Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 1 of 12
`
`EDWARD G. POPLAWSKI (SBN 113590)
`epoplawski@wsgr.com
`OLIVIA M. KIM (SBN 228382)
`okim@wsgr.com
`WILSON SONSINI GOODRICH & ROSATI
`Professional Corporation
`633 West Fifth Street, Suite 1550
`Los Angeles, CA 90071
`Telephone: (323) 210-2901
`Facsimile: (866) 974-7329
`
`RYAN R. SMITH (SBN 229323)
`rsmith@wsgr.com
`CHRISTOPHER D. MAYS (SBN 266510)
`cmays@wsgr.com
`WILSON SONSINI GOODRICH & ROSATI
`Professional Corporation
`650 Page Mill Road
`Palo Alto, CA 94304-1050
`Telephone: (650) 493-9300
`Facsimile: (650) 493-6811
`
`Attorneys for Defendant
`QUALYS INC.
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`OAKLAND DIVISION
`
`CASE NO.: 4:18-cv-07229-YGR
`
`DECLARATION OF DR. AVIEL
`RUBIN
`
`)))))))))))))
`
`FINJAN, INC., a Delaware Corporation,
`
`Plaintiff,
`
`v.
`
`QUALYS INC., a Delaware Corporation,
`
`Defendant.
`
`CASE NO. 4:18-cv-07229-YGR
`
`RUBIN DECLARATION
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 2 of 12
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`I, Aviel Rubin, Ph.D., declare as follows:
`1.
`I am a Professor of Computer Science at Johns Hopkins University where I have
`taught courses such as Computer Networks, Security and Privacy in Computing and Advanced
`Topics in Computer Security. I am also the Technical Director of the Johns Hopkins University
`Information Security Institute. I am also the found and managing partner of Harbor Labs, where
`I provide software and network consulting. I received a Ph.D. degree in Computer Science and
`Engineering from the University of Michigan, Ann Arbor in 1994, and I am a retained expert
`witness for Defendant Qualys Inc. (“Qualys”) in the above-captioned matter. I have personal
`knowledge of all the facts disclosed herein, such that, if called as a witness, I could, and would,
`competently testify thereto.
`I.
`INTRODUCTION
`2.
`I submit this Declaration in support of Qualys’ claim construction brief.
`3.
`I have been asked to provide opinions about the understanding that a Person of
`Ordinary Skill in the Art (“POSITA”) would have regarding the terms “receiver” and
`“transmitter” as they appear in U.S. Patent Nos. 8,141,154 (“the ’154 Patent”), 8,677,494 (“the
`’494 Patent”), and 6,965,968 (“the ’968 Patent”).
`4.
`Specifically, I have been asked whether a POSITA in the field of computer
`software would understand the terms “receiver” and “transmitter” to have a sufficiently definite
`meaning as the name for structure. As discussed below, it is my opinion that they do not.
`5.
`I have also been asked whether the specifications of the ’154, ’494, and ’968
`patent would disclose to a POSITA in the field of computer software sufficient structure that
`corresponds to the receiver’s function in those respective patents’ claims. Again, as discussed
`below, it is my opinion that the specifications do not do so.
`II.
`BACKGROUND AND QUALIFICATIONS
`6.
`I am being paid at my customary rate of $775 per hour for time spent on this case.
`7.
`I am also being reimbursed for reasonable and customary expenses. My
`compensation is not dependent in any way on the results of the lawsuit or the substance of my
`testimony.
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 1 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 3 of 12
`
`I provide below an overview of my background and qualifications. Additional
`8.
`details of my education and employment history, professional service, patents, publications, and
`other testimony are set forth in my current curriculum vitae, which can be found here:
`http://avirubin.com/Avi_Rubins_home_page/Vita.html.
`A.
`Education & Career
`9.
`I received my Ph.D. in Computer Science and Engineering from the University of
`Michigan, Ann Arbor in 1994, with a specialty in computer security and cryptographic protocols.
`10. My thesis was titled “Nonmonotonic Cryptographic Protocols” and concerned
`authentication in long-running networking operations.
`11.
