Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 1 of 20
`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 1 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`REDACTED VERSION OF DOCUMENT SOUGHTTO BE SEALED
`
`(cid:40)(cid:91)(cid:75)(cid:76)(cid:69)(cid:76)(cid:87)(cid:3)(cid:37)(cid:3)
`Exhibit B
`(cid:11)(cid:53)(cid:72)(cid:71)(cid:68)(cid:70)(cid:87)(cid:72)(cid:71)(cid:12)(cid:3)
`(Redacted)
`
`

`

`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 2 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`HIGHLY CONFIDENTIAL - SOURCE CODEHIGHLY CONFIDENTIAL - SOURCE CODE
`
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019 Pages 2..5
`Page 2
`Page 4
`
`·1· ·APPEARANCES:
`
`·1· ·EXHIBITS FOR IDENTIFICATION: (continued)
`
`·2
`
`·2· ·Mitzenmacher· · · · Description· · · · · · · · Page
`
`·3· · · ·Kramer Levin Naftalis & Frankel LLP
`
`·3· ·Exhibit 2322· · JNPR-FNJN_29017_00552892 -· · ·130
`
`·4· · · ·By:· Michael H. Lee, Esq.
`
`·4· · · · · · · · · ·JNPR-FNJN_29017_00552907
`
`·5· · · ·990 Marsh Road
`
`·6· · · ·Menlo Park, CA· 94025
`
`·7· · · ·(650) 752-1700
`
`·8· · · ·mhlee@kramerlevin.com
`
`·5· ·Exhibit 2323· · FINJAN-JN 044887 -· · · · · · ·131
`
`·6· · · · · · · · · ·FINJAN-JN 045068
`
`·7· ·Exhibit 2324· · Source code: pages 153-155· · ·142
`
`·8· ·Exhibit 2325· · Source code: pages 126-132· · ·142
`
`·9· · · · · · · · · ·for the Plaintiff and the Witness;
`
`·9· ·Exhibit 2326· · Source code: pages 143-152· · ·142
`
`10
`
`11· · · ·Irell & Manella LLP
`
`12· · · ·By:· Rebecca Carson, Esq.
`
`13· · · ·840 Newport Center Drive, Suite 400
`
`14· · · ·Newport Beach, CA· 92660-6324
`
`15· · · ·(617) 760-0991
`
`16· · · ·rcarson@irell.com
`
`17· · · · · · · · · ·for the Defendant.
`
`18
`
`19· ·Also Present:· Paul Martin, Ph.D., Harbor Labs
`
`20· · · · · · · · · Robert Giannini, Video Operator
`
`21
`
`22
`
`23
`
`24
`
`25
`
`10· ·Exhibit 2327· · JNPR-FNJN_29017_00552908 -· · ·153
`
`11· · · · · · · · · ·JNPR-FNJN_29017_00552915
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24· ·Original exhibits retained by reporter to be
`
`25· ·returned to Irell & Manella
`
`·1· · · · · · · · · · · · I N D E X
`
`·2
`
`·3· ·WITNESS:· Michael David Mitzenmacher, Ph.D.
`
`·4
`
`Page 3
`
`·5· ·EXAMINATION· · · · · · · · · · · · · · · · · · Page
`
`·6· · · ·By Ms. Carson· · · · · · · · · · · · · · · · 6
`
`·7· · · · · · · · · · AFTERNOON SESSION
`
`·8· · · ·By Ms. Carson· · · · · · · · · · · · · · · ·62
`
`·9
`
`10· ·EXHIBITS FOR IDENTIFICATION:
`
`11· ·Mitzenmacher· · · · Description· · · · · · · · Page
`
`12· ·Exhibit 2315· · Witness's 2/12/19 expert· · · · ·7
`
`13· · · · · · · · · ·declaration
`
`14· ·Exhibit 2316· · FINJAN-JN 002025 -· · · · · · · 13
`
`15· · · · · · · · · ·FINJAN-JN 002040
`
`16· ·Exhibit 2317· · JNPR-FNJN_29040_01042912 -· · · 56
`
`17· · · · · · · · · ·JNPR-FNJN_29040_01042915
`
`18· ·Exhibit 2318· · JNPR-FNJN_29017_00552579 -· · · 56
`
`19· · · · · · · · · ·JNPR-FNJN_29017_00552594
`
`20· ·Exhibit 2319· · Source code: pages 342-344,· · ·62
`
`21· · · · · · · · · ·379-380, 449, 453-454, 508-510,
`
`22· · · · · · · · · ·515, 518, 586-589, 679-680,
`
`23· · · · · · · · · ·683, 701, 720-722, 728, 738
`
`24· ·Exhibit 2320· · Source code: pages 409-411· · · 74
`
`25· ·Exhibit 2321· · Source code: pages 686-687· · ·119
`
`Page 5
`
`·1· · · · · · · ·THE VIDEO OPERATOR:· Good morning.
