UNITED STATES PATENT AND TRADEMARK OFFICE
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`ORACLE CORPORATION AND APPLE INC.
`
`Petitioners
`
`V.
`
`IVIAZ Technologies, LLC.
`
`Patent Owner
`
`U.S. Patent No. 7,096,358
`
`Filing Date: September 8, 2003
`
`Issue Date: August 22, 2006
`
`Title: ENCRYPTING FILE SYSTEM
`
`Inter Partes Review No. Unassigned
`
`DECLARATION OF DR. JOHN P. J. KELLY
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 1
`
`

`
`Declaration of Dr. John P. J. Kelly
`
`1.
`
`I, Dr. John P. J. Kelly, make this declaration in connection with the petition by Apple,
`
`Inc. and Oracle Corporation (collectively “Petitioners”) for Inter Partes Review of U.S.
`
`Patent No. 7,096,358 (“the ‘358 Patent”) owned by MAZ Technologies, Inc.
`
`2.
`
`I make this declaration based upon personal knowledge. I am over age 21 and otherwise
`
`competent to make this declaration.
`
`3. The statements herein include my opinions and the bases therefore, which relate to the
`
`‘358 Patent and various prior art references that disclose features found in the claims of
`
`the ‘358 Patent. Although I am being compensated for my time in preparing this
`
`declaration, the opinions herein are my own, and I have no stake in the outcome of the
`
`review proceeding. My compensation does not depend in any way on the success of this
`
`petition.
`
`Background and Qualifications
`
`4. Attached hereto as Exhibit A is a true and correct copy of my Curriculum Vitae
`
`describing my background and experience.
`
`I have personal knowledge of the facts and
`
`opinions set forth in this declaration, and, if called upon to do so, I would testify
`
`competently thereto.
`
`5.
`
`I hold Bachelor of Arts and Master of Arts degrees with Honors in Mathematics fiom the
`
`University of Cambridge, England. I hold a Ph.D. in Computer Science from U.C.L.A.
`
`From 1982 through 1986, I was a professor in the Computer Science Department at
`
`U.C.L.A. From 1986 through 1997, I was a professor in the Electrical and Computer
`
`Declaration of Dr. John P. J. Kelly
`
`2
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 2
`
`

`
`Engineering Department of the University of California, Santa Barbara, where I held
`
`tenure.
`
`6.
`
`I am the principal of Kelly Computing, Inc.
`
`I teach and consult in many different aspects
`
`of computer science and engineering, including computer hardware and software
`
`architecture and design, software engineering and fault tolerance. My particular areas of
`
`expertise include computer architecture, software engineering and “clean-room”
`
`development and evaluation, reverse engineering, operating systems (including real-time
`
`and embedded), network computing (including Internet computing), storage systems,
`
`fault tolerance, reliability and security, parallel and distributed computing systems,
`
`transaction processing systems, database systems, and program management.
`
`7. As a result of my education and professional experience, I have extensive development
`
`experience and knowledge of computer operating systems including access control
`
`concepts, data encryption/decryption techniques, file and document management
`
`systems, networking technologies, database systems, communication protocols including
`
`network communication protocols, user interfaces including graphical user interfaces,
`
`and computer hardware design, and software analysis, design, and development. I have
`
`developed computer software and hardware for many different computer systems and
`
`applications. I have also analyzed several software products related to access control,
`
`secure network transmission, secure storage in multimedia databases, and content
`
`delivery networks and distribution systems. For example, I have analyzed databases and
`
`file systems used to store and access encrypted information in a secure manner, network
`
`based distribution of encrypted information for security and privacy, and content delivery
`
`network architectures of leading content delivery network providers.
`
`1 have also
`
`Declaration of Dr. John P. J. Kelly
`
`3
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 3
`
`

