PATROLL Winning Submission

US 10,212,486

The ’486 patent (“Chan”) (filed on June 6, 2017 with a claim for an earlier priority date from a
provisional application filed on December 4, 2009), discloses systems and methods for providing
multimedia content from one process or component to another process or component over an
unsecured connection. Claim 1 of the alleged invention recites a playback device for playing
back encrypted video. Claim 1 recites the steps of receiving a container file that is partially
encrypted and partially decrypted, and parsing said file to identify the encrypted portions via a
block reference. Claim 1 further recites the utilization of deciphering and decrypting the
cryptographic material for each partially encrypted frame by means of a frame key. Claim 1 also
recites decoding the decrypted frame for rendering on a display device using a video decoder.
However, there was nothing innovative about a playback device that utilizes a frame key to
decipher, decrypt, and decode a container file with partially encrypted and partially decrypted
information in 2009, as demonstrated by the US 7,233,948 (“Shamoon”) patent addressed below.

Shamoon (published on June 19, 2007, with a claim for an earlier priority date from a provisional
application filed on March 16, 1998) discloses key elements of a decryption means for
decrypting content streams or objects. Shamoon also discloses a digital bit stream that includes
content, which is encrypted at least in part, and a secure container including control information
designed to control use of the content. Shamoon further discloses including at least one key
suitable for decryption of at least a portion of the content, where the media player also includes a
control arrangement for opening secure containers and extracting cryptographic keys to decrypt
the encrypted portion of the content for playback. A sample claim chart comparing the Chan
patent to the Shamoon reference is provided below.

US 10,212,486 (“Chan”) US 7,233,948 (“Shamoon”)

1.pre. A playback device for playing Shamoon discloses “A variety of different architecture
back encrypted video, the playback device embodiments are also described, including an MPEG-4
comprising: embodiment, a system designed to render content encoded
pursuant to the MP3 specification (ISO/IEC TR 11172), and an
embodiment which is advantageous in the context of limited
resource content devices.” See ‘948 Patent at 1:53-58.

Shamoon also discloses “A streaming media player consistent

with the present invention includes a port designed to accept a
digital bit stream. The digital bit stream includes content, which
is encrypted at least in part, and a secure container including
control information designed to control use of the content,
including at least one key Suitable for decryption of at least a
portion of the content. The media player also includes a control
arrangement including a means for opening secure containers

PATROLL – Prior Art Crowdsourcing

http://patroll.unifiedpatents.com

1.a. a set of one or more processors; and
1.b. a non-volatile storage containing a
playback application for causing the set of
one or more processors to perform the
steps of:
and extracting cryptographic keys, and means for decrypting the
encrypted portion of the content.” See Id. at 2:3-12.
Shamoon also discloses “Video Stream 5 includes compressed
(and possibly encrypted) digital video information. This
information is used to create the images and video rendered and
output by Media System 1. Video Stream 5 may represent
multiple Video streams. These multiple streams may act
together to make up the video output, or may represent
alternative video outputs.” See Id. at 4:24-30.
Shamoon further discloses a “Media System 1, which is capable
of accepting, decoding, and rendering streamed multimedia
content. This is a generic system, though it includes elements
based on the MPEG-4 specification. Media System 1 may
include Software modules, hardware (including integrated
circuits) or a combination.” See id. at 3:56-61.
Shamoon also discloses a Content Management and Protection
System (CMPS) that is “incorporated in video and digital
cameras, audio microphones, recording, playback, editing,
and/or noise reduction devices and/or any other digital device.
Images, video, and/or audio, or any other relevant digital
information may be captured, recorded, and persistently
protected using at least one CMPS and/or at least one CMPO.”
See id. at 53:40-46.
Shamoon discloses that “one or more processors or
microcontrollers e.g. CPU 2402. CPU 2402 controls the overall
processing of CMPS 2401, including execution of any
necessary software.” See id. at 32:4-7.
Shamoon states multiple types of non-volatile storage for
integration of the processors when it discloses “Memory 2405.
Types of memories which may be included in Memory 2405
and examples of the information they may store—are the
following:
ROM. ROM 2406. ROM 2406 may include any information
which is permanently stored in CMPS 2401, such as (1) CMPS
Operating System 2407 and/or CMPS BIOS 2408, (2)
Rules/Controls 2409 which are permanently stored in the
CMPS; (3) Control Primitives 2410 which may be used to build
rules or controls; (4) Keys 2411 associated with the CMPS,
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com

