Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 1 of 17
`Case 4:18-cv-07229—YGR Document 195-17 Filed 05/10/21 Page 1 of 17
`
`
`
`
`
`
`
`
`
`
`
`
`
`EXHIBIT 12
`
`EXHIBIT 12
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 2 of 17
`
`
`
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic,
`Ph.D.
`
`Date: February 28, 2021
`Case: Finjan, Inc. -v- Qualys Inc.
`
`Planet Depos
`Phone: 888.433.3767
`Email:: transcripts@planetdepos.com
`www.planetdepos.com
`
`WORLDWIDE COURT REPORTING & LITIGATION TECHNOLOGY
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 3 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`
`1 (1 to 4)
`
`1
`
`3
`
` A P P E A R A N C E S
`
`ON BEHALF OF THE PLAINTIFF FINJAN, INC.:
`
` Lawrence Jarvis, ESQUIRE
`
` FISH & RICHARDSON
`
` 1180 Peachtree Street NE
`
` 21st Floor
`
` Atlanta, GA 30309
`
` 404-879-7238
`
` Jarvis@fr.com
`
`
`
`
`
`ON BEHALF OF THE DEFENDANT QUALYS:
`
` Ryan R. Smith, ESQUIRE
`
` Christopher Mays, ESQUIRE
`
` Wilson Sonsini Goodrich & Rosati
`
` 650 Page Mill Road
`
` Palo Alto, CA 94304
`
` 650-849-3345
`
` Rsmith@wsgr.com
`
`
`
`ALSO PRESENT:
`
` AVI RUBIN, EXPERT FOR QUALYS
`
` ALAN ROSS, THE VIDEOTECH
`
` CATHERINE GONZALEZ, THE VIDEOGRAPHER
`
`
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` IN THE UNITED STATES DISTRICT COURT
`
` FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
` OAKLAND DIVISION
`
`----------------------------x
`
`FINJAN, INC., a Delaware :
`
`Corporation, :
`
` Plaintiff, : Case No.:
`
`vs. : 4:18-CV-07229-YGR
`
`QUALYS, INC., a Delaware :
`
`0
`
`Corporation, :
`
`1 2 3 4 5 6 7 8 9 1
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` Defendant. :
`
`----------------------------x
`
`
`
` HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`
`
`
` Videotaped Deposition of
`
` NENAD MEDVIDOVIC, Ph.D.
`
` Conducted Virtually
`
` Sunday, February 28, 2021
`
` 10:02 a.m.
`
`
`
`Job No.: 354372
`
`Pages: 1 - 314
`
`Reporter: DEBRA BOLLMAN FARFAN, RDR-RMR-CRR
`
` CA CSR NO. 11648
`
`2
`
`4
`
`
`
` I N D E X
`
` DEPONENT PAGE
`
` NENAD MEDVIDOVIC, PH.D.
`
` EXAMINATION BY MR. SMITH 7
`
` EXAMINATION BY MR. JARVIS 310
`
` FURTHER EXAMINATION BY MR. SMITH 311
`
`
`
`
`
`0
`
` I N D E X O F E X H I B I T S
`
`1 2 3 4 5 6 7 8 9 1
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` (EXHIBITS WERE ATTACHED TO THE TRANSCRIPT.)
`
` DESCRIPTION PAGE
`
`EXHIBIT 1 EXPERT REPORT DATED DECEMBER 1, 2020 29
`
`EXHIBIT 2 '408 PATENT 73
`
`EXHIBIT 3 DOCUMENT "INTRODUCTION TO XML" 133
`
`EXHIBIT 5 MICROSOFT U.S. PATENT 7,500,017 109
`
`EXHIBIT 6 U.S. PATENT 7,480,859 IBM 107
`
`EXHIBIT 7 U.S. PATENT 7,058,558 BOEING 106
`
`EXHIBIT 11 FINAL WRITTEN DECISION ISSUED BY THE 244
`
` PTAB ON THE '408 PATENT
`
`EXHIBIT 12 MEDVIDOVIC DECLARATION SUBMITTED ON 241
`
` THE '408 PATENT FOR THE IPR
`
` PROCEEDING
`
`EXHIBIT 14 DOCUMENT "USING MULTIPLE SCANNER 195
`
` APPLIANCES IN PARALLEL."
