Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 1 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`
`
`I.
`
`DECLARATION OF AVIEL D. RUBIN
`
`
`
`I, Aviel D. Rubin, declare as follows:
`
`INTRODUCTION
`1.
`
`I have been retained as an independent expert in this lawsuit by the law firm of
`
`Irell & Manella LLP on behalf of Juniper Networks, Inc. (“Juniper”).
`2.
`
`I submit this Declaration in support of Juniper’s Motion for Summary Judgment
`
`Regarding Claim 1 of U.S. Patent No. 6,804,780 Patent (“Motion”) against Finjan, Inc.
`
`(“Finjan”).
`3.
`
`I understand that Finjan has accused Juniper of infringing claims 1 and 9 of U.S.
`
`Patent No. 6,804,780 (“the ’780 Patent”). See First Amended Complaint (Dkt. No. 88) ¶ 64. I
`
`further understand that Juniper’s Motion is directed to claim 1 of the ’780 Patent (“Claim 1”).
`
`As discussed in detail below, it is my opinion that Juniper does not infringe Claim 1.
`II.
`
`BACKGROUND AND QUALIFICATIONS
`4.
`
`I am being paid at my customary rate of $775 per hour for time spent on this case.
`
`I am also being reimbursed for reasonable and customary expenses. My compensation is not
`
`dependent in any way on the results of the lawsuit or the substance of my testimony.
`5.
`
`I provide below an overview of my background and qualifications. Additional
`
`details of my education and employment history, professional service, patents, publications, and
`
`other testimony are set forth in my current curriculum vitae, which can be found here:
`
`http://avirubin.com/Avi_Rubins_home_page/Vita.html.
`A.
`Education & Career
`
`6.
`
`I received my Ph.D. in Computer Science and Engineering from the University of
`
`Michigan, Ann Arbor in 1994, with a specialty in computer security and cryptographic protocols.
`
`My thesis was titled “Nonmonotonic Cryptographic Protocols” and concerned authentication in
`
`long-running networking operations.
`7.
`
`I am currently employed as Professor of Computer Science at Johns Hopkins
`
`University, where I perform research, teach graduate courses in computer science and related
`
`subjects, and supervise the research of Ph.D. candidates and other students. Courses I have
`
`- 1 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 2 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`taught include Security and Privacy in Computing and Advanced Topics in Computer Security. I
`
`am also the Technical Director of the Johns Hopkins University Information Security Institute,
`
`
`the University’s focal point for research and education in information security, assurance, and
`
`privacy. The University, through the Information Security Institute’s leadership, has been
`
`designated as a Center of Academic Excellence in Information Assurance by the National
`
`Security Agency and leading experts in the field. The focus of my work over my career has been
`
`computer security, and my current research concentrates on systems and networking security,
`
`with special attention to software and network security.
`8.
`
`After receiving my Ph.D., I began working at Bellcore in its Cryptography and
`
`Network Security Research Group from 1994 to 1996. During this period I focused my work on
`
`Internet and Computer Security. While at Bellcore, I published an article titled “Blocking Java
`
`Applets at the Firewall” about the security challenges of dealing with JAVA applets and
`
`firewalls, and a system that we built to overcome those challenges.
`9.
`
`In 1997, I moved to AT&T Labs, Secure Systems Research Department, where I
`
`continued to focus on Internet and computer security. From 1995 through 1999, in addition to
`
`my work in industry, I served as Adjunct Professor at New York University, where I taught
`
`undergraduate classes on computer, network and Internet security issues.
`10.
`
`I stayed at AT&T until 2003, when I left to accept a full time academic position at
`
`Johns Hopkins University. I was promoted to full professor with tenure in April, 2004.
`11.
`
`I serve, or have served, on a number of technical and editorial advisory boards.