1.c. receiving a container file with video
data at a parser;
including a Public/Private Key Pair; (5) one or more
Certificates 2412 designed to identify CMPS 2401 and/or the
device, including version information; (6) Hard ware Signature
Information 2413 used to check for tampering (e.g., a hashed
signature reflecting the expected hardware state of the device).
NVRAM (flash memory). This type of memory may hold
information which is persistent but changeable, including at
least Some: (1) Budget Information 2426; (2) User Information
2427, such as identification, credit card numbers; preferred
clearinghouses and other Commerce Utility Systems; (3) User
Preferences 2428, such as preferences, profiles, and/or attribute
information; and (4) Appliance Information 2429, such as
attribution and/ or state information.” See id. at 32:14-61.
Shamoon further discloses, in relation to the memory including
permanently stored information to the CMPS (see above) that
"in one embodiment, shown in FIG. 23, each Commerce
Appliance 2301 includes a CMPS (“Content Management and
Protection System') 2302. Each CMPS is responsible for
governing the use of controlled content, including decrypting
the content and ensuring that the content is only used as
permitted by associated rules. Each governed digital work is
associated with one or more CMPOs (Content Management
Protection Object), e.g., CMPOs 2303. Each CMPO may
specify rules govern ing the use of the digital work, and may
include keys used to decrypt the work.” See id. at 28:7-17.
Shamoon discloses “A streaming media player consistent with
the present invention includes a port designed to accept a digital
bit stream. The digital bit stream includes content, which is
encrypted at least in part, and a secure container including
control information designed to control use of the content,
including at least one key Suitable for decryption of at least a
portion of the content. The media player also includes a control
arrangement including a means for opening secure containers
and extracting cryptographic keys, and means for decrypting the
encrypted portion of the content.” See id. at 2:3-12.
Shamoon discloses receiving the file of “Bit Stream 2 [which] is
made up of a group of related streams of information, including
Organization Stream 3, Audio Stream 4, Video Stream 5.
Control Stream 6, and Info Stream. These streams correspond
generally to streams described in the MPEG-4 format.” See id.
at 4:3-6.
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com

1.d. extracting portions of the container
file using the parser,
1.e. wherein the container file comprises:
video data with a plurality of partially
encrypted frames, wherein each partially
encrypted frame contains encrypted
portions and unencrypted portions of data;
and
Shamoon further discloses that “System 1 includes Demux 7,
which accepts as input Bit Stream 2 and routes individual
streams (sometimes referred to as Elementary Streams or “ESs)
to appropriate functional blocks of the system.” See id. at 5:24-
27.
Shamoon also discloses that “Content provider 2902 provides to
control module 2904 a digital bit stream that includes content,
which is encrypted at least in part, and a secure container
including control information designed to control use of the
content. The control information includes at least one key
suitable for decryption of at least a portion of the content.” See
id. 57:16-22.
Shamoon discloses that “the media player also includes a
control arrangement including a means for opening secure
containers and extracting cryptographic keys, and means for
decrypting the encrypted portion of the content.” See id. at
2:9-12.
Shamoon also discloses that “Content provider 2902 provides to
control module 2904 a digital bit stream that includes content,
which is encrypted at least in part, and a secure container
including control information designed to control use of the
content. The control information includes at least one key
suitable for decryption of at least a portion of the content.” See
id. 57:16-22.
Shamoon discloses that “The MP-3 specification does not
define a standard file format, but does define a bit stream,
which is illustrated in FIG. 18. In FIG. 18, MP-3 Bit Stream
1801 includes Content 1802. Content 1802 is divided into
frames, shown as Frame 1803, Frame 1804 and Frame 1805.
The dots between Frame 1804 and 1805 symbolize the fact that
Content 1802 may include a large number of frames.” See id. at
25:53-59.
Shamoon discloses that “Each of these streams is made up of
packets of information. In one exemplary embodiment, each
packet is 32 bytes in length. Since a single communications
channel (e.g., a cable, a bus, an infrared or radio connection)
contains packets from each of the streams, packets need to be
identified as belonging to a particular stream. In a preferred
embodiment, this is done by including a header which identifies
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com

