Case 3:17-cv-05659-WHA Document 408-1 Filed 03/28/19 Page 1 of 5
`
`
`
`PAUL ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`KRISTOPHER KASTENS (State Bar No. 254797)
`kkastens@kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`SAN FRANCISCO DIVISION
`
`FINJAN, INC., a Delaware Corporation,
`
`
`
`
`
`
`Plaintiff,
`
`v.
`
`
`JUNIPER NETWORKS, INC., a Delaware
`Corporation,
`
`
`Defendant.
`
`
`
`Case No.: 3:17-cv-05659-WHA
`
`DECLARATION OF DR. NENAD
`MEDVIDOVIĆ IN SUPPORT OF
`PLAINTIFF FINJAN, INC.’S OPPOSITION
`TO DEFENDANT JUNIPER NETWORKS,
`INC.’S MOTION TO STRIKE THEORIES
`FROM FINJAN’S MOTION FOR SUMMARY
`JUDGMENT, AND MOTION TO AMEND
`
`May 2, 2019
`Date:
`8:00 a.m.
`Time:
`Courtroom: Courtroom 12, 19th Floor
`Before:
`Hon. William Alsup
`
`
`
`
`
`MEDVIDOVIĆ DECL. IN SUPPORT OF FINJAN’S OPP.
`TO JUNIPER’S MOTION TO STRIKE THEORIES FROM
`FINJAN’S MOTION FOR SUMMARY JUDGMENT
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 408-1 Filed 03/28/19 Page 2 of 5
`
`
`
`I, Nenad Medvidović, hereby declare that:
`
`1.
`
`I make this Declaration based upon my own personal knowledge, information, and belief,
`
`and I would and could competently testify to the matters set forth herein if called upon to do so.
`I.
`
`BACKGROUND, EXPERIENCE AND QUALIFICATIONS
`
`2.
`
`I received a Bachelor of Science (“BS”) degree, Summa Cum Laude, from Arizona State
`
`University’s Computer Science and Engineering department.
`
`3.
`
`I received a Master of Science (“MS”) degree from the University of California at
`
`Irvine’s Information and Computer Science department.
`
`4.
`
`I received a Doctor of Philosophy (“PhD”) degree from the University of California at
`
`Irvine’s Information and Computer Science department. My dissertation was entitled, “Architecture-
`
`Based Specification-Time Software Evolution.”
`
`5.
`
`I am employed by the University of Southern California (“USC”) as a faculty member in
`
`the Computer Science Department, and have been since January 1999. I currently hold the title of
`
`Professor with tenure. Between January 2009 and January 2013, I served as the Director of the Center
`
`for Systems and Software Engineering at USC. Between July 2011 and July 2015, I served as my
`
`Department’s Associate Chair for PhD Affairs.
`
`
`6.
`
`I am very familiar with and have substantial expertise in the area of software systems
`
`development/software engineering, software architecture, software design, and distributed systems.
`
`7.
`
`I have over 25 years of research experience that has spanned a wide range of issues
`
`pertaining to large, complex, distributed software systems. This research has included security and trust
`
`as significant components. As one example, my research has resulted in a new technique that deploys a
`
`software system on a set of distributed computers in a manner that optimizes that system’s “non-
`
`functional” characteristics, including efficiency, scalability, resource consumption, reliability, as well as
`
`security. As another example, motivated by the frequent vulnerability of distributed systems to
`
`malicious adversaries, I have developed, published, and eventually patented a novel technique for
`
`ensuring system security and data privacy in open computer networks. I have recently developed a tool
`
`for protecting Android users from security vulnerabilities originating from remotely downloaded
`
`1
`MEDVIDOVIĆ DECL. IN SUPPORT OF FINJAN’S OPP.
`TO JUNIPER’S MOTION TO STRIKE THEORIES FROM
`FINJAN’S MOTION FOR SUMMARY JUDGMENT
`
` CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 408-1 Filed 03/28/19 Page 3 of 5
`
`
`
`applications. A paper describing the tool won the “best tool-paper” award at a recent major software
`
`engineering conference. I have co-authored a widely adopted textbook on software system
`
`architectures, in which several chapters deal with the issue of security and one entire chapter is
`
`specifically dedicated to security and trust.
`
`
`8.
`
`My rate of compensation for my work in this case is $650 per hour plus any direct
`
`expenses incurred. My compensation is based solely on the amount of time that I devote to activity
`
`related to this case and is in no way affected by any opinions that I render. I receive no other
`
`compensation from work on this action. My compensation is not dependent on the outcome of this
`
`matter.
`II. MATERIALS REVIEWED
`
`9.
`I have reviewed and relied on the documents cited herein, including U.S. Patent No.
`
`8,141,154 (the “’154 Patent”).
` My opinions below are from the perspective of a person of ordinary skill in the art
`
`10.
