`________________________
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`________________________
`APPLE INC.,
`Petitioner
`v.
`SMARTFLASH LLC,
`Patent Owner.
`________________________
`Case CBM2014-001121
`Patent 7,942,317 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DECLARATION OF JONATHAN KATZ, PH.D. IN SUPPORT OF
`PATENT OWNER’S RESPONSE TO PETITION
`
`
`
`
`
`1 Case CBM2014-00113 has been consolidated with the instant proceeding.
`
`Page 001
`
`
`
`I, Jonathan Katz, hereby declare:
`
`1.
`
`I am currently a Professor in the Department of Computer Science at
`
`the University of Maryland where, among other things, I teach classes in the
`
`area of cybersecurity, conduct research in this field, and supervise graduate-
`
`student research. I am also currently the Director of the Maryland
`
`Cybersecurity Center (MC2), as part of which I interact regularly with the
`
`cybersecurity industry and oversee faculty conducting research in various
`
`sub-fields of cybersecurity including cryptography, network security, and
`
`mobile-phone security. I received my Ph.D. (with distinction) in Computer
`
`Science from Columbia University in 2002.
`
`2. My curriculum vitae is attached hereto as Appendix A, and the list of
`
`cases in which I have been an expert in the last five years is attached hereto
`
`as Appendix B. I additionally have experience in computer programming.
`
`3.
`
`I have been retained by Smartflash LLC to provide an expert opinion
`
`in CBM2014-00102, -00106, -00108 and -00112.
`
`4.
`
`I have reviewed the material shown in Appendix C in preparing this
`
`declaration.
`
`
`
`Page 002
`
`
`
`I.
`
`5.
`
`Grounds for Review
`
`I understand that on September 30, 2014 the Patent and Trial Appeal
`
`Board (PTAB) of the U.S. Patent and Trademark Office (USPTO) issued a
`
`Decision to Institute a Covered Business Method (CBM) Review of U.S.
`
`Patent No. 7,942,317 (the ‘317 patent). Decision at 1. The PTAB further
`
`consolidated the proceedings of CBM2014-00112 and CBM2014-00113 into
`
`the current proceeding. Decision at 23.
`
`6.
`
`I understand that the PTAB instituted a review of claims 1, 6-8, 12,
`
`13, and 16 on two different grounds. I understand that the PTAB held that
`
`the 00112 Petition had shown that it was more likely than not that claims 1,
`
`6-8, 12, 13, and 16 are unpatentable, pursuant to 35 U.S.C. § 103, over the
`
`combination of U.S. Patent No. 5,530,235 (“Stefik ‘235”) and U.S. Patent
`
`No. 5,629,980 (“Stefik ‘980”). Decision at 22. I understand that the PTAB
`
`held that the 00113 Petition had shown that it was more likely than not that
`
`claims 1, 6-8, 12, 13, and 16 are unpatentable, pursuant to 35 U.S.C. § 103,
`
`over U.S. Patent No. 5,915,019 (“Ginter”). Decision at 22. I also
`
`understand that the 00112 and 00113 Petitions raised a number of other
`
`grounds of unpatentability, but that the “all other grounds raised in the
`
`CBM2014-00112 and CBM2014-00113 Petitions are denied.” Decision at
`
`Page 003
`
`
`
`22. My opinions in this declaration are limited to the claims discussed
`
`herein for the instituted grounds.
`
`
`
`II.
`
`7.
`
`Legal Standards and Claim Construction
`
`It has been explained to me that the standard for patentability under 35
`
`U.S.C. § 103 is that of “obviousness” and that obviousness is a question of
`
`law based on underlying factual findings, including: (1) the scope and
`
`content of the prior art; (2) the differences between the claims and the prior
`
`art; (3) the level of ordinary skill in the art; and (4) objective considerations
`
`of nonobviousness. I further understand that examples of objective
`
`considerations of nonobviousness (or “secondary considerations”) include:
`
`(1) the invention's commercial success, (2) long felt but unresolved needs,
`
`(3) the failure of others, (4) skepticism by experts, (5) praise by others, (6)
`
`teaching away by others, (7) recognition of a problem, and (8) copying of
`
`the invention by competitors.
`
`8.
`
`I also understand that the PTAB uses the “preponderance of the
`
`evidence” standard such that the Petition must show that any claim asserted
`
`to be unpatenable is proven to be unpatentable by a “preponderance of the
`
`evidence.” I take that to mean that the 00112 and 00113 Petitions must
`
`Page 004
`
`
`
`prove that it is more likely than not that each challenged claim is
`
`unpatentable.