`I am currently employed as Professor of Computer Science at Johns Hopkins
`University, where I perform research, teach graduate courses in computer science and related
`subjects, and supervise the research of Ph.D. candidates and other students. Courses I have
`taught include Security and Privacy in Computing and Advanced Topics in Computer Security. I
`am also the Technical Director of the Johns Hopkins University Information Security Institute,
`the University’s focal point for research and education in information security, assurance, and
`privacy. The University, through the Information Security Institute’s leadership, has been
`designated as a Center of Academic Excellence in Information Assurance by the National
`Security Agency and leading experts in the field. The focus of my work over my career has been
`computer security, and my current research concentrates on systems and networking security,
`with special attention to software and network security.
`12.
`After receiving my Ph.D., I began working at Bellcore in its Cryptography and
`Network Security Research Group from 1994 to 1996. During this period I focused my work on
`Internet and Computer Security. While at Bellcore, I published an article titled “Blocking Java
`Applets at the Firewall” about the security challenges of dealing with JAVA applets and
`firewalls, and a system that we built to overcome those challenges.
`13.
`In 1997, I moved to AT&T Labs, Secure Systems Research Department, where I
`continued to focus on Internet and computer security. From 1995 through 1999, in addition to
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 2 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 4 of 12
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`my work in industry, I served as Adjunct Professor at New York University, where I taught
`undergraduate classes on computer, network and Internet security issues.
`14.
`I stayed at AT&T until 2003, when I left to accept a full-time academic position at
`Johns Hopkins University. I was promoted to full professor with tenure in April 2004.
`15.
`I serve, or have served, on a number of technical and editorial advisory boards.
`For example, I served on the Editorial and Advisory Board for the International Journal of
`Information and Computer Security. I also served on the Editorial Board for the Journal of
`Privacy Technology. I have been Associate Editor of IEEE Security and Privacy Magazine and
`served as Associate Editor of ACM Transactions on Internet Technology. I am currently an
`Associate Editor of the journal Communications of the ACM. I was an Advisory Board Member
`of Springer’s Information Security and Cryptography Book Series. I have served in the past as a
`member of the DARPA Information Science and Technology Study Group, a member of the
`Government Infosec Science and Technology Study Group of Malicious Code, a member of the
`AT&T Intellectual Property Review Team, Associate Editor of Electronic Commerce Research
`Journal, Co-editor of the Electronic Newsletter of the IEEE Technical Committee on Security
`and Privacy, a member of the board of directors of the USENIX Association, the leading
`academic computing systems society, and a member of the editorial board of the Bellcore
`Security Update Newsletter.
`16.
`I have spoken on information security and electronic privacy issues at more than
`50 seminars and symposia. For example, I presented keynote addresses on the topics “Security of
`Electronic Voting” at Computer Security 2004 Mexico in Mexico City in May 2004; “Electronic
`Voting” to the Secure Trusted Systems Consortium 5th Annual Symposium in Washington DC
`in December 2003; “Security Problems on the Web” to the AT&T EUA Customer conference in
`March 2000; and “Security on the Internet” to the AT&T Security Workshop in June 1997. I
`also presented a talk about hacking devices at the TEDx conference in October 2011 and also
`another TEDx talk on the same topic in September 2015.
`17.
`I was founder and President of Independent Security Evaluators (ISE), a computer
`security consulting firm, from 2005-2011. In that capacity, I guided ISE through the qualification
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 3 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 5 of 12
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`as an independent testing lab for Consumer Union, which produces Consumer Reports magazine.
`As an independent testing lab for Consumer Union, I managed an annual project where we tested
`all of the popular anti-virus products. Our results were published in Consumer Reports each year
`for three consecutive years.
`18.
`I am currently the founder and managing partner of Harbor Labs, a software and
`networking consulting firm.
`B.
`Publications
`19.
`I am a named inventor on ten U.S. patents in the information security area.
`20.
`I have also testified before Congress regarding the security issues with electronic
`voting machines and in the U.S. Senate on the issue of censorship. I also testified in Congress on
`November 19, 2013 about security issues related to the government’s Healthcare.gov web site.
`21.
