UNITED STATES PATENT AND TRADEMARK OFFICE
`________________________
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________________
`APPLE INC.,
`Petitioner
`v.
`SMARTFLASH LLC,
`Patent Owner.
`________________________
`Case CBM2014-001081
`Patent 8,061,598
`
`DECLARATION OF JONATHAN KATZ, PH.D. IN SUPPORT OF
`PATENT OWNER’S RESPONSE TO PETITION
`
`
`
`
`
`
`
`1 Case CBM2014-00109 has been consolidated with the instant proceeding.
`
`
`
`1
`
`Page 1
`
`Smartflash - Exhibit 2030
`Apple v. Smartflash
`CBM2014-00108
`
`

`
`I, Jonathan Katz, hereby declare:
`
`1.
`
`I am currently a Professor in the Department of Computer Science at
`
`the University of Maryland where, among other things, I teach classes in the
`
`area of cybersecurity, conduct research in this field, and supervise graduate-
`
`student research. I am also currently the Director of the Maryland
`
`Cybersecurity Center (MC2), as part of which I interact regularly with the
`
`cybersecurity industry and oversee faculty conducting research in various
`
`sub-fields of cybersecurity including cryptography, network security, and
`
`mobile-phone security. I received my Ph.D. (with distinction) in Computer
`
`Science from Columbia University in 2002.
`
`2. My curriculum vitae is attached hereto as Appendix A, and the list of
`
`cases in which I have been an expert in the last five years is attached hereto
`
`as Appendix B. I additionally have experience in computer programming.
`
`3.
`
`I have been retained by Smartflash LLC to provide an expert opinion
`
`in CBM2014-00102, -00106, -00108 and -00112.
`
`4.
`
`I have reviewed the material shown in Appendix C in preparing this
`
`declaration.
`
`
`
`
`
`2
`
`Page 2
`
`

`
`I.
`
`5.
`
`Grounds for Review
`
`I understand that on September 30, 2014 the Patent and Trial Appeal
`
`Board (PTAB) of the U.S. Patent and Trademark Office (USPTO) issued a
`
`Decision to institute a Covered Business Method (CBM) Review of U.S.
`
`Patent No. 8,061,598 (the ‘598 patent). Decision at 1. The PTAB further
`
`consolidated the proceedings of CBM2014-00108 and CBM2014-00109 into
`
`the current proceeding. Decision at 26.
`
`6.
`
`I understand that the PTAB only instituted a review of claim 26. I
`
`understand that the PTAB held that the Petition (hereinafter “the 00108
`
`Petition”) in CBM2014-00108 had shown that it was more likely than not
`
`that claim 26 was unpatentable, pursuant to 35 U.S.C. § 103, over the
`
`combination of U.S. Patent No. 5,530,235 (“Stefik ‘235”) and U.S. Patent
`
`No. 5,629,980 (“Stefik ‘980”). Decision at 24. I understand that the PTAB
`
`held that the Petition (hereinafter “the 00109 Petition”) in CBM2014-00109
`
`had shown that it was more likely than not that claim 26 was unpatentable,
`
`pursuant to 35 U.S.C. § 103, over U.S. Patent No. 5,915,019 (“Ginter”).
`
`Decision at 24. I also understand that the Petition raised a number of other
`
`grounds of unpatentability, but that “all other grounds raised in the
`
`CBM2014-00108 and CBM2014-00109 Petitions are denied for the reasons
`
`
`
`3
`
`Page 3
`
`

`
`discussed above.” Decision at 24. My opinions in this declaration are
`
`limited to the instituted grounds.
`
`
`
`II.
`
`7.
`
`Legal Standards
`
`It has been explained to me that the standard for patentability under 35
`
`U.S.C. § 103 is that of “obviousness” and that obviousness is a question of
`
`law based on underlying factual findings, including: (1) the scope and
`
`content of the prior art; (2) the differences between the claims and the prior
`
`art; (3) the level of ordinary skill in the art; and (4) objective considerations
`
`of nonobviousness. I further understand that examples of objective
`
`considerations of nonobviousness (or “secondary considerations”) include:
`
`(1) the invention's commercial success, (2) long felt but unresolved needs,
`
`(3) the failure of others, (4) skepticism by experts, (5) praise by others, (6)
`
`teaching away by others, (7) recognition of a problem, and (8) copying of
`
`the invention by competitors.
`
`8.
`
`I understand that in interpreting the claims of the patent the PTAB
`
`uses a “broadest reasonable interpretation” standard. I have done so in
`
`coming to the opinions set forth herein. I also understand that the PTAB
`
`uses the “preponderance of the evidence” standard, such that a Petition must
`
`show that any claim asserted to be unpatenable is proven to be unpatentable
`
`
`
`4
`
`Page 4
`
`