`
` Videoconference Deposition of Nenad
`
`Medvidovic, Ph.D. held remotely:
`
`
`
`
`
` Witness Location:
`
` REMOTE
`
`
`
`
`
`
`
`
`
` Pursuant to notice, before Debra Bollman
`
`Farfan, Registered Diplomate Reporter,
`
`Registered Merit Reporter, Certified Realtime
`
`Reporter, and Certified Shorthand Reporter No.
`
`11648, in and for the State of California.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 4 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`81
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`I'm trying to understand -- sorry, what I'm
`trying to do is kind of situate my opinion in
`the framework of your question. That's why,
`the way you phrased it, it sounds like you said
`cloud agent is sending an incoming stream. And
`I just wanted to make sure we were kind of on
`the same page as far as what the architecture
`is that you have in mind.
` So, yeah, it would be, in that context
`of your question, I think "outgoing" was the
`appropriate word. But as far as cloud agent
`itself, it -- it's -- my report says that cloud
`agent includes updating scan data to a server
`associated with the cloud agent. And it also
`says explicitly that cloud agent receives data
`from an endpoint. So cloud agent itself would,
`in that context, have the equivalent
`functionality to the scanner engine.
` Q. So what you're saying is for the element
`receiving by a computer an incoming stream of
`program code, or cloud agents, the computer is
`the customer's physical device on which the
`cloud agent is installed, right?
` MR. JARVIS: Objection to form.
` THE WITNESS: No. The computer is
`
`21 (81 to 84)
`
`confused.
` Q. Well, I think I -- so, I'll strike that.
` So under your infringement theory, the
`computer would be a combination of the
`customer's end computer on which the cloud
`agent runs, plus one or more servers operated
`by Qualys, right?
` A. Well, I would prefer, so I'll just clean
`up what you said in the sense that I would
`prefer not to use -- not to define computer in
`terms of computer. But if there is a part of
`what gets -- so Qualys's capability is what
`constitutes this computer. It is -- and then
`the way it's embodied is by a set of
`processors.
` So, for example, if for a particular
`claim element you have an agent that Qualys
`deploys onto a processor that Qualys doesn't
`legally own, in other words, that Qualys's
`customers own, but that agent is part of this
`system, and that agent actually reads a stream
`of program code, then the computer, as defined
`by a person of ordinary skill in the art, would
`be in the context of the '408 patent, it would
`be the collection of processors and other
`
`83
`
`84
`
`82
`
`peripherals, if you will, that comprise a
`whatever the entire claim element would
`server by Qualys and possibly a server that
`require. In other words, whatever would be
`belongs to one of the Qualys customers.
`processed or accomplished in the context of the
` But it is a computer. Because what it
`entire claim element. So the computer would
`does is it computes, and it computes a specific
`include processors from what you're calling the
`thing in a specific way.
`customer's machine, and also procedure
` Q. So to clarify, in your view, for the
`processors from Qualys's own cloud platform.
`claims of the '408 patent, under your
`BY MR. SMITH:
`infringement theory, the computer would include
` Q. So you're saying in your infringement
`a server operated by Qualys as well as servers
`theory, the claim computer is a combination of
`0
`operated by the Qualys customers on which the
`the customer's end computer on which the
`11
`cloud agents are installed, right?
`scanner agent runs, plus different computer's
`12
` A. Honestly, I think that it's -- it's
`in Qualys's assortment of servers, right?
`13
`clear, and I think that you've included my
` MR. JARVIS: Objection. Form.
`14
`testimony from other cases in the list of prior
` THE WITNESS: Scanner engine does not
`15
`art. So we can maybe go there, because I've
`run on the customer's computers, at least not
`16
`opined on this consistently over the years.
`in the configurations that I've been able to
`17
` A computer, the way a person of ordinary
`identify.