`
`9.
`
`I understand that the factors considered in determining the ordinary
`
`level of skill in the art include the level of education and experience of
`
`persons working in the field; the types of problems encountered in the field;
`
`and the sophistication of the technology. I believe that one of ordinary skill
`
`in the art would have had a bachelor’s degree in electrical engineering or its
`
`equivalent, or at least 5 years of experience in manufacturing or engineering,
`
`with significant exposure to the digital content distribution and/or e-
`
`commerce industries.
`
`10. Based on my industry and teaching experience, and based on my
`
`review of the state of the art at the time of the filing of the patent, I believe
`
`that I would qualify as an expert in the area of data storage and access
`
`systems such that I am qualified to opine on what those of ordinary skill in
`
`the art would have understood at the time of the filing of the patent and what
`
`he/she would or would not have been motivated to do.
`
`11. Petitioner has alleged that “payment data” should be construed to
`
`mean “data representing payment made for requested content data” and is
`
`distinct from “access control data.” See, for example, 000112 Petition at 17.
`
`However, I believe that “payment data” in the context of the ‘221 patent
`
`Page 005
`
`
`
`should be interpreted to mean “data that can be used to make payment for
`
`content.” I understand that in interpreting “payment data” (and all the other
`
`terms of the patent), the PTAB uses a “broadest reasonable interpretation”
`
`standard. I have done so in coming to the opinions set forth herein.
`
`12. The ‘221 patent, col. 20, lines 59-62, states “payment data for making
`
`a payment … is received from the smart Flash card by the content access
`
`terminal and forwarded to an e-payment system.” That is, the “payment
`
`data” is used for making a payment. Furthermore, as can be seen in Figure
`
`12c of the ‘317 patent, step S54 reads “PAYMENT FOR SCHEME
`
`OWNER RECEIVED FROM CARD BY CONTENT ACCESS
`
`TERMINAL AND FORWARDED TO e-PAYMENT SYSTEM.” Step S55
`
`then reads “PAYMENT RECORD DATA RECEIVED FROM e-
`
`PAYMENT SYSTEM BY CONTENT ACCESS TERMINAL AND
`
`FORWARDED TO CARD.” Both of those steps precede step S56 which
`
`recites “PAYMENT RECORD DATA, PURCHASE REQUEST AND
`
`CARD REGISTRATION DATA TRANSMITTED TO SCHEME
`
`OWNER.” Thus, “payment data” is not “data representing payment made
`
`for requested content data” as payment has not yet been made when the
`
`payment data of step S54 is sent. Therefore, I believe Petitioner’s requested
`
`claim construction for “payment data” should not be adopted, and “payment
`
`Page 006
`
`
`
`data” should be interpreted to mean “data that can be used to make payment
`
`for content.”
`
`
`
`III. Obviousness Grounds Against the Claims of the ‘317 patent
`
`
`
`A. Obviousness in Light of Stefik ‘235 and Stefik ‘980
`
`13. The Decision held that “Petitioner has failed to establish that it is
`
`more likely than not that it would prevail in demonstrating that independent
`
`claims 1, 8, 12, 16, and 18 are unpatentable as anticipated by the Stefik
`
`references. For the same reasons, we determine that Petitioner has failed to
`
`establish that it is more likely than not that it would prevail in demonstrating
`
`that dependent claims 6, 7, 13, and 14 are unpatentable as anticipated by the
`
`Stefik references.” Decision at 14.
`
`14. However, the Decision further held “We find Petitioner’s contentions
`
`that claims 1, 6–8, 12, 13, 16, and 18 would have been obvious over the
`
`combination of Stefik ’235 and Stefik ’980 persuasive, but are not persuaded
`
`by Petitioner’s contentions regarding claim 14.” Decision at 14. For the
`
`reasons set forth below, I believe that the Petition has not shown that it is
`
`more likely than not that the combination of Stefik ‘235 and Stefik ‘980
`
`would have rendered obvious claims 1, 6, 7, and 16 to one of ordinary skill
`
`Page 007
`
`
`
`in the art, as of the earliest foreign and domestic priority dates of the ‘317
`
`patent.2.
`
`
`
`1.