`
`by a “preponderance of the evidence.” I take that to mean that the 00108
`
`and 00109 Petitions must prove that it is more likely than not that each
`
`challenged claim is unpatentable.
`
`9.
`
`I understand that the factors considered in determining the ordinary
`
`level of skill in the art include the level of education and experience of
`
`persons working in the field; the types of problems encountered in the field;
`
`and the sophistication of the technology. I believe that one of ordinary skill
`
`in the art would have had a bachelor’s degree in electrical engineering or its
`
`equivalent, or at least 5 years of experience in manufacturing or engineering,
`
`with significant exposure to the digital content distribution and/or e-
`
`commerce industries.
`
`10. Based on my industry and teaching experience, and based on my
`
`review of the state of the art at the time of the filing of the patent, I believe
`
`that I would qualify as an expert in the area of data storage and access
`
`systems such that I am qualified to opine on what those of ordinary skill in
`
`the art would have understood at the time of the filing of the patent and what
`
`he/she would or would not have been motivated to do.
`
`
`
`
`
`5
`
`Page 5
`
`

`
`III. Claim 26 of the ‘598 patent
`
`11. Claim 26 of the ‘598 patent recites a portable data carrier comprising,
`
`among other elements, “a subscriber identity module (SIM) portion storing
`
`identification data to identify a user of said portable data carrier to a network
`
`operator” (hereinafter “the SIM portion”).
`
`
`
`A. Obviousness in Light of Stefik ‘235 and Stefik ‘980
`
`12. With reference to the SIM portion, at page 15, the Decision held:
`
`For example, with respect to claim 26, Apple argues that
`
`“[a] POSITA would have been motivated and found it obvious
`
`to employ a memory card for a mobile or cellular device that
`
`included a SIM portion that identifies a subscriber to a network
`
`operator, such as a mobile phone, as a repository in Stefik’s
`
`content distribution and access network.” ... On this record, we
`
`are persuaded that Apple’s citations support Apple’s
`
`contentions.
`
`
`
`13.
`
`I do not believe the 00108 and 00109 Petitions have shown that it is
`
`more likely than not that one of ordinary skill in the art, as of the earliest
`
`
`
`6
`
`Page 6
`
`

`
`foreign and domestic priority dates of the ‘598 patent2, would “have been
`
`motivated and found it obvious to employ a memory card for a mobile or
`
`cellular device that included a SIM portion that identifies a subscriber to a
`
`network operator, such as a mobile phone, as a repository in Stefik’s content
`
`distribution and access network.”
`
`14. Neither the 00108 Petition nor Mr. Wechselberger’s declaration
`
`explains why one of ordinary skill in the art, looking at Stefik ‘235 and
`
`Stefik ‘980, would have been motivated to “employ a memory card for a
`
`mobile or cellular device that included a SIM portion that identifies a
`
`subscriber to a network operator.” Neither patent identifies anything that
`
`indicates that a DocuCard or a repository could be a mobile or cellular phone
`
`in which such a memory card would be used.
`
`15. Given that there is no disclosure of using a mobile or cellular phone as
`
`the repository or DocuCard of Stefik ‘235 or Stefik ‘980, there is no reason
`
`to change from the “unique number assigned to the DocuCard upon
`
`manufacture” to some other identifying information. Neither the 00108
`
`Petition nor Mr. Wechselberger’s declaration cited therein addresses why
`
`such a change would be necessary. They also do not disclose whether the
`
`2 For the purposes of this declaration, it does not matter whether a priority
`
`date of Oct. 25, 1999 or Oct. 25, 2000 is used.
`
`
`
`7
`
`Page 7
`
`