`
`For example, I served on the Editorial and Advisory Board for the International Journal of
`
`Information and Computer Security. I also served on the Editorial Board for the Journal of
`
`Privacy Technology. I have been Associate Editor of IEEE Security and Privacy Magazine, and
`
`served as Associate Editor of ACM Transactions on Internet Technology. I am currently an
`
`Associate Editor of the journal Communications of the ACM. I was an Advisory Board Member
`
`of Springer’s Information Security and Cryptography Book Series. I have served in the past as a
`
`member of the DARPA Information Science and Technology Study Group, a member of the
`
`Government Infosec Science and Technology Study Group of Malicious Code, a member of the
`
`- 2 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 3 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`AT&T Intellectual Property Review Team, Associate Editor of Electronic Commerce Research
`
`Journal, Co-editor of the Electronic Newsletter of the IEEE Technical Committee on Security
`
`
`and Privacy, a member of the board of directors of the USENIX Association, the leading
`
`academic computing systems society, and a member of the editorial board of the Bellcore
`
`Security Update Newsletter.
`12.
`
`I have spoken on information security and electronic privacy issues at more than
`
`50 seminars and symposia. For example, I presented keynote addresses on the topics “Security of
`
`Electronic Voting” at Computer Security 2004 Mexico in Mexico City in May 2004; “Electronic
`
`Voting” to the Secure Trusted Systems Consortium 5th Annual Symposium in Washington DC
`
`in December 2003; “Security Problems on the Web” to the AT&T EUA Customer conference in
`
`March, 2000; and “Security on the Internet” to the AT&T Security Workshop in June 1997. I
`
`also presented a talk about hacking devices at the TEDx conference in October 2011 and also
`
`another TEDx talk on the same topic in September 2015.
`13.
`
`I was founder and President of Independent Security Evaluators (ISE), a computer
`
`security consulting firm, from 2005-2011. In that capacity, I guided ISE through the qualification
`
`as an independent testing lab for Consumer Union, which produces Consumer Reports magazine.
`
`As an independent testing lab for Consumer Union, I managed an annual project where we tested
`
`all of the popular anti-virus products. Our results were published in Consumer Reports each year
`
`for three consecutive years.
`14.
`
`I am currently the founder and managing partner of Harbor Labs, a software and
`
`networking consulting firm.
`B.
`Publications
`
`15.
`16.
`
`I am a named inventor on ten U.S. patents in the information security area.
`
`I have also testified before Congress regarding the security issues with electronic
`
`voting machines and in the U.S. Senate on the issue of censorship. I also testified in Congress on
`
`November 19, 2013 about security issues related to the government’s Healthcare.gov web site.
`17.
`
`I am author or co-author of five books regarding information security issues:
`
`Brave New Ballot, Random House, 2006; Firewalls and Internet Security (second edition),
`
`- 3 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 4 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`Addison Wesley, 2003; White-Hat Security Arsenal, Addison Wesley, 2001; Peer-to-Peer,
`
`O’Reilly, 2001; and Web Security Sourcebook, John Wiley & Sons, 1997. I am also the author
`
`
`of numerous journal and conference publications, which are reflected in my CV.
`III. MATERIALS CONSIDERED
`18.
`I have considered information from various sources in forming my opinions.
`
`Besides drawing from over two decades of experience in the computer industry, I also have
`
`reviewed the following documents: (a) the ’780 patent; (b) the prosecution file history (including
`
`IPRs); (c) Finjan’s Infringement Contentions (Exhibits B-1 and B-2); (d) the deposition
`
`transcripts of the Juniper engineers deposed in this matter, and (e) the other documents and
`
`references cited herein (not limited to the excerpt attached submitted with Juniper’s Motion). I
`
`have also reviewed the Declaration of Yuly Nerida Becerra Tenorio and spoken with Raju
`
`Manthena, Principal Engineer at Juniper, about the accused products.
`IV.
`
`LEGAL STANDARDS
`19.
`
`I have been advised that patent claims are reviewed from the point of view of a
`
`hypothetical person of ordinary skill in the art (“POSITA”) at the time of the filing of the patent.
`20.