`·2· ·We are on the record.· This is the videographer
`·3· ·speaking, Bob Giannini, with court reporter Kim
`·4· ·Smith with Epiq Court Reporting.· Today's date is
`·5· ·March 4, 2019.· The time is 11:21 a.m.
`·6· · · · · · · ·We are here at the Sheraton Boston,
`·7· ·located at 39 Dalton Street, Boston, Massachusetts,
`·8· ·to take the videotaped deposition of Dr. Michael
`·9· ·Mitzenmacher, in the matter of Finjan, Inc. vs.
`10· ·Juniper Networks, Inc., Case No. 3:17-cv-05659-WHA.
`11· · · · · · · ·Will counsel please introduce themselves
`12· ·for the record.
`13· · · · · · · ·MS. CARSON:· Rebecca Carson of Irell &
`14· ·Manella on behalf of defendant Juniper Networks.
`15· · · · · · · ·MR. LEE:· Michael Lee from Kramer Levin,
`16· ·representing Finjan and the witness.
`17· · · · · · · ·THE VIDEO OPERATOR:· Will the court
`18· ·reporter please swear in the witness.
`19· · · · · · MICHAEL DAVID MITZENMACHER, Ph.D.,
`20· · · ·having been satisfactorily identified by the
`21· · · ·production of his driver's license, and
`22· · · ·duly sworn by the court reporter, was deposed
`23· · · ·and testified as follows:
`24
`25
`
`
`Epiq Court Reporting Solutions - Woodland HillsEpiq Court Reporting Solutions - Woodland Hills
`
`1-800-826-02771-800-826-0277
`
`www.deposition.comwww.deposition.comYVer1f
`
`

`

`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 3 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`HIGHLY CONFIDENTIAL - SOURCE CODE
`HIGHLY CONFIDENTIAL - SOURCE CODE
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019 Pages 6..9
`Page 8
`Page 6
`
`·1· · · · · · · · · · · ·EXAMINATION
`·2· ·BY MS. CARSON:
`·3· · · ·Q.· Could you please state your name for the
`·4· ·record.
`·5· · · ·A.· Michael David Mitzenmacher.
`·6· · · ·Q.· And you're an expert for Finjan in this
`·7· ·matter; is that correct?
`·8· · · ·A.· Yes.
`·9· · · ·Q.· You understand you've just taken an oath to
`10· ·tell the truth, correct?
`11· · · ·A.· Yes.
`12· · · ·Q.· Is there any reason you can't give full and
`13· ·accurate testimony today?
`14· · · ·A.· I don't believe so.
`15· · · ·Q.· Did you do anything to prepare for your
`16· ·deposition today?
`17· · · ·A.· I met with counsel yesterday.
`18· · · ·Q.· Did you do anything else?
`19· · · ·A.· No, not really.
`20· · · ·Q.· Did you review any documents?
`21· · · ·A.· With counsel, we went over the -- my report
`22· ·and the patent.
`23· · · ·Q.· Any other documents?
`24· · · ·A.· I think we focused on that.
`25· · · ·Q.· You submitted a declaration concerning the
`
`·1· ·there was some page limit for the total thing.
`·2· · · ·Q.· So you're just saying this was the
`·3· ·declaration that reflects your opinions, but you
`·4· ·relied on the exhibits cited therein; is that fair?
`·5· · · ·A.· Yes.
`·6· · · ·Q.· Could you take a look at paragraph 1.
`·7· · · ·A.· Sure.
`·8· · · ·Q.· In paragraph 1, you list in the last
`·9· ·sentence the documents that you relied on in forming
`10· ·your opinions, correct?
`11· · · ·A.· Yes.
`12· · · ·Q.· Is there anything that you relied on in
`13· ·forming your opinions that is not included in
`14· ·paragraph 1 or otherwise cited in your report as an
`15· ·exhibit?
`16· · · ·A.· Not that I can recall at the moment.
`17· · · ·Q.· Do you recall if you reviewed the
`18· ·deposition transcript for Khurram Isla?· And that's
`19· ·K-h-u-r-r-a-m, and then the last name is Isla,
`20· ·I-s-l-a.
`21· · · ·A.· I would have to go back and check.· I can't
`22· ·recall specifically.
`23· · · ·Q.· Now, you say in paragraph 1 that you relied
`24· ·on the source code.
`25· · · · · · · ·Do you see that?
