UNITED STATES PATENT AND TRADEMARK OFFICE
`________________________
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________________
`APPLE INC.,
`Petitioner
`v.
`SMARTFLASH LLC,
`Patent Owner.
`________________________
`Case CBM2014-001061
`Patent 8,033,458 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DECLARATION OF JONATHAN KATZ, PH.D. IN SUPPORT OF
`PATENT OWNER’S RESPONSE TO PETITION
`
`
`
`
`
`1 Case CBM2014-00107 has been consolidated with the instant proceeding.
`
`
`
`1
`
`Page 1
`
`Smartflash - Exhibit 2029
`Apple v. Smartflash
`CBM2014-00106
`
`

`

`I, Jonathan Katz, hereby declare:
`
`1.
`
`I am currently a Professor in the Department of Computer Science at
`
`the University of Maryland where, among other things, I teach classes in the
`
`area of cybersecurity, conduct research in this field, and supervise graduate-
`
`student research. I am also currently the Director of the Maryland
`
`Cybersecurity Center (MC2), as part of which I interact regularly with the
`
`cybersecurity industry and oversee faculty conducting research in various
`
`sub-fields of cybersecurity including cryptography, network security, and
`
`mobile-phone security. I received my Ph.D. (with distinction) in Computer
`
`Science from Columbia University in 2002.
`
`2. My curriculum vitae is attached hereto as Appendix A, and the list of
`
`cases in which I have been an expert in the last five years is attached hereto
`
`as Appendix B. I additionally have experience in computer programming.
`
`3.
`
`I have been retained by Smartflash LLC to provide an expert opinion
`
`in CBM2014-00102, -00106, -00108 and -00112.
`
`4.
`
`I have reviewed the material shown in Appendix C in preparing this
`
`declaration.
`
`
`
`
`
`2
`
`Page 2
`
`

`

`I.
`
`5.
`
`Grounds for Review
`
`I understand that on September 30, 2014 the Patent and Trial Appeal
`
`Board (PTAB) of the U.S. Patent and Trademark Office (USPTO) issued a
`
`Decision to institute a Covered Business Method (CBM) Review of U.S.
`
`Patent No. 8,033,458 (the ‘458 patent). Decision at 1. The PTAB further
`
`consolidated the proceedings of CBM2014-00106 and CBM2014-00107 into
`
`the current proceeding. Decision at 26.
`
`6.
`
`I understand that the PTAB only instituted a review of claim 1. I
`
`understand that the PTAB held that the Petition (hereinafter “the 00106
`
`Petition”) in CBM2014-00106 had shown that it was more likely than not
`
`that claim 1 was unpatentable, pursuant to 35 U.S.C. § 103, over the
`
`combination of U.S. Patent No. 5,530,235 (“Stefik ‘235”) and U.S. Patent
`
`No. 5,629,980 (“Stefik ‘980”). Decision at 26. I understand that the PTAB
`
`also held that the Petition (hereinafter “the 00107 Petition”) in CBM2014-
`
`00107 had shown that it was more likely than not that claim 1 was
`
`unpatentable, pursuant to 35 U.S.C. § 103, over U.S. Patent No. 5,915,019
`
`(“Ginter”). Decision at 26. I also understand that the 00106 and 00107
`
`Petitions raised a number of other grounds of unpatentability, but that the
`
`“trial is limited to the grounds identified above.” Decision at 26. My
`
`opinions in this declaration are limited to the instituted grounds.
`
`
`
`3
`
`Page 3
`
`

`

`
`
`II.
`
`7.
`
`Legal Standards
`
`It has been explained to me that the standard for patentability under 35
`
`U.S.C. § 103 is that of “obviousness” and that obviousness is a question of
`
`law based on underlying factual findings, including: (1) the scope and
`
`content of the prior art; (2) the differences between the claims and the prior
`
`art; (3) the level of ordinary skill in the art; and (4) objective considerations
`
`of nonobviousness. I further understand that examples of objective
`
`considerations of nonobviousness (or “secondary considerations”) include:
`
`(1) the invention's commercial success, (2) long felt but unresolved needs,
`
`(3) the failure of others, (4) skepticism by experts, (5) praise by others, (6)
`
`teaching away by others, (7) recognition of a problem, and (8) copying of
`
`the invention by competitors.
`
`8.
`
`I also understand that the PTAB uses the “preponderance of the
`
`evidence” standard, such that a Petition must show that any claim asserted to
`
`be unpatenable is proven to be unpatentable by a “preponderance of the
`
`evidence.” I take that to mean that the 00106 and 00107 Petitions must
`
`prove that it is more likely than not that claim 1 is unpatentable.
`
`9.
`
`I understand that the factors considered in determining the ordinary
`
`level of skill in the art include the level of education and experience of
`
`
`
`4
`
`Page 4
`
`