`
`In my opinion, a POSITA for the ’780 patent would be a person with a Bachelor’s
`
`degree in computer science or related academic fields and three to four years of additional
`
`experience in the field of computer security or equivalent work experience. More education can
`
`substitute for work experience, and vice versa (e.g., a PhD without work experience outside of
`
`the university setting). In arriving at my opinions in this declaration, I have considered the issues
`
`from the perspective of a hypothetical POSITA. This level of skill is approximate and my
`
`opinion would not change if a somewhat lower or higher level of skill were adopted.
`21.
`
`I am informed that patent infringement under 35 U.S.C. § 271(a) consists of
`
`making, using, offering to sell, or selling a patented invention within the United States, or
`
`importing a patented invention into the United States, without authorization.
`22.
`
`I further understand that determining whether there is infringement of a patent
`
`includes two steps. First, each asserted claim must be construed to determine its proper scope
`
`and meaning to a POSITA. Second, I understand that once the scope of the asserted claims has
`
`- 4 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 5 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`been determined, the construed claims are compared with the accused product or service to
`
`
`
`determine whether every limitation of the claims is found. Unless every limitation is present in
`
`
`the accused product or process, there is no infringement. For method claims, I understand that
`
`one infringes by performing each and every step in the patented method.
`23.
`
`I also understand that if literal infringement cannot be established because one or
`
`more elements are not literally present in an accused product or process, a product or process
`
`may nevertheless be found to infringe under the doctrine of equivalents. For infringement under
`
`the doctrine of equivalents, I understand that each accused product or process must contain an
`
`element at least equivalent to each and every limitation of the asserted claim. I also understand
`
`that one may, but is not required to, use the “function-way-result” test to determine equivalence.
`
`Under the function-way-result test, I understand that an inquiry is made into whether the accused
`
`product or service performs substantially the same function in substantially the same way to
`
`achieve the substantially same result as the claim element.
`V.
`
`STATE OF THE ART
`24.
`A “hashing function” is a mathematical operation that has been well-known since
`at least since the 1970s. See, e.g., Ex. 13 at, e.g., 507-08.1 At its most generic level, a hashing
`function is used to deterministically map an input to an output of a given size, known as a
`
`“hash.” Typically, hashing functions are designed to minimize “collisions,” meaning that each
`
`input hashes to a unique output. Additionally, in computer science applications, hash functions
`
`are expected to be non-invertible, meaning that it is computationally impractical to determine an
`
`input given only the corresponding hash. One corollary of this non-invertible property is that
`
`minor changes to an input produce drastically different hashes.
`25.
`
`Several hashing functions were well-known known by the 1990s, including the
`
`MD5 and SHA1 hashing functions. See, e.g., U.S. Patent No. 5,638,446 (filed Aug. 28, 1995) at
`
`4:59-61 (“a one-way hash function known in the art as MD-5 (Rivest, R., ‘The md5 message
`
`digest algorithm’, RFC 1321 (April 1992)”); U.S. Patent No. 5,815,709 (filed Apr. 23, 1996) at
`
`
`1 Citations to “Ex. __” refer to the Exhibits attached to the Declaration of Rebecca
`Carson.
`
`- 5 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 6 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`7:39-40 (“Secure hashing algorithms such as the NISTA SHA…”). Another common hashing
`
`function is the SHA256 hashing function, developed by the U.S. National Security Agency, just
`
`
`like the SHA1 hashing function.
`26.
`
`The table below shows the MD5 Hash result for the words “Example” and
`
`“example,” which produce entirely different hashes even though the change in the input was
`
`relatively minor:
`
`Input
`
`MD5 Hash
`
`Example
`
`02fb126282cb0d596a9052bc21948326
`
`example
`
`ddce269a1e3d054cae349621c198dd52
`
`27.
`
`The table below illustrates that, even though hashing functions may have similar
`
`functions and properties, their results can differ dramatically. I have compared the hash of the
`
`same input—the word “Example”—to two different hashing functions, the MD5 and SHA256:
`
`Hashing
`Function
`MD5
`
`SHA256
`
`Hash of “Example”
`
`02fb126282cb0d596a9052bc21948326
`
`d029f87e3d80f8fd9b1be67c7426b4cc1ff47b4a9d0a8461c826a59d8c5eb6cd
`
`28.
