UNITED STATES PATENT AND TRADEMARK OFFICE
`
`___________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`___________
`
`GOOGLE INC.
`Petitioner
`
`v.
`
`ALFONSO CIOFFI, MEGAN ELIZABETH ROZMAN,
`MELANIE ANN ROZMAN, AND MORGAN LEE ROZMAN
`Patent Owners
`
`___________
`
`Patent No. RE43,528
`___________
`
`DECLARATION OF DR. MICHAEL KOGAN REGARDING
`U.S. PATENT NO. RE43,528 IN SUPPORT OF PETITION FOR COVERED
`BUSINESS METHOD REVIEW
`
`Google – Exhibit 1022, cover
`
`

`
`TABLE OF CONTENTS
`Background and Qualifications .......................................................................... 2
`I.
`II. Materials Considered .......................................................................................... 7
`III.
`Legal Standards for Patentability ....................................................................... 9
`A.
`Improper Recapture of Surrendered Subject Matter .............................. 10
`B.
`Original Patent Requirement .................................................................. 11
`C.
`Lack of Enablement ............................................................................... 12
`D.
`Ineligible Subject Matter ........................................................................ 13
`IV. Overview of The ’528 Reissue and Its Parent ’247 Patent .............................. 14
`A.
`Effective Filing Date .............................................................................. 14
`B.
`Summary of the ’247 Patent Specification ............................................ 14
`1.
`The Problem Described in the ’247 Patent .................................. 15
`2.
`The Alleged Solution Described in the ’247 Patent .................... 21
`a)
`The Isolation Principles Taught by the ’247 Patent .......... 21
`b)
`Encryption and Decryption Taught by the ’247 Patent ..... 33
`Summary of the ’247 Patent Prosecution ............................................... 40
`C.
`The ’247 Patent Claims .......................................................................... 49
`D.
`The ’528 Reissue Patent Prosecution ..................................................... 50
`E.
`The ’528 Reissue Claims ....................................................................... 54
`F.
`Person of Ordinary Skill in the Art ........................................................ 65
`G.
`Construction of Terms Used in the ’528 Reissue ............................................. 66
`V.
`VI. Claims 21-24, 30, 44, 64, and 67 Are Invalid for Improper Recapture of
`surrendered subject matter ................................................................................ 67
`A.
`Step 1: The Applicants Surrendered The Use of a Monolithic,
`Single-Core Processor During Prosecution of the ’247 Patent .............. 68
`Step 2: The Broader Aspects of the Reissue Claims Relate to the
`Subject Matter Surrendered in the Original Prosecution ....................... 79
`Step 3: The Reissue Claims Were Not Materially Narrowed in
`Other Respects in Order to Avoid the Recapture Rule .......................... 82
`
`B.
`
`C.
`
`i
`
`Google – Exhibit 1022, page i
`
`

`
`D.
`
`B.
`
`The Improperly Recaptured Single-Processor Configuration Is
`Not an “Overlooked Aspect” of the Original ’247 Patent ..................... 87
`VII. All Challenged Claims Violate the Original Patent Requirement ................... 91
`VIII. The Challenged Claims Are Not Enabled by the Patent Specification ............ 99
`A.
`Claims 21-24, 30, 44, 64, and 67 Are Invalid for Lack of
`Enablement Because the Specification Does Not Disclose a Single
`Processor (Single-Core) Configuration .................................................. 99
`All of the Challenged Claims Are Invalid for Lack of Enablement
`Because the Specification Does Not Disclose a First Web Browser
`Process Accessing Data of a Website Via the Network ...................... 107
`The Challenged Claims Are Directed to INEligible Subject Matter .............. 113
`Conclusion ...................................................................................................... 114
`
`IX.
`X.
`
`TABLE OF CONTENTS
`(continued)
`
`-ii-
`
`
`
`Google – Exhibit 1022, page ii
`
`