1.f. a set of cryptographic information
describing the encrypted portion of each
partially encrypted frame, where
cryptographic information for a partially
encrypted frame comprises:
a particular stream and specifies the number of following
packets which are part of that stream. In another embodiment,
each packet may include individual stream information.” See
id. at 4:53-63.
Shamoon further discloses that “each of the individual streams
contained in Bit Stream 2 may be individually encrypted. An
encrypted stream may be identified by a particular indicator in
the header of the stream.” See id. at 7:53-55.
Shamoon also discloses that “The digital bit stream includes
content, which is encrypted at least in part, and a secure
container including control information designed to control use
of the content, including at least one key Suitable for decryption
of at least a portion of the content.” See id. at 2:5-9.
Shamoon discloses that “Content packets are selectively
encrypted. In one embodiment, content packets whose start time
in milliseconds is in the first half-second of each 5 seconds (i.e.,
start time '% 5000.” See id. at 23:50-53.
Shamoon further discloses that a “Content provider 2902
provides to control module 2904 a digital bit stream that
includes content, which is encrypted at least in part, and a
secure container including control information designed to
control use of the content. The control information includes at
least one key suitable for decryption of at least a portion of the
content.” See id. at 57:16-22.
Shamoon also discloses an “Encrypted MP-3 Content 1901,
which may include thousands of MP-3 frames. In one
embodiment, the first eight frames out of every 32 frames are
encrypted. Thus, one-quarter of the frames are rendered
unusable unless a player is able to decrypt them. In practice,
this may render the content un-sellable or unusable, without
imposing excessive encryption or decryption costs. To further
reduce encryption and decryption costs, only 32 bytes in
each frame are encrypted. In a current embodiment, these
are the first 32 bytes after the header and CRC information.
In a different embodiment, a different 32 bytes may be
encrypted in every frame. In a current embodiment, the
content is encrypted with the DES using algorithm output-
feedback mode. The initial IV for the file is randomly generated
and then stored with the frame number to generate a unique IV
for each frame.” See id. 26:15-31.
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com
1.g. cryptographic material for the
encrypted portion of the partially
encrypted frame, and
1.h. a block reference that identifies the
encrypted portion of the partially
encrypted frame,
Shamoon discloses that “each of the individual streams
contained in Bit Stream 2 may be individually encrypted. An
encrypted stream may be identified by a particular indicator in
the header of the stream.” See id. at 7:53-55.
Shamoon also discloses that “The digital bit stream includes
content, which is encrypted at least in part, and a secure
container including control information designed to control use
of the content, including at least one key Suitable for decryption
of at least a portion of the content.” See id. at 2:5-9.
Shamoon discloses that an “Organization Stream 3 includes
organizational information and metadata related to the work to
be rendered. This information may include a tree or other
organizational device which groups audio and video streams
into objects. This information may also include metadata
associated with the entire work, the objects, or the individual
streams.” See id. at 4:31-36.
Shamoon further discloses that “each of the individual streams
contained in Bit Stream 2 may be individually encrypted. An
encrypted stream may be identified by a particular indicator in
the header of the stream.” See id. at 7:53-55.
Shamoon also discloses that “Stream Flow Controllers 17 and
18 contain Cryptographic 15 Engines 19 and 20, respectively.
These Cryptographic Engines operate under control of Control
Block 13 to decrypt and/or cryptographically validate (e.g.,
perform secure hashing, message authentication code, and/or
digital signature functions) the encrypted packet streams
received 20 from Demux 7. Decryption and validation may be
selective or optional according to the protection requirements
for the Stream.” See id. at 7:15-23.
Shamoon further discloses that “Control Block 13 stores control
messages which may be received through Control Stream 6
and/or may be water marked into or Steganographically
encoded in other streams, including Audio Stream 4 and Video
Stream 5. One control message format is illustrated by FIG. 5,
which shows Control Message 501. Control Message 501 is
made up of Header 502 and Message 503. Header 502 consists
of Field 508, which includes a bit pattern identifying the
following information as a header; Stream Type Field 509,
which identifies this as a header for the organization stream; ID
Field 504, which identifies this particular control message:
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com

1.i. providing each partially encrypted
frame, the cryptographic material for each
partially encrypted frame, and the block
reference for each partially encrypted
frame from the parser to a video decoder;
1.j. identifying the encrypted portion of
each partially encrypted frame using the
block reference for each partially
encrypted frame;
Pointer Field 505, which identifies those ESs which are
controlled by this message.” See id. at 6:29-41.
Shamoon discloses that “These [bit] streams are fed into
respective processing elements (e.g., AVO Decode 2307, Scene
Descriptor Graph 2306, Object Descriptors 2308). The AVOs
are the multimedia content streams such as audio, video,
synthetic graphics and so on. They are processed by the player's
compression/coding Subsystems. The scene descriptor graph
stream is used to build the scene descriptor graph. This tells
Composite and Render 2309 how to construct the scene and can
be thought of as the “script.” See id. at 54:27-36.
Shamoon further discloses that “the initialization vector is
computed for each packet by Xoring the stream's IV with the
packet's start time in milliseconds. Some information unique to
the stream should also be Xored into the IV.” See id. at 23:58-
62.
Shamoon discloses that “each of the individual streams
contained in Bit Stream 2 may be individually encrypted. An
encrypted stream may be identified by a particular indicator in
the header of the stream.” See id. at 7:53-55.
Shamoon also discloses that “Content packets are selectively
encrypted. In one embodiment, content packets whose start time
in milliseconds is in the first half-second of each 5 seconds (i.e.,
start time '% 5000.” See id. at 23:50-53.
Shamoon also discloses that “Stream Flow Controllers 17 and
18 contain Cryptographic 15 Engines 19 and 20, respectively.
These Cryptographic Engines operate under control of Control
Block 13 to decrypt and/or cryptographically validate (e.g.,
perform secure hashing, message authentication code, and/or
digital signature functions) the encrypted packet streams
received 20 from Demux 7. Decryption and validation may be
selective or optional according to the protection requirements
for the Stream.” See id. at 7:15-23.
Shamoon further discloses that “Control Block 13 stores control
messages which may be received through Control Stream 6
and/or may be water marked into or Steganographically
encoded in other streams, including Audio Stream 4 and Video
Stream 5. One control message format is illustrated by FIG. 5,
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com