`
`These useful properties of hashing functions led to their routine use in a number
`
`of different ways in computer science and security, including data integrity, authentication, and
`
`data fingerprinting (e.g., antivirus checks). See, e.g., U.S. Patent No. 5,638,446.
`29. With respect to authentication, for example, publication of a file’s hash allowed a
`
`user who downloaded the file to independently confirm that the file was downloaded correctly.
`
`If the hash of the file as calculated by the user did not match the published hash, then there had
`
`obviously been some error or other issue in transmission.
`30.
`
`In light of the authentication use case described above, the benefit of using a hash
`
`as a file’s ID was well-known before the earliest claimed priority date of the ‘780 patent. In
`
`fact, the benefits of using a hash as a file’s ID were so well-known that hash identifiers were
`
`proposed as a candidate Uniform Resource Name as the Internet was being developed. See Ex.
`
`14 at 5-6.
`
`- 6 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 7 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`31.
`
`Using a hash ID for “fingerprinting” was also well-known, particularly with
`
`respect to antivirus analyzers that would typically compare a file’s unique hash (hence
`
`
`“fingerprint) to a list of hashes for known malware. See, e.g., U.S. Patent No. 5,685,875 (filed
`
`Oct. 21, 1994) at 1:46-49 (“well-known method of detecting viruses calculates so-called
`
`‘fingerprints’ of files containing executable programs. Such tests as…hash functions[] . . . .”).
`32.
`Also relevant to the ‘780 patent (discussed further below) is the concept of
`“fetching,”2 which is a fundamental computing concept. In the context of the ‘780 Patent,
`fetching is used to retrieve the software components identified by references in a Downloadable.
`See, e.g., ‘780 Patent, 4:56-63 (“The ID generator [] preferably prefetches all components
`
`embodied in or identified by the code for Downloadable ID generation. For example…the ID
`generator 315 may retrieve all components listed in the INF file for an ActiveX™ control to
`
`compute a Downloadable ID.”). Information retrieval is one of the key underpinnings of the
`
`Internet, for example, and has been a routine part of networked computer operation for decades.
`
`See, e.g., U.S. Patent No. 5,694,546 (filed May 31, 1994) at 6:16-17 (teaching one method of
`
`“enabling information fetch operations to be easily executed by novice users”). By the time of
`
`the filing of the ’780 patent, executable software programs commonly included references to
`
`other software components, such as classes from the Java class library, that are required for
`
`execution but may not have been included in the code of the software program itself and thus
`
`needed to be fetched.
`33.
`
`The concept of hashing files together with fetched software components to
`
`generate a file ID was also known in the art. For example, “Location-Independent Naming for
`
`Virtual Distributed Software Repositories” by Shirley Browne et al. (1995) (Ex. 15, “Browne”)
`
`in view of, for example, U.S. Patent No. 5,835,777 (“Staelin”) taught a “Location Independent
`
`File Name” (LIFN) for the files in its system, where the LIFN comprised an MD5 hash of the
`
`file’s contents. See, e.g., Browne at 181-83. A POSITA would have understood that new files
`
`
`2 “Fetching” as discussed herein and in the context of the ‘780 Patent is a distinct usage
`from “fetching” instructions from memory to be executed at the processor level, a term used by
`those in the processor arts like Intel. See, e.g., U.S. Patent No. 6,079,014 (assigned to Intel
`Corporation) at 1:24-26 (“processor usually fetches an instruction stream from a memory, and
`executes each instruction in the instruction stream”).
`
`- 7 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 8 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`could also have incorporated publicly available software components that were intended to be
`
`reused, so in creating a complete software package, the prior art taught fetching those referenced
`
`
`software components and then calculating the MD5 to determine the LIFN for the complete
`
`package. See Browne at 179-184; Staelin at, e.g., columns 2-5.