`
`Page 7
`
`·1· ·'154 patent, correct?
`·2· · · ·A.· Yes.
`·3· · · ·Q.· How long did you spend preparing that
`·4· ·declaration?
`·5· · · ·A.· I would have to go back and check.· I can't
`·6· ·recall.· It was on the shorter side, so I remember
`·7· ·like 30-40 hours.· It might have been more than
`·8· ·that.· I'd have to go back and check.
`·9· · · · · · · ·MS. CARSON:· Could you please mark that
`10· ·as 2315.
`11· · · · · · · · · · ·(Mitzenmacher Exhibit 2315 was
`12· · · · · · · · · · ·marked for identification.)
`13· ·BY MS. CARSON:
`14· · · ·Q.· The court reporter has handed you a
`15· ·document that's been marked as Exhibit 2315.· Is
`16· ·that the declaration you submitted in this matter
`17· ·related to the '154 patent?
`18· · · ·A.· It appears so.· I believe my understanding
`19· ·is there is additional material -- or documents. I
`20· ·don't know if that counts as part of the declaration
`21· ·itself or separate.
`22· · · ·Q.· What do you mean by "additional material or
`23· ·documents"?
`24· · · ·A.· I remember talking with counsel that like
`25· ·the documents that I cited within were added on, and
`
`Page 9
`
`·1· · · ·A.· Yes.
`·2· · · ·Q.· Did you go review the source code in
`·3· ·connection with forming your opinions related to the
`·4· ·'154 patent?
`·5· · · ·A.· Yes.
`·6· · · ·Q.· When did you do that?
`·7· · · ·A.· That was some time ago.· I recall it was
`·8· ·early on.· So it was sometime last year, as I
`·9· ·recall.· I went for, I think initially two days, and
`10· ·then I either went back for a third day, stayed for
`11· ·a third day.
`12· · · ·Q.· And that was when you were putting together
`13· ·your declaration on the '780 patent in the first
`14· ·round of the patent showdown proceedings; is that
`15· ·fair?
`16· · · ·A.· Yes, that's my recollection.
`17· · · ·Q.· When you reviewed the source code during
`18· ·that time, were you specifically focused on the
`19· ·'154 patent as well?
`20· · · ·A.· I think I was focused on all the patents at
`21· ·issue.· So I believe I knew that I was going to
`22· ·potentially be doing the '154 patent at a later
`23· ·time.
`24· · · ·Q.· When did you start putting together your
`25· ·declaration for the '154 patent?
`
`Epiq Court Reporting Solutions - Woodland Hills
`Epiq Court Reporting Solutions - Woodland Hills
`1-800-826-0277
`www.deposition.com
`1-800-826-0277
`www.deposition.comYVer1f
`
`

`

`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 4 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`HIGHLY CONFIDENTIAL - SOURCE CODEHIGHLY CONFIDENTIAL - SOURCE CODE
`
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019Pages 10..13
`Page 12
`Page 10
`·1· · · ·Q.· Is it common for you to issue infringement
`·2· ·opinions on a product without having actually
`·3· ·reviewed the code in person?
`·4· · · ·A.· Sometimes, yeah.· I've certainly done it in
`·5· ·other cases, including for other clients.
`·6· · · ·Q.· You've served as an expert for Finjan in
`·7· ·other matters, correct?
`·8· · · ·A.· Yes.
`·9· · · ·Q.· Have you ever offered an expert opinion on
`10· ·infringement for the '154 patent before?
`11· · · ·A.· I feel like I probably have.· Like I
`12· ·remember the patent.· So I suspect I have in one or
`13· ·more of the previous cases.· But like I didn't go
`14· ·check that again beforehand, so I can't specifically
`15· ·recall.
`16· · · ·Q.· Did you write your report yourself?
`17· · · ·A.· I would say that I wrote it.· I wrote it in
`18· ·conjunction with counsel.· As usual, there's, you
`19· ·know, back-and-forth where I write things and they
`20· ·edit and they make corrections and then I edit
`21· ·again, and so it sort of cycles through back and
`22· ·forth.
`23· · · ·Q.· What was the general problem that the
`24· ·'154 patent was trying to solve?
`25· · · ·A.· May I ask -- Do you mind giving me a copy
`
`·1· · · ·A.· I'd have to go back and check.· A few
`·2· ·months ago, a couple . . .
`·3· · · ·Q.· Since you started putting together your
`·4· ·declaration for the '154 patent, you haven't gone
`·5· ·and reviewed the source code, correct?
`·6· · · ·A.· I haven't gone back to that site, but I
`·7· ·have reviewed the source code again.
`·8· · · ·Q.· In printed form?