`18
`skill in the art would understand it, it can be
`BY MR. SMITH:
`19
`built in software or in hardware or a
` Q. Okay. I'm just trying -- right now, I'm
`20
`combination of the two.
`just trying to pin down what your actual
`21
` A computer in this context is an engine.
`opinion is on what the computer is for cloud
`22
`It could be a physical thing or a virtual thing
`agents.
`23
`that accomplishes a particular task. And this
` A. Okay. But I think your question
`24
`is completely consistent with that view.
`referenced a scanner engine, which is why I was
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`1234567891
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 5 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`85
`
`right?
` A. There are many computers that have been
`built fully in software.
` Q. And my question was for purposes of
`construing the claim that we're looking at in
`this case, when you looked at -- the way you're
`construing the word -- strike that.
` The way you're construing the term
`"computer" in the claims of the '408 patent,
`does not require physical hardware, right?
` A. Again, it specifies a computer. It does
`not -- the patent itself does not restrict it
`to a particular definition of a computer, and
`all of us, I think, use virtual computers all
`the time that are fully developed in software.
`And that is what is relevant here.
` The fact that those virtual computers
`may run on one or more hardware platforms,
`that's incidental to the invention. The
`computer itself can be a virtual computer. It
`can also be a physical computer. But what I'm
`saying is that attributing this notion of
`computer to who actually bought a processor
`with some memory on it, I think that is an
`incorrect read of what this patent actually
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
` It -- you know, this tying it down
`specifically to one server here and one server
`there, those are specific examples or possible
`embodiments, but a computer is what Qualys
`itself provides.
` Q. What do you mean by -- strike that.
` When you say Qualys is providing the
`computer, you mean Qualys is providing the
`server functionality?
` A. Qualys is providing the functionality of
`Vulnerability Management specifically that
`we're talking about here. Part of that
`functionality includes these agents, but the
`computer that Qualys provides is the thing that
`performs all of this.
` The fact that that virtual or software
`computer is deployed onto one or more hardware
`devices in a way, I mean, it's almost like a
`necessary evil because ultimately you need
`hardware to run the software, but that's not
`boiling it down to this thing on this side of
`the network link, physical thing, and this
`other thing on this other side of the network
`link, also a physical thing. Boiling it down
`to that is inappropriate. That's not how one
`
`22 (85 to 88)
`
`87
`
`88
`
`1234567891
`
`86
`
`teaches.
` Q. And you didn't attempt to do an
`infringement analysis where you assumed that
`computer required physical hardware, right?
` A. I don't think it changes my infringement
`analysis at all. The infringement is still
`there because the actual computer accomplishes
`exactly every single element of every single --
`of the asserted claims.
` But the fact is that the customer does
`0
`not provide this computer. The customer
`11
`basically allows Qualys to deploy a component
`12
`of this computer on to its hardware, on to the
`13
`actual, physical machine that the customer has.
`14
`But the computer is the actual thing that
`15
`Qualys supplies to solve these problems.
`16
` Q. Right. And the way you construed -- the
`17
`way you interpreted the claims was you didn't
`18
`include the customer's hardware as part of the
`19
`computer in the way that you interpreted the
`20
`claims of the '408 patent, right?
`21
` A. The customer's hardware participates in
`22
`this, but that's not directly relevant to the
`23
`definition of what a computer is.
`24
` Q. And the same is true for the work --
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`should read these claims or these claim
`elements.
` Q. So just to be clear, what you're
`alleging as the computer in your infringement
`theory includes a portion of hardware that is
`owned and operated by Qualys's customers,
`right?
` MR. JARVIS: Objection to form.
` THE WITNESS: What I'm saying is that
`it's immaterial who owns the hardware, because
`the claims never state hardware. So, in other
`words, the claims themselves, nor the patent
`really ever talk about hardware or hardware
`ownership.
` What I'm talking about here is the
`computer is the thing that Qualys itself
`provides. Specific deployments of that may
`involve hardware or processors that are owned
`by Qualys's customers in specific scenarios.