`
`“unique number assigned to the DocuCard upon manufacture” has
`
`characteristics that would make it compatible with the SIM portion of a
`
`mobile phone, for example, whether the number of bits required by the
`
`“unique number assigned to the DocuCard upon manufacture” is greater
`
`than the number of bits that a SIM portion would utilize to identify a
`
`subscriber to a network operator. Thus, the 00108 Petition does not show
`
`that it is more likely than not that one skilled in the art would have found it
`
`obvious to use a SIM portion that identifies a subscriber to a network
`
`operator as the “unique number assigned to the DocuCard upon
`
`manufacture” in Stefik ‘235.
`
`16. Further, the Stefik ground of the 00108 Petition has not shown that
`
`one of ordinary skill in the art “would have been motivated and found it
`
`obvious to employ a memory card for a mobile or cellular device that
`
`included a SIM portion … as a repository in Stefik’s content distribution and
`
`access network,” since the structure and function of the alleged memory card
`
`has not been disclosed by the 00108 Petition as meeting the requirements of
`
`a repository according to Stefik ‘235 and Stefik ‘980. For example, there is
`
`no discussion in the 00108 Petition that shows that the alleged memory card
`
`for a mobile or cellular device that included a SIM portion would be able to
`
`
`
`8
`
`Page 8
`
`

`
`perform the registration process described with respect to Figure 3 of Stefik
`
`‘235. Col. 6, lines 47-56, discloses:
`
`Referring to FIG. 3, the DocuCard and repository initiate
`
`registration transactions, step 301. Registration is a process by
`
`which two repositories establish a secure and trusted session.
`
`By secure and trusted it is meant that the session is reasonably
`
`safe from intrusion and that the respective repositories have
`
`established themselves as bona fide (i.e. not an intruder). The
`
`registration process is automatic and is triggered by the
`
`establishment of the electrical connection between the
`
`DocuCard and repository.
`
`17.
`
`If the alleged memory card cannot act as a repository, this further
`
`indicates that there is no motivation to employ a mobile or cellular device
`
`that included a SIM portion as a repository in Stefik’s content distribution
`
`and access network.
`
`18. For at least these reasons, I do not believe the 00108 Petition shows
`
`that it is more likely than not that Stefik ‘235 and Stefik ‘980, either alone or
`
`in combination, renders claim 26 of the ‘598 patent obvious.
`
`
`
`
`
`B. Obviousness in Light of Ginter
`
`9
`
`Page 9
`
`

`
`19. With reference to the SIM portion, at page 20 the Decision held:
`
`With respect to the “subscriber identity module (SIM)”
`
`recited in claim 26, Apple argues that “a POSITA would have
`
`considered it at minimum obvious for the portable data carrier
`
`(e.g. electronic appliance) to communicate with Ginter’s
`
`network using a cellular connection and therefore to include a
`
`subscriber identity module (SIM) portion.” ... On this record,
`
`we are persuaded that a SIM would have been obvious in view
`
`of Ginter.
`
`20.
`
`I do not believe that the 00109 Petition shows that it is more likely
`
`than not that one of ordinary skill in the art would have considered it
`
`obvious for the portable data carrier (e.g. electronic appliance) to
`
`communicate with Ginter’s network using a cellular connection, or to
`
`include a subscriber identity module (SIM) portion. I also do not believe
`
`that the 00109 Petition shows that it is more likely than not that one of
`
`ordinary skill in the art would have considered it obvious to include a SIM
`
`portion in Ginter’s PEA.
`
`21.
`
`In support of its obviousness allegation, the 00109 Petition (pages 72-
`
`73) cites col. 161, lines 5-11, which states that communications with a
`
`clearinghouse “may be initiated across the electronic highway 108, or across
`
`
`
`10
`
`Page 10
`
`

`
`other communications networks such as a LAN, WAN, two-way cable or
`
`using portable media exchange between electronic appliances.” However,
`
`the citation of wired networks for transmission in the environment of Ginter
`
`is not sufficient to show that communications with Ginter’s network using
`
`cellular communications is obvious, especially in light of the fact that Ginter
`
`repeatedly stresses the importance of secure communications and physical-
`
`security mechanisms. Col. 63, lines 42-67. The transmission of information
`
`using wired transmissions is more secure against eavesdropping than
`
`wireless transmissions, a point that is ignored by the 00109 Petition. Given
`
`that Ginter limited its disclosure in col. 161, lines 5-11, to wired
`
`transmissions, I do not believe that the 00109 Petition shows that it is more
`
`likely than not that one of ordinary skill in the art would have believed that
`
`cellular transmissions were obvious.
`
`22. The 00109 Petition at page 73 also cites to col. 233, lines 53-57 which
`
`states “The portable device auxiliary terminal might be ‘on-line,’ that is
`
`electronically communicating back to a commercial establishment and/or
`
`third party information collection point through the use of cellular, satellite,
`
`radio frequency, or other communications means.” However, such a
`
`discussion is not describing cellular communication by the electronic
`
`appliance or PEA, but rather communication by an “auxiliary terminal” to
`
`
`
`11
`
`Page 11
`
`

