies doing the suing. We will lawyer ourselves into a tech depression like this.

[glorgau]

bankrupted companies being purchased solely so their patents can be used as lawsuit fodder

Perhaps the companies wouldn't be bankrupt if they hadn't had their intellectual property egregiously infringed by monopolists.

[dark_lord]

So, did ATM machines exist before Shear first applied for this patent in 1995?!

I don't think the example is relevant. Here are the identified areas where they feel their patents have applicability:

InterTrust Intellectual Property Since its founding in 1990, InterTrust Technologies Corporation has invented and defined key elements of trusted computing, including a wide range of Digital Rights Management, or DRM, technologies that enable secure management of digital processes and information. InterTrust has an intellectual property group combining its technology, patent litigation, patent prosecution, and IP business experts. This group is committed to the development, strategic licensing, and monetization of the company's e-commerce inventions. InterTrust believes that its patents describe many aspects of the basic infrastructure necessary for protecting and managing digital media, enterprise trusted computing, and next-generation distributed computing platforms. The following paragraphs cover a partial list of InterTrust patents relevant to digital media, web services, commerce automation, and distributed trusted document management. Management of web services: Protecting and managing digital applications and content wherever they travel, reside, or are used. Executable software integrity: Enabling an operating system to authenticate software components and allow them to run based on adherence to integrity and reliability rules. Credentials/driver signing: Enabling platform operating systems to authenticate the integrity of executables, such as device driver software to ensure proper driver behavior. Supply chain management through independent delivery of rules: Enabling enterprises to implement and enforce rules, or policies, relating to digital information access and use across widely distributed computing environments; allowing enterprises to change policies for already delivered digital information by delivering new policies; enabling secure peer-to-peer and pass-along sharing of information among users in accordance with specified policies. Managing media content or enterprise information: Enabling companies or content publishers to implement and enforce usage policies wherever content, company information, or applications travel - both within and beyond firewalls and virtual private networks. Enterprise-to-enterprise transactions: Enabling companies to automate enterprise transactions according to enterprise policies, including the authorization, purchasing, auditing, reporting, and clearing of supplies and inventory. Compliance: Secure, automated auditing and reporting of transaction or use data based on enterprise policies and regulatory compliance requirements. Portability of rules: Allowing users to loan or move content to other users or other machines enabling for example enterprise portals allowing employees to acquire access rights to use enterprise information at multiple locations. Nested policies within a single item: Allows association of multiple rules sets to different portions of information, such as a medical record having certain portions editable by a doctor, and different portions editable by nurses. Silicon protective measures: Technologies for hardware security tamper resistance as an integrated component of a distributed trusted computing network. Note that the descriptions of InterTrust patents and other intellectual property herein are intended to provide illustrative, non-exhaustive examples of some of the areas to which the patents and applications are currently believed to pertain, and is not intended for use in a legal proceeding to interpret or limit the scope or meaning of the patents or their claims, or indicate that an InterTrust patent claim(s) is materially required to perform or implement any of the preceding listed items.

BTW, here are the identified Microsoft products that Intertrust claims infringe on their patents:

Infringing Products and Services Named in the Litigation as of May 9, 2002 The most recent addition to the list of infringing products and services includes: Xbox My Services The accused products include: Windows Hardware Quality Lab and Windows Logo Certification Windows File Protection System Windows XP Home Windows XP Professional Windows ME Windows XP Embedded Windows CE.NET Office XP Standard Office XP Professional Office XP Professional with FrontPage Office XP Developer Access 2002 Excel 2002 FrontPage 2002 Outlook 2002 PowerPoint 2002 Project 2002 Publisher 2002 Word 2002 Windows Media Player Microsoft Reader Digital Asset Server Internet Explorer 6.0 ASP.NET .NET Framework .NET Common Language Runtime (CLR) Visio 2002 Visio Enterprise Network Tools Visual Studio .NET Enterprise Architect Visual Studio .NET Enterprise Developer Visual Studio .NET Professional

Sony and Philips bought these guys because they saw the writing on the wall. Sony agreed to pay InterTrust a $28.5 million fee, plus undisclosed future royalties, to license all of InterTrust's patents for use in Sony consumer products that distribute digital media, in May of 2002. They decided it was better to own this stuff than to pay dues. Microsoft may be fairly on the hook here.

[Salo]

Perhaps, but why didn't *they* press the complaint?

[2 Kool 2 Be 4-Gotten]

Nice post, Nick.

[Nick Danger]

I see this as a bad trend: bankrupted companies being purchased solely so their patents can be used as lawsuit fodder.

That has been a consistent theme of mine through this whole SCO thing... that SCO needs to be smashed so that other tobacco lawyers (Boies made his money as an asbestos lawyer, but what's the diff) don't get the idea that these IP suits are a quick way to pick up a few billion.

I see that Sony is behind this little outfit. Maybe they would be willing to look the other way on some of the Windows stuff if the X-Box were to disappear. By now Gates would probably welcome an excuse to shoot it.

What's really weird that I was musing earlier today about the non-court aspects of this SCO thing, in particular Gartner's "FUD warning" about Linux, and I got thinking how bad the impact of the SCO FUD would have to be on IBM before they would seriously consider a nuke strike on Microsoft... file some damned thing alleging 4,067 different patent infringements, seeking $422 billion in damages... that sort of thing. If Gates wants to play FUDball, then let's show him what real FUD looks like.

Doing that would also demonstrate to Congress that we have some screwball stuff going on in our legal system. A case like that could drag on for two decades, but the odds of Microsoft striking down 4,067 patents are pretty small. Best case, Gates gets stung by a thousand or so, bringing the damages down to a mere $144 billion.

I suspect that would take eyes off the SCO case for a while, and get people thinking about whether Microsoft was going to be in business in ten years. But that's not really why you would do it.

It's a nuke strike. It sets off nuclear patent war, with lawsuits flying everywhere. Microsoft has a few patents, they'll countersue, ad infinitum. Pretty soon we'll have everybody suing everybody, with $trillions in damage claims, and no one really able to predict how any of it will turn out. Investors and customers would all be betting blind, and everyone would hate it. But it would demonstrate — like nothing else could — where David Boies' America would take us.

It may take that to foment the kind of changes in the law that are necessary to make these Trial Lawyer bonanzas go away for everyone.

Then I got back, and here was this story. Amazing.

[lelio]

In fact, I use very little of MS security features except those that run without my knowledge.

Which sounds like is embedded into all their products. Oh you didn't know that? Well its probably for your own good anyway.

[Cold Heat]

This has to do with the trusted site algorithms that are loaded onto xp and other products it seems. They are not needed to make the stuff work and can easily be removed without hurting MS.

As to the rest of it, I do not use Outlook and I use Zone and other progs for security and firewalls. XP let's me do what ever I want to include disabling just about anything I don't like.