`But that is, in a sense, immaterial because it
`is the actual computer that is provided by
`Qualys.
`BY MR. SMITH:
` Q. And your construction of the term
`"computer" would not require physical hardware,
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 6 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`161
`
`41 (161 to 164)
`
`163
`
`164
`
`have two slightly different, let's say,
`JavaScript programs, and they would have
`different parse trees. What Qualys does is
`that information itself is also in a specific
`format that is effective for processing in
`memory so it kind of -- in realtime.
` The way you would want to store that
`data in a persistent database is going to be
`different, which is why you can have this, you
`know, scenario that we have here. All of the
`data that's already represented as XML in the
`database being re-read back into a parse tree.
`BY MR. SMITH:
` Q. And do you believe that the -- strike
`that.
` So the code that we've been looking at
`with this etree.fromstring function, do you
`believe that's actually used in the Qualys
`Cloud Platform?
` A. The API itself for storing to and
`retrieving from the database would be something
`that's used. So, for example, this etree data
`structure would be -- so whatever this LXML
`package is at the very top or what it -- may be
`it's Qualys API and then this LXML tag. So it
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`to my infringement opinion.
` Q. And the only way it would be germane to
`your infringement opinion would be if the
`customer is requesting the XML data from a
`Qualys database for a particular scan while
`that scan is still being performed by a
`scanner, right?
` MR. JARVIS: Objection to form.
` THE WITNESS: Well, or it would also be
`another part of Qualys's own system that would
`do a thing that would fit limitation 1[f].
`Because, again, limitation 1[f] specifically
`talks about dynamically building a parse tree,
`and here it -- what we're discussing here, the
`scenario you're postulating to me, is
`dynamically retrieving such a parse tree, one
`that's already been built.
` And these are two different use cases;
`both of them supported, clearly, by Qualys, but
`they are very different use cases.
`BY MR. SMITH:
` Q. But this use case would only be for X --
`strike that.
` The XML data that's being retrieved from
`the Qualys server, it's not in a parse tree
`
`1234567891
`
`162
`
`is a package, most likely. From there, they're
`importing etree and objectify, and so that LXML
`package would be something used in Qualys's
`code.
` Now I don't have access to it as we sit
`here, and I don't believe that it was in the
`printed code, but this chunk of code that I've
`seen indicates with overwhelming probability
`what is actually stored in the database to
`begin with during scanning and processing that
`0
`deals with issues in the claims of '408 that I
`11
`did analyze.
`12
` Q. But this actual Python function that
`13
`we're looking at, etree.fromstring, and this
`14
`line of code, this line of code, this is just a
`15
`sample code; there's no evidence it was
`16
`actually put into Qualys's cloud platform,
`17
`right?
`18
` A. This line of code itself may not have
`19
`been. But the thing that is definitely part of
`20
`Qualys's platform is this etree structure that
`21
`is imported from this LXML thing.
`22
` That is definitely there because that's
`23
`the only way that you could actually extract
`24
`this data from the database after it's been
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`when it's returned, right? That's why you have
`to put in a parse tree with this function?
` A. It is inherently -- well, it's in a
`tree. It's not stored necessarily as a parse
`tree. But there is no requirement that the
`data actually -- well, let me just -- I just
`want to make sure I don't misspeak. So I just
`want to take a look at the '408 patent for just
`a second. I want to make sure that this --
`that I did not miss part of a limitation.
` Right. What I was going to say is
`correct. There is nothing in, for example,
`Claim 1 of the '408 patent that talks about how
`the data that you may have had in a parse tree
`needs to be stored in a database. In fact, it
`would not really make sense to store an actual
`parse tree in a database.
` Q. Okay. So your understanding is Qualys
`doesn't actually store data in a parse tree
`format in its database, right?
` MR. JARVIS: Objection to form.
` THE WITNESS: Well, parse tree is not a
`format. A parse tree is a specific instance
`that corresponds to some content, some program
`code that comes along. Meaning that you could
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 7 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`177
`
`API that we looked at a few minutes ago, that
`builds another parse tree. So this, there are
`parse trees built within Qualys's technology
`for various purposes.