`
`Claims 1, 6, 7, and 16
`
`15. Among other elements, independent claim 1 recites “a data access
`
`data store for storing records of data items available from the system, each
`
`record comprising a data item description and a pointer to a data provider for
`
`the data item.” Claims 6 and 7 depend from claim 1.
`
`16. Among other elements, independent claim 16 recites “a data access
`
`data store for storing records of data items available from the system, each
`
`record comprising a data item description and a resource locator identifying
`
`a data provider for the data item.”
`
`17. Page 69 of the 00112 Petition states, with respect to that element of
`
`claim 16, “See claim 1 of the ’317 patent, ‘data access data store’ element;
`
`Ex. 1021 Apx D at 115.” Thus, I will discuss those elements together
`
`below.
`
`18. With respect to claim 1, page 33 of the 00112 Petition alleges that
`
`Stefik ‘235 and Stefik ‘980 teach the limitation referenced above, and states:
`
`2 For the purposes of this declaration, it does not matter whether a priority
`
`date of Oct. 25, 1999 or Oct. 25, 2000 is used.
`
`Page 008
`
`
`
`The records (e.g., the description tree files) include data
`
`item descriptions (e.g., identifiers; usage rights; access
`
`conditions; fee information) and a pointer (e.g., d-blocks of data
`
`that indicate a start address for a string of bits) for each data
`
`item (e.g., pointers to data in content storage 1204). A data
`
`provider to which the pointers are directed (e.g., storage
`
`subsystem 203; content storage 1204) that stores the content
`
`may be separate memory and may be on a separate physical
`
`device than the data access data store (e.g., descriptor storage
`
`1203).
`
`19.
`
`I do not believe that the 00112 Petition has shown that it is more
`
`likely than not that one of ordinary skill in the art would have considered a
`
`start address for a string of bits to be the claimed “pointer to a data provider
`
`for the data item” or “a resource locator identifying a data provider for the
`
`data item.” Pages 33 and 34 of the 0012 Petition cite a number of portions
`
`(Figs. 2 and 5a, Abstract, 2:35-36, 3:32-38, 6:2-17, and 7:22-32) of Stefik
`
`‘235 that disclose that a DocuCard can utilize a hierarchical file structure,
`
`but none of those citations discloses a pointer to a data provider or a
`
`resource locator identifying a data provider for the data item. Page 34 of the
`
`00112 Petition cites 7:63-8:10 as describing d-block structures, but the
`
`Page 009
`
`
`
`pointers described therein are pointers to other d-blocks in the description
`
`file, not pointers to data providers (or a resource locator identifying a data
`
`provider for the data item). Further, while that cited section also describes
`
`“a starting address 502 providing the start address of the first byte of the
`
`work,” that is neither a pointer to a “data provider,” nor is it a resource
`
`locator identifying a data provider for the data item. The only remaining
`
`citation is to 7:35-42 which states “The file information for a document is
`
`comprised of a ‘contents file’ and a ‘description file.’… The description file
`
`contains the usage rights for the document and a pointer to the document in
`
`the content part.” However, this is a pointer to the content part itself, not the
`
`claimed “data provider for the data item.” Thus, it is also not “a resource
`
`locator identifying a data provider for the data item.”
`
`20. Page 34 of the 00112 Petition cites Stefik ‘980 but is likewise
`
`deficient. As described in 9:54-10:1, the pointers are to other d-blocks in the
`
`description file, not pointers to data providers nor a resource locator
`
`identifying a data provider for the data item. Further, while that cited
`
`section also describes “a starting address 702 providing the start address of
`
`the first byte of the work,” that is neither a pointer to a “data provider,” nor
`
`is it “a resource locator identifying a data provider for the data item.” The
`
`additional citations to 10:26-32 and Table 1 are for rights, rather than
`
`Page 010
`
`
`
`pointers. The only remaining citation is to 14:28-39, which describes the
`
`storage system and that the storage system includes description tree storage
`
`1203 and content storage 1204, and that those storages 1203 and 1204 may
`
`be on separate physical devices. However, that discussion does not disclose
`
`either the claimed “pointer to a data provider for the data item” or “resource
`
`locator identifying a data provider for the data item.”
`
`21. Thus, I believe that the 00012 Petition has not shown that it is more
`
`likely than not that Stefik ‘235 and Stefik ‘980, either individually or in
`
`combination, renders obvious claims 1, 6, 7, and 16.