`
`see if the appliance is trustworthy. Ginter states, in the paragraph crossing
`
`cols. 233 and 234:
`
`The auxiliary terminal might, after a check by a
`
`commercial party in response to receipt of certain identification
`
`information at the collection point, communicate back to the
`
`auxiliary terminal whether or not to accept the portable
`
`appliance 2600 based on other information, such as a bad credit
`
`record or a stolen portable appliance 2600. Such a portable
`
`auxiliary terminal would also be very useful at other
`
`commercial establishments, for example at gasoline stations,
`
`rental car return areas, street and stadium vendors, bars, and
`
`other commercial establishments where efficiency would be
`
`optimized by allowing clerks and other personnel to
`
`consummate transactions at points other than traditional cash
`
`register locations.
`
`23. Further, as even admitted on page 68 of the 00109 Petition, Ginter
`
`229:13-18 already discloses that “[p]ortable appliance 2600 RAM 534 may
`
`contain, for example, information which can be used to uniquely identify
`
`each instance of the portable appliance.” Thus, there is no reason to change
`
`from the “information which can be used to uniquely identify each instance
`
`
`
`12
`
`Page 12
`
`

`
`of the portable appliance” to some other identifying information. Neither
`
`the 00109 Petition nor Mr. Wechselberger’s declaration cited therein
`
`addresses why such a change would be necessary. They also do not disclose
`
`whether the “information which can be used to uniquely identify each
`
`instance of the portable appliance” has characteristics that would make it
`
`compatible with the SIM portion of a mobile phone, for example, whether
`
`the number of bits required by the “information which can be used to
`
`uniquely identify each instance of the portable appliance” is greater than the
`
`number of bits that a SIM portion would utilize to identify a subscriber to a
`
`network operator. The length of this information can directly affect the
`
`security of the system as Ginter discloses that the “information may be
`
`employed (e.g. as at least a portion of key or password information) in
`
`authentication, verification, decryption, and/or encryption processes.” Col.
`
`229, lines 14-17. Thus, the 00109 Petition does not show that it is more
`
`likely than not that one skilled in the art would have found it obvious to use
`
`a SIM portion as the identifier in Ginter.
`
`24. For at least these reasons, I do not believe that the 00109 Petition has
`
`shown that it is more likely than not that Ginter renders claim 26 of the ‘598
`
`patent obvious.
`
`
`
`
`
`
`
`13
`
`Page 13
`
`

`
`25.
`
`I hereby acknowledge that any willful false statement made in this
`
`declaration is punishable under 18 U.S.C. 1001 by fine or imprisonment of
`
`not more than five (5) years, or both.
`
`
`
`
`
`Executed this 26th day of February, 2015.
`
`____________________________
`
`
`
`
`
`
`
`Jonathan Katz, Ph.D.
`
`
`
`14
`
`Page 14
`
`

`
`APPENDIX A
`
`APPENDIX A
`
`
`
`
`
`Page 15
`
`Page 15
`
`

`
`Jonathan Katz
`Department of Computer Science and UMIACS
`University of Maryland
`jkatz@cs.umd.edu
`
`Education
`
`Ph.D. (with distinction), Computer Science, Columbia University, 2002
`Dissertation: Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks
`Advisors: Zvi Galil and Moti Yung
`Also advised by Rafail Ostrovsky (Telcordia Technologies)
`
`M.Phil., Computer Science, Columbia University, 2001
`
`M.A., Chemistry, Columbia University, 1998
`
`S.B., Mathematics, Massachusetts Institute of Technology, 1996
`
`S.B., Chemistry, Massachusetts Institute of Technology, 1996
`
`Employment History
`
`Director, Maryland Cybersecurity Center (MC2)
`October, 2013 – present
`
`Professor, University of Maryland
`July, 2013 – present
`
`Associate Professor, University of Maryland
`July, 2008 – June, 2013
`
`Assistant Professor, University of Maryland
`July, 2002 – June, 2008
`Responsible for maintaining a world-class research program in cryptography
`and information security. Duties include supervising graduate students and
`designing and teaching courses in cryptography, theoretical computer science,
`and network security.
`
`Visiting Research Scientist, IBM T.J. Watson Research Center (Hawthorne, NY)
`August, 2008 – July, 2009
`Visited and collaborated with the cryptography research group at IBM.
`
`Visiting Professor, ´Ecole Normale Sup´erieure (Paris, France)
`June – July, 2008
`Presented three lectures on my research; collaborated with the cryptography
`research group at ENS.
`
`Research Fellow, Institute for Pure and Applied Mathematics, UCLA
`September – December, 2006
`Invited as a core participant for the Fall 2006 program on “Securing Cyberspace:
`Applications and Foundations of Cryptography and Computer Security.”
`
`1
`
`Page 16
`
`