`
`I, Dr. Michael Kogan, declare as follows:
`
`1.
`
`My name is Dr. Michael Kogan, and I have been retained by counsel
`
`for Google Inc. to investigate certain issues related to several reissue patents that
`
`have been asserted against Google Inc. including U.S. Patent No. RE43,528 (“the
`
`’528 Reissue”) as well as the original patent U.S. Patent No. 7,484,247 (“the ’247
`
`Patent”). I make the statements in this declaration based upon my own personal
`
`knowledge and, if called upon as a witness, I could and would testify to the
`
`following.
`
`2.
`
`I have also been retained as an expert witness by Google Inc. in
`
`connection with the district court lawsuit involving the ’528 Reissue, and I have
`
`provided certain opinions in that proceeding. I have not been asked to restate all of
`
`my opinions regarding the patentability of claims in the ’528 Reissue. I continue
`
`to hold the opinions that I have expressed in the district court lawsuit, and the fact
`
`that I have not restated a particular opinion in this declaration does not mean that I
`
`have changed my previously expressed opinion in any way.
`
`3.
`
`I am being compensated for my time at the rate of $550 for each hour
`
`of service that I provide in connection with this case. This compensation is not
`
`contingent upon my performance, the outcome of this case, or any issues involved
`
`in or related to this case.
`
`1
`
`Google – Exhibit 1022, page 1
`
`

`
`I.
`
`BACKGROUND AND QUALIFICATIONS
`
`4.
`
`I have more than thirty-three years of experience with a primary focus
`
`on PC and embedded systems product development. My curriculum vitae is
`
`attached as Exhibit 1 to this declaration.
`
`5.
`
`Based on my work experience, described in detail in my curriculum
`
`vitae, I am knowledgeable about operating systems software at all levels, including
`
`personal computer (PC) and embedded systems architecture, hardware and device
`
`drivers, multitasking, memory management, interprocess communications,
`
`program loading, and graphical user interfaces (GUIs). I have experience with
`
`operating system development in connection with the following operating systems:
`
`CP/M, DOS, OS/2, Windows, and a wide variety of UNIX variants including
`
`XENIX, PC/IX, AIX, Mach, ATT Unix, Berkeley Unix, Linux, Android, and iOS.
`
`6.
`
`I am an expert in PC and embedded systems software with specialized
`
`skills in operating systems, system software on microprocessor-based platforms
`
`including the areas of operating system kernels, multitasking and interprocess
`
`communications, memory management and protection, I/O programming and
`
`device drivers, system initialization and boot code, communications, cross-
`
`platform portability, cross-platform development, and GUI subsystems. My
`
`expertise includes multitasking operating system environments with security and
`
`protection mechanisms.
`
`2
`
`Google – Exhibit 1022, page 2
`
`

`
`7.
`
`I am knowledgeable and skilled in the development of consumer
`
`electronics platforms, from both a hardware and operating system perspective. I
`
`have designed and implemented embedded operating systems and reference
`
`platforms for the development of one- and two-way pagers, smart phones, PDAs,
`
`and various general consumer-device architectures. I have significant experience
`
`with embedded operating systems including OS9, OS9000, pSOS, QNX, MDSOS,
`
`MEMOS, eCos, VxWorks, Android, and iOS.
`
`8. While at IBM from 1985-1992, I served as a developer, designer, and
`
`ultimately as chief architect of the OS/2 operating system products. From 1985-
`
`1987, I was a lead developer for the design, development, and testing of 16-bit
`
`OS/2. My main areas of responsibility included device drivers, memory
`
`management, debugging, queues, DOS compatibility, system initialization, and
`
`ABIOS support. From 1987-1991, I was the chief architect for the 32-bit version
`
`of OS/2 which shipped in 1992 as OS/2 2.0. My responsibilities included overall
`
`design responsibility for the kernel, subsystems such as Presentation Manager, 32-
`
`bit API, compatibility architecture, and performance. I implemented prototype 32-
`
`bit systems and provided new designs in multitasking, memory management,
`
`interprocess communications, and compatibility areas. I also provided high-level
`
`and low-level design documentation, complete product specifications, invention
`
`disclosures, and patent filings. From 1991-1992, I was technical staff for the OS/2
`
`3
`
`Google – Exhibit 1022, page 3
`
`