`I am author or co-author of five books regarding information security issues:
`Brave New Ballot, Random House, 2006; Firewalls and Internet Security (second edition),
`Addison Wesley, 2003; White-Hat Security Arsenal, Addison Wesley, 2001; Peer-to-Peer,
`O’Reilly, 2001; and Web Security Sourcebook, John Wiley & Sons, 1997. I am also the author
`of numerous journal and conference publications, which are reflected in my CV.
`III. MATERIALS CONSIDERED
`22.
`I have considered information from various sources in forming my opinions.
`23.
`Besides drawing from over two decades of experience in the computer industry, I
`also have reviewed the following documents: (a) the ’154 Patent and its file history; (b) the ’494
`Patent and its file history; (c) the ’968 Patent and its file history; (d) Finjan’s Opening Claim
`Construction Brief and exhibits thereto.
`IV.
`LEGAL STANDARDS
`24.
`I have been advised that patent claims are reviewed from the point of view of a
`hypothetical person of ordinary skill in the art (“POSITA”) at the time of the filing of the patent.
`I have applied this standard in forming my opinions.
`25.
`In my opinion, a POSITA for the ’154, ’494, and ’968 Patents ’780 patent would
`be a person with a Bachelor’s degree in computer science or related academic fields and three to
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 4 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 6 of 12
`
`four years of additional experience in the field of computer security or equivalent work
`experience. More education can substitute for work experience, and vice versa (e.g., a PhD
`without work experience outside of the university setting). In arriving at my opinions in this
`declaration, I have considered the issues from the perspective of a hypothetical POSITA. This
`level of skill is approximate and my opinion would not change if a somewhat lower or higher
`level of skill were adopted.
`26.
`For construing claims, I understand that claim construction is a legal issue that the
`Court decides by interpreting claim terms as they would have been understood by a POSITA at
`the time of the invention. Under this standard, I understand that courts consider the specification,
`the prosecution history, and any extrinsic evidence regarding how a POSITA would interpret the
`claims in view of the intrinsic record. For purposes of my analysis in this case, I have interpreted
`the claims under this standard.
`V.
`BACKGROUND OF COMPUTER SOFTWARE
`27.
`A computer program is a collection of instructions that can be executed by a
`computer to perform a specific task. Computer programs are usually written in a programming
`language by a computer programmer. The sequence of written instructions comprising a
`computer program is commonly known as the program’s source code. This source code is
`typically run through a compiler or assembler in order to convert the source code into machine
`code, which are the specific instructions that the computer can directly execute.
`28.
`Algorithms are a part of a computer program. An algorithm is an underlying
`method used for some calculation or manipulation of data. It is a finite sequence of well-defined
`computer instructions used to solve a problem. Algorithms are the mechanisms through which
`computer programs process data.
`29.
`Two examples of fundamental software instructions include reading and writing
`data. For example, when a program processes data, it will frequently read the data from an input
`source, perform instructions using that data, and then write an output to an output source. In this
`way, reading and writing operations are analogous to receivers and transmitters.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 5 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 7 of 12
`
`Input and output sources for these operations can include many different things,
`30.
`including external devices (such as a computer scanner or printer), remote locations (e.g., the
`Internet), and even other software. On this last point, it is common for one algorithm in a
`computer program to serve as an input or output source for another algorithm within the same
`program. To the software, it is frequently ambivalent whether the input and output sources are to
`a remote device or within the same program. All the software program knows is that it inputs
`(i.e. receives) data from a source, performs operations, and then outputs (i.e. transmits) the result.
`VI.
`CLAIM INTERPRETATION OF “RECEIVER” AND “TRANSMITTER”
`31.
`In conducting my analysis of the claims of the Asserted Patent, I have applied the
`legal understandings set out in Section III of this Report.
`32.
`I note that I have previously evaluated the claims in other matters involving some
`of the same patents at issue here. However, I have never been asked to evaluate whether the
`terms “receiver” and “transmitter” connote structure or alternatively whether the specifications
`of the respective patents identify that structure.
`33.
`As noted above, I have been asked to render opinions on whether the terms
`“receiver” and “transmitter” connote structure to a POSITA in the field of computer software or,
`alternatively, whether the respective claims and specifications of the ’154, ’968, and/or ’494
`Patents disclose that structure.
`34.