`
`
`
`
`
`C. Obviousness in Light of Ginter
`
`22. The Decision held that “Petitioner has established that it is more likely
`
`than not that claims 1, 6–8, 12, 13, and 16 are unpatentable as obvious over
`
`Ginter.” Decision at 19. For the reasons set forth below, I believe that the
`
`00113 Petition at least has not shown that it is more likely than not that
`
`Ginter renders obvious claims 1, 6, 7, and 16.
`
`Page 011
`
`
`
`
`
`1.
`
`Claims 1, 6, 7, and 16
`
`23. Among other elements, independent claim 1 recites “code to receive
`
`from the communications interface payment data comprising data relating to
`
`payment for the requested data item.” Claims 6 and 7 depend from claim 1.
`
`24. Among other elements, independent claim 16 also recites “code to
`
`receive from the communications interface payment data comprising data
`
`relating to payment for the requested data item.”
`
`25. Pages 44-45 of the 00113 Petition allege, with respect to claim 1, that
`
`Ginter teaches this limitation and states:
`
`Ginter discloses a processor (e.g., CPU) implementing
`
`code (e.g., software instructions utilized by the CPU) to
`
`perform functions including receiving from the
`
`communications interface (e.g., communications controller)
`
`payment data (e.g., audit information) that includes data
`
`relating to payment for the requested data item (e.g., VDE
`
`content object).
`
`26. With respect to claim 16, page 73 of the 00113 Petition incorporates
`
`the arguments from claim 1 for the same limitation, so all arguments
`
`discussed below with respect to claim 1 are equally applicable to claim 16.
`
`Page 012
`
`
`
`27.
`
`
`
`28.
`
`I do not believe that one of ordinary skill in the art would have
`
`considered the “audit information” described in the 00113 Petition to be
`
`“payment data.” Ginter itself acknowledges that auditing and payment are
`
`different. As the Petition even cites, Ginter 63:34-41 states “SPU 500 may
`
`also perform secure data management processes including governing usage
`
`of, auditing of, and where appropriate, payment for VDE objects 300.”
`
`Moreover, 175:47-176:1 cited by the 00113 Petition likewise shows that
`
`audit information is post-usage information and not “payment data,” when it
`
`states “a VDE repository may perform audit information clearinghouse
`
`services ... for usage information reported by VDE users.” Thus, Ginter
`
`does not disclose “code to receive from the communications interface
`
`payment data comprising data relating to payment for the requested data
`
`item” or “receiving payment data from the requester relating to payment for
`
`the requested data.”
`
`29. As an alternative argument, footnote 16 (page 45) of the 00113
`
`Petition alleges that to “the extent it is argued that the audit information
`
`received by Ginter’s object repository does not necessarily relate to payment
`
`for a currently-requested VDE content object, Ginter at a minimum renders
`
`this obvious. Ginter discloses paying for VDE content objects with ‘real-
`
`Page 013
`
`
`
`time debits from bank accounts.’” However, in the context of Ginter, the
`
`audit information is for tracking post-usage information, not current
`
`purchase information. As discussed in the paragraph crossing cols. 161 and
`
`162, “the clearinghouse may analyze the contained audit information to
`
`determine whether it indicates misuse of the applicable VDE object 300,”
`
`which indicates the tracked usage has already occurred. Thus, the 00103
`
`Petition has not shown that such post-usage information to determine
`
`whether an applicable VDE object 300 is being misused corresponds to
`
`“payment data” as claimed. Also, to change from post-usage tracking to
`
`pre-purchase processing would change the principle upon which Ginter
`
`works, which I understand indicates nonobviousness.
`
`30. Also, to the extent that the Petition is relying on Ginter 63:34-41 as
`
`disclosing “real-time debits from bank accounts,” I note that I understand the
`
`reference to “real-time debits from bank accounts” to be discussing real-time
`
`debits from bank accounts for paying for previous usage of VDE objects.
`
`Thus, I disagree that a “POSITA would at minimum have found it obvious
`
`to apply Ginter’s teaching of using audit information as payment data to a
`
`real-time transaction in order to reflect payment for a currently-requested
`
`VDE object,” as also alleged in footnote 16. As discussed above, to change
`
`from post-usage tracking to pre-purchase processing would change the
`
`Page 014
`
`
`
`principle upon which Ginter works, which I understand indicates
`
`nonobviousness.
`
`31. Thus, I believe that the 00013 Petition at least has not shown that it is
`
`more likely than not that Ginter renders obvious claims 1, 6, 7, and 16.