`
`analyzed the source code for computer operating systems such as Apple’s Mac OS X,
`
`Microsoft Windows, Linux, etc. I have also testified in Court on several occasions as a
`
`computer science expert to report my analysis and opinions.
`
`8.
`
`I have worked in the area of computer software, hardware and system design and
`
`development for nearly forty years. I have extensive experience in the design and
`
`development of small and large scale software systems.
`
`I have been involved in the
`
`specification, development, integration, and testing of computer systems with a wide
`
`range of requirements, sizes and types. These have included, by way of example, custom
`
`hardware and software for a US Air Force fighter plane, a distributed real-time system for
`
`US FAA air traffic control, and a distributed geographical information system for the US
`
`Department of Energy.
`
`9. From 1978 to 1995, I specified, designed and implemented distributed database
`
`architectures, systems and applications for Los Alamos National Laboratory and NASA’s
`
`Jet Propulsion Laboratory and database machine design and implementation at
`
`Transaction Technology Incorporated, Ordain, Inc. and Teradata.
`
`10. From 1985 to 1998, I consulted for AT&T GIS, NCR, Symbios Logic, and LSI Logic,
`
`including working as a member of the AT&T GIS Science Advisory Committee
`
`(“SAC”). The SAC evaluated AT&T’s organization, technical direction and product
`
`strategy and made recommendations to the Vice President of Technology and
`
`Development.
`
`1 1. As a result of my education and professional experience, I have extensive knowledge of
`
`data security on peripheral devices such as CD-ROM and DVD drives, and magnetic-
`
`strip and bar-code readers, as well as encryption and coding for information transfer —
`
`Declaration of Dr. John P. J. Kelly
`
`4
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 4
`
`

`
`including, for example, network traffic between computers and bus traffic within
`
`computers. I have extensive knowledge of encryption algorithms implemented in
`
`hardware and software for local information security as well as for network transmission.
`
`I have analyzed the strength, performance, and overhead cost of encryption techniques
`
`and I have taught graduate-level classes on these topics and other aspects of secure and
`
`dependable computing while a professor at the University of California.
`
`12. A listing of testimony that I have provided in the last four years and my compensation is
`
`attached hereto as Exhibit B. I am being compensated for my time spent in connection
`
`with this case. I have no financial interest in the outcome of this case.
`
`Materials Reviewed
`
`13. In forming my opinions I have reviewed the following:
`
`a. The ‘358 Patent
`
`b. The prosecution history for the ‘358 Patent
`
`14. I have also reviewed several prior art references, including:
`
`a. U.S. Patent No. 5,694,472 to Johnson et al (“Johnson ‘472”).
`
`b. Source Code for Version 1.3.3 of CFS software (“CFS Software”1).
`
`c.
`
`“A Cryptographic File System for Unix”, 1993 Proceedings of the 1st ACM
`
`Conference of Computer & Communication Security in November 1993 (“CFS
`
`I”);
`
`d. Chan U.S. Pat. No. 5,713,018 (“Chan ‘018”)
`
`e. Henderson U.S. No. Pat. 5,550,976 (“Henderson ‘976”)
`
`f. Rackman U.S. Pat. No. 5,903,646 (“the Rackman ‘646”)
`
`1 In the declaration and associated claim charts, the terms CFS software and CFS source code are sometimes used
`interchangeably.
`
`Declaration of Dr. John P. J. Kelly
`
`5
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 5
`
`

`
`15. I have also reviewed these additional documents in preparing this declaration:
`
`a. System/36 Environment Programming
`
`b. Peter Dyson, The Unix Desk Reference, Sybex, 1996
`
`c. Ben Ezzel and Jim Blaney, NT 4/Windows 95 Developer’s Handbook, Sybex,
`
`l 997
`
`d. Federal Information Processing Standard (FIPS) for Advanced Encryption
`
`Standard (AES) available at hfip://csrc.nist.gov/archive/aes/pre-
`
`roundl/aes 9701 .txt.
`
`e.
`
`“Key Management in an Encrypting File System” by Matt Blaze at Proceedings
`
`of the summer 1994 USENIX Conference held on June 6-10, 1994 in Boston
`
`f.
`
`“ESCROWED ENCRYPTION STANDARD”, Federal Information Processing
`
`Standards Publication 185,1994 February 9 available at
`
`http://csrc.nist.gov/publications/fips/fips185/fips185.txt
`
`g. The Architecture Of SQLite available at hfip://wvvw.sglite.org/arch.htrnl.
`
`h. Declaration of Matthew Blaze dated February 28. 2014.
`
`16. I have further reviewed any additional materials cited in this declaration.
`
`Overview of the ‘358 Patent
`
`17. The ‘358 patent is entitled “Encrypting File System” and was issued on Aug. 22, 2006. I
`
`understand that the ‘358 patent claims priority, through a series of continuation-in-part
`
`applications, back to May 7, 1998.
`
`18. The ’358 patent concerns a system for encrypting documents in an Electronic Document
`
`Management System (EDMS). As the ‘358 patent notes, EDMSs in the mid-90s were
`
`combinations of databases, indices, and search engines that were used to store, retrieve,
`
`Declaration of Dr. John P. J. Kelly
`
`6
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 6
`
`