`

`persons working in the field; the types of problems encountered in the field;
`
`and the sophistication of the technology. I believe that one of ordinary skill
`
`in the art would have had a bachelor’s degree in electrical engineering or its
`
`equivalent, or at least 5 years of experience in manufacturing or engineering,
`
`with significant exposure to the digital content distribution and/or e-
`
`commerce industries.
`
`10. Based on my industry, research, and teaching experience, and based
`
`on my review of the state of the art at the time of the filing of the patent, I
`
`believe that I would qualify as an expert in the area of data storage and
`
`access systems such that I am qualified to opine on what those of ordinary
`
`skill in the art would have understood at the time of the filing of the patent
`
`and what he/she would or would not have been motivated to do.
`
`11. Petitioner has alleged that “payment data” should be construed to
`
`mean “data representing payment made for requested content data” and is
`
`distinct from “access control data.” See, for example, 000107 Petition at 24.
`
`However, I believe that “payment data” in the context of the ‘458 patent
`
`should be interpreted to mean “data that can be used to make payment for
`
`content.” I understand that in interpreting “payment data” (and all the other
`
`terms of the patent), the PTAB uses a “broadest reasonable interpretation”
`
`standard. I have done so in coming to the opinions set forth herein.
`
`
`
`5
`
`Page 5
`
`

`

`12. The ‘458 patent, col. 20, lines 59-62, states “payment data for making
`
`a payment … is received from the smart Flash card by the content access
`
`terminal and forwarded to an e-payment system.” That is, the payment data
`
`is used for making a payment. Furthermore, as can be seen in Figure 12c of
`
`the ‘458 patent, step S54 reads “PAYMENT FOR SCHEME OWNER
`
`RECEIVED FROM CARD BY CONTENT ACCESS TERMINAL AND
`
`FORWARDED TO e-PAYMENT SYSTEM.” Step S55 then reads
`
`“PAYMENT RECORD DATA RECEIVED FROM e-PAYMENT
`
`SYSTEM BY CONTENT ACCESS TERMINAL AND FORWARDED TO
`
`CARD.” Both of those steps precede step S56 which recites “PAYMENT
`
`RECORD DATA, PURCHASE REQUEST AND CARD REGISTRATION
`
`DATA TRANSMITTED TO SCHEME OWNER.” Thus, “payment data” is
`
`not “data representing payment made for requested content data,” as
`
`payment has not yet been made when the payment data of step S54 is
`
`sent. Therefore, I believe Petitioner’s requested claim construction for
`
`“payment data” should not be adopted, and “payment data” should be
`
`interpreted to mean “data that can be used to make payment for content.”
`
`
`
`
`
`6
`
`Page 6
`
`

`

`III. Claim 1 of the ‘458 Patent
`
`13. Claim 1 of the ‘458 patent recites, among other elements, “a
`
`subscriber identity module (SIM) portion to identify a subscriber to a
`
`network operator” (hereinafter “the SIM portion”).
`
`
`
`A. Obviousness in Light of Stefik ‘235 and Stefik ‘980
`
`14. With reference to the SIM portion, at page 16, the Decision held:
`
`With respect to the claimed SIM portion, Petitioner
`
`contends that one skilled in the art “would have been motivated
`
`and found it obvious to employ a memory card for a mobile or
`
`cellular device that included a SIM portion that identifies a
`
`subscriber to a network operator, such as a mobile phone, as a
`
`repository in Stefik’s content distribution and access network.”
`
`… Mr. Wechselberger’s testimony supports this contention. …
`
`As Petitioner points out, Stefik ‘235 explains that each
`
`repository has an identifier such as “a unique number assigned
`
`to the DocuCard upon manufacture.” … We are persuaded, for
`
`purposes of this decision, that one skilled in the art would have
`
`found it obvious to use a SIM portion as the identifier in Stefik
`
`‘235.
`
`
`
`7
`
`Page 7
`
`