`·9· · · ·A.· Yes.
`10· · · ·Q.· When you reviewed the source code back in,
`11· ·I think it was June of last year, did you print out
`12· ·any portions of code that related to the
`13· ·'154 patent?
`14· · · ·A.· I believe so.· Again, I don't -- we printed
`15· ·out a lot of pages, some of which are cited here.
`16· ·So those pages that I cited here that were from that
`17· ·time are some of what I relied on.
`18· · · ·Q.· Have you spoken to anyone -- Strike that.
`19· · · · · · · ·Have you spoken to any Finjan attorneys
`20· ·about the source code in connection with your
`21· ·'154 patent analysis?
`22· · · ·A.· I believe I've discussed with them, for
`23· ·instance, to decide what would be the best citations
`24· ·of code to go into this declaration.
`25· · · ·Q.· Have you spoken to any of Finjan's other
`
`Page 11
`·1· ·experts or consultants regarding the source code?
`·2· · · ·A.· So not in relation to this declaration.
`·3· ·Honestly like the '780, I can't recall.· I don't
`·4· ·think I talked with them for the source code about
`·5· ·that.· But if we're just talking about the '154,
`·6· ·like this declaration, not that I can recall.
`·7· · · ·Q.· Have you ever reviewed the source code for
`·8· ·the JATP appliance in person on the review computer?
`·9· · · ·A.· No, I don't believe so.· The ATP appliance,
`10· ·I believe that code was presented afterwards.· And
`11· ·so the attorneys had arranged for printouts of some
`12· ·of that code, and I reviewed that.
`13· · · ·Q.· How did you decide what to tell the
`14· ·attorneys to print out from that code?
`15· · · ·A.· I mean, I think we had gone over for the
`16· ·'154 patent, you know, some of the issues related to
`17· ·SRX gateway and Sky ATP.· And so I think we had an
`18· ·understanding of what sort of information or what
`19· ·sort of content we were looking for.
`20· · · · · · · ·In particular, the ATP appliance has
`21· ·some functionalities that I would say are similar in
`22· ·spirit, at least, to the Sky ATP.
`23· · · ·Q.· Who printed out the JATP code for you to
`24· ·review?
`25· · · ·A.· I'm not sure who actually did the printout.
`
`Page 13
`
`·1· ·of the patent?
`·2· · · · · · · ·MS. CARSON:· Sure.· We can mark this as
`·3· ·2516.
`·4· · · · · · · ·THE COURT REPORTER:· 25 or 23?
`·5· · · · · · · ·MS. CARSON:· Oh, 2316.· Sorry.
`·6· · · · · · · · · · ·(Mitzenmacher Exhibit 2316 was
`·7· · · · · · · · · · ·marked for identification.)
`·8· · · · · · · ·THE WITNESS:· So it was discussed, for
`·9· ·instance, in the overview section of my declaration,
`10· ·although I always think, you know, that the patent
`11· ·itself is sort of the best guide.
`12· · · · · · · ·At a very high level, it describes
`13· ·various mechanisms for protecting a computer system
`14· ·from what it refers to as dynamically generated
`15· ·malicious content.
`16· ·BY MS. CARSON:
`17· · · ·Q.· And what was the problem with prior art
`18· ·systems that the '154 patent identified that it was
`19· ·trying to solve?
`20· · · ·A.· Again, I'd say the patent probably speaks
`21· ·best for it, better than perhaps I can.· But the way
`22· ·I might describe it is that at the time that the
`23· ·patent was written was sort of a beginning of the
`24· ·time when we were starting to see a vast increase of
`25· ·sort of downloaded executable content.
`
`
`Epiq Court Reporting Solutions - Woodland HillsEpiq Court Reporting Solutions - Woodland Hills
`
`1-800-826-02771-800-826-0277
`
`www.deposition.comwww.deposition.comYVer1f
`
`

`

`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 5 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`HIGHLY CONFIDENTIAL - SOURCE CODEHIGHLY CONFIDENTIAL - SOURCE CODE
`
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019Pages 14..17
`Page 14
`Page 16
`·1· · · · · · · ·And so I'd say that prior art systems
`·1· ·you know, potentially prevent the invoking of a
`·2· ·generally had problems or issues dealing with that,
`·2· ·second function with certain inputs based on whether
`·3· ·that they weren't prepared for that sort of threat.
`·3· ·it was found that that was secure or not, or safe or
`·4· · · · · · · ·And so this was coming up with new
`·4· ·not.
`·5· ·methods and mechanisms to deal with that sort of
`·5· · · ·Q.· Could you take a look at paragraph 5 of
`·6· ·specific threat that had not really been a major
`·6· ·your declaration.