`
`Consultant, various positions
`August, 2002 – present
`Designed, analyzed, and supervised implementation of cryptographic protocols
`and algorithms. Provided expert testimony in intellectual property disputes.
`Worked with government agencies on a wide range of research projects in the
`area of cybersecurity.
`
`Visiting Research Scientist, DIMACS
`March – May, 2002
`Conducted research in both theoretical and applied cryptography, leading to
`two published papers.
`
`Instructor, Columbia University
`Summer, 1999 – Spring, 2002
`Instructor for five semesters. Taught Introduction to Cryptography, Computabil-
`ity and Models of Computation, and Introduction to Computer Programming.
`
`Research Scientist, Telcordia Technologies
`March, 2000 – October, 2001
`Member of the Mathematical Sciences Research Center. Conducted basic re-
`search in cryptography leading to the filing of two provisional patents. Provided
`security consulting services for other research groups within Telcordia.
`
`Security Consultant, Counterpane Systems
`May, 1999 – March, 2000
`Discovered security flaws in email encryption software (PGP); this work was
`widely covered in the press and led to two published papers and a refinement
`of the current standards for email encryption. Designed and implemented se-
`cure web-based protocols for clients. Contributed to Secrets and Lies: Digital
`Security in a Networked World, by B. Schneier (J. Wiley & Sons, 2000).
`
`Honors and Awards
`
`Member, steering committee, IEEE cybersecurity initiative (2014–present)
`
`Named one of Daily Record’s “50 Influential Marylanders” in 2014
`
`Invited participant, DARPA Computer Science Study Group, 2009–2010
`
`NSF CAREER award, 2005–2010
`
`University of Maryland GRB semester award, 2005–2006
`
`National Defense Science and Engineering Graduate Fellowship, 1996–1999
`
`NSF Graduate Fellowship, 1996 (declined)
`
`Alpha Chi Sigma award for academic excellence, MIT, 1996
`
`2
`
`Page 17
`
`

`
`Research Grants
`
`(Dollar amounts listed reflect the University of Maryland portion of the award. Unless indicated
`otherwise, I am the sole PI on the award.)
`
`“EAGER: Physical, Social, and Situational Factors as Determents of Public WiFi Users’
`Online Behaviors,” NSF, $215,002.
`co-PIs: Jonathan Katz and David Maimon
`October, 2014 – September, 2016
`
`“Establishing a Science of Security Research Lablet at the University of Maryland,” NSA,
`$1,487,608.
`Lead PI: Jonathan Katz
`February, 2014 – February, 2015
`
`“Automating Secure Computation,” DARPA (via subcontract to ACS), $51,213.
`PI: Elaine Shi; co-PI: Jonathan Katz
`January, 2014 – February, 2015
`
`“Network Security: Efficient Protocols for Message Integrity in DTNs,” Laboratory for
`Telecommunications Sciences, $176,353.
`April, 2013 – March, 2015
`
`“Secure Information Flows in Hybrid Coalition Networks,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $356,615.
`PI: Michael Hicks; co-PI: Jonathan Katz
`May, 2013 – April, 2015
`
`“Secure Network-Centric Data Distribution and Processing,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $108,016.
`PI: Rosario Gennaro; co-PI: Jonathan Katz
`May, 2013 – April, 2015
`
`“TWC: Small: Exploring Cryptographic Models and Setup Assumptions,” NSF (NSF-CNS-
`1223623), $400,945.
`September, 2012 – August, 2015
`
`“Developing a Science of Cybersecurity,” US Army Research Laboratory, $2,813,768.
`Lead PI: Jonathan Katz
`October, 2011 – September, 2013
`
`“TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Tech-
`niques, Tools, and Applications,” NSF (NSF-CNS-1111599), $1,000,000.
`PI: Jonathan Katz; co-PI: Michael Hicks
`August, 2011 – August 2016
`
`“Delegated, Outsourced, and Distributed Computation,” US Army Research Laboratory/UK
`Ministry of Defence (International Technology Alliance in Network and Information Sci-
`ence), $199,226.
`May, 2011 – April, 2013
`
`3
`
`Page 18
`
`