1.k. deciphering a frame key for each
partially encrypted frame using the
cryptographic material for each partially
encrypted frame to produce a frame key
for each partially encrypted frame;
1.l. decrypting the encrypted portion of
each partially encrypted frame based upon
the frame key for each partially encrypted
frame using the video decoder;
which shows Control Message 501. Control Message 501 is
made up of Header 502 and Message 503. Header 502 consists
of Field 508, which includes a bit pattern identifying the
following information as a header; Stream Type Field 509,
which identifies this as a header for the organization stream; ID
Field 504, which identifies this particular control message:
Pointer Field 505, which identifies those ESs which are
controlled by this message.” See id. at 6:29-41
Shamoon discloses that “Since Cryptographic Key 1209 can
only be accessed and used through compliance with Rules 1206,
however, Rules 1206 in fact indirectly control the governed
streams, since those streams can only be decrypted through use
of the key, which can only be obtained in compliance with the
rules.” See id. at 15:1-6.
Shamoon further discloses that “In Step 606, Control Block 13
looks up the ES. ID and determines that the ES. ID is associated
with a particular control message. In Step 611, Control Block
13 uses the time stamp information to choose among control
messages, if there is more than one control message associated
with a particular ES. In Step 607, Control Block 13 accesses the
appropriate control message, and obtains a cryptographic key or
keys for decryption and/or validation. In Step 608, Control
Block 13 passes the cryptographic key(s) along Control Line 15
to AV Stream Controller 18. In Step 609, AV Stream Controller
18 uses the cryptographic key as an input to Cryptographic
Engine 20, which decrypts and/or validates the packets
following the header as those packets are received from Demux
7. In Step 610, the decrypted packets are then passed to AV
Block 9, which decompresses and processes them in a
conventional manner.” See id. at 8:22-34.
Shamoon discloses that the “Content provider 2902 provides to
control module 2904 a digital bit stream that includes content,
which is encrypted at least in part, and a secure container
including control information designed to control use of the
content. The control information includes at least one key
suitable for decryption of at least a portion of the content.” See
id. at 57:16-22.
Shamoon further discloses that “In Step 607, Control Block 13
accesses the appropriate control message, and obtains a
cryptographic key or keys for decryption and/or validation. In
Step 608, Control Block 13 passes the cryptographic key(s)
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com

1.m. decoding each decrypted frame for
rendering on a display device using the
video decoder.
along Control Line 15 to AV Stream Controller 18. In Step 609,
AV Stream Controller 18 uses the cryptographic key as an input
to Cryptographic Engine 20, which decrypts and/or validates
the packets following the header as those packets are received
from Demux 7. In Step 610, the decrypted packets are then
passed to AV Block 9, which decompresses and processes them
in a conventional manner.” See id. at 8:24-34.
Shamoon discloses that “these streams are fed into respective
processing elements (e.g., AVO Decode 2307, Scene Descriptor
Graph 2306, Object Descriptors 2308). The AVOs are the
multimedia content streams such as audio, video, synthetic
graphics and so on. They are processed by the player's
compression/coding Subsystems.” See id. at 54:27-33.
Shamoon further discloses that “The CMPS passes the
decrypted ESs to the MPEG-4 buffers. The normal process of
MPEG-4 decoding, compositing and rendering then takes
place.” See id. at 40:25-27.
Shamoon also discloses that “Control Line 16 from FIG. 1
comes into play once information has been passed from
Organization Block 8 and AV Block 9 to Composite Block 11,
and the finished work is prepared for rendering through
Rendering Device 12.” See id. at 8:54-57.
PATROLL – Prior Art Crowdsourcing
http://patroll.unifiedpatents.com