`
`programming area. I resolved key design and implementation issues for OS/2 2.0
`
`delivery, provided technical and strategic briefings for customers, and was a
`
`technical interface to trade press and independent software vendors. I provided
`
`technical direction for the implementation of OS/2 multimedia extensions and
`
`performed advanced technical research and prototyping for future systems
`
`including multiprocessing prototypes.
`
`9.
`
`Based on my work at IBM, I am responsible for two patents and
`
`numerous invention disclosures pertaining to multitasking operating systems
`
`technology.
`
`10.
`
`In 1992, I co-authored the book The Design of OS/2 which describes
`
`the motivation, design, and internals of the 16-bit and 32-bit OS/2 systems. It
`
`includes deep details on OS/2 including multitasking, interprocess
`
`communications, and GUI subsystems.
`
`11.
`
`From 1992-1995, after leaving IBM, I consulted in the OS/2 market
`
`providing both design and development services to clients utilizing OS/2. I also
`
`was featured as a speaker at OS/2 technical seminars and public forums and wrote
`
`for several magazines.
`
`12. While at Motorola from 1995 to 1996, I was the development lead for
`
`implementing Microware OS9 and OS9000 on advanced paging platforms and
`
`ported the OS9 operating system to numerous Motorola platforms.
`
`4
`
`Google – Exhibit 1022, page 4
`
`

`
`13. While at Ratio Design Labs from 1996 to 1997, I led a small group
`
`responsible for rewriting an embedded operating system known as MDSOS for the
`
`ARM, Motorola, and Intel embedded platforms. This experience includes some of
`
`the first embedded devices to utilize advanced system-on-chip architectures with
`
`high integration in combination with Flash memory technology, advanced power
`
`management, and graphical LCD displays. As part of my work while at Ratio
`
`Design Labs, I supported the development of AirScript which enabled GUIs on
`
`platforms with advanced graphical LCD displays.
`
`14. While at Cygnus Solutions from 1997 to 1998, my responsibilities
`
`included engineering direction and management for Cygnus’s cross-platform GUI
`
`Integrated Development Environment (IDE) product, and Cygnus’s board support
`
`tools for enabling rapid software development on multiple embedded hardware
`
`platforms.
`
`15. Outside the aforementioned engagements, I have written numerous
`
`custom device drivers and subsystems for consulting clients in many operating
`
`system environments and have been involved in the architecture, design, and
`
`implementation of numerous desktop products and embedded devices. I also have
`
`significant experience building client-server applications, dynamic websites, web
`
`applications, web services, and mobile applications.
`
`16.
`
`In addition to my knowledge and experience with how operating
`
`5
`
`Google – Exhibit 1022, page 5
`
`

`
`systems are designed and implemented, I also have extensive experience with and
`
`knowledge of subsystems, frameworks, and applications that run in conjunction
`
`with the operating system, how they are designed and implemented, and how they
`
`operate. As a lead operating system developer and lead designer, my
`
`understanding of how these other software components operate has enabled me to
`
`provide not only designs and implementations of operating systems services to
`
`enable their operation, but also to provide recommendations on designs and
`
`implementations of frameworks and applications to enable them to provide
`
`functionality and services optimally.
`
`17.
`
`For example, as Chief Architect of OS/2 2.0 at IBM, I worked
`
`extensively to further the designs and implementation of IBM’s Communications
`
`Manager/2. Communications Manager/2 provided networking and
`
`communications support for OS/2 and IBM’s Database Manager/2, which provided
`
`an OS/2 DB2 server product. Additionally, during my time at IBM and in the two
`
`years after leaving IBM, I consulted with numerous OS/2 customers on client-
`
`server architectures to enable their applications and subsystems on OS/2 and other
`
`platforms. While at IBM I was also responsible for supporting the OS/2
`
`Presentation Manager, OS/2’s GUI subsystem, and GUI-based applications.
`
`18.
`
`I have had similar experiences with embedded and consumer devices
`
`for Ratio, Cygnus, and other consulting clients. In these roles, I gained further
`
`6
`
`Google – Exhibit 1022, page 6
`
`