`
`“Toward Practical Cryptographic Protocols for Secure Information Sharing, Phase II CSSG,”
`DARPA, $400,000.
`September, 2010 – August, 2012
`
`“NetSE: Medium: Collaborative Research: Privacy-Preserving Social Systems,” NSF (NSF-
`IIS-0964541), $880,000.
`PI: Bobby Bhattacharjee; co-PIs: Jonathan Katz and Neil Spring
`September, 2010 – August, 2013
`
`Supplement for “CAREER: Models and Cryptographic Protocols for Unstructured, Decen-
`tralized Systems,” NSF (NSF-CNS-0447075), $80,000.
`August, 2009 – August, 2010
`
`“Energy Efficient Security Architectures and Infrastructures,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $162,450.
`May, 2009 – April, 2011
`
`“Cryptographic Primitives and Protocols for Security in Complex Systems,” DARPA, $100,000.
`March, 2009 – March, 2010
`
`“Understanding Fairness in Secure Two-Party and Multi-Party Computation,” NSF (NSF-
`CCF-0830464), $277,782.
`September, 2008 – August, 2011
`
`“Collaborative Research: CT-ISG: Efficient Cryptography Based on Lattices,” NSF (NSF-
`CNS-0716651), $138,500.
`September, 2007 – August, 2010
`
`“Efficient Security Techniques for Information Flows in Coalition Environments,” US Army
`Research Laboratory/UK Ministry of Defence (International Technology Alliance in Net-
`work and Information Science), $395,026.
`PIs: Jonathan Katz and Michael Hicks
`May, 2007 – April, 2009
`
`“Designing Reliable and Secure Tactical MANETs,” DoD MURI, $1,442,324.
`PIs: John Baras, Virgil Gligor, and Jonathan Katz
`May, 2007 – April, 2012
`
`“New Techniques for Authenticating Humans (and Other Resource-Constrained Devices),”
`NSF (NSF-CNS-0627306), $300,000.
`September, 2006 – August, 2009
`
`“Feasibility and Efficiency of Secure Computation,” United States-Israel Binational Science
`Foundation, $120,000.
`September, 2005 – August, 2009
`
`“CAREER: Models and Cryptographic Protocols for Unstructured, Decentralized Systems,”
`NSF (NSF-CNS-0447075), $400,000.
`February, 2005 – January, 2010
`
`4
`
`Page 19
`
`

`
`“Secure Design and Usage of Cryptographic Hash Functions,” University of Maryland GRB
`semester award.
`2005–2006 academic year
`
`“ITR-(ASE+NHS)-(DMC+INT+SOC): Resilient Storage and Querying in Decentralized
`Networks,” NSF (NSF-CNS-0426683), $720,000.
`PI: Bobby Bhattacharjee; co-PIs: Sudarshan Chawathe, Jonathan Katz, and Aravind Srini-
`vasan
`September, 2004 – August, 2008
`
`“Distributed Trust Computations for Decentralized Systems,” NSF (NSF-CNS-0310499),
`$375,000.
`PI: Bobby Bhattacharjee; co-PI: Jonathan Katz
`August, 2003 – July, 2006
`
`“Collaborative Research: Mitigating the Damaging Effects of Key Exposure,”NSF (NSF-
`CNS-0310751), $240,000.
`August, 2003 – July, 2006
`
`PhD Students
`
`Graduated:
`Adam Groce (graduated in 2014)
`Currently a visiting assistant professor at Reed College
`
`Ranjit Kumaresan (graduated in 2012)
`Currently a postdoc at the Technion
`
`Arkady Yerukhimovich (graduated in 2011)
`Currently technical staff, MIT Lincoln Laboratory
`
`S. Dov Gordon (graduated in 2010)
`Currently at Applied Communication Sciences
`
`Omer Horvitz (graduated in 2007, co-advised with Prof. Gligor)
`Currently at techmeme.com
`
`Chiu-Yuen Koo (graduated in 2007)
`Currently at Google Labs, Mountain View, CA
`
`Ruggero Morselli, (graduated in 2006, co-advised with Prof. Bhattacharjee)
`Currently at Google Labs, Pittsburgh, PA
`
`Current:
`Aishwarya Thiruvengadam
`
`Daniel Apon
`
`Alex Malozemoff
`
`Andrew Miller
`
`5
`
`Page 20
`
`