`·7· ·concern prior.
`·7· · · ·A.· Sure.
`·8· · · ·Q.· What were some of the problems that the
`·8· · · ·Q.· This paragraph relates to your
`·9· ·prior art systems had with dealing with that
`·9· ·understanding of claim construction; is that fair?
`10· · · ·A.· Yes.
`10· ·particular situation?
`11· · · · · · · ·MR. LEE:· Objection, form.
`11· · · ·Q.· Are you offering any opinions about the
`12· · · · · · · ·THE WITNESS:· I might have to go back
`12· ·claim construction of the terms in this case?
`13· ·and look specifically at various parts of prior art.
`13· · · ·A.· I don't think I have directly in this
`14· ·I mean, since I was focused on infringement, I
`14· ·declaration that I can recall.· If I'm asked to with
`15· ·didn't study all the prior art.
`15· ·regard to later hearings or proceedings, then I
`16· · · · · · · ·But my understanding of -- or my
`16· ·would.· But I don't believe I've been asked to do
`17· ·recollection both at the time and my recollection
`17· ·that yet.
`18· ·from reviewing the patent and some of the related
`18· · · ·Q.· Your opinion in this case is limited to
`19· ·materials is that, again, the problem was simply
`19· ·infringement, correct?
`20· ·that this was a new attack vector that wasn't
`20· · · ·A.· Yes.
`21· ·prepared for.
`21· · · ·Q.· You're not offering an opinion on the
`22· · · · · · · ·So particularly with dynamically
`22· ·validity of the '154 patent, correct?
`23· ·generated content, most of prior work was focused on
`23· · · ·A.· No, I don't believe so.
`24· ·a type of static analysis, so it would look for
`24· · · ·Q.· In paragraph 5, you state that you
`25· ·certain, say, specific strings or specific
`25· ·"considered both parties' proposed constructions of
`
`Page 15
`
`·1· ·structures in the code.
`·2· · · · · · · ·So generally for it to do a static
`·3· ·analysis, and with dynamically generated executable
`·4· ·code, there would be ways of hiding that or, you
`·5· ·know, bringing down the attack vector in ways that
`·6· ·were not previously expected.
`·7· · · · · · · ·That is, they might not arrive as
`·8· ·executables, .exe files or specific types of
`·9· ·executables that the computer was expecting.· That
`10· ·might come in settings where it was executable code
`11· ·being downloaded into a browser or other structure.
`12· ·BY MS. CARSON:
`13· · · ·Q.· What was the solution that was proposed by
`14· ·the '154 patent?
`15· · · ·A.· So I would say that there are, I guess, a
`16· ·variety of solutions embodied by the different sorts
`17· ·of claims.· I'd say this is outlined a bit in the
`18· ·summary of the invention section where it discusses
`19· ·multiple different types of solutions or embodiments
`20· ·of the type of solution that it was thinking of.
`21· · · · · · · ·You know, I would say that of specific
`22· ·interest for my declaration was the type of solution
`23· ·outlined in claim 1 since that was the focus of my
`24· ·infringement analysis for this declaration, which
`25· ·involved in some way using a security computer to,
`
`Page 17
`·1· ·disputed terms and applied the plain and ordinary
`·2· ·meaning for all other terms."
`·3· · · · · · · ·Do you see that?
`·4· · · ·A.· Yes.
`·5· · · ·Q.· What is your understanding of the plain and
`·6· ·ordinary meaning of "function"?
`·7· · · ·A.· So I would typically say that function is
`·8· ·something that takes an input and produces some form
`·9· ·of output.· In the case of computer programming, you
`10· ·know, that's a more mathematical definition.
`11· · · · · · · ·When I'm talking about input and output,
`12· ·we should understand them as, you know, perhaps
`13· ·actions within the computer.
`14· · · ·Q.· So what is the plain and ordinary meaning
`15· ·of the term "input"?
`16· · · ·A.· An input is something that, for instance,
`17· ·you provide to a function which may or may not be
`18· ·used to decide how the function operates or acts.
`19· · · · · · · ·I'd just like to say, again, these are
`20· ·sort of off the top of my head.· You know, if I
`21· ·thought about them more, I might change the specific
`22· ·wording or so on.· But these are sort of the rough
`23· ·meanings that I would take for plain and ordinary
`24· ·meaning off the top of my head in the answer to your
`25· ·question.
