Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39060 Page 1 of 168
`
` 220
`
`UNITED STATES DISTRICT COURT
`SOUTHERN DISTRICT OF CALIFORNIA
`
`THE HONORABLE CATHY ANN BENCIVENGO
`
`
`FINJAN, INC., )
` )
` Plaintiff, ) CASE NO. 17CV183-CAB-BGS
` )
` vs. ) SAN DIEGO, CALIFORNIA
` )
`ESET, LLC and ESET SPOL. S.R.O.,) WEDNESDAY, MARCH 11, 2020
` )
` Defendants. )
`
`
`
`
`
`
`
`
`Reporter's Transcript of Jury Trial, Volume 2, Day 2
`Pages 220-387
`
`
`
`
`
`
`
`
`
`P r o c e e d i n g s r e p o r t e d b y s t e n o g r a p h y , t r a n s c r i p t p r o d u c e d b y
`c o m p u t e r a s s i s t e d s o f t w a r e
`
`M a u r a l e e R a m i r e z , R P R , C S R N o . 1 1 6 7 4
` F e d e r a l O f f i c i a l C o u r t R e p o r t e r
`o r d e r t r a n s c r i p t @ g m a i l . c o m
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`
`
` 220
`
`UNITED STATES DISTRICT COURT
`SOUTHERN DISTRICT OF CALIFORNIA
`
`THE HONORABLE CATHY ANN BENCIVENGO
`
`
`FINJAN, INC., )
` )
` Plaintiff, ) CASE NO. 17CV183-CAB-BGS
` )
` vs. ) SAN DIEGO, CALIFORNIA
` )
`ESET, LLC and ESET SPOL. S.R.O.,) WEDNESDAY, MARCH 11, 2020
` )
` Defendants. )
`
`
`
`
`
`
`
`
`Reporter's Transcript of Jury Trial, Volume 2, Day 2
`Pages 220-387
`
`
`
`
`
`
`
`
`
`P r o c e e d i n g s r e p o r t e d b y s t e n o g r a p h y , t r a n s c r i p t p r o d u c e d b y
`c o m p u t e r a s s i s t e d s o f t w a r e
`
`M a u r a l e e R a m i r e z , R P R , C S R N o . 1 1 6 7 4
` F e d e r a l O f f i c i a l C o u r t R e p o r t e r
`o r d e r t r a n s c r i p t @ g m a i l . c o m
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39061 Page 2 of 168
`
` 221
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`APPEARANCES:
`For The Plaintiff: Kramer Levin Naftalis & Frankel, LLP
` Paul Andre
` James Hannah
` Lisa Kobialka
` Kristopher Kaskins
` 990 Marsh Road
` Menlo Park, California 94025
`
` Cristina Lynn Martinez
` 1177 Avenue of the Americas
` New York, New York 10036
`
`
`
`For the Defendants: Eversheds Sutherland (US) LLP
` Nicola A. Pisano
` Scott A. Penner
` Regis Worley
` 12255 El Camino Real, Suite 100
` San Diego, California 92130
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39062 Page 3 of 168
`
` 222
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`San Diego, California; Wednesday, March 11, 2020; 8:15 a.m.
`(Case called)
`(Appearances stated)
`THE COURT: All right. I got the dispute issue about
`the demonstratives for Dr. Cole's testimony as well as the
`exhibits, and fundamentally this comes down to the question
`that was raised in the motions in limine as to whether or not
`there's foundation for tests that were done, and I think there
`is no dispute that these products are post-expiration of the
`patent.
`
`MR. ANDRE: That's correct, Your Honor. But then
`technology was during the infringement period.
`THE COURT: And he has an opinion that they are the
`same as what was earlier?
`MR. ANDRE: That's correct, Your Honor.
`THE COURT: And was that in his report anywhere?
`MR. ANDRE: It was, Your Honor.
`MR. PENNER: If they can point to us where in the
`report he provides that because we don't believe it's in the
`report, and we also don't believe it's accurate.
`THE COURT: Well, accurate is a different question.
`MR. PENNER: I understand, Your Honor. But I don't
`believe that's in his report where he says after the expiration
`date are the same as those before.
`MR. ANDRE: Your Honor, the testing is ThreatSense
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39063 Page 4 of 168
`
` 223
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Engine that was put in sometime, I think, 2010.
`MR. PENNER: The ThreatSense engine changes every day,
`Your Honor.
`MR. ANDRE: No.
`MR. PENNER: Multiple times a day.