`
`Postdoctoral Researchers
`
`Hoang Viet Tung, 2014–present
`
`Feng-Hao Liu, 2013–present
`
`Jean Paul Degabriele, 2013–2014
`Currently a postdoc at Royal Holloway University of London
`
`Yan Huang, 2012–2014
`Currently an assistant professor at Indiana University
`
`Hong-Sheng Zhou, 2010–2013
`Currently an assistant professor at Virginia Commonwealth University
`
`Dominique Schr¨oder, 2011–2012
`Currently an assistant professor at Saarland University, Germany
`
`Raef Bassily, 2012
`Currently a postdoc at Penn State University
`
`Seung Geol Choi, 2010–2012
`Currently an assistant professor at the US Naval Academy
`
`Vassilis Zikas, 2010–2012
`Currently a postdoc at UCLA
`
`Lior Malka, 2009–2010
`Currently at Intel, Santa Clara, CA
`
`Ik Rae Jeong, 2005–2006
`Currently an assistant professor at Korea University
`
`Professional Activities
`
`Editorial board:
`– Information & Computation (2012–present)
`– Journal of Cryptology (2011–present)
`– International Journal of Applied Cryptography (2007–present)
`– Journal of Computer and System Sciences (2013–2014 )
`– IET Information Security (2005–2012 )
`– Fundamenta Informaticae (2006–2011 )
`
`Program chair:
`– Intl. Conference on Practice and Theory in Public-Key Cryptography (PKC) 2015
`– Conference on Decision and Game Theory for Security (GameSec) 2011
`– Cryptography Track, 12th International Symposium on Stabilization, Safety, and Security
`of Distributed Systems (SSS) 2010
`– Applied Cryptography and Network Security (ACNS) 2007
`
`Program committees:
`– Mycrypt 2016
`– IEEE Symposium on Security & Privacy (Oakland) 2009, 2015
`
`6
`
`Page 21
`
`

`
`– ACM Conf. Computer and Comm. Security (CCCS) 2005, 2006, 2011, 2012, 2013
`– European Symposium on Security in Computer Security (ESORICS) 2013
`– Crypto 2003, 2005, 2006, 2009, 2013
`– Eurocrypt 2006, 2008, 2009, 2011, 2013
`– Asiacrypt 2004, 2007, 2008, 2010, 2012
`– Theory of Cryptography Conference (TCC) 2006, 2007, 2012
`– RSA—Cryptographers’ Track 2006, 2007, 2010, 2012
`– Financial Cryptography 2012
`– ACM-SIAM Symposium on Discrete Algorithms (SODA) 2011
`– Intl. Conf. on Cryptology and Network Security (CANS) 2010
`– Intl. Conf. on Pairing-Based Cryptography (Pairing) 2010
`– Public-Key Cryptography (PKC) 2007, 2010
`– ACM Symposium on Theory of Computing (STOC) 2009
`– Applied Cryptography and Network Security (ACNS) 2006, 2009
`– IEEE Symposium on Foundations of Computer Science (FOCS) 2008
`– Security in Communication Networks 2008
`– ICALP 2007
`– ACM Workshop on Security and Sensor Networks (SASN) 2004, 2005, 2006
`– Security and Cryptography for Networks (SCN) 2006
`– VietCrypt 2006
`– International Conference on Information Security and Cryptology (ICISC) 2005, 2006
`– UCLA/IPAM workshop on “Locally decodable codes. . . ,” 2006
`– Workshop on Cryptography over Ad Hoc Networks (WCAN) 2005, 2006
`– International Conference on Cryptology in Malaysia (Mycrypt) 2005
`– Workshop in Information Security and Applications (WISA) 2004
`
`Invited Courses/Tutorials
`
`Half-day tutorial: “Ruminations on Defining Rational Multi-Party Computation,” Summer
`School on Rational Cryptography (Bertinoro, Italy), June 2008.
`
`1-hour tutorial: “The Basics of Public-Key Encryption,” Booz Allen Hamilton (Linthicum,
`MD), October 2007.
`
`2+-hour tutorial: “A Survey of Modern Cryptography,” ACM Sigmetrics, June 2007.
`
`Week-long course: “Zero Knowledge: Foundations and Applications,” (Bertinoro, Italy),
`October 2006.
`
`Half-day tutorial: “Black-Box Reductions, Impossibility Results, and Efficiency Lower
`Bounds,” UCLA/IPAM, September 2006.
`
`Invited Panel and Session Participation
`
`11th Colloquium for Information System Security Education (Boston University): panel
`member, “How to Teach Cryptology,” June 2007.
`
`7
`
`Page 22
`
`