` So if the purpose that you are pointing
`to is, I just want to do some kind of offline
`analysis that has nothing to do with this
`patent, then perhaps if it has nothing to do
`with this patent, and we establish that that's
`really true, then, yeah, it doesn't infringe
`this patent. But, you know, that scenario is
`not how Qualys's technology is used.
` So you're suggesting that, you know, we
`would just do this in this very specific way,
`and literally the only parse tree I want to
`consider is this one particular parse tree.
`And I'm shutting down Qualys; it's not going to
`do any other kind of analysis. I'm sure we
`could build a lot of different scenarios in
`which any one system might not infringe any one
`patent. But this is not how Qualys's system
`works.
` What you're describing is not even a
`corner case. It is -- it is a pathological
`case. That's not how Qualys works.
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
` Q. And so let's use the hypothetical I had.
`So the scans are going to take 90 minutes; they
`start at 3:00 a.m. on Sunday. And then let's
`suppose that every Wednesday I go and use the
`Qualys query language to pull out the scan
`results from the scans that I did on Sunday.
`Does that make sense?
` A. So far I'm following you, yes.
` Q. So in that case, suppose I use the
`Qualys query language, and I end up building a
`parse tree with the data coming from the Qualys
`server. That scenario of building a parse
`tree, in this hypothetical, would not be --
`would not infringe under your infringement
`theory because the scan result -- the scan had
`already taken place on Sunday when I built the
`parse tree on Wednesday, right?
` MR. JARVIS: Objection to form.
` THE WITNESS: I would have to go through
`every one of the elements of this, as I said
`before, in trying to answer this. Let's say
`Claim 1 you're building a very idiosyncratic
`scenario, and it's still possible that it
`infringes. I would not be -- I would
`definitely not discount the possibility that it
`
`45 (177 to 180)
`
`179
`
`180
`
`1234567891
`
`178
`
` Q. Well, my question was really trying to
`get at, and I think you agreed with this, is if
`you're using the -- the Qualys API, and a
`Qualys query language for offline analysis
`after the scan is concluded, then that parse
`tree that those APIs and query languages
`generate is not relevant to your infringement
`analysis because they're offline scans that
`occurred after the incoming stream was
`received, right?
`0
` MR. JARVIS: Objection to form.
`11
` THE WITNESS: That is not quite what we
`12
`discussed, because you also put a bunch of
`13
`additional sort of constraints on things that
`14
`would no longer be functioning within the
`15
`system or would be disabled or turned off or
`16
`temporarily turned off or whatever.
`17
` So the fact is that to build or deliver
`18
`the data into the database, Qualys infringes.
`19
`At that point once the data is in the database
`20
`and you want to retrieve it subsequently, any
`21
`subsequent retrieval, if you shut off the rest
`22
`of Qualys, may or may not infringe.
`23
` But the data never would have been in
`24
`the database in the first place if it did not
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`infringes.
`BY MR. SMITH:
` Q. Well, you don't actually have to go
`through all the elements because if it turns
`out if there's only one missing, then there's
`not infringement, right?
` A. That is a true statement.
` Q. That is true. And so -- so if we go to
`the element in the '408 of this dynamically
`building. You see where it says: Dynamically
`building by the computer while said
`receiving -- receiving receives the incoming
`stream.
` Do you see that?
` A. Yes.
` Q. So a parse tree has to be built while
`the incoming stream is being received, right?
` A. Well, one of the parse trees does. I
`mean, it's, you know, the system could have
`multiple parse trees. That's why I'm kind
`of -- I'm not sure where you're going with this
`because you seem to indicate that there is the
`parse tree in Qualys's technology, and that, it
`seems to me, that it's a parse tree.
` What's happening there, and the whole
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 8 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`181
`
`46 (181 to 184)
`
`183
`
`184
`
`I, with all due respect, I would have to
`disagree across the board with that. It's not
`fair.