`THE COURT: Shh. He's talking.
`MR. ANDRE: Thank you, Your Honor. And the cloud
`malware protection system was put in 2013. We can give you the
`cites in his report, but he's going to lay a foundation that he
`ensured by looking at the source code technical documents that
`functionality that he tested. And it's very superficial, to be
`candid with you. We're not getting into the weeds with his
`testing. But he did want to confirm through testing that what
`he found in the technical documents was still in the product
`and functioned the way he thought it was. And that's all it
`is.
`
`THE COURT: I understand that these product names have
`existed over the course of time. I have many iPhones, but I
`don't think if you test the presence of something in an iPhone
`10 you could necessarily conclude it was present in an iPhone
`6, but they're all still iPhones. So if that's their argument,
`that he's going to need to show that he actually looked at the
`original products that were available for sale during the
`relevant time and can say with some certainty that these
`features were available in these products, I mean, that's the
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39064 Page 5 of 168
`
` 224
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`problem.
`
`MR. ANDRE: What he does is look at source code for
`the products and shows where the changes in the source code are
`and where they changed from what we're looking at, an
`infringing functionality. He looks at technical
`specifications. There's nothing to show that the infringing
`aspect has changed at all. Granted with the iPhone 11, you
`might get a better camera but they probably didn't change some
`of the other core components. What we're showing is those core
`components that were in the iPhone 5 generation are still
`there. These are core components. These are not user
`interface. Dr. Cole will discuss that, and he confirmed
`looking at technical documents that his testing just confirmed
`what was there previously is still there.
`THE COURT: I'm going to allow the testimony subject
`to motion to strike. If he doesn't lay a proper foundation,
`then you can move to strike it.
`MR. PENNER: So to be clear, just so I'm
`understanding, your Honor, and I think your iPhone analogy is
`probably a pretty good one here. Just because the
`functionality can still block software doesn't mean it's
`blocking it the same way underneath. I mean, the modules have
`changed, and there's going to be testimony that the modules
`change every four to six hours in some cases. And as you can
`see from our listing on our brief here, every one of the
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39065 Page 6 of 168
`
` 225
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`modules that they accuse, including the engine, which is the
`detection engine which is the very first one there, it shows a
`version dated November 17, 2018. That's the model that they're
`accusing so there's no evidence -- first of all, the source
`code wasn't produced for that and so it wasn't requested during
`discovery and obviously this was in 2018. So there's no
`evidence that shows that source code matches up with the source
`code he reviewed. If that's the foundation he has to lay, I
`don't think he's going to be able to do that because he doesn't
`have the source code available to say yes, the same features
`were in the source code in 2018 that were in the source code
`when I reviewed it in 2016.
`THE COURT: All right. I understand the problem, but
`they say they're going to be able to demonstrate --
`MR. PENNER: Is that what they're going to have to
`demonstrate?
`THE COURT: -- make the link that this testis relevant
`because the source code is the same. And if he can't make the
`link, the Court will strike his testimony regarding to this
`testing.
`
`With regard to the deposition, do you need to do those
`this morning? Is that going to happen before the first break?
`MR. ANDRE: No.
`THE COURT: Then I don't want to keep the jury
`
`waiting.
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39066 Page 7 of 168
`
` 226
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`MR. PENNER: Your Honor, there were also two other
`exhibits that didn't necessarily relate to the source code
`issue, but relate to the products that didn't release until
`after, which is JTX-61 and JTX-75, which is the ESET threat
`intelligence. Both of those were products that there is no
`evidence in the record that existed or were sold prior to the
`expiration of the patents as well.
`MR. ANDRE: We disagree with that assertion, but
`nonetheless, on JTX-61 what we are using this exhibit for is on
`the right-hand side there, Your Honor, you'll see the cloud
`malware protection system. We have evidence that was
`introduced in 2013. We wanted to talk about that, and that's
`what this document is used for.
`With respect to JTX-75, there's a portion that talks
`about the Malware Analyzer. That was also done in 2013. So we
`have the justification for those technology components being
`around, at least, since 2013.
`MR. PENNER: Again, those are changes that have
`happened over time to both of those since ETI was released
`using a completely different aspect to produce the ETI -- I'm
`sorry. I keep using the -- ESET Threat Intelligence, again,
`post-dates the expiration of the patents. So to show the jury
`a document about ESET Threat Intelligence...
`THE COURT: This is an ad, right?