`
`
`
`32.
`
`I hereby acknowledge that any willful false statement made in this
`
`declaration is punishable under 18 U.S.C. 1001 by fine or imprisonment of
`
`not more than five (5) years, or both.
`
`
`
`
`
`
`
`Executed this 27th day of February, 2015.
`
`____________________________
`
`
`
`
`
`
`
`
`
`Jonathan Katz, Ph.D.
`
`
`
`Page 015
`
`
`
`
`
`
`
`
`
`
`APPENDIX A
`
`APPENDIX A
`
`Page 016
`
`Page 016
`
`
`
`Jonathan Katz
`Department of Computer Science and UMIACS
`University of Maryland
`jkatz@cs.umd.edu
`
`Education
`
`Ph.D. (with distinction), Computer Science, Columbia University, 2002
`Dissertation: Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks
`Advisors: Zvi Galil and Moti Yung
`Also advised by Rafail Ostrovsky (Telcordia Technologies)
`
`M.Phil., Computer Science, Columbia University, 2001
`
`M.A., Chemistry, Columbia University, 1998
`
`S.B., Mathematics, Massachusetts Institute of Technology, 1996
`
`S.B., Chemistry, Massachusetts Institute of Technology, 1996
`
`Employment History
`
`Director, Maryland Cybersecurity Center (MC2)
`October, 2013 – present
`
`Professor, University of Maryland
`July, 2013 – present
`
`Associate Professor, University of Maryland
`July, 2008 – June, 2013
`
`Assistant Professor, University of Maryland
`July, 2002 – June, 2008
`Responsible for maintaining a world-class research program in cryptography
`and information security. Duties include supervising graduate students and
`designing and teaching courses in cryptography, theoretical computer science,
`and network security.
`
`Visiting Research Scientist, IBM T.J. Watson Research Center (Hawthorne, NY)
`August, 2008 – July, 2009
`Visited and collaborated with the cryptography research group at IBM.
`
`Visiting Professor, ´Ecole Normale Sup´erieure (Paris, France)
`June – July, 2008
`Presented three lectures on my research; collaborated with the cryptography
`research group at ENS.
`
`Research Fellow, Institute for Pure and Applied Mathematics, UCLA
`September – December, 2006
`Invited as a core participant for the Fall 2006 program on “Securing Cyberspace:
`Applications and Foundations of Cryptography and Computer Security.”
`
`1
`
`Page 017
`
`
`
`Consultant, various positions
`August, 2002 – present
`Designed, analyzed, and supervised implementation of cryptographic protocols
`and algorithms. Provided expert testimony in intellectual property disputes.
`Worked with government agencies on a wide range of research projects in the
`area of cybersecurity.
`
`Visiting Research Scientist, DIMACS
`March – May, 2002
`Conducted research in both theoretical and applied cryptography, leading to
`two published papers.
`
`Instructor, Columbia University
`Summer, 1999 – Spring, 2002
`Instructor for five semesters. Taught Introduction to Cryptography, Computabil-
`ity and Models of Computation, and Introduction to Computer Programming.
`
`Research Scientist, Telcordia Technologies
`March, 2000 – October, 2001
`Member of the Mathematical Sciences Research Center. Conducted basic re-
`search in cryptography leading to the filing of two provisional patents. Provided
`security consulting services for other research groups within Telcordia.
`
`Security Consultant, Counterpane Systems
`May, 1999 – March, 2000
`Discovered security flaws in email encryption software (PGP); this work was
`widely covered in the press and led to two published papers and a refinement
`of the current standards for email encryption. Designed and implemented se-
`cure web-based protocols for clients. Contributed to Secrets and Lies: Digital
`Security in a Networked World, by B. Schneier (J. Wiley & Sons, 2000).
`
`Honors and Awards
`
`Member, steering committee, IEEE cybersecurity initiative (2014–present)
`
`Named one of Daily Record’s “50 Influential Marylanders” in 2014
`
`Invited participant, DARPA Computer Science Study Group, 2009–2010
`
`NSF CAREER award, 2005–2010
`
`University of Maryland GRB semester award, 2005–2006
`
`National Defense Science and Engineering Graduate Fellowship, 1996–1999
`
`NSF Graduate Fellowship, 1996 (declined)
`
`Alpha Chi Sigma award for academic excellence, MIT, 1996
`
`2
`
`Page 018
`
`
`
`Research Grants
`
`(Dollar amounts listed reflect the University of Maryland portion of the award. Unless indicated
`otherwise, I am the sole PI on the award.)