`VI.
`
`BRIEF OVERVIEW OF THE ʼ780 PATENT
`34.
`
`The ’780 patent, entitled “System and Method for Protecting a Computer and a
`
`Network from Hostile Downloadables,” issued on October 12, 2004 from U.S. Patent
`
`Application No. 09/539,667 (“the ’667 application”), which was filed on March 30, 2000.
`35.
`
`Claim 1 of the ‘780 patent is directed to generating an ID for a “Downloadable,”
`
`which the patent defines as “an executable application program, which is downloaded from a
`
`source computer and run on the destination computer.” ‘780 Patent, 1:50-53. The patent
`
`explains that a Downloadable is typically requested by running a process, such as a web browser,
`
`and provides several examples of Downloadables, specifically Java applets, JavaScript, ActiveX
`
`controls, and Visual Basic Script. ’780 Patent, 1:55-2:6.
`36. While the ’780 Patent is part of a larger patent family that generally relates to a
`
`system for protecting computers from suspicious Downloadables, the claims of the ’780 patent
`
`are directed to very narrow part of that system—i.e., the generation of a unique ID for the
`
`Downloadables that are processed by the security system. This is a simple concept that is not
`
`limited to the field of computer security applications. More specifically, the claims of the ’780
`
`Patent recite a method for generating an identifier for a Downloadable and its fetched software
`
`components using well-known hashing functions.
`VII. PROSECUTION HISTORY
`37.
`The ’780 patent was prosecuted as the ’667 application. The Examiner rejected
`
`the claims in two rounds of office actions. In a non-final rejection, the Examiner found certain
`
`claims anticipated by U.S. Patent No. 5,978,484 (“Apperson”) and the remaining claims were
`
`rendered obvious by Apperson in view of “Microsoft Authenticode Analyzed” (“Khare”).
`38.
`
`The applicant amended the independent claims to add the requirement that the
`
`Downloadable “includes one or more references to software components required by the
`
`- 8 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 9 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`Downloadable.” In attempting to distinguish the amended claims from Apperson and Khare, the
`
`
`applicant stated (Ex. 2 at 3):
`
`
`
`The present invention concerns generation of an ID for mobile
`code downloaded
`to a client computer, referred
`to as a
`Downloadable. Specifically, the present invention fetches software
`components required by the Downloadable, and performs a
`hashing function on the Downloadable together with its fetched
`components (original specification I page 3, lines II 14; page 15,
`lines 21- 24; page 19, line 21- page 20, line 6; FIG. 8). Thus, for a
`Java applet, the present invention fetches Java classes identified by
`the applet bytecode, and generates the Downloadable ID from the
`applet and the fetched Java classes; and for an ActiveX™ control,
`the present invention fetches components listed in its .INF file, and
`generates a Downloadable ID from the ActiveX™ control and the
`fetched components (original specification I page 9, lines 15 -18).
`
`An advantage of the present invention is that it produces the same
`ID for a Downloadable, regardless of which software components
`are
`included with
`the Downloadable and which software
`components are only referenced (original specification I page 9,
`lines 18- 20; page 20, lines 5 and 6). The same Downloadable may
`be delivered with some required software components included
`and others missing, and in each case the generated Downloadable
`ID will be the same. Thus the same Downloadable is recognized
`through many equivalent guises.
`
`39.
`
`The Examiner, however, issued a final rejection finding all claims obvious in
`
`view of the same two references. Thereafter, the applicant amended the claims further to require
`
`that the software components are required “to be executed” by the Downloadable.
`40.
`
`The Examiner also entered an Examiner’s Amendment to require the use of a
`
`“hashing” function rather than any type of function that could be used to generate an identifier.
`VIII. CLAIM CONSTRUCTION
`41.
`I understand that the Court has not yet construed the claims of the ’780 patent. I
`
`understand that Finjan has taken the position that “Downloadable” should be construed as “an
`
`executable application program, which is downloaded from a source computer and run on the
`
`destination computer,” and that Juniper does not dispute this construction.