`MR. PENNER: Right. An ad for a product that didn't
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39067 Page 8 of 168
`
` 227
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`exist until after expiration of the products.
`THE COURT: They're not going to prove infringement
`with that ad.
`MR. PENNER: They're trying, it appears.
`THE COURT: You can cross-examine on the relevance of
`this ad if it isn't related to a product that's accused of
`infringement, if it's an ad for a current product. I'm not
`seeing that one. The 75 -- JTX-75. Again, this is from a
`website, or what is this?
`MR. ANDRE: This is one the technical specifications,
`Your Honor. And this is a technical specification that is -- I
`don't know. I don't see a date on this. But we are using it
`for the limited purpose to show a technology component that has
`been around since 2013.
`MR. PENNER: Again, the top of that line says it's for
`ESET Threat Intelligence. That's the second document talking
`about ESET Threat Intelligence. Again, that's a product that
`did not exist during the time period. So this is a technical
`document now about a product that did not exist during the
`relevant damages period.
`THE COURT: Again, you're going to have to lay some
`foundation before it can come in and be shown to the jury,
`because obviously there is a difference of opinion here about
`whether ESET Threat Intelligence is a product that is covered
`by this patent. I've seen it throughout all of the lists here
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39068 Page 9 of 168
`
` 228
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`of the accused products and services.
`MR. PENNER: I'm not sure the Threat Intelligence is
`actually an accused product. It's not listed in the pretrial
`order.
`
`THE COURT: All right. They're going to have to lay a
`foundation, and I'm going to let them proceed on those grounds.
`Okay. Go ahead.
`(Jury entering at 8:35 a.m.)
`THE COURT: Good morning, ladies and gentlemen.
`The jury is all present and we are prepared to
`proceed. So, Finjan, you may call your next witness.
`MR. ANDRE: Thank you, Your Honor. May it please the
`court. We're going to begin our technical presentations today,
`hopefully without too much technobabble, but we'll see what we
`can do. We would like to hand out the jury binders, and so
`with that in mind, I would like to move in JTX-1, which is the
`'844 patent; JTX-2, which is the '780 patent; JTX-3, which is
`the '086 patent; JTX-4, which is the '621 patent and JTX-5,
`which is the '755 patent. I would like to move those into
`evidence.
`THE COURT: I assume no objections?
`MR. PENNER: No objection, Your Honor.
`THE COURT: They are all received and admitted.
`(Exhibits JTX-1, JTX-2, JTX-3, JTX-4, JTX-5 admitted)
`MR. ANDRE: And also -- in the jury binder there is
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39069 Page 10 of 168
`
` 229
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`also that one page on Your Honor's claim construction.
`THE COURT: So you're going to get binders now.
`They're going to have the patents at issue in the case you can
`use as reference materials. And while they're explaining
`different aspects of the patents if you want to mark on them or
`write on them, they're yours to do that with. There are also
`in there the definitions the Court has provided for certain
`terms in the patent where there were disputes on how they
`should be interpreted. All right.
`MR. HANNAH: Your Honor, may it please the Court. We
`would like to call to the stand Dr. Harry Bims to provide an
`overview of the technology.
`Harry Bims, Ph.D, called as a witness, testifies as follows:
`(Witness given an oath)
`MR. HANNAH: Your Honor, may I approach?
`THE COURT: Yes, you may.
`THE CLERK: Sir, will you please state your name,
`spelling your last name for the record.
`THE WITNESS: Harry Bims, B-i-m-s.
`DIRECT EXAMINATION
`
`BY MR. HANNAH:
`Q
`Good morning.
`A
`Good morning.
`Q
`Dr. Bims, let's start with your educational background.
`Will you please explain to the jury your educational
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39070 Page 11 of 168
`
` 230
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`background?
`A
`Yes. So I have three engineering degrees across a couple
`of universities, RPI and Stanford. Those three engineering
`degrees were supported by a company called AT&T Bell
`Laboratories, which at the time, was considered the preeminent
`science and engineering research company. And while I was
`going to school, I also worked in various locations alongside
`their engineers on various research projects.
`So I'll start with my undergraduate degree in which I
`focused on computer architecture as one of the topics, and in
`particular, the hardware and software aspects of how a computer
`is designed. So on the hardware level, it's things like
`processor, cores, memory, bus interfaces, things of that sort.
`And then also, I had also learned several programming
`languages and then applied those languages to develop software
`that would interface with this hardware and which is commonly,
`you know, described as like an operating system. So an
`operating system is really just software running on the
`computer that will interface with the hardware components of
`the computer and also interface with any software applications
`that run on the computer. So that experience allowed me to be
`able to basically from the ground up build a computer from the
`hardware standpoint, as well the software standpoint.