`
`
`Epiq Court Reporting Solutions - Woodland HillsEpiq Court Reporting Solutions - Woodland Hills
`
`1-800-826-02771-800-826-0277
`
`www.deposition.comwww.deposition.comYVer1f
`
`

`

`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 6 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`HIGHLY CONFIDENTIAL - SOURCE CODEHIGHLY CONFIDENTIAL - SOURCE CODE
`
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019Pages 18..21
`Page 18
`Page 20
`·1· · · ·Q.· What is the plain and ordinary meaning of
`·2· ·"invoking a function"?
`·3· · · · · · · ·MR. LEE:· Objection, form.
`·4· · · · · · · ·THE WITNESS:· Generally I'd say if
`·5· ·you're invoking a function, you are, you know,
`·6· ·calling or starting, otherwise attempting to
`·7· ·initiate execution of that function.
`·8· ·BY MS. CARSON:
`·9· · · ·Q.· Can you invoke a function without executing
`10· ·it?
`11· · · ·A.· You can certainly attempt to invoke a
`12· ·function, right.· There may be other issues or other
`13· ·aspects that attempt to block the function or
`14· ·prevent it from executing.
`15· · · ·Q.· Can you actually invoke a function without
`16· ·executing it?
`17· · · · · · · ·MR. LEE:· Objection, form.
`18· · · · · · · ·THE WITNESS:· I think I would give sort
`19· ·of the same answer.
`20· ·BY MS. CARSON:
`21· · · ·Q.· Well, the answer before was that you could
`22· ·attempt to invoke it without executing it.· So I'm
`23· ·trying to take the "attempt" out.
`24· · · · · · · ·Can you actually invoke a function
`25· ·without executing it?
`
`·1· ·to execute files?
`·2· · · ·A.· I would not think so.
`·3· · · ·Q.· Is there a difference between a content
`·4· ·processor and a content inspector?
`·5· · · · · · · ·MR. LEE:· Objection, form.
`·6· · · · · · · ·THE WITNESS:· I would say a content
`·7· ·inspector, might think of as being limited to
`·8· ·inspecting.· But I would say that one of the things
`·9· ·a content processor, I would expect or not be
`10· ·surprised for it to do is inspect the content.
`11· ·BY MS. CARSON:
`12· · · ·Q.· Was it your understanding that a content
`13· ·processor is something that's included on a client
`14· ·computer?
`15· · · · · · · ·MR. LEE:· Objection, form.
`16· · · · · · · ·THE WITNESS:· I would say that would be
`17· ·one possible location that one could have a content
`18· ·processor.· But it would not, I think, be exclusive
`19· ·to that.
`20· ·BY MS. CARSON:
`21· · · ·Q.· So your analysis was based on an
`22· ·understanding that the content processor could be
`23· ·included on a device other than the client computer;
`24· ·is that fair?
`25· · · ·A.· Yes.
`
`Page 19
`
`·1· · · · · · · ·MR. LEE:· Objection, form.
`·2· · · · · · · ·THE WITNESS:· I mean, actually invoking
`·3· ·would be the attempt.· So I don't think your change
`·4· ·in question changes my answer.
`·5· ·BY MS. CARSON:
`·6· · · ·Q.· Is there a difference between invoking a
`·7· ·function and executing a function?
`·8· · · ·A.· Again, I would say in certain
`·9· ·circumstances, one would understand that when you
`10· ·invoke a function, you are attempting to initiate or
`11· ·start the execution.
`12· · · · · · · ·The terms are often used
`13· ·interchangeably, depending on the context.· But
`14· ·certainly, you know, you can invoke a function, and
`15· ·the execution might be halted or stalled by other
`16· ·aspects of the system.
`17· · · ·Q.· What was your understanding of what a
`18· ·content processor is?
`19· · · ·A.· I mean, I think again just from the plain
`20· ·and ordinary meaning of the term, it's something
`21· ·that processes content.· The claim language, you
`22· ·know, sort of gives specific aspects of, you know,
`23· ·what the content of the processor in this case is
`24· ·supposed to do.
`25· · · ·Q.· Does the content processor need to be able
`
`Page 21
`·1· · · ·Q.· What was your understanding of the term
`·2· ·"safe"?
`·3· · · ·A.· I would say it's the plain and ordinary
`·4· ·meaning in the context of computer security.· You
`·5· ·know, I would say like in the context here, "safe"
`·6· ·would be some sort of explicit or implicit
`·7· ·expectation that the corresponding invocation will
`·8· ·not lead to or cause future harm.
`·9· · · · · · · ·Again, I would say that, you know, in
`10· ·the context of computer security, it's understood
`11· ·that "safety" is sort of a relative term or an
`12· ·expectation term.· You know, you can't have
`13· ·100 percent guarantees and have a truly functioning
`14· ·system.
`15· · · ·Q.· Could you turn to paragraph 12 of your
`16· ·report.