`
`experience enabling various communications stacks on mobile devices including
`
`TCP/IP stacks, IrDA (infra-red wireless communications), and RF
`
`communications, as well as numerous other systems-related technologies such as
`
`GUIs, storage subsystems, power management systems, firmware architecture, and
`
`a wide variety of I/O devices and their operation.
`
`19.
`
`I received my Masters of Science degree in Computer Science from
`
`Nova University in 1986, and my Doctor of Sciences degree in Computer Science
`
`from Nova University in 1991.
`
`20. My experience coupled with my education enables my full
`
`understanding of the methods and technologies addressed by the ’528 Reissue (and
`
`its parent ’247 Patent).
`
`21.
`
`In formulating my opinions discussed below, I have relied on my
`
`knowledge, training, education, and experience in the field of computer science
`
`and more particularly with multitasking operating system environments with
`
`security and protection mechanisms (as discussed above in detail).
`
`II. MATERIALS CONSIDERED
`
`22.
`
`In the course of my engagement with Google Inc. in connection with
`
`the underlying lawsuit, I have reviewed and considered numerous different
`
`materials. For purposes of this declaration, I have primarily relied on the following
`
`documents:
`
`7
`
`Google – Exhibit 1022, page 7
`
`

`
`• the ’528 Reissue (Ex. 1001);
`
`• Prosecution history of U.S. Application No. 12/720,147, which led to
`
`the issuance of the ’528 Reissue (“File History”) (Ex. 1002);
`
`• the ’247 Patent (Ex. 1003);
`
`• Prosecution history of U.S. Application No. 10/913,609, which led to
`
`the issuance of the ’247 Patent (“’247 Patent File History”)
`
`(Ex. 1004);
`
`• U.S. Patent No. 6,578,140 (“Policard”) (Ex. 1006);
`
`• U.S. Patent No. 6,192,477 (“Corthell”) (Ex. 1007);
`
`• U.S. Patent Application Publication No. 2002/002673 (“Narin”)
`
`(Ex. 1008);
`
`• Patent Local Rule 4-3 Joint Claim Construction and Prehearing
`
`Statement (“Joint Claim Const. Statement”) (Ex. 1010);
`
`• Plaintiff’s Reply Memorandum In Support of Opening Claim
`
`Construction Brief (“PO Reply Claim Const. Brief”) (Ex. 1011);
`
`• Claim Construction Memorandum and Order (“Claim Const. Order”)
`
`(Ex. 1012) as well as the Federal Circuit decision in the related
`
`litigation;
`
`• Transcript of the deposition of H.E. Dunsmore dated June 17, 2014
`
`(“2014 Dunsmore Dep.”) (Ex. 1013);
`
`8
`
`Google – Exhibit 1022, page 8
`
`