`From there, I went on to Stanford and focused on computer
`networking concepts which is really around how you take a
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39071 Page 12 of 168
`
` 231
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`computer that's been built and make it talk to another
`computer. So they talk to one another over these networks
`which are using these languages that we call communication
`protocols. And a protocol is just a language that the
`computers use to interface to each other. So I did a lot of
`research there at Stanford in that area. In fact, my research
`adviser invented DSL while I was a grad student there.
`But I took those ideas and I focused in on the direction of
`wireless communications. So one of the three professors who
`reviewed my dissertation, Marty Hellman, is well known in the
`network security space. So any time you do an online purchase
`today, that purchase is done in security. There is a little
`lock symbol in your browser. When that little lock symbol
`closes, that means there's a secure transaction happening over
`the internet. But underneath the hood, there's a lot of
`algorithm processing going on. And Marty Hellman coinvented
`that network security algorithms back in the 1960s. So through
`that relationship, we began talking about network security in
`the context of wireless, and so his name comes up in my future
`work post-Stanford.
`Q
`Let's talk about that future work. After you got your
`Ph.D, can you tell us a little bit about your employment
`history?
`A
`Yeah. So I have many years of experience working in this
`computer networking space. So the -- what I have listed here
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39072 Page 13 of 168
`
` 232
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`are some of the projects that I've worked on at companies like
`Glenayre Technologies and AirFlow Networks, for example,
`working on -- I started in the early days working on pagers,
`right? Back in the day, there were pagers that could only
`receive information, but I was working at a company called
`Glenayre that developed a two-way pager; in other words, a
`pager that was able to send and receive email messages.
`I also, from there, worked on cellular network
`infrastructure, so the actual networking components that allows
`for cell phones to be able to communicate with the internet.
`And then I worked at a company called AirFlow Networks,
`which is a company that I founded with some VC money in the
`Valley to develop a novel WiFi access that was designed for
`large-scale deployments.
`So at GlenAyre, when we were deploying our two-way pagers,
`we noticed that hackers had figured out a way to hijack the
`communications going on across the nationwide paging network,
`so the company put me in charge of an effort to try to secure
`those communications. And that's when I reached out to Marty
`Hellman and brought his expertise to bear to develop a secure
`version of our email application. And that's when I began to
`realize the importance of network security in all aspects of
`wireless networking. And that continued through my work with
`Synergy Communications focused on cellular network
`infrastructure because cell phones needed to be secure.
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39073 Page 14 of 168
`
` 233
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Then at AirFlow Networks, we had a product called the Air
`Switch Gateway, and that from day one was designed to have
`network security features built into it because we didn't want
`our customers to run the risk of their communications being
`hijacked by hackers who hack into the WiFi network.
`So in addition to that, I've also been actively involved in
`the development of U.S.-based standards for networking
`projects. Like ethernet, for example, is a U.S.-based standard
`and WiFi is also a U.S.-based standard. So I'm actually on
`the -- one of the voting members on the WiFi standard itself.
`There are about 350-some-odd engineers who come together every
`couple of months, and we decide what technologies to add to the
`WiFi to improve it. So back in the early days of WiFi, hackers
`again figured out how to highjack WiFi communications, so we
`had to do something about that. So we've worked over a series
`of amendments to WiFi that we call WiFi protected access, so
`there's a WPA1, there's a WPA2 and there's a WPA3, each one an
`evolution in network security technology because the hackers
`have gotten more sophisticated, and we have had to respond to
`that by updating the wireless protocol to make sure they don't
`break into the network.
`So WiFi and security kind of go hand in hand when you're
`developing these things. And I also see that occurring in
`other wireless standards that I have been engaged in. So
`things like the WiMAX standard and other U.S.-based standards
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39074 Page 15 of 168
`
` 234
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`that are being proposed, for example, to try to deal with these
`PG&E fires. You know, the idea that you have to call 911 to
`report a downed power line, which is kind of crazy in today's
`world. So the idea is to use the WiMAX wireless network to
`monitor all the transmission lines so that way you can really
`speed up the process of responding to that kind of event. And
`then, it's also being considered for tracking drones across the
`United States. The FAA wants to make sure that none of these
`drones are flying into airports and stuff like that. So WiMAX
`has some opportunity there as well. So I have been working as
`an expert in WiMAX on evolving that WiMAX standard to be able
`to meet those needs. So that's kind of a summary, I think, of
`my employment history.