`BY MR. SMITH:
` Q. Now, on, let's go to take a look at
`paragraph 282. In there you see it says -- you
`wrote: The scanning engine generates output
`during the scanning process. According to
`Qualys engineer Mr. Kruse, the scan results are
`built "immediately" upon parsing input.
` Do you see that?
` A. I do.
` Q. So the basis for your belief that the
`scanning engine generates an output -- strike
`that.
` The basis for your belief that the parse
`tree is built while receiving an incoming
`stream is Mr. Kruse's testimony, right?
` A. No, that is a basis for my belief.
`There is also support in the source code, there
`is support in the documents that all kind of
`follows this particular discussion. So that is
`one piece of evidence that supports that
`opinion. There are several others that I
`include in the subsequent paragraphs.
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`infringe. So that's why that later point, any
`scenario you build there, relies on the fact
`that you are shutting off specific features of
`Qualys. Because you're disabling, for example,
`new scans, new program code coming in, you
`know, I mean, I don't want to read the whole --
`the whole Claim 1, for example.
` But, yes, can you come up with a
`scenario where you will have at one point in
`time an instance where Qualys doesn't infringe?
`It's a gigantic system. Not all of Qualys
`technology is accused of infringement.
` But for these particular things, before
`we can get to the point that you're postulating
`in your scenario, Qualys would have to infringe
`to get there.
`BY MR. SMITH:
` Q. So, in other words, you could have
`gotten rid of the Qualys query language, taken
`it out of the picture, get rid of the Qualys
`APIs, those don't really matter. They would --
`Qualys would still infringe even if those
`didn't even exist, right?
` A. Those are -- those are, what I would
`term severe hypotheticals. I would have to
`
`1234567891
`
`182
`
` Q. Okay. Let's talk about --
` A. Go ahead.
` Q. Mr. Kruse's statement, so, if you look
`at this question, he's saying --
` Question: Is there some type of file
`that holds the parsed data?
` Answer: No, there isn't. The data is
`immediately processed and used in the
`generation of the scan result.
` Do you see that?
`0
` A. Yes.
`11
` Q. And when he's saying "the data," isn't
`12
`he talking about the parse data, because that's
`13
`what the question is asking him? He's asking
`14
`about the parsed data. So Mr. Kruse is saying
`15
`that the parse data is immediately processed?
`16
` A. That's what it sounds like.
`17
` Q. So Mr. Parse [sic] isn't saying that the
`18
`data is parsed, while there is an incoming
`19
`stream. He's just saying that once it's
`20
`parsed, then it's processed immediately, right?
`21
` MR. JARVIS: Objection to form.
`22
` THE WITNESS: Yeah, but this -- the
`23
`notion of what it means for something to be
`24
`parsed, anybody who understands how web content
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`look at specifically what we're taking out and
`leaving back in. The fact is that right now,
`Qualys infringes, and it infringes in specific
`ways that I've identified and for the entire
`range of scenarios that I have included.
` If we start removing various things, it
`sounds like we're trying to build
`non-infringing scenarios for Qualys, I would be
`happy to consider those. But we would have to
`be really careful and precise about what it is
`that we're discussing.
` Q. My question was just trying to -- I'm
`just trying to figure out if the APIs in the
`Qualys query language really have any bearing
`on your infringement opinions at all?
` To me it sounds like what you're saying
`is they don't because the parse tree, in your
`view, would have already been dynamically
`generated any way, and so the fact that someone
`later on is building another parse tree,
`doesn't really have any impact one way or the
`other on infringement; is that fair?
` MR. JARVIS: Objection to form.
` THE WITNESS: I would say that is pretty
`shockingly mischaracterizing what I said. So
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 9 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`209
`
`53 (209 to 212)
`
`211
`
`212
`
`itself, right?
` A. It does to a point, given that it's an
`API that describes how you would do this. If
`you're asking what specific algorithms they
`might be using, by "they" I mean Qualys, might
`be using inside of a particular scanner to
`generate these parse trees and so on, some of
`that stuff is not going to be included in this
`file.
` But this is the API for actually
`accessing the scanners and running them.
` Q. But you -- so -- strike that.