`
`• Transcript of the deposition of H.E. Dunsmore dated October 10,
`
`2016 (“2016 Dunsmore Dep.”) (Ex. 1014);
`
`• Expert Declaration of H.E. (“Buster”) Dunsmore (“Dunsmore Claim
`
`Const. Decl.”) (Ex. 1015);
`
`• Expert Report of Professor H.E. Dunsmore (“Dunsmore Report”)
`
`(Ex. 1016);
`
`• Excerpts from transcript of deposition of Alfonso Cioffi dated June
`
`26, 2014 (“June 2014 Cioffi Dep.”) (Ex. 1017);
`
`• Excerpts from transcript of deposition of Alfonso Cioffi dated
`
`November 7, 2014 (“Nov. 2014 Cioffi Dep.”) (Ex. 1018);
`
`• Microsoft Press Computer Dictionary, 5th ed. 2002 (“Computer
`
`Dictionary”) (Ex. 1019);
`
`• Joint Notice of Agreed Construction (Ex. 1020).
`
`23. My opinions are also based on my education, experience, and
`
`knowledge gained from over more than 30 years of design and development of
`
`operating systems in computers and embedded devices, and specifically including
`
`multitasking operating system environments with security and protection
`
`mechanisms.
`
`III. LEGAL STANDARDS FOR PATENTABILITY
`
`24.
`
`For purposes of this declaration, I have been informed about certain
`
`9
`
`Google – Exhibit 1022, page 9
`
`

`
`aspects of the law as it relates to my opinions.
`
`25.
`
`I understand that in this covered business method patent review
`
`proceeding, Google has the burden of proving that the claims of the ’528 Reissue
`
`are unpatentable by a preponderance of the evidence. I understand that a
`
`preponderance of the evidence is evidence sufficient to show that a fact is more
`
`likely true than not true.
`
`26.
`
`I also understand that in this covered business method patent review
`
`proceeding, the claims must be given their broadest reasonable interpretation
`
`consistent with the patent specification.
`
`A.
`
`27.
`
`Improper Recapture of Surrendered Subject Matter
`
`I understand that the recapture rule under 35 U.S.C. § 251 bars a
`
`patent holder from recapturing subject matter, through reissue, that the patent
`
`holder intentionally surrendered during the original prosecution in order to
`
`overcome prior art and obtain the patent. I understand that improper recapture is
`
`evaluated through a three-part test.
`
`28.
`
`I understand that the first step is to determine if and in what aspect the
`
`reissue claims are broader than the original patent claims.
`
`29.
`
`I further understand that the second step is to determine whether the
`
`broader aspects of the reissue claims relate to surrendered subject matter. I
`
`understand a person of ordinary skill must look to changes in the claim language
`
`10
`
`Google – Exhibit 1022, page 10
`
`

`
`and arguments in the prosecution history made in an effort to overcome prior art to
`
`determine what subject matter the patent holder surrendered.
`
`30.
`
`I understand that the third step requires determining whether the
`
`surrendered subject matter has crept into the reissue claims. If the limitation added
`
`during the original prosecution is eliminated in its entirety, I understand that the
`
`surrendered subject matter has been recaptured and the scope of the reissue claim
`
`is broader than the original. I further understand that application of the recapture
`
`rule can be avoided if the reissue claims “materially narrow” the claims relative to
`
`the original claims. To avoid the recapture rule under this prong, however, the
`
`narrowing at issue must relate to the subject matter surrendered during the original
`
`prosecution such that the full scope of what was surrendered is not recaptured.
`
`B.
`
`31.
`
`Original Patent Requirement
`
`I understand that under 35 U.S.C. § 251 a patent can be reissued only
`
`“for the invention disclosed in the original patent.”
`
`32.
`
`I understand that the “original patent” requirement is directed to
`
`whether one of ordinary skill in the art, reading the specification, would identify
`
`the subject matter of the new claims as invented and disclosed by the patent
`
`holders. I further understand that original patent requirement is not met unless the
`
`original patent specification clearly and unequivocally discloses the newly claimed
`
`invention as a separate invention. It is not sufficient for the original specification
`
`11
`
`Google – Exhibit 1022, page 11
`
`