`
`“EAGER: Physical, Social, and Situational Factors as Determents of Public WiFi Users’
`Online Behaviors,” NSF, $215,002.
`co-PIs: Jonathan Katz and David Maimon
`October, 2014 – September, 2016
`
`“Establishing a Science of Security Research Lablet at the University of Maryland,” NSA,
`$1,487,608.
`Lead PI: Jonathan Katz
`February, 2014 – February, 2015
`
`“Automating Secure Computation,” DARPA (via subcontract to ACS), $51,213.
`PI: Elaine Shi; co-PI: Jonathan Katz
`January, 2014 – February, 2015
`
`“Network Security: Efficient Protocols for Message Integrity in DTNs,” Laboratory for
`Telecommunications Sciences, $176,353.
`April, 2013 – March, 2015
`
`“Secure Information Flows in Hybrid Coalition Networks,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $356,615.
`PI: Michael Hicks; co-PI: Jonathan Katz
`May, 2013 – April, 2015
`
`“Secure Network-Centric Data Distribution and Processing,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $108,016.
`PI: Rosario Gennaro; co-PI: Jonathan Katz
`May, 2013 – April, 2015
`
`“TWC: Small: Exploring Cryptographic Models and Setup Assumptions,” NSF (NSF-CNS-
`1223623), $400,945.
`September, 2012 – August, 2015
`
`“Developing a Science of Cybersecurity,” US Army Research Laboratory, $2,813,768.
`Lead PI: Jonathan Katz
`October, 2011 – September, 2013
`
`“TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Tech-
`niques, Tools, and Applications,” NSF (NSF-CNS-1111599), $1,000,000.
`PI: Jonathan Katz; co-PI: Michael Hicks
`August, 2011 – August 2016
`
`“Delegated, Outsourced, and Distributed Computation,” US Army Research Laboratory/UK
`Ministry of Defence (International Technology Alliance in Network and Information Sci-
`ence), $199,226.
`May, 2011 – April, 2013
`
`3
`
`Page 019
`
`
`
`“Toward Practical Cryptographic Protocols for Secure Information Sharing, Phase II CSSG,”
`DARPA, $400,000.
`September, 2010 – August, 2012
`
`“NetSE: Medium: Collaborative Research: Privacy-Preserving Social Systems,” NSF (NSF-
`IIS-0964541), $880,000.
`PI: Bobby Bhattacharjee; co-PIs: Jonathan Katz and Neil Spring
`September, 2010 – August, 2013
`
`Supplement for “CAREER: Models and Cryptographic Protocols for Unstructured, Decen-
`tralized Systems,” NSF (NSF-CNS-0447075), $80,000.
`August, 2009 – August, 2010
`
`“Energy Efficient Security Architectures and Infrastructures,” US Army Research Labora-
`tory/UK Ministry of Defence (International Technology Alliance in Network and Informa-
`tion Science), $162,450.
`May, 2009 – April, 2011
`
`“Cryptographic Primitives and Protocols for Security in Complex Systems,” DARPA, $100,000.
`March, 2009 – March, 2010
`
`“Understanding Fairness in Secure Two-Party and Multi-Party Computation,” NSF (NSF-
`CCF-0830464), $277,782.
`September, 2008 – August, 2011
`
`“Collaborative Research: CT-ISG: Efficient Cryptography Based on Lattices,” NSF (NSF-
`CNS-0716651), $138,500.
`September, 2007 – August, 2010
`
`“Efficient Security Techniques for Information Flows in Coalition Environments,” US Army
`Research Laboratory/UK Ministry of Defence (International Technology Alliance in Net-
`work and Information Science), $395,026.
`PIs: Jonathan Katz and Michael Hicks
`May, 2007 – April, 2009
`
`“Designing Reliable and Secure Tactical MANETs,” DoD MURI, $1,442,324.
`PIs: John Baras, Virgil Gligor, and Jonathan Katz
`May, 2007 – April, 2012
`
`“New Techniques for Authenticating Humans (and Other Resource-Constrained Devices),”
`NSF (NSF-CNS-0627306), $300,000.
`September, 2006 – August, 2009
`
`“Feasibility and Efficiency of Secure Computation,” United States-Israel Binational Science
`Foundation, $120,000.