` So to be clear, you didn't cite code in
`your report that showed the algorithms used to
`generate the parse tree within a scanner,
`right?
` MR. JARVIS: Objection to form.
` THE WITNESS: Well, I've cited APIs that
`show that such parse trees get generated. The
`manner in which you generate a parse tree, for
`example, it could go with sort of two
`strategies; you go breadth first versus depth
`first, things like that. In a way, that is
`completely immaterial to my infringement
`opinion.
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
` A. I can identify the code. I just, the
`reason I wanted to do it in front of you is
`because I don't want any implication that
`somebody else may have done the analysis for
`me. Which, given how contentious the rest of
`this has gone or has been, I really would
`rather kind of indemnify myself against any
`such accusations.
` But in this case, it's really easy
`because there are at least a couple of places,
`including the flag at the very beginning of
`that file on line 17 that talks about the
`possibility of enabling scan distribution
`across scanners. So that's one place. There
`are other places where there is an array of
`scanners being declared and so on.
` So it's, you know, that stuff is
`definitely in the code itself.
` Q. And this is Python code; is that right?
` A. Well, give me just a second, if you
`don't mind.
` Yeah, I'm pretty sure this is PHP code.
` Q. I'm sorry. So this code is PHP. Would
`this code be running on -- strike that.
` Do you believe this code would be
`
`1234567891
`
`210
`
` This does happen. There is an API call
`that suggested it does happen. There is other
`code in this file that specifically points to
`how it actually happens. So which things have
`to happen and what times and how various things
`can be rendered as far as results go, what is
`possible, what is not possible. That's all
`included in this code.
`BY MR. SMITH:
` Q. But let me ask you this, did -- --
`0
`strike that.
`11
` In your infringement opinion, is the
`12
`parse tree generated by the scanner engine or
`13
`something in the Qualys cloud?
`14
` A. The parse tree is generated during the
`15
`scan. I think the question you're asking me
`16
`sort of is at a level of detail below, for
`17
`example, the code that I had. It certainly is
`18
`generated with the help of the scanner engine,
`19
`because what it does is it reads in this
`20
`stream, and uses the XML data to at least kind
`21
`of initiate the process of building this data
`22
`structure. The exact piece of code where the
`23
`parse tree itself is generated, actually, there
`24
`are multiple different pieces where the parse
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`running on a Qualys server?
` A. Since it talks about things like blocked
`IPs and so on, part of this code would be
`running on the server. My guess is that -- my
`guess is that it might run in conjunction with
`agents that are being deployed on client
`machines, but it seems that at least part of
`this would run on the server -- on a server.
` Q. And you would agree that this code that
`we're looking at, the scan.php file wouldn't be
`code that would run inside of the scanner,
`right?
` A. Code that would run inside of a scanner?
`There may be parts of this file that would run
`inside of a scanner, but things that, for
`example, specify that you want to instantiate
`multiple scanners to scan some asset or what I
`call the composite asset, that is code that
`would definitely apply, in a sense, outside of
`a scanner.
` Q. Okay. So this -- the code that we're --
`that you discuss inside your report, scan.php,
`this doesn't show us how an individual scanner
`at a code level receives a stream or builds the
`XML parser, XML parse tree within the scanner
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-17 Filed 05/10/21 Page 10 of 17
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Nenad Medvidovic, Ph.D.
`Conducted on February 28, 2021
`213
`
`54 (213 to 216)
`
`215
`
`216
`
` But, I think that it gets sent,
`essentially as a byte stream over whatever
`network is connecting Qualys's servers with the
`assets that are being scanned.
` Q. Then once the byte stream is sent over
`to the server, then the server creates the
`parse tree in your view, right?
` A. Whatever code is running on the server,
`as I said, scan.php, at least parts of this,
`quite likely would run on the server, because
`this -- this talks about various things like
`initiating multiple scanners and so on, and I
`don't believe that you would have the ability
`to -- have that much control over your
`customers' network where you can decide how
`many scanners you can have running in parallel,
`what levels of resources you're going to use
`and so on. All of that decision-making would
`have to happen