`17· · · ·A.· Yes.
`18· · · ·Q.· In paragraph 12, you identify the
`19· ·infringement scenarios that you considered, and you
`20· ·list SRX gateways by themselves, Sky ATP by itself,
`21· ·and ATP appliance by itself.
`22· · · · · · · ·Do you see that?
`23· · · ·A.· Yes.
`24· · · ·Q.· Did you perform any infringement analysis
`25· ·regarding the combination of any of these products?
`
`
`Epiq Court Reporting Solutions - Woodland HillsEpiq Court Reporting Solutions - Woodland Hills
`
`1-800-826-02771-800-826-0277
`
`www.deposition.comwww.deposition.comYVer1f
`
`

`

`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 7 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`HIGHLY CONFIDENTIAL - SOURCE CODEHIGHLY CONFIDENTIAL - SOURCE CODE
`
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019Pages 30..33
`Page 30
`Page 32
`·1· · · ·A.· I don't believe it was necessary for my
`·2· ·analysis that it be specifically as shipped; that is
`·3· ·to say that an SRX that has the capability or setup
`·4· ·that can be used with, say, Sky ATP or ATP appliance
`·5· ·as described within my declaration.
`·6· · · ·Q.· Did you perform any analysis to determine
`·7· ·whether a customer who purchases an SRX device needs
`·8· ·to download any scripts or other code in order to be
`·9· ·able to interact with Sky ATP?
`10· · · ·A.· I don't recall that specifically.· But to
`11· ·be clear, it wouldn't surprise me one way or
`12· ·another.· It is not unusual at all for setup with
`13· ·new hardware devices that, you know, in setting up
`14· ·either specific licenses or in setting up simply the
`15· ·device to have it part of the cloud-based system
`16· ·that one would need to download some sort of
`17· ·additional software as part of that process.
`18· · · ·Q.· But that's not something you confirmed one
`19· ·way or another with respect to SRX and Sky ATP; is
`20· ·that fair?
`21· · · ·A.· Not that I can recall, sitting here.
`22· · · ·Q.· How about with regard to the ATP appliance?
`23· ·Do you know whether a customer -- an SRX customer
`24· ·needs to download any scripts or other code in order
`25· ·to be able to allow the SRX device to communicate
`
`·1· ·is the security computer?
`·2· · · ·A.· The security computer, I discuss multiple
`·3· ·scenarios, but in particular I discuss scenarios
`·4· ·where the security computer is the Sky ATP or the
`·5· ·ATP appliance.
`·6· · · ·Q.· Are there any scenarios other than Sky ATP
`·7· ·or the ATP appliance?
`·8· · · ·A.· Let me check.· I don't recall.· But -- my
`·9· ·recollection is the scenario as I describe, it's Sky
`10· ·ATP or ATP appliance as the security computer.
`11· · · ·Q.· In your SRX infringement theory, what is
`12· ·the first function?
`13· · · ·A.· So I describe, I think, several different
`14· ·first functions.· Starting at paragraph 31, you
`15· ·know, the first function can be a request to simply
`16· ·open a page such as starting with an HTTP prefix.
`17· ·That might be a call which would include a URL or an
`18· ·IP address.
`19· · · · · · · ·The call to a first function can involve
`20· ·some code that was embedded within an HTML or
`21· ·JavaScript script within an HTML, for example, that
`22· ·included terminology or commands that were used to
`23· ·obfuscate, such as unescape or document.write.
`24· · · · · · · ·In those case, those would be considered
`25· ·the functions, although you could also consider the
`
`Page 31
`
`·1· ·with the ATP appliance?
`·2· · · ·A.· And I can't recall but it wouldn't
`·3· ·specifically surprise me one way or the other.
`·4· · · ·Q.· But that's not something that you
`·5· ·specifically analyzed here?
`·6· · · ·A.· I would say that's something that I cannot
`·7· ·recall.· And I don't believe it is mentioned in my
`·8· ·report, although the report will speak for itself.
`·9· · · ·Q.· In your SRX infringement theory, what
`10· ·component of the SRX is the content processor?
`11· · · ·A.· So my discussion of the specific SRX
`12· ·infringement theory is that the SRX itself is the
`13· ·content processor.
`14· · · ·Q.· The whole SRX?
`15· · · ·A.· I would say, you can certainly split up the
`16· ·SRX in different arbitrary ways depending on how you
`17· ·like, but the SRX device is the content processor,
`18· ·it includes software, in particular, that processes
`19· ·content that it receives over the network.