`September, 2005 – August, 2009
`
`“CAREER: Models and Cryptographic Protocols for Unstructured, Decentralized Systems,”
`NSF (NSF-CNS-0447075), $400,000.
`February, 2005 – January, 2010
`
`4
`
`Page 020
`
`
`
`“Secure Design and Usage of Cryptographic Hash Functions,” University of Maryland GRB
`semester award.
`2005–2006 academic year
`
`“ITR-(ASE+NHS)-(DMC+INT+SOC): Resilient Storage and Querying in Decentralized
`Networks,” NSF (NSF-CNS-0426683), $720,000.
`PI: Bobby Bhattacharjee; co-PIs: Sudarshan Chawathe, Jonathan Katz, and Aravind Srini-
`vasan
`September, 2004 – August, 2008
`
`“Distributed Trust Computations for Decentralized Systems,” NSF (NSF-CNS-0310499),
`$375,000.
`PI: Bobby Bhattacharjee; co-PI: Jonathan Katz
`August, 2003 – July, 2006
`
`“Collaborative Research: Mitigating the Damaging Effects of Key Exposure,”NSF (NSF-
`CNS-0310751), $240,000.
`August, 2003 – July, 2006
`
`PhD Students
`
`Graduated:
`Adam Groce (graduated in 2014)
`Currently a visiting assistant professor at Reed College
`
`Ranjit Kumaresan (graduated in 2012)
`Currently a postdoc at the Technion
`
`Arkady Yerukhimovich (graduated in 2011)
`Currently technical staff, MIT Lincoln Laboratory
`
`S. Dov Gordon (graduated in 2010)
`Currently at Applied Communication Sciences
`
`Omer Horvitz (graduated in 2007, co-advised with Prof. Gligor)
`Currently at techmeme.com
`
`Chiu-Yuen Koo (graduated in 2007)
`Currently at Google Labs, Mountain View, CA
`
`Ruggero Morselli, (graduated in 2006, co-advised with Prof. Bhattacharjee)
`Currently at Google Labs, Pittsburgh, PA
`
`Current:
`Aishwarya Thiruvengadam
`
`Daniel Apon
`
`Alex Malozemoff
`
`Andrew Miller
`
`5
`
`Page 021
`
`
`
`Postdoctoral Researchers
`
`Hoang Viet Tung, 2014–present
`
`Feng-Hao Liu, 2013–present
`
`Jean Paul Degabriele, 2013–2014
`Currently a postdoc at Royal Holloway University of London
`
`Yan Huang, 2012–2014
`Currently an assistant professor at Indiana University
`
`Hong-Sheng Zhou, 2010–2013
`Currently an assistant professor at Virginia Commonwealth University
`
`Dominique Schr¨oder, 2011–2012
`Currently an assistant professor at Saarland University, Germany
`
`Raef Bassily, 2012
`Currently a postdoc at Penn State University
`
`Seung Geol Choi, 2010–2012
`Currently an assistant professor at the US Naval Academy
`
`Vassilis Zikas, 2010–2012
`Currently a postdoc at UCLA
`
`Lior Malka, 2009–2010
`Currently at Intel, Santa Clara, CA
`
`Ik Rae Jeong, 2005–2006
`Currently an assistant professor at Korea University
`
`Professional Activities
`
`Editorial board:
`– Information & Computation (2012–present)
`– Journal of Cryptology (2011–present)
`– International Journal of Applied Cryptography (2007–present)
`– Journal of Computer and System Sciences (2013–2014 )
`– IET Information Security (2005–2012 )
`– Fundamenta Informaticae (2006–2011 )
`
`Program chair:
`– Intl. Conference on Practice and Theory in Public-Key Cryptography (PKC) 2015
`– Conference on Decision and Game Theory for Security (GameSec) 2011
`– Cryptography Track, 12th International Symposium on Stabilization, Safety, and Security
`of Distributed Systems (SSS) 2010
`– Applied Cryptography and Network Security (ACNS) 2007
`
`Program committees:
`– Mycrypt 2016
`– IEEE Symposium on Security & Privacy (Oakland) 2009, 2015
`
`6
`
`Page 022
`
`
`
`– ACM Conf. Computer and Comm. Security (CCCS) 2005, 2006, 2011, 2012, 2013
`– European Symposium on Security in Computer Security (ESORICS) 2013
`– Crypto 2003, 2005, 2006, 2009, 2013
`– Eurocrypt 2006, 2008, 2009, 2011, 2013
`– Asiacrypt 2004, 2007, 2008, 2010, 2012