`

`15.
`
`I do not believe that the 00106 and 00107 Petitions have shown that it
`
`is more likely than not that one of ordinary skill in the art, as of the earliest
`
`foreign and domestic priority dates of the ‘458 patent2, would “have been
`
`motivated and found it obvious to employ a memory card for a mobile or
`
`cellular device that included a SIM portion that identifies a subscriber to a
`
`network operator, such as a mobile phone, as a repository in Stefik’s content
`
`distribution and access network.”
`
`16. Neither the 00106 Petition nor Mr. Wechselberger’s declaration
`
`explains why one of ordinary skill in the art, looking at Stefik ‘235 and
`
`Stefik ‘980, would have been motivated to “employ a memory card for a
`
`mobile or cellular device that included a SIM portion that identifies a
`
`subscriber to a network operator.” Neither patent identifies anything that
`
`indicates that a DocuCard or a repository could be a mobile or cellular phone
`
`in which such a memory card would be used.
`
`17. Given that there is no disclosure of using a mobile or cellular phone as
`
`the repository or DocuCard of Stefik ‘235 or Stefik ‘980, there is no reason
`
`to change from the “unique number assigned to the DocuCard upon
`
`manufacture” to some other identifying information. Neither the 00106
`
`2 For the purposes of this declaration, it does not matter whether a priority
`
`date of Oct. 25, 1999 or Oct. 25, 2000 is used.
`
`
`
`8
`
`Page 8
`
`

`

`Petition nor Mr. Wechselberger’s declaration cited therein addresses why
`
`such a change would be necessary. They also do not disclose whether the
`
`“unique number assigned to the DocuCard upon manufacture” has
`
`characteristics that would make it compatible with the SIM portion of a
`
`mobile phone, for example, whether the number of bits required by the
`
`“unique number assigned to the DocuCard upon manufacture” is greater
`
`than the number of bits that a SIM portion would utilize to identify a
`
`subscriber to a network operator. Thus, the 00106 Petition does not show
`
`that it is more likely than not that one skilled in the art would have found it
`
`obvious to use a SIM portion that identifies a subscriber to a network
`
`operator as the “unique number assigned to the DocuCard upon
`
`manufacture” in Stefik ‘235.
`
`18. Further, the 00106 Petition has not shown that one of ordinary skill in
`
`the art “would have been motivated and found it obvious to employ a
`
`memory card for a mobile or cellular device that included a SIM portion …
`
`as a repository in Stefik’s content distribution and access network,” since the
`
`structure and function of the alleged memory card has not been disclosed by
`
`the 00106 Petition as meeting the requirements of a repository according to
`
`Stefik ‘235 and Stefik ‘980. For example, there is no discussion in the
`
`00106 Petition that shows that the alleged memory card for a mobile or
`
`
`
`9
`
`Page 9
`
`

`

`cellular device that included a SIM portion would be able to perform the
`
`registration process described with respect to Figure 3 of Stefik ‘235. Col.
`
`6, lines 47-56, discloses:
`
`Referring to FIG. 3, the DocuCard and repository initiate
`
`registration transactions, step 301. Registration is a process by
`
`which two repositories establish a secure and trusted session.
`
`By secure and trusted it is meant that the session is reasonably
`
`safe from intrusion and that the respective repositories have
`
`established themselves as bona fide (i.e. not an intruder). The
`
`registration process is automatic and is triggered by the
`
`establishment of the electrical connection between the
`
`DocuCard and repository.
`
`19.
`
`If the alleged memory card cannot act as a repository, this further
`
`indicates that there is no motivation to employ a mobile or cellular device
`
`that included a SIM portion as a repository in Stefik’s content distribution
`
`and access network.
`
`20. For at least these reasons, I do not believe the 00106 Petition shows
`
`that it is more likely than not that Stefik ‘235 and Stefik ‘980, either alone or
`
`in combination, render claim 1 of the ‘458 patent obvious.
`
`
`
`
`
`10
`
`Page 10
`
`