`
`manage, and share documents within a disbursed organization. Col. 1, 11. 52-57. Because
`
`such EDMSs typically store sensitive files related to the business, information
`
`professionals in the 1990s were seeking ways to secure files through passwords,
`
`firewalls, and smart cards to enhance security. Col. 2, 1.47-col. 3, 1.14.
`
`19. One known method to secure files was through encryption technologies that scramble the
`
`data using mathematical algorithms. Col. 3, 11. 15-24. In order to decrypt (i.e.,
`
`descramble) the files the system would need the encryption key (typically a long series of
`
`alphanumeric characters) that was used to encrypt the data. Col. 3, 11. 25-31. As of the
`
`priority date of the ‘358 patent, persons in the art knew of at least two forms of
`
`encryption, public key and private key. Col. 3, 11. 32-57. The patent alleges, however,
`
`that these encryption systems were cumbersome to use because the user had to interrupt
`
`their work flow and activate separate encryption software in order to save the document
`
`on the system. Col. 3, 1.58-col. 4, 1.9.
`
`20. The ‘358 patent suggests that it solved this problem by integrating encryption and EDMS
`
`software in an automated and transparent way that minimizes workflow disruption. Col.
`
`4, 1115-26; col. 7, 11. 8-14. Specifically, the ‘358 patent claims a system that performs
`
`encryption and decryption when a document is being opened or closed by a computer
`
`program. Claim 1 is a representative claim of the ‘358 patent.
`
`1. A process of decrypting documents comprising:
`
`providing plural documents having respective names
`
`providing a crypto server for causing documents to be decrypted
`
`providing a first table having
`
`the names of encrypted documents
`
`for each of the names of encrypted documents in the first table, a key
`name associated with a decryption key value for the encrypted document
`
`Declaration of Dr. John P. J. Kelly
`
`7
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 7
`
`

`
`detecting an open command for a given document issuing from a user of an
`application program using a user input device
`
`in response to the open command, the crypto server using the first table to
`determine if the given document should be decrypted
`
`if the given document should be decrypted, then
`
`retrieving the key name associated with the name of the given document
`from the first table
`
`retrieving the decryption key value associated with the key name from a
`second table, the second table having at least one decryption key value
`
`causing the given document to be decrypted.
`
`21. As described and claimed in the ‘358 patent, the alleged inventive system will detect
`
`when a user issues an “open” command (see claims 1 & 6) or “close” command (see
`
`claim 11) for a document. The system will then determine whether the file is encrypted
`
`or needs to be encrypted and, if so, run the decryption or encryption process respectively.
`
`The ‘358 patent inventors do not claim to have invented any special form of encryption
`
`or decryption program or algorithms. Rather, the claims are directed towards a system
`
`that stores the encryption information associated with a document in two different
`
`places—namely two different tables. My understanding is that in this proceeding the
`
`Board will adopt the broadest reasonable construction when construing the claim terms.
`
`Based on that understanding, a processor or “crypto server” uses the two tables to read
`
`and record encryption information in order to encrypt or decrypt files, depending on
`
`whether the claim calls for encryption or decryption.
`
`22. The first table of data contains a “key name” associated with the name of a document.
`
`The “key name” is not the decryption key itself Instead, it simply points to the location
`
`of the actual decryption value. So for example, if the encrypted document a person is
`
`attempting to open is named “ACME Letter.doc,” the first table will contain an entry that
`
`Declaration of Dr. John P. J. Kelly
`
`8
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 8
`
`