`– Theory of Cryptography Conference (TCC) 2006, 2007, 2012
`– RSA—Cryptographers’ Track 2006, 2007, 2010, 2012
`– Financial Cryptography 2012
`– ACM-SIAM Symposium on Discrete Algorithms (SODA) 2011
`– Intl. Conf. on Cryptology and Network Security (CANS) 2010
`– Intl. Conf. on Pairing-Based Cryptography (Pairing) 2010
`– Public-Key Cryptography (PKC) 2007, 2010
`– ACM Symposium on Theory of Computing (STOC) 2009
`– Applied Cryptography and Network Security (ACNS) 2006, 2009
`– IEEE Symposium on Foundations of Computer Science (FOCS) 2008
`– Security in Communication Networks 2008
`– ICALP 2007
`– ACM Workshop on Security and Sensor Networks (SASN) 2004, 2005, 2006
`– Security and Cryptography for Networks (SCN) 2006
`– VietCrypt 2006
`– International Conference on Information Security and Cryptology (ICISC) 2005, 2006
`– UCLA/IPAM workshop on “Locally decodable codes. . . ,” 2006
`– Workshop on Cryptography over Ad Hoc Networks (WCAN) 2005, 2006
`– International Conference on Cryptology in Malaysia (Mycrypt) 2005
`– Workshop in Information Security and Applications (WISA) 2004
`
`Invited Courses/Tutorials
`
`Half-day tutorial: “Ruminations on Defining Rational Multi-Party Computation,” Summer
`School on Rational Cryptography (Bertinoro, Italy), June 2008.
`
`1-hour tutorial: “The Basics of Public-Key Encryption,” Booz Allen Hamilton (Linthicum,
`MD), October 2007.
`
`2+-hour tutorial: “A Survey of Modern Cryptography,” ACM Sigmetrics, June 2007.
`
`Week-long course: “Zero Knowledge: Foundations and Applications,” (Bertinoro, Italy),
`October 2006.
`
`Half-day tutorial: “Black-Box Reductions, Impossibility Results, and Efficiency Lower
`Bounds,” UCLA/IPAM, September 2006.
`
`Invited Panel and Session Participation
`
`11th Colloquium for Information System Security Education (Boston University): panel
`member, “How to Teach Cryptology,” June 2007.
`
`7
`
`Page 023
`
`
`
`Invited Talks
`
`Naval Postgraduate School Foundation, President’s Circle Retreat: “Privacy-Preserving
`Distributed Computation,” April 2014.
`
`Georgetown University: “Secure Computation in the RAM Model,” April 2014.
`
`Rutgers University: “Privacy-Preserving Computation: How, What, and Why?” Novem-
`ber 2013.
`
`First EasyCrypt workshop (University of Pennsylvania): “EasyCrypt 0.2 Feedback and
`Recommendations,” July 2013.
`
`Workshop on Real-World Cryptography (Stanford): “Practical Anonymous Subscriptions,”
`January 2013.
`
`Workshop on Theory and Practice of Multiparty Computation (Aarhus, Denmark): “Recent
`Results on Game Theory and Secure Computation,” June 2012.
`
`Indiana University: “Is (Generic) Secure Two-Party Computation Practical?” Novem-
`ber 2011.
`
`Microsoft Research (Redmond, WA): “(Ever More) Efficient Secure Two-Party Computa-
`tion,” March 2011.
`
`PerAda Workshop on Security, Trust, and Privacy (Rome, Italy): “Privacy, Trust, and
`Security in Pervasive Computing: Challenges and Opportunities,” November 2010.
`
`Tsinghua University (Beijing, China): “Fairness and Partial Fairness in Two-Party Com-
`putation,” June 2010
`
`Beijing Institute of Technology: “Rational Secret Sharing,” June 2010.
`
`SKLOIS: The State Key Laboratory Of Information Security (Beijing, China): “Leakage-
`Resilient Cryptography,” June 2010.
`
`SKLOIS: The State Key Laboratory Of Information Security (Beijing, China): “Rational
`Secret Sharing,” June 2010.
`
`Workshop on Decentralized Mechanism Design, Distributed Computing, and Cryptography
`(Princeton University): “Rational Secret Sharing: A Survey,” June 2010.
`
`Mi