`

`B. Obviousness in Light of Ginter
`
`21. With reference to the SIM portion, at page 22 the Decision held:
`
`With respect to the claimed SIM portion, Petitioner
`
`contends that one skilled in the art “would have considered it at
`
`minimum obvious for the portable data carrier (e.g. electronic
`
`appliance) to communicate with Ginter’s network using a
`
`cellular connection and therefore to include a subscriber
`
`identity module (SIM) portion,” and that for similar reasons, it
`
`also would have been obvious to include a SIM portion in
`
`Ginter’s PEA. … Mr. Wechselberger’s testimony supports this
`
`contention. … As Petitioner points out, Ginter explains that
`
`“[p]ortable appliance 2600 RAM 534 may contain, for example,
`
`information which can be used to uniquely identify each
`
`instance of the portable appliance.” … We are persuaded, for
`
`purposes of this decision, that one skilled in the art would have
`
`found it obvious to use a SIM portion as the identifier in
`
`Ginter’s PEA.
`
`22.
`
`I do not believe that the 00107 Petition shows that it is more likely
`
`than not that one of ordinary skill in the art would have considered it
`
`obvious for the portable data carrier (e.g. electronic appliance) to
`
`
`
`11
`
`Page 11
`
`

`

`communicate with Ginter’s network using a cellular connection, or to
`
`include a subscriber identity module (SIM) portion. I also do not believe
`
`that the 00107 Petition shows that it is more likely than not that one of
`
`ordinary skill in the art would have considered it obvious to include a SIM
`
`portion in Ginter’s PEA.
`
`23.
`
`In support of its obviousness allegation, the 00107 Petition cites col.
`
`161, lines 5-11, which states that communications with a clearinghouse
`
`“may be initiated across the electronic highway 108, or across other
`
`communications networks such as a LAN, WAN, two-way cable or using
`
`portable media exchange between electronic appliances.” However, the
`
`citation of wired networks for transmission in the environment of Ginter is
`
`not sufficient to show that communications with Ginter’s network using
`
`cellular communications is obvious, especially in light of the fact that Ginter
`
`repeatedly stresses the importance of secure communications and physical-
`
`security mechanisms. Col. 63, lines 42-67. The transmission of information
`
`using wired transmissions is more secure against eavesdropping than
`
`wireless transmissions, a point that is ignored by the 00107 Petition. Given
`
`that Ginter limited its disclosure in col. 161, lines 5-11, to wired
`
`transmissions, I do not believe that the 00107 Petition shows that it is more
`
`
`
`12
`
`Page 12
`
`

`

`likely than not that one of ordinary skill in the art would have believed that
`
`cellular transmissions were obvious.
`
`24. The 00107 Petition at 59 also cites to col. 233, lines 53-57 which
`
`states “The portable device auxiliary terminal might be ‘on-line,’ that is
`
`electronically communicating back to a commercial establishment and/or
`
`third party information collection point through the use of cellular, satellite,
`
`radio frequency, or other communications means.” However, such a
`
`discussion is not describing cellular communication by the electronic
`
`appliance or PEA, but rather communication by an “auxiliary terminal” to
`
`see if the appliance is trustworthy. Ginter states, in the paragraph crossing
`
`cols. 233 and 234:
`
`The auxiliary terminal might, after a check by a
`
`commercial party in response to receipt of certain identification
`
`information at the collection point, communicate back to the
`
`auxiliary terminal whether or not to accept the portable
`
`appliance 2600 based on other information, such as a bad credit
`
`record or a stolen portable appliance 2600. Such a portable
`
`auxiliary terminal would also be very useful at other
`
`commercial establishments, for example at gasoline stations,
`
`rental car return areas, street and stadium vendors, bars, and
`
`
`
`13
`
`Page 13
`
`

`

`other commercial establishments where efficiency would be
`
`optimized by allowing clerks and other personnel to
`
`consummate transactions at points other than traditional cash
`
`register locations.
`
`25. Further, as even admitted on page 59 of the 00107 Petition, Ginter
`
`229:13-18 already discloses that “[p]ortable appliance 2600 RAM 534 may
`
`contain, for example, information which can be used to uniquely identify
`
`each instance of the portable appliance.” Thus, there is no reason to change
`
`from the “information which can be used to uniquely identify each instance
`
`of the portable appliance” to some other identifying information. Neither
`
`the 00107 Petition nor Mr. Wechselberger’s declaration cited therein
`
`addresses why such a change would be necessary. They also do not disclose
`
`whether the “information which can be used to uniquely identify each
`
`instance of the portable appliance” has characteristics that would make it
`
`compatible with the SIM portion of a mobile phone, for example, whether
`
`the number of bits required by the “information which can be used to
`
`uniquely identify each instance of the portable appliance” is greater than the
`
`number of bits that a SIM portion would utilize to identify a subscriber to a
`
`network operator. The length of this information can directly affect the
`
`security of the system, as Ginter discloses that the “information may be
`
`
`
`14
`
`Page 14
`
`