`
`to merely suggest or indicate the invention claimed in the reissue claims.
`
`33. Additionally, I understand that 35 U.S.C. § 251 prohibits the
`
`introduction of new matter in a reissue application.
`
`C.
`
`34.
`
`Lack of Enablement
`
`I understand that 35 U.S.C. § 112 imposes certain requirements on the
`
`form of a patent’s disclosure. One requirement of a patent is that its specification
`
`must enable the invention as claimed.
`
`35.
`
`In particular, I understand that 35 U.S.C. § 112 states: “The
`
`specification shall contain a written description of the invention, and the manner
`
`and process of making and using it, in such full, clear, concise, and exact terms as
`
`to enable any person skilled in the art to which it pertains, or with which it is most
`
`nearly connected, to make and use the same . . . .”
`
`36.
`
`I understand that a patent specification must enable those skilled in
`
`the art to practice the full scope of the claimed invention without undue
`
`experimentation. I understand that the following factors are considered in
`
`determining whether a particular disclosure would require undue experimentation:
`
`(i) the quantity of experimentation necessary; (ii) the amount of direction or
`
`guidance presented; (iii) the presence or absence of working examples; (iv) the
`
`nature of the invention; (v) the state of the prior art; (vi) the relative skill of those
`
`in the art; (vii) the predictability or unpredictability of the art; and (viii) the breadth
`
`12
`
`Google – Exhibit 1022, page 12
`
`

`
`of the claims.
`
`37.
`
`To determine whether the specification enables a claim, one accounts
`
`for both what is disclosed in the specification and what would have been known to
`
`one of ordinary skill in the art at the time of filing of the patent. A patent does not
`
`necessarily need to describe how to make and use every possible variant of the
`
`claimed invention, because the artisan’s knowledge of the prior art and routine
`
`experimentation can often fill gaps, interpolate between embodiments, and perhaps
`
`even extrapolate beyond the disclosed embodiments, depending upon the
`
`predictability of the art. Nonetheless, it is the specification which must supply the
`
`novel aspects of the claimed invention, rather than the knowledge of one skilled in
`
`the art. The specification must further provide a reasonable level of detail about
`
`the novel aspects of the claimed invention as opposed to a mere starting point or
`
`suggestion for further research or analysis.
`
`D.
`
`38.
`
`Ineligible Subject Matter
`
`I understand that patent claims may be invalid for claiming
`
`unpatentable subject matter. This includes laws of nature, natural phenomena, and
`
`abstract ideas.
`
`39.
`
`I understand that there is a two-step process for determining whether a
`
`patent claim is invalid for claiming unpatentable subject matter. First, one must
`
`determine whether the claims at issue are directed to one of the patent-ineligible
`
`13
`
`Google – Exhibit 1022, page 13
`
`

`
`concepts. Second, if the claims are directed to patent-ineligible subject matter, one
`
`must consider the limitations of each claim both individually and as an ordered
`
`combination to determine whether the additional limitations transform the nature
`
`of the claim into a patent-eligible application of a patent-ineligible concept. I
`
`understand that the second step of this analysis can be described as a search for an
`
`inventive concept – a limitation or combination of limitations that is sufficient to
`
`ensure that the patent in practice amounts to significantly more than a patent on the
`
`ineligible concept itself.
`
`IV. OVERVIEW OF THE ’528 REISSUE AND ITS PARENT
`’247 PATENT
`
`A.
`
`40.
`
`Effective Filing Date
`
`The ’528 Reissue is a reissue of the ’247 Patent, which was based on
`
`U.S. Application No. 10/913,609 filed on August 7, 2004. I understand that the
`
`effective filing date of the claims of the ’528 Reissue is August 7, 2004. I have
`
`used that date in my analysis.
`
`41.
`
`I understand that the Patent Owner has taken the position in the
`
`related litigation that the appropriate invention date is in May 2004. I have
`
`considered my opinions in view of this date as well. Applying May 2004 as the
`
`invention date has no impact on my opinions expressed here.
`
`B.
`
`42.
`
`Summary of the ’247 Patent Specification
`
`The ’247 Patent is entitled “System and Method for Protecting a
`
`14
`
`Google – Exhibit 1022, page 14
`
`