`I understand that “structure” to a POSITA in computer software may differ from
`more traditional, mechanical structures. For example, looking for traditional “physical structure”
`in a computer software claim is fruitless because software does not contain physical structures.
`Rather, to a POSITA, the “structure” of computer software is understood through, for example,
`an outline of an algorithm, a flowchart, or a specific set of instructions or rules.
`A.
`A POSITA in the Field of Computer Software Would Not Understand
`“Receiver” and “Transmitter” To Connote Structure.
`I have been asked whether a POSITA in the field of computer software would
`35.
`understand the terms “receiver” and “transmitter” to have a sufficiently definite meaning as the
`name for structure. In my opinion, they do not
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 6 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 8 of 12
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`The terms “transmitter” and “receiver” in the field of computer software would
`36.
`not inherently connote structure to a POSITA reading the patents at the time of their invention.
`Transmitting and receiving are terms generally associated with transmitting data at a hardware
`level, such as via a modem, Wi-Fi, or some other similar means. In the software context, it is
`common for an algorithm to “receive” an input through a read operation, process the input, and
`then “transmit” an output using a write operation. Such algorithms can be structured in an
`arbitrary number of ways – there is no defined structure.
`37.
`Also, the locations that an algorithm can “receive from” or “transmit to” are
`innumerable. They can include things such as remote locations on the Internet, different
`computers or devices within the same network, different hardware components within the same
`computer, and even different algorithms within the same computer program. Thus, in my
`opinion, a POSITA in the field of computer software would not understand the terms “receiver”
`and “transmitter” to connote structure themselves.
`B.
`The Specifications of the ’154, ’494, and ’968 Patents Do Not Disclose
`Structure for “Receiver” or “Transmitter.”
`I have also been asked whether the claims or specifications of the ’154, ’494, and
`38.
`’968 patent provide respective structure that a POSITA in the field of computer software would
`recognize as corresponding to claimed functions for “receiver” and “transmitter.” Again, it is my
`opinion that they do not.
`1.
`The Claims and Specification of the ’154 Patent Do Not Provide a
`Structure
`
`The claims and specification of the ’154 Patent do not disclose a sufficient
`39.
`structure corresponding to the claimed functions for “receiver” and “transmitter.
`40.
`For example, claim 1 of the ’154 Patent recites only three elements: a content
`processor, a transmitter, and a receiver. The claim limitation for the transmitter states only “a
`transmitter for transmitting the input to the security computer for inspection, when the first
`function is invoked.” This identifies the claimed function for the “transmitter,” but does not
`provide any structure. It does not, for example, provide an algorithm that can serve as structure
`for a software transmitter.
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 7 --
`
`RUBIN DECLARATION
`
`

`

`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 9 of 12
`
`Claim 1 of the ’154 Patent also recites “a receiver for receiving an indicator from
`41.
`the security computer whether it is safe to invoke the second function with the input.” As with
`transmitter, this limitation provides only functional language for the receiver, not structural
`language such as an algorithm.
`42.
`The ’154 Patent’s specification does not provide any additional structure for
`either a “receiver” or a “transmitter.” The specification simply repeats the language in the claims
`and describes the receiver and transmitter in terms of their overall function. See ’154 Patent at
`6:50-65, 14:59-62.
`43.
`The specification does not provide the sort of algorithms, flowcharts, or sets of
`rules for a receiver or transmitter that a POSITA would look for when trying to discern a
`structure to these components. For example, Figure 3 of the ’154 Patent provides a flow chart
`for the overall operation of the system but does not break this flow chart down to show the
`specific steps or instructions that the transmitter or receiver would follow. Instead, the flow
`chart once again merely restates the claimed functions for these components with no detail as to
`the algorithm or instructions used to perform the functions:
`
`I understand that in its Opening Brief, Finjan offered examples from the ’154
`44.
`Patent’s specification that includes things like “naming types of receivers”; “including receivers
`in a gateway”; and “receivers in a client computer for receiving data over a communications
`channel.” In my opinion, a POSITA would not understand these examples to disclose structure
`for a transmitter or receiver. The examples identify where these components are located and
`how they may be named. They do not, however, provide an algorithm, flow chart, or set of
`instructions that the receivers and transmitters use to perform the claimed functions.