`
`Invited Talks
`
`Naval Postgraduate School Foundation, President’s Circle Retreat: “Privacy-Preserving
`Distributed Computation,” April 2014.
`
`Georgetown University: “Secure Computation in the RAM Model,” April 2014.
`
`Rutgers University: “Privacy-Preserving Computation: How, What, and Why?” Novem-
`ber 2013.
`
`First EasyCrypt workshop (University of Pennsylvania): “EasyCrypt 0.2 Feedback and
`Recommendations,” July 2013.
`
`Workshop on Real-World Cryptography (Stanford): “Practical Anonymous Subscriptions,”
`January 2013.
`
`Workshop on Theory and Practice of Multiparty Computation (Aarhus, Denmark): “Recent
`Results on Game Theory and Secure Computation,” June 2012.
`
`Indiana University: “Is (Generic) Secure Two-Party Computation Practical?” Novem-
`ber 2011.
`
`Microsoft Research (Redmond, WA): “(Ever More) Efficient Secure Two-Party Computa-
`tion,” March 2011.
`
`PerAda Workshop on Security, Trust, and Privacy (Rome, Italy): “Privacy, Trust, and
`Security in Pervasive Computing: Challenges and Opportunities,” November 2010.
`
`Tsinghua University (Beijing, China): “Fairness and Partial Fairness in Two-Party Com-
`putation,” June 2010
`
`Beijing Institute of Technology: “Rational Secret Sharing,” June 2010.
`
`SKLOIS: The State Key Laboratory Of Information Security (Beijing, China): “Leakage-
`Resilient Cryptography,” June 2010.
`
`SKLOIS: The State Key Laboratory Of Information Security (Beijing, China): “Rational
`Secret Sharing,” June 2010.
`
`Workshop on Decentralized Mechanism Design, Distributed Computing, and Cryptography
`(Princeton University): “Rational Secret Sharing: A Survey,” June 2010.
`
`Microsoft Research (Cambridge, MA): “Rational Secret Sharing,” April 2009.
`
`AT&T Labs: “Fairness and Partial Fairness in Secure Two-Party Computation,” February
`2009.
`
`University of Toronto: “Fairness and Partial Fairness in Secure Two-Party Computation,”
`February 2009.
`
`Joint Mathematics Meetings, AMS Special Session on Algebraic Cryptography and Generic
`Complexity: “Public-Key Cryptography from a (Theoretical) Cryptographer’s Perspective,”
`January 2009.
`
`Dagstuhl workshop on Theoretical Foundations of Practical Information Security (Ger-
`many): “Partial Fairness in Secure Two-Party Computation,” December 2008.
`
`8
`
`Page 23
`
`

`
`´Ecole Normale Sup´erieure (Paris, France): “Efficient Cryptographic Protocols Based on the
`Hardness of Learning Parity with Noise,” July 2008.
`´Ecole Normale Sup´erieure (Paris, France): “Predicate Encryption: A New Paradigm for
`Public-Key Encryption,” July 2008.
`´Ecole Normale Sup´erieure (Paris, France): “Fairness in Secure Computation,” June 2008.
`
`UC Berkeley: “Predicate Encryption: A New Paradigm for Public-Key Encryption,” May
`2008.
`
`5th Theory of Cryptography Conference (TCC) 2008 (New York): “Bridging Game Theory
`and Cryptography: Recent Results and Future Directions,” March 2008.
`
`MIT Cryptography and Information Security Seminar: “Complete Fairness in Secure Two-
`Party Computation,” March 2008.
`
`11th IMA Intl. Conference on Cryptography and Coding Theory (Cirencester, UK): “Ef-
`ficient Cryptographic Protocols Based on the Hardness of Learning Parity with Noise,”
`December 2007.
`
`INDOCRYPT 2007 (Chennai, India): “Capability-Based Encryption: A New Paradigm for
`Public-Key Encryption,” December 2007.
`
`Pennsylvania State University: “Universally-Composable Multi-Party Computation using
`Tamper-Proof