`
`Computer System from Malicious Software.”
`
`1.
`
`The Problem Described in the ’247 Patent
`
`43. According to the ’247 Patent specification, while the growth of
`
`personal computers and their use of the internet through applications such as email
`
`and web browsers has led to increasing popularity, the problem of unwanted
`
`incursions into the main memory and non-volatile storage areas of computers has
`
`become a problem. ’247 Patent at 3:15-39 (Ex. 1003).
`
`44.
`
`The ability of programs to interact with each other and with data files
`
`such as critical operating system files in computer systems has contributed to the
`
`security problem of unwanted incursions. ’247 Patent at 3:40-44 (Ex. 1003).
`
`45. A “new class of unwanted malicious software generally known as
`
`malware… is capable of infiltrating any computer system which is connected to a
`
`network of interconnected computer systems.” ’247 Patent at 3:45-49 (Ex. 1003).
`
`46.
`
`The specification goes on to describe various types of malware,
`
`malware attacks, and the impact of such malware attacks. ’247 Patent at 3:49-62
`
`(Ex. 1003). Furthermore, malware is also capable of defending itself from attempts
`
`by the user to remove it or otherwise cleanse the computer system. ’247 Patent at
`
`3:63-4:24 (Ex. 1003).
`
`47.
`
`The specification next describes multitasking operating systems, and
`
`how programs that run on these systems share the processor, space on the same
`
`15
`
`Google – Exhibit 1022, page 15
`
`

`
`nonvolatile memory storage devices (e.g. disk), space in main memory, and other
`
`operating system resources. ’247 Patent at 4:25-49 (Ex. 1003).
`
`48.
`
`The specification describes security problems and vulnerabilities that
`
`arise as a result of this resource sharing, particularly with respect to malware. ’247
`
`Patent at 4:50-59 (Ex. 1003). The specification informs that because the CPU,
`
`devices, memory, and storage are shared, malware programs are capable of
`
`hogging these resources so they are not available to other programs, corrupting
`
`resource files used by and created by other programs, corrupting executable
`
`program files themselves, corrupting the operating system itself, and corrupting
`
`and disrupting the execution of other programs by accessing memory locations
`
`used by other programs. ’247 Patent at 4:50-59 (Ex. 1003).
`
`49. According to the specification, numerous software-oriented
`
`techniques have been utilized by software and operating system programmers to
`
`prevent malware infestations:
`
`Many security features and products are being built by software
`manufacturers and by O/S programmers to prevent malware
`infiltrations from taking place, and to ensure the correct level of
`isolation between programs. Among these are architectural solutions
`such as rings-of-protection in which different trust levels are assigned
`to memory portions and tasks, paging which includes mapping of
`logical memory into physical portions or pages, allowing different
`tasks to have different mapping, with the pages having different trust
`
`16
`
`Google – Exhibit 1022, page 16
`
`

`
`levels, and segmentation which involves mapping logical memory
`into logical portions or segments, each segment having its own trust
`level wherein each task may reference a different set of segments.
`
`’247 Patent at 4:66-5:11 (Ex. 1003).
`
`50.
`
`The specification continues, stating that the extensive resource
`
`(processor, memory, storage, etc.) sharing capabilities of these operating systems
`
`drive complexity in security features, which leads to more vulnerability in the
`
`system and opportunity for malware practitioners to penetrate the system via the
`
`features that allow the resource sharing and communications between programs:
`
`Since the sharing capabilities using traditional operating systems are
`extensive, so are the security features. However, the more complex
`the security mechanism is, the more options a malware practitioner
`has to bypass the security and to hack or corrupt other programs or the
`O/S itself, sometimes using these very features that allow sharing and
`communication between programs to do so.
`
`’247 Patent at 5:11-17 (Ex. 1003).
`
`51.
`
`Therefore, according to the specification, these software security
`
`mechanisms are inadequate to stop malware attacks, and malware practitioners
`
`have found a way around these software security mechanisms in every
`
`environment, even overcoming software techniques such as sandboxing for code
`
`downloaded from the Internet.
`
`17
`
`Google – Exhibit 1022, page 17
`
`