`

`employed (e.g. as at least a portion of key or password information) in
`
`authentication, verification, decryption, and/or encryption processes.” Col.
`
`229, lines 14-17. Thus, the 00107 Petition does not show that it is more
`
`likely than not that one skilled in the art would have found it obvious to use
`
`a SIM portion as the identifier in Ginter.
`
`26. Claim 1 further recites “wherein the code comprises code to output
`
`payment data from the payment data memory to the interface and code to
`
`provide external access to the data memory.” With respect to that limitation,
`
`pages 62-63 of the 00107 Petition cite “audit information” as corresponding
`
`to the claimed payment data.
`
`27. However, in the context of Ginter, the audit information is for
`
`tracking post-usage information, not current purchase information. As
`
`discussed in the paragraph crossing cols. 161 and 162, “the clearinghouse
`
`may analyze the contained audit information to determine whether it
`
`indicates misuse of the applicable VDE object 300,” which indicates the
`
`tracked usage has already occurred. Thus, the 00107 Petition has not shown
`
`that such post-usage information to determine whether an applicable VDE
`
`object 300 is being misused corresponds to “payment data” as claimed.
`
`Also, to change from post-usage tracking to pre-purchase processing would
`
`
`
`15
`
`Page 15
`
`

`

`change the principle upon which Ginter works, which I understand indicates
`
`nonobviousness.
`
`28. For at least these reasons, I do not believe that the 00107 Petition has
`
`shown that it is more likely than not that Ginter renders claim 1 of the ‘458
`
`patent obvious.
`
`
`29.
`
` I hereby acknowledge that any willful false statement made in this
`
`declaration is punishable under 18 U.S.C. 1001 by fine or imprisonment of
`
`not more than five (5) years, or both.
`
`
`
`
`
`
`
`Executed this 26th day of February, 2015.
`
`____________________________
`
`
`
`
`
`
`
`Jonathan Katz, Ph.D.
`
`
`
`16
`
`Page 16
`
`

`

`
`
`
`
`
`APPENDIX A
`
`APPENDIX A
`
`Page 17
`
`Page 17
`
`

`

`Jonathan Katz
`Department of Computer Science and UMIACS
`University of Maryland
`jkatz@cs.umd.edu
`
`Education
`
`Ph.D. (with distinction), Computer Science, Columbia University, 2002
`Dissertation: Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks
`Advisors: Zvi Galil and Moti Yung
`Also advised by Rafail Ostrovsky (Telcordia Technologies)
`
`M.Phil., Computer Science, Columbia University, 2001
`
`M.A., Chemistry, Columbia University, 1998
`
`S.B., Mathematics, Massachusetts Institute of Technology, 1996
`
`S.B., Chemistry, Massachusetts Institute of Technology, 1996
`
`Employment History
`
`Director, Maryland Cybersecurity Center (MC2)
`October, 2013 – present
`
`Professor, University of Maryland
`July, 2013 – present
`
`Associate Professor, University of Maryland
`July, 2008 – June, 2013
`
`Assistant Professor, University of Maryland
`July, 2002 – June, 2008
`Responsible for maintaining a world-class research program in cryptography
`and information security. Duties include supervising graduate students and
`designing and teaching courses in cryptography, theoretical computer science,
`and network security.
`
`Visiting Research Scientist, IBM T.J. Watson Research Center (Hawthorne, NY)
`August, 2008 – July, 2009
`Visited and collaborated with the cryptography research group at IBM.
`
`Visiting Professor, ´Ecole Normale Sup´erieure (Paris, France)
`June – July, 2008
`Presented three lectures on my research; collaborated with the cryptography
`research group at ENS.
`
`Research Fellow, Institute for Pure and Applied Mathematics, UCLA
`September – December, 2006
`Invited as a core participant for the Fall 2006 program on “Securing Cyberspace:
`Applications and Foundations of Cryptography and Computer Security.”
`
`1
`
`Page 18
`
`