`Q
`Okay. Great. Can you just tell us briefly about the
`patents that you're involved with? It says you have 23 patents
`here.
`A
`Yes. So over the years, I have invented 23 patents. A lot
`of them are related to my work at AirFlow Networks in the WiFi
`space, but they also deal with other wireless technologies as
`well, and some of them talk about the integration of network
`security with the wireless network at gateway level.
`MR. HANNAH: So at this point, Your Honor, we would
`like to tender Dr. Bims as an expert in computer networking and
`security.
`THE COURT: Any objection?
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39075 Page 16 of 168
`
` 235
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`MR. PISANO: No objection.
`THE COURT: He is received as an expert in that
`subject area.
`MR. HANNAH: Thank you, Your Honor.
`BY MR. HANNAH:
`Q
`Dr. Bims, what was your assignment in this case?
`A
`To provide a very high-level overview of the technology
`that is going to be discussed just to lay a foundation on what
`these terms are at a high level and what they mean, and also to
`provide a brief introduction as an example of network security
`products to provide a brief introduction to ESET products in
`the context of that high level.
`Q
`And did you help prepare some demonstratives to aid in your
`presentation today?
`A
`Yes. I do have a series of slides that will help to
`describe in high level what is going on with this network
`technology.
`Q
`Let's start at the beginning here. Looking at the first
`slide, can you explain to the jury what's being shown here and
`how that interaction with the internet works?
`A
`Sure. So at a very high level, the way your computer
`accesses information over the internet is this call/response
`process in which the first thing that happens is your computer
`or your smart phone will issue a request into the internet for
`information. Maybe you're visiting a website, so a request
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39076 Page 17 of 168
`
` 236
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`goes out to that website hey, I want some information from you.
`The website will then respond with the content you're looking
`for, and that content flows back from the internet into your
`device.
`Q
`So when you're talking about this request and this content,
`is that clicking a link to go to CNN.com for instance?
`A
`Yes. So if you have a web browser, you would click on that
`link and it will go out and request information. There are
`other ways which your device can be triggered to send out a
`request for information, but with a browser, that's how it's
`done.
`Q
`And when your request is made for different content or web
`pages, how does that work on a global level in terms of the
`request?
`A
`So if we drill down a little bit in terms of how the
`internet is organized. It's really organized as a series of
`computers spread across the country. Each one of those
`computers is like a web server that is going to route
`information, either requests for information or content that
`has been requested. And you can see in this map here, it looks
`kind of like an interstate highway system, only here instead of
`cars going back and forth across the country, there are packets
`of information that contain requests for information, and then
`the content coming back the other way.
`Q
`So, again, when we see these little cars traveling across
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39077 Page 18 of 168
`
` 237
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`here, where are those cars going? From the user to the
`internet?
`A
`Yeah. So what you see here in this animation are requests
`for information coming from the laptop on one side of the
`country along a pathway to the website, and that website might
`be one computer server or a collection of computer servers that
`work together to create the content that is then delivered back
`to your computer.
`Q
`How can hackers come into this process and affect the user?
`A
`So what hackers have figured out is if they want to infect
`your computer with a virus, then they can actually add
`additional content that you weren't aware of to whatever you're
`downloading from your website. So the website might be a
`sports site that is downloading sports scores, but then without
`your knowledge, there is additional information being
`downloaded into your computer that is put there by a hacker,
`and that information is then used to infect your computer and
`do all kinds of things.
`Q
`Is that what is being shown with the bomb that is coming
`from the hacker to the user in this demonstrative?
`A
`Yes. That's an example of malware or a virus that is
`associated with the content that travels with it from the site
`into your computer.
`Q
`Now, before the internet, how would you protect against
`these types of attacks, or how would you protect against
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39078 Page 19 of 168
`
` 238
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`viruses?
`A
`Okay. So in the early days before the internet, viruses
`are basically a file, and in that file, you'll see a string of
`1s and 0s, and those 1s and 0s contain commands for your
`computer to execute, operations for your computer to execute.
`And what people discovered is that with every new virus created
`had a pattern of 1s and 0s embedded in it unique to that
`particular virus. So the way virus protection worked, once a
`virus was released, passed from computer to computer using
`something called a floppy disk drive and floppy disks, once the
`virus was out there infecting computers, a sample of the virus
`has to be sent into the security company so they could analyze
`it in their lab, and once they've analyzed it in their lab, it
`would be discovered what is this unique pattern of 1s and 0s
`only associated with that particular virus and then published
`to their particular customers.