`42.
`
`I further understand that Finjan has not yet provided Juniper with its proposed
`
`construction for any other terms of the ’780 Patent, but that Finjan has proposed constructions
`
`for some of the terms in other litigations and inter partes review (“IPR”) proceedings.
`
`- 9 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 10 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`43.
`
`I understand that claim construction is an issue of law, which the Court decides by
`
`
`interpreting claim terms as they would have been understood by a POSITA at the time of the
`
`
`invention. Under this standard, I understand that courts consider the specification, the
`
`prosecution history, and any extrinsic evidence regarding how a POSITA would interpret the
`
`claims in view of the intrinsic record. For purposes of my analysis in this case, I have interpreted
`
`the claims under this standard.
`44.
`
`I understand that a different standard—referred to as the broadest reasonable
`
`interpretation (“BRI”)—is applied in other forums, such as in an IPR proceeding. My opinions
`
`regarding the terms below may differ under the BRI standard.
`A.
`“software components required to be executed by the Downloadable”
`
`45.
`
`A POSITA would understand this term to mean “software components that are
`
`needed to execute the Downloadable” in view of the specification and file history.
`46. When the application that matured into the ‘780 Patent was filed, the first iteration
`
`of claim 1 was directed to “obtaining a Downloadable” and “fetching, if the Downloadable
`
`includes one or more references to a component, at least one component identified by the one or
`
`more references.” Ex. 2 at 1. As I noted above, in subsequent amendments, the applicant added
`
`the limitation that the Downloadable “includes one or more references to software components
`
`required to be executed by the Downloadable.” Ex. 2 at 2. Finjan stated during prosecution that
`“the present invention fetches software components required by the Downloadable” and offered
`
`two examples of such software components: (1) “for a Java applet, the present invention fetches
`
`Java classes identified by the applet bytecode” and (2) “for an ActiveX control, the present
`invention fetches components listed in its .INF file.” Ex. 2 at 3.3 A POSITA would understand
`that, when a Java applet identifies a class, it must obtain that class to execute; the same is true for
`
`ActiveX files with respect to entries in the corresponding .INF file. The two examples provided
`
`by Finjan during prosecution (which are also the only examples of “fetching” provided in the
`
`specification at column 4, lines 56-63) therefore correspond to exactly how Finjan described
`these components during prosecution, namely components required by the executable.
`
`
`3 All emphasis to quotations is added, unless otherwise noted.
`
`- 10 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 11 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`47.
`Consistent with this, Finjan’s Infringement Contentions accuse Juniper of
`
`obtaining Downloadables that contain references to software components “required to execute
`
`
`the Downloadables” and that “are used by” the Downloadable. Ex. 3 at 5, 10; see also Ex. 3 at 6
`
`(accusing “components that are used by the downloaded content”). My construction of the term
`
`is therefore consistent with Finjan’s own application of the term in this matter.
`B.
`“fetching at least one software component identified by the one or more
`references”
`
`48.
`
`A POSITA would understand this term to mean “retrieving at least one software
`
`component that is referenced but not included in the content of the Downloadable” in view of the
`
`specification and prosecution history.
`49.
`
`In the past, Finjan has taken the position that “fetch” in the context of the claims
`
`means to “retrieve.” Finjan, Inc. v. Bitdefender Inc., Case No. 4:17-cv-04790-HSG, Dkt. No. 76
`
`at 11 (N.D. Cal. May 4, 2018). This meaning is consistent with the specification, which appears
`
`to use the terms interchangeably. See ‘780 Patent, 4:56-63 (“The ID generator [] preferably
`prefetches all components embodied in or identified by the code for Downloadable ID
`generation. For example…the ID generator 315 may retrieve all components listed in the INF
`
`file for an ActiveX™ control to compute a Downloadable ID.”). It is also consistent with the
`
`way that a POSITA would have understood the term in the context of the claim.