`

`Consultant, various positions
`August, 2002 – present
`Designed, analyzed, and supervised implementation of cryptographic protocols
`and algorithms. Provided expert testimony in intellectual property disputes.
`Worked with government agencies on a wide range of research projects in the
`area of cybersecurity.
`
`Visiting Research Scientist, DIMACS
`March – May, 2002
`Conducted research in both theoretical and applied cryptography, leading to
`two published papers.
`
`Instructor, Columbia University
`Summer, 1999 – Spring, 2002
`Instructor for five semesters. Taught Introduction to Cryptography, Computabil-
`ity and Models of Computation, and Introduction to Computer Programming.
`
`Research Scientist, Telcordia Technologies
`March, 2000 – October, 2001
`Member of the Mathematical Sciences Research Center. Conducted basic re-
`search in cryptography leading to the filing of two provisional patents. Provided
`security consulting services for other research groups within Telcordia.
`
`Security Consultant, Counterpane Systems
`May, 1999 – March, 2000
`Discovered security flaws in email encryption software (PGP); this work was
`widely covered in the press and led to two published papers and a refinement
`of the current standards for email encryption. Designed and implemented se-
`cure web-based protocols for clients. Contributed to Secrets and Lies: Digital
`Security in a Networked World, by B. Schneier (J. Wiley & Sons, 2000).
`
`Honors and Awards
`
`Member, steering committee, IEEE cybersecurity initiative (2014–present)
`
`Named one of Daily Record’s “50 Influential Marylanders” in 2014
`
`Invited participant, DARPA Computer Science Study Group, 2009–2010
`
`NSF CAREER award, 2005–2010
`
`University of Maryland GRB semester award, 2005–2006
`
`National Defense Science and Engineering Graduate Fellowship, 1996–1999
`
`NSF Graduate Fellowship, 1996 (declined)
`
`Alpha Chi Sigma award for academic excellence, MIT, 1996
`
`2
`
`Page 19
`
`

`

`Research Grants
`
`(Dollar amounts listed reflect the University of Maryland portion of the award. Unless indicated
`otherwise, I am the sole PI on the award.)
`
`“EAGER: Physical, Social, and Situational Factors as Determents of Public WiFi Users’
`Online Behaviors,” NSF, $215,002.
`co-PIs: Jonathan Katz and David Maimon
`October, 2014 – September, 2016
`
`“Establishing a Science of Security Research Lablet at the University of Maryland,” NSA,
`$1,487,608.
`Lead PI: Jonathan Katz
`February, 2014 – February, 2015
`
`“Automating Secure Computation,” DARPA (via subcontract to ACS), $51,213.
`PI: Elaine Shi; co-PI: Jonathan Katz
`January, 2014 – February, 2015
`
`“Network Security: Efficient Protocols for Message Integrity in DTNs,” Laboratory for
`Telecommunications Sciences, $176,353.
`April, 2013 – March, 2015
`
`“Secure Information Flows in Hybrid Coalition Networks,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $356,615.
`PI: Michael Hicks; co-PI: Jonathan Katz
`May, 2013 – April, 2015
`
`“Secure Network-Centric Data Distribution and Processing,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $108,016.
`PI: Rosario Gennaro; co-PI: Jonathan Katz
`May, 2013 – April, 2015
`
`“TWC: Small: Exploring Cryptographic Models and Setup Assumptions,” NSF (NSF-CNS-
`1223623), $400,945.
`September, 2012 – August, 2015
`
`“Developing a Science of Cybersecurity,” US Army Research Laboratory, $2,813,768.
`Lead PI: Jonathan Katz
`October, 2011 – September, 2013
`
`“TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Tech-
`niques, Tools, and Applications,” NSF (NSF-CNS-1111599), $1,000,000.
`PI: Jonathan Katz; co-PI: Michael Hicks
`August, 2011 – August 2016
`
`“Delegated, Outsourced, and Distributed Computation,” US Army Research Laboratory/UK
`Ministry of Defence (International Technology Alliance in Network and Information Sci-
`ence), $199,226.
`May, 2011 – April, 2013
`
`3
`
`Page 20
`
`