`So the customer's computer can then monitor all content
`that's downloaded to see if that unique pattern is there,
`because if it's there, then it would test positive for that
`particular virus, and that content would be blocked from
`running on your computer. So that's the way in which the
`reactive technology or antivirus technology worked prior to the
`internet.
`Q
`Why is it called "reactive technology"?
`A
`It's called reactive because the process is reacting to the
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39079 Page 20 of 168
`
` 239
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`spread of a computer virus that has already happened. So only
`after it has become a problem is a sample of the virus sent
`into the lab for analysis, a unique pattern is identified.
`It's kind of like a fingerprint that identifies the virus. In
`the industry, we call it a signature. Then the signatures have
`to be published to all the computers. And this is all
`happening after the fact, after this virus is already spreading
`around to various computers.
`Q
`So with the internet, how did security evolve?
`A
`So with the emergence of the internet, two things happened:
`One, with internet-based technology, viruses can spread a lot
`faster than they did prior to the internet. So in a matter of
`seconds, millions of computers can be affected. The other
`thing is hackers got a lot more intelligent about the way they
`wrote code to infect your computer. So the additional methods
`of looking for a signature weren't as effective as they used to
`be.
`So on this slide, you say that this technology is
`Q
`proactive. Can you explain what "proactive technology" is?
`A
`Okay. So what we're showing here in this slide is a user
`who requests content from the internet. And the content that
`comes back from the internet has to be scanned or searched to
`look for any behavior that the content is going to do. So we
`mentioned before that viruses have 1s and 0s, and those 1s and
`0s are understood by the computer as a set of commands to do
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39080 Page 21 of 168
`
` 240
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`certain operations inside your computer, maybe steal your
`passwords or encrypt your data so you can't get access to it.
`So in proactive technology, you're not looking for a
`particular fixed pattern of 1s and 0s, instead what you're
`doing is you're trying to figure out what is this code that's
`being downloaded, what is it actually going to do when it runs
`on the computer. So you want to know that ahead of time to be
`able to determine whether or not this is a virus, because you
`don't have a signature for it. The only way to know if it's a
`virus is to try to figure out what it's going to do, what its
`behavior is going to be.
`So that's the process here of scanning, for example, a web
`page to try to look at what are the commands going on in this
`web page to see if there's anything in there that looks
`suspect. So the process here is that as the page is being
`scanned, a security profile is created. So a security profile
`is really just a list of all of the operations that this web
`page will perform if it were to run on your computer. So that
`occurs to be able to capture in one place all of those
`operations. Once the security profile is created, that profile
`is compared against the profiles of what would look like a
`virus.
`Q
`And here you say that it can protect against unknown
`malware. First of all, what is malware?
`A
`So malware is really a contraction of malicious software.
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39081 Page 22 of 168
`
` 241
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`You put the two together, you get malware. So it's really just
`the next generation of a virus technology that would infect
`your computer.
`Q
`And how can this proactive technology using these behavior
`signatures, how does that protect against unknown malware?
`A
`Okay. So it does this because it doesn't need to know what
`the signature of the malware is. It simply monitors the
`behavior of the malware either by analyzing the operations that
`are listed in the malware or by executing the malware, running
`the malware on another computer to see what happens. And it
`looks like what happens is it's going to grab passwords and you
`know right away that this is not something that needs to run on
`the computer.
`Q
`Now, did computer security evolve, and how do you enhance
`this type of computer security?
`A
`Okay. So it turns out that you can form network security
`at this level in three different locations. And to increase
`the reliability of the security profile, you can actually layer
`them together to provide a multilayer approach to network
`security, so that way, if the hacker manages to get past one
`layer, maybe the next layer will stop them. So it's a more
`reliable way of building the system.
`So what I've shown here, for example, is that the user
`endpoint might be your smart phone or your computer at home.
`On that device, you can run software that will try to perform
`
`
`
`Case 3:17-cv-00183-CAB-BGS Document 804 Filed 08/18/20 PageID.39082 Page 23 of 168
`
` 242
`
` 1
` 2
` 3
` 4
` 5
` 6
` 7
` 8
` 9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`tests for viruses and malware coming in from the internet, and
`if anything tests positive for a malware, then it will block
`it. But in addition to that, there are other products called
`gateway products. And gateway
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