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 8 --
`
`RUBIN DECLARATION
`
`

`

`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 10 of 12
`
`Thus, it is my opinion that the claims and specification of the ’154 Patent would
`45.
`not disclose to a POSITA the structure necessary to perform the transmitter’s and receiver’s
`claimed function.
`2.
`
`The Claims and Specification of the ’968 Patent Do Not Provide a
`Structure
`
`The claims and specification of the ’968 Patent also fail to disclose a sufficient
`46.
`structure corresponding to the claimed functions for “receiver” and “transmitter.
`47.
`“Transmitter” and “receiver” appear only once each in the ’968 Patent.
`“Transmitter” appears only in claim 6, which recites “a transmitter for transmitting allowable
`content from the cache to a client computer.” “Receiver” appears only in claim 7, which recites
`“a receiver for receiving digital content from a web server.” These statements are both written in
`functional language only, and do not connote structure.
`48.
`The ’968 Patent’s specification discusses the claimed functions identified in
`claims 6 and 7. However, as before, the specification merely recites the claimed function
`without providing an algorithm, flow chart, or set of rules that can serve a structure for software.
`See 2:29-37; 2:53-67; 3:41-45; 3:47-50; 4:1-5; 5:39-42; 7:49-56.
`49.
`Figure 2, likewise, provides a flowchart for the operation of the overall invention,
`but does not specify the steps performed by the transmitter or receiver. Instead, it shows a single
`“black box” listing the functions being performed, with no disclosure of the algorithm or rules
`used to perform those functions:
`
`Thus, it is my opinion that the claims and specification of the ’968 Patent would
`50.
`not disclose to a POSITA the structure necessary to perform the transmitter’s and receiver’s
`claimed function.
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 9 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 11 of 12
`
`3.
`
`The Claims and Specification of the ’494 Patent Do Not Provide a
`Structure
`
`The ’494 Patent claims only a receiver and not a transmitter. However, as before,
`51.
`the claims and specification of the ’494 Patent do not disclose structure corresponding to the
`receiver’s claimed function.
`52.
`The term “receiver” appears only in claim 10 of the ’494 patent and nowhere else
`in either the claims or specification. Claim 10 recites “a receiver for receiving an incoming
`Downloadable.” This is merely functional language and would not connote structure to a
`POSITA. The specification, likewise, describes the function being performed but does not
`provide an algorithm, flow chart, or other set of rules for performing the function of “receiving
`an incoming Downloadable.” See, e.g., 4:5-6; 4:27-31.
`53.
`In its Opening Brief, Finjan identifies a passage from the specification describing
`“that the receiver may reside within ‘one or more network servers’”. Finjan Opening Brief at 16
`(citing ’494 Patent at 3:4-8). But this says only where the receiver is located. It does not
`provide an algorithm, flow chart, or set of rules that can form the structure of the software.
`54.
`Finjan also states that the receiver must be of a type that is capable of receiving
`data or information including executable code. Id. (citing ’494 Patent at 3:4-13). But this
`circular terminology again does not disclose any structure. Practically all software is capable of
`receiving data in some capacity, as I have previously explained. What is missing is an algorithm,
`flow chart, or set of rules describing the steps the receiver performs in order to receive a
`Downloadable.
`55.
`Thus, it is my opinion that the claims and specification of the ’494 Patent would
`not disclose to a POSITA the structure necessary to perform the receiver’s claimed function.
`56.
`To the extent that Finjan is permitted to set forth additional theories or evidence
`with respect to the issues addressed in this declaration, I reserve the right to respond to such new
`theories and evidence in a reply declaration.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 10 --
`
`RUBIN DECLARATION
`
`

`

`Case 4:18-cv-07229-YGR Document 52-6 Filed 03/16/20 Page 12 of 12
`
`Executed this 13 day of March, 2020, at Pikesville, Maryland. I declare under penalty of perjury
`under the laws of the United States of America that the foregoing is true and correct.
`
`____________________________________
`Aviel D. Rubin
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`CASE NO. 4:18-cv-07229-YGR
`
`-- 11 --
`
`RUBIN DECLARATION
`
`