`50. With regard to the rest of the term, Finjan described the “software components” as
`
`follows during prosecution: “[t]he same Downloadable may be delivered with some required
`software components included and others missing.” Ex. 2 at 3; see also id. (“An advantage of
`the present invention is that it produces the same ID for a Downloadable, regardless of which
`software components are included with the Downloadable and which software components are
`only referenced.”). Finjan also stated during prosecution that one of the benefits of the invention
`
`was that “the Downloadable ID may be used to recognize the ‘same’ Downloadable regardless of
`how the Downloadable is subdivided and/or downloaded.” Ex. 2 at 6. Based on these
`
`statements, a POSITA would understand that the software components to be fetched refer to
`
`- 11 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 12 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`pieces of the Downloadable that were not included (i.e., “missing”) in the content of the original
`
`
`file.
`
`
`
`51.
`
`The specification supports this interpretation, in that it teaches the inclusion of the
`
`fetched software components within the Downloadable itself prior to hashing. See, e.g., Fig. 8
`(“Include Fetched Components in The Downloadable”). A POSITA would understand that one
`
`would only “include” components “in” the code if they were part of the same file, not disparate
`
`files. The specification therefore makes clear that the software components to be fetched are the
`
`missing components that are “referenced” but not included in the content of the Downloadable.
`52.
`
`I understand that Finjan has previously argued that one can “fetch” software
`
`components already included within the content of the Downloadable. In particular, I understand
`
`that in Finjan, Inc. v. Bitdefender Inc., Case No. 4:17-cv-04790-HSG, Dkt. No. 76-1 at ¶ 27
`
`(N.D. Cal. May 4, 2018), Finjan’s claim construction expert, Dr. Nenad Medvidovic testified:
`
`“As was well known at the time [of the ‘780 Patent], Java applets were distributed as
`
`Downloadables as a single JAR file with referenced software components included in the JAR
`
`file. Therefore, the ‘780 Patent includes a specific example where ‘fetching’ refers to retrieving
`
`software components included in the Downloadable.” I disagree with Dr. Medvidovic. He
`appears to have misread the specification, which states that “the ID generator [] may prefetch all
`
`classes embodied in or identified by the Java™ applet bytecode.” ‘780 Patent, 4:59-60. Since
`
`all Java applets must refer to at least one or more classes present in the Java Runtime
`
`Environment distributed by Oracle, fetching “all” classes identified in a Java applet necessarily
`
`requires reaching outside of the JAR file in which the applet was packaged and retrieving the
`
`classes for the Java Runtime Environment.
`53.
`In the past, Finjan has also pointed to the portion of the specification that states
`that “the ID generator [] may prefetch all classes embodied in or identified by the Java™ applet
`
`bytecode.” ‘780 Patent, 4:59-60. However, even if one could “fetch” classes embodied in the
`Java applet bytecode, those are not the classes that are required to be fetched as recited in the
`claim. Claim 1 requires “fetching at least one software component identified by the one or more
`references” in the Downloadable, not fetching components embodied in the Downloadable, and
`
`- 12 -
`
`DECL. OF AVIEL D. RUBIN ISO
`JUNIPER’S MOTION FOR SUMMARY JUDGMENT
`Case No. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 95-9 Filed 06/07/18 Page 13 of 36
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`the patent itself appears to draw a distinction between software components that are “identified
`
`by” versus “embodied in” the Downloadable. Id. at 4:59-60 (“embodied in or identified by”).
`
`
`54.
`
`Given the context of the claim, file history, and specification, a POSITA would
`
`not understand what was required to meet this claim limitation if asked to “fetch” software
`
`components referenced by the Downloadable if those components were already included within
`the contents of the Downloadable.4 It does not make sense to “fetch” a software component that
`is already included within the Downloadable.
`55. Moreover, if the contents of the software components that were being fetched
`
`were already included within the Downloadable, then any “fetching” would not change the
`
`content of the Downloadable, so the hashing function would produce the very same hash ID as it
`
`would have produced without any alleged “fetching.” This would render the