`
`(POSITA). Based on review of the ‘154 Patent and consideration of the abovementioned factors, it is
`
`my opinion that a POSITA at the time of the invention of the ‘154 Patent would be a person with a
`
`Bachelor’s degree in computer science or a related academic field, and either (1) two or more years of
`
`industry experience and/or (2) an advanced degree in computer science or a related academic field. In
`
`forming my opinions in this declaration, I have considered the issues from the perspective of a
`
`hypothetical POSITA.
`III. TECHNICAL BACKGROUND
`A.
`“HTTP://” First Function
`
`11.
`
`HTTP is an application layer protocol as understood in the context of Internet protocol
`
`suite. An HTTP function is the calling of the HTTP protocol send or receive content on the Internet, and
`
`may also be included in HTTP content that is received from a remote webserver.
`
`
`The inputs or resources for HTTP are identified and located on the network by Uniform
`
`12.
`
`Resource Locators (URLs), using the Uniform Resource Identifiers (URI's) schemes HTTP and HTTPS.
`
`URIs and hyperlinks in HTML documents form interlinked hypertext documents. See
`
`2
`MEDVIDOVIĆ DECL. IN SUPPORT OF FINJAN’S OPP.
`TO JUNIPER’S MOTION TO STRIKE THEORIES FROM
`FINJAN’S MOTION FOR SUMMARY JUDGMENT
`
` CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 408-1 Filed 03/28/19 Page 4 of 5
`
`
`
`https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol.
`
`
`13.
`
`There are a number of ways that the HTTP function may be implemented or invoked.
`
`For example, a technique known as “redirection” uses the HTTP function. In particular, the HTTP
`
`function is used for “redirection,” where a user is redirected to a URL link in an HTTP function.
`
`
`This can be seen in the Wikipedia page for redirection, where a redirection to a URL
`
`14.
`
`would involve the encoding the function of http:// and the URL that the person is directed to.
`
`
`
`
`
`
`
`
`
`
`
`
`
`See https://en.wikipedia.org/wiki/URL_redirection.
`
`
`15.
`
`In another example, the reference to a “payload” function that downloads a payload from
`
`a particular web source is through an HTTP function. In this example, the HTTP function would
`
`identify a file to be downloaded to the system.
` When content in a network communications includes a URL/IP address it is understood
`
`16.
`
`that this is a call to open the link denoted by the “http://” prefix, where the link is naturally associated
`
`with an HTTP function for communication with the URL/IP address (such as an HTTP. GET request).
`
`The input associated with the call is the address of a site (such as “example.com/malware.exe”) as
`
`indicated through an URL or IP address.
` When content in a network communications include a call to a function such as an
`
`17.
`
`unescape(), eval(), or document. write() function or iframe code (e.g., the form of “<iframe
`
`src="URL"></iframe>”), the function may refer to an URL/IP address in an obfuscated form. The
`
`URL/IP address (regardless of whether it is in its obfuscated or original form) is considered as an
`
`“input” associated with the call to open the link denoted by the “http://” prefix, where the link is
`
`naturally associated with an HTTP function for communication with the URL/IP address (such as an
`
`3
`MEDVIDOVIĆ DECL. IN SUPPORT OF FINJAN’S OPP.
`TO JUNIPER’S MOTION TO STRIKE THEORIES FROM
`FINJAN’S MOTION FOR SUMMARY JUDGMENT
`
` CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 408-1 Filed 03/28/19 Page 5 of 5
`
`
`
`HTTP. GET request).
`
`
`18.
`
`In reference to network content that includes URLs, URI, and IP addresses, a POSITA
`
`would understand “http://” to be the function taking this content.
`
`19.
`
`Likewise, references to JavaScript and iframes, a POSITA would understand “http://” as
`
`a function used for directing the network connection.
`B.
`20.
`
`“Whitelisting”
` Whitelisting is a known technique where, for example, a file hash and/or URL/IP address
`
`of a clean file is added to a whitelist. Whitelisting is often understood to be result of a security system
`
`or computer indicating that using or invoking the content is safe. It is understood that one way to
`
`accomplish this is by finishing the processing and marking the object as “clean” or otherwise allow the
`
`communications based on the reputation look up or based on the result from an analysis.
`
` declare under penalty of perjury of the United States of America that the foregoing is true and
`
` I
`
`correct. Executed on March 28, 2019, in Manhattan Beach, California.
`
`
`
`
`
`____________________________________
` Nenad Medvidovic, Ph.D.
`
`4
`MEDVIDOVIĆ DECL. IN SUPPORT OF FINJAN’S OPP.
`TO JUNIPER’S MOTION TO STRIKE THEORIES FROM
`FINJAN’S MOTION FOR SUMMARY JUDGMENT
`
` CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`