`

`“Toward Practical Cryptographic Protocols for Secure Information Sharing, Phase II CSSG,”
`DARPA, $400,000.
`September, 2010 – August, 2012
`
`“NetSE: Medium: Collaborative Research: Privacy-Preserving Social Systems,” NSF (NSF-
`IIS-0964541), $880,000.
`PI: Bobby Bhattacharjee; co-PIs: Jonathan Katz and Neil Spring
`September, 2010 – August, 2013
`
`Supplement for “CAREER: Models and Cryptographic Protocols for Unstructured, Decen-
`tralized Systems,” NSF (NSF-CNS-0447075), $80,000.
`August, 2009 – August, 2010
`
`“Energy Efficient Security Architectures and Infrastructures,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $162,450.
`May, 2009 – April, 2011
`
`“Cryptographic Primitives and Protocols for Security in Complex Systems,” DARPA, $100,000.
`March, 2009 – March, 2010
`
`“Understanding Fairness in Secure Two-Party and Multi-Party Computation,” NSF (NSF-
`CCF-0830464), $277,782.
`September, 2008 – August, 2011
`
`“Collaborative Research: CT-ISG: Efficient Cryptography Based on Lattices,” NSF (NSF-
`CNS-0716651), $138,500.
`September, 2007 – August, 2010
`
`“Efficient Security Techniques for Information Flows in Coalition Environments,” US Army
`Research Laboratory/UK Ministry of Defence (International Technology Alliance in Net-
`work and Information Science), $395,026.
`PIs: Jonathan Katz and Michael Hicks
`May, 2007 – April, 2009
`
`“Designing Reliable and Secure Tactical MANETs,” DoD MURI, $1,442,324.
`PIs: John Baras, Virgil Gligor, and Jonathan Katz
`May, 2007 – April, 2012
`
`“New Techniques for Authenticating Humans (and Other Resource-Constrained Devices),”
`NSF (NSF-CNS-0627306), $300,000.
`September, 2006 – August, 2009
`
`“Feasibility and Efficiency of Secure Computation,” United States-Israel Binational Science
`Foundation, $120,000.
`September, 2005 – August, 2009
`
`“CAREER: Models and Cryptographic Protocols for Unstructured, Decentralized Systems,”
`NSF (NSF-CNS-0447075), $400,000.
`February, 2005 – January, 2010
`
`4
`
`Page 21
`
`

`

`“Secure Design and Usage of Cryptographic Hash Functions,” University of Maryland GRB
`semester award.
`2005–2006 academic year
`
`“ITR-(ASE+NHS)-(DMC+INT+SOC): Resilient Storage and Querying in Decentralized
`Networks,” NSF (NSF-CNS-0426683), $720,000.
`PI: Bobby Bhattacharjee; co-PIs: Sudarshan Chawathe, Jonathan Katz, and Aravind Srini-
`vasan
`September, 2004 – August, 2008
`
`“Distributed Trust Computations for Decentralized Systems,” NSF (NSF-CNS-0310499),
`$375,000.
`PI: Bobby Bhattacharjee; co-PI: Jonathan Katz
`August, 2003 – July, 2006
`
`“Collaborative Research: Mitigating the Damaging Effects of Key Exposure,”NSF (NSF-
`CNS-0310751), $240,000.
`August, 2003 – July, 2006
`
`PhD Students
`
`Graduated:
`Adam Groce (graduated in 2014)
`Currently a visiting assistant professor at Reed College
`
`Ranjit Kumaresan (graduated in 2012)
`Currently a postdoc at the Technion
`
`Arkady Yerukhimovich (graduated in 2011)
`Currently technical staff, MIT Lincoln Laboratory
`
`S. Dov Gordon (graduated in 2010)
`Currently at Applied Communication Sciences
`
`Omer Horvitz (graduated in 2007, co-advised with Prof. Gligor)
`Currently at techmeme.com
`
`Chiu-Yuen Koo (graduated in 2007)
`Currently at Google Labs, Mountain View, CA
`
`Ruggero Morselli, (graduated in 2006, co-advised with Prof. Bhattacharjee)
`Currently at Google Labs, Pittsburgh, PA
`
`Current:
`Aishwarya Thiruvengadam
`
`Daniel Apon
`
`Alex Malozemoff
`
`Andrew Miller
`
`5
`
`Page 22
`
`