`20· · · · · · · ·In particular, that's mentioned or
`21· ·discussed at paragraph 30 where -- yeah -- the SRX
`22· ·receives network traffic such as Web pages and so on
`23· ·and does various processing of the traffic it
`24· ·receives.
`25· · · ·Q.· And in your SRX infringement theory, what
`
`Page 33
`·1· ·corresponding calls to be functions.· There are
`·2· ·various other related terms that appear with things
`·3· ·like Web pages such as, you know, iframe calls or
`·4· ·commands.
`·5· · · · · · · ·Those are some examples of the first
`·6· ·functions.· I believe I have sort of others in here
`·7· ·as well.
`·8· · · ·Q.· What other ones did you identify?
`·9· · · ·A.· Give me a sec, make sure I can get through.
`10· · · · · · · ·So I think I discuss any sort of calls
`11· ·to access content from a particular URL or
`12· ·destination which can be an IP address, where again
`13· ·that corresponding destination or content -- it
`14· ·could be a direct call or an obfuscated call.
`15· · · · · · · ·In the case of an obfuscated call, then
`16· ·either the call to the content or the corresponding
`17· ·code function, which is performing the obfuscation
`18· ·could be referred to as the first function.
`19· · · ·Q.· Any others?
`20· · · ·A.· Not that I can recall at the moment, but I
`21· ·think the document speaks for itself.
`22· · · ·Q.· I want to start with the first one that you
`23· ·mentioned, which was a request to open a page in
`24· ·HTTP?
`25· · · ·A.· Um-hum.
`
`
`Epiq Court Reporting Solutions - Woodland HillsEpiq Court Reporting Solutions - Woodland Hills
`
`1-800-826-02771-800-826-0277
`
`www.deposition.comwww.deposition.comYVer1f
`
`

`

`Case 3:17-cv-05659-WHA Document 389-9 Filed 03/14/19 Page 8 of 20
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`HIGHLY CONFIDENTIAL - SOURCE CODEHIGHLY CONFIDENTIAL - SOURCE CODE
`
`MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019MICHAEL DAVID MITZENMACHER, PH.D. - 03/04/2019Pages 34..37
`Page 34
`Page 36
`·1· · · ·A.· Yes.· That is the function calling for
`·1· · · ·Q.· Now, just to make sure I'm understanding
`·2· ·content.
`·2· ·what you're saying, are you referring to a situation
`·3· ·where the end user types into the browser "http
`·3· · · ·Q.· And is that function that they enter into
`·4· ·www.google.com"?· Or are you referring to a link
`·4· ·their browser something that's received over the
`·5· ·that's embedded in a sample that's retrieved?
`·5· ·network?
`·6· · · ·A.· So I think either situations would be those
`·6· · · ·A.· I think it's received by the SRX over the
`·7· ·cases where there is a call, you know, to obtain.
`·7· ·network if I'm -- I'm not exactly clear on your
`·8· ·One of the ways that you suggested is that the user
`·8· ·question.
`·9· ·makes a request, and that is processed through SRX.
`·9· · · ·Q.· Is it your position that the HTTP part of
`10· · · · · · · ·But my understanding is that SRX, in
`10· ·the URL -- Strike that.
`11· ·doing its analysis, may find other links or so on
`11· · · · · · · ·Is it your position that the HTTP is
`12· ·that it is invoking or deobfuscating, and that may,
`12· ·part of the URL, or is it a function?
`13· ·in turn, trigger the action of the request for the
`13· · · ·A.· Right.· So I understand in that context
`14· ·security computer.
`14· ·that the HTTP, right, is sort of the invocation or
`15· ·the function, I guess we are calling it here.· That
`15· · · ·Q.· So let's start in the situation where the
`16· ·it's stating what is to be done, right, that is
`16· ·user is entering it, where the end user is either
`17· ·providing a command that says, Go and fetch the
`17· ·entering a website or clicking on a link.· Who is
`18· ·following, where the following is given by, you
`18· ·invoking the function?
`19· · · ·A.· I would say the invocation -- I mean, I
`19· ·know, the URL that -- the rest of the URL that comes
`20· ·think it gets invoked multiple times.· There's an
`20· ·after that part.
`21· ·invocation by the user, but then there's a further
`21· · · ·Q.· Is the HTTP part sent to the SRX with the
`22· ·invocation that we're discussing by the SRX itself.
`22· ·input?
`23· · · · · · · ·So you can view the first function as
`23· · · ·A.· Say some form of it is, yes.· I mean,
`24· ·being the user's call.· You can view the first
`24· ·that's how it's -- yeah, some description or some
`25· ·function as being the SRX call.· I actually think
`25· ·form of it is.· I don't remember the statement or
`
`Page 35
`·1·