`
`Further, regarding malware programs, for virtually every software
`security mechanism, a malware practitioner has found a way to
`subvert, or hack around, the security system, allowing a malware
`program to cause harm to other programs in the shared environment.
`This includes every operating system and even the Java language,
`which was designed to create a standard interface, or sandbox, for
`Internet downloadable programs or applets.
`
`’247 Patent at 5:18-25 (Ex. 1003).
`
`52. A person of ordinary skill in the art would know that a “sandbox” or
`
`“sandboxing” refers to a software technique that utilizes system security methods
`
`to limit the access of a program to prevent it from using specific system resources.
`
`Computer Dictionary at 463 (Ex. 1019).
`
`53.
`
`The specification teaches that it is the architecture of the computer
`
`system and the operating system itself that leads to these vulnerabilities that
`
`software cannot secure, due to the inherent problem that resources are shared. ’247
`
`Patent at 5:25-50 (Ex. 1003). The specification states:
`
`The inherent problem with existing architectures is that resources,
`such as RAM, or a hard disk, are shared by programs simultaneously,
`giving a malware program a conduit to access and corrupt other
`programs, or the O/S itself through the shared resource.
`
`’247 Patent at 5:40-44 (Ex. 1003).
`
`54. After teaching the shortcomings of multitasking operating systems
`
`and their shared resource architectures as they relate to malware intrusions, the
`18
`
`Google – Exhibit 1022, page 18
`
`

`
`specification goes on to detail solutions that existed at the time that attempted to
`
`block, scan, and stop the infestation of malware. According to the inventors, the
`
`problem with these solutions was that they relied on foreknowledge of specific
`
`previously-identified malware, were inadequate to detect new attacks, imposed
`
`performance penalties on the system, and could be rapidly circumvented. ’247
`
`Patent at 5:50-6:55 (Ex. 1003).
`
`55.
`
`The specification points to a basic flaw with the existing anti-malware
`
`techniques on the aforementioned systems:
`
`The basic flaw is that all incoming executable data files must be
`resident on the computers main processor to perform their desired
`function. Once resident on that processor, access may be gained to
`non-volatile memory and other basic computer system elements.
`Malware exploits this key architectural flaw to infiltrate and
`compromise computer systems.
`
`’247 Patent at 6:24-31 (Ex. 1003).
`
`56.
`
`Finally the specification concludes that the major problem faced by
`
`computer users connected to the Internet is that the “network interface program (a
`
`browser, for example)” is on the same processor and memory as the operating
`
`system and the trusted applications, and that even with software security measures
`
`designed into the operating system malware incursions are still capable of
`
`corrupting critical shared files. ’247 Patent at 6:56-64 (Ex. 1003). The
`
`19
`
`Google – Exhibit 1022, page 19
`
`

`
`specification states:
`
`A major problem faced by computer users connected to a network is
`that the network interface program (a browser, for example) is
`resident on the same processor as the O/S and other trusted programs,
`and shares space on a common memory storage medium. Even with
`security designed into the O/S, malware practitioners have
`demonstrated great skill in circumventing software security measures
`to create malware capable of corrupting critical files on the shared
`memory storage medium.
`
`’247 Patent at 6:56-64 (Ex. 1003).
`
`57.
`
`To summarize, the ’247 Patent teaches:
`
`•
`
`Computers connected to the Internet were vulnerable to
`
`malware attacks via network interface programs such as the web browser.
`
`•
`
`The risk is that incoming executable data files reside on the
`
`same storage media that is used by the processor that runs trusted programs and the
`
`operating system. Once resident on that storage, when executed by the processor,
`
`malware can utilize the common shared storage such as the non-volatile memory
`
`and other basic computer system elements to infiltrate a