`

`Postdoctoral Researchers
`
`Hoang Viet Tung, 2014–present
`
`Feng-Hao Liu, 2013–present
`
`Jean Paul Degabriele, 2013–2014
`Currently a postdoc at Royal Holloway University of London
`
`Yan Huang, 2012–2014
`Currently an assistant professor at Indiana University
`
`Hong-Sheng Zhou, 2010–2013
`Currently an assistant professor at Virginia Commonwealth University
`
`Dominique Schr¨oder, 2011–2012
`Currently an assistant professor at Saarland University, Germany
`
`Raef Bassily, 2012
`Currently a postdoc at Penn State University
`
`Seung Geol Choi, 2010–2012
`Currently an assistant professor at the US Naval Academy
`
`Vassilis Zikas, 2010–2012
`Currently a postdoc at UCLA
`
`Lior Malka, 2009–2010
`Currently at Intel, Santa Clara, CA
`
`Ik Rae Jeong, 2005–2006
`Currently an assistant professor at Korea University
`
`Professional Activities
`
`Editorial board:
`– Information & Computation (2012–present)
`– Journal of Cryptology (2011–present)
`– International Journal of Applied Cryptography (2007–present)
`– Journal of Computer and System Sciences (2013–2014 )
`– IET Information Security (2005–2012 )
`– Fundamenta Informaticae (2006–2011 )
`
`Program chair:
`– Intl. Conference on Practice and Theory in Public-Key Cryptography (PKC) 2015
`– Conference on Decision and Game Theory for Security (GameSec) 2011
`– Cryptography Track, 12th International Symposium on Stabilization, Safety, and Security
`of Distributed Systems (SSS) 2010
`– Applied Cryptography and Network Security (ACNS) 2007
`
`Program committees:
`– Mycrypt 2016
`– IEEE Symposium on Security & Privacy (Oakland) 2009, 2015
`
`6
`
`Page 23
`
`

`

`– ACM Conf. Computer and Comm. Security (CCCS) 2005, 2006, 2011, 2012, 2013
`– European Symposium on Security in Computer Security (ESORICS) 2013
`– Crypto 2003, 2005, 2006, 2009, 2013
`– Eurocrypt 2006, 2008, 2009, 2011, 2013
`– Asiacrypt 2004, 2007, 2008, 2010, 2012
`– Theory of Cryptography Conference (TCC) 2006, 2007, 2012
`– RSA—Cryptographers’ Track 2006, 2007, 2010, 2012
`– Financial Cryptography 2012
`– ACM-SIAM Symposium on Discrete Algorithms (SODA) 2011
`– Intl. Conf. on Cryptology and Network Security (CANS) 2010
`– Intl. Conf. on Pairing-Based Cryptography (Pairing) 2010
`– Public-Key Cryptography (PKC) 2007, 2010
`– ACM Symposium on Theory of Computing (STOC) 2009
`– Applied Cryptography and Network Security (ACNS) 2006, 2009
`– IEEE Symposium on Foundations of Computer Science (FOCS) 2008
`– Security in Communication Networks 2008
`– ICALP 2007
`– ACM Workshop on Security and Sensor Networks (SASN) 2004, 2005, 2006
`– Security and Cryptography for Networks (SCN) 2006
`– VietCrypt 2006
`– International Conference on Information Security and Cryptology (ICISC) 2005, 2006
`– UCLA/IPAM workshop on “Locally decodable codes. . . ,” 2006
`– Workshop on Cryptography over Ad Hoc Networks (WCAN) 2005, 2006
`– International Conference on Cryptology in Malaysia (Mycrypt) 2005
`– Workshop in Information Security and Applications (WISA) 2004
`
`Invited Courses/Tutorials
`
`Half-day tutorial: “Ruminations on Defining Rational Multi-Party Computation,” Summer
`School on Rational Cryptography (Bertinoro, Italy), June 2008.
`
`1-hour tutorial: “The Basics of Public-Key Encryption,” Booz Allen Hamilton (Linthicum,
`MD), October 2007.
`
`2+-hour tutorial: “A Survey of Modern Cryptography,” ACM Sigmetrics, June 2007.
`
`Week-long course: “Zero Knowledge: Foundations and Applications,” (Bertinoro, Italy),
`October 2006.
`
`Half-day tutorial: “Black-Box Reductions, Impossibility Results, and Efficiency Lower
`Bounds,” UCLA/IPAM, September 2006.
`
`Invited Panel and Session Participation
`
`11th Colloquium for Information System Security Education (Boston University): panel
`member, “How to Teach Cryptology,” June 2007.
`
`7
`
`Page 24
`
`

`

`Invited Talks
`
`Naval Postgraduate School Foundation, P