`
`associates “ACME Letter.doc” with the name of an encryption key. In other words,
`
`“ACME Letter.doc” equals the “Blue Key.”
`
`23. The second table contains the actual decryption value or “key value” described in the
`
`‘358 patent. This table would associate the key name (e. g., Blue Key) with the actual
`
`alphanumeric key value or code (e. g., 23GF-234Q-UIB2-8917-T3UK) that would be used
`
`to decrypt the document.
`
`24. Claims 1, 6, and 11 of the ‘358 patent are the independent claims of the patent that
`
`largely contain the same elements. For example, the independent claims require (1)
`
`documents with names, (2) a first table containing key names and document names, (3)
`
`detection of an open or close command, (4) determination of whether a document needs
`
`to be decrypted or encrypted, (5) retrieving key names associated with the document
`
`name from a first table, then key values associated with a key name from a second table,
`
`and (6) encrypting or decrypting the document.
`
`25. Claim 1 differs from Claims 6 and 11 because it claims a process instead of a computer
`
`program product. Claim 1 also claims a “crypto server” as opposed to the “program
`
`code” and “processor” described in Claims 6 and 11. However, essentially “crypto
`
`server” is just another name for the software and hardware that performs the encryption
`
`and decryption. See Col. 7, 11.8-ll (“The crypto server 330 of the invention is a software
`
`module which transparently handles the encryption of documents and the decryption of
`
`encrypted documents. . .”); col. 5, 11.51-52 (“By "server" it is meant hardware or software
`
`which provides network services.”); Fig. 3 (showing crypto server as part of a
`
`workstation 150). In other words, “crypto server” in claim 1 encompasses the language
`
`of claims 6 and 11 that requires “program code embodied therein for decrypting [or
`
`Declaration of Dr. John P. J. Kelly
`
`9
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 9
`
`

`
`encrypting] documents, the program code for causing a processor to” under the broadest
`
`reasonable construction standard.
`
`26. Claim 11 differs fiom claims 1 and 6 by claiming the detection of a “close” command
`
`followed by encryption of the documents, rather than detection of an “open” command
`
`followed by decryption.
`
`27. In addition to the independent claims, many of the dependent claims add minor
`
`limitations. Several dependent claims are identical. A summary of the limitations added
`
`by the dependent claims is shown in the following table.
`
`
`
`Claim No. Limitation Added-
`
`that also performs the detecting step.
`
`
`
`Storage of the second table on a smart card
`Claiming a general purpose computer comprising the program
`Program code for causing the processor to obtain the key values from a portable
`storage device.
`
`--5
`
`, 10, and 15
`8 and 13
`9 and 14
`
`Level of Ordinary Skill in the Art of the ‘358 Patent
`
`28. Counsel for Petitioners has informed me that the content of the prior art should be
`
`interpreted the way a person of ordinary skill in the art would have interpreted the
`
`reference at the time of the effective filing date of the ‘358 patent — May 7, 1998.
`
`29. In my opinion, the person of ordinary skill in the art for the ‘358 patent would have at
`
`least a Bachelors of Science degree in Computer Engineering, Computer Science,
`
`Electrical Engineering or some closely related degree. A person of ordinary skill in the
`
`art would also have two or more years of working experience or additional studies in the
`
`area of data encryption and well as file management systems.
`
`Declaration of Dr. John P. J. Kelly
`
`10
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 10
`
`

`
`30. By May 7, 1998, I had education and experience sufficient to be considered at least a
`
`person of ordinary skill in the art under this standard.
`
`31. I have been asked by Petitioners’ counsel to assume that the person of ordinary skill is a
`
`hypothetical person who is assumed to be aware of all the pertinent information that
`
`qualifies as prior art. In addition, the person of ordinary skill in the art makes inferences
`
`and creative steps. He or she is not an automaton, but has ordinary creativity.
`
`32. Based on my experience, I have an understanding of the capabilities of the skilled person
`
`in this field, and my opinions are provided from the perspective of such a person.
`
`Standards for Claim Construction, Anticipation, and Obviousness
`33. I understand fiom counsel for Petitioners that, in a review proceeding, the claims are to
`
`be given their broadest reasonable construction consistent with the patent specification. I
`
`also understand that limitations fiom the specification are not to be read into the claims.
`
`34. Counsel for Petitioners has informed me that a patent claim is invalid as anticipated (i.e.,
`
`invalid under 35 U.S.C. § 102) if every limitation of a claim is found identically (either
`
`expressly, implicitly, or inherently) in a reference. A reference inherently discloses the
`
`subject matter that a person of ordinary skill in the art would have recognized as
`
`necessarily being present in the subject matter disclosed in the reference.
`
`35. Counsel for Petitioners has also informed me that, by law, a patent may not be obtained,
`
`though the invention is not identically disclosed or described as set forth in a prior art
`
`reference, if the differences between the subject matter sought to be patented and the
`
`prior art are such that the subject matter as a whole would have been obvious (i.e., invalid
`
`under 35 U.S.C. § 103) at the time the invention was made to a person having ordinary
`
`skill in the art to which said subject matter pertains.
`
`Declaration of Dr. John P. J. Kelly
`
`11
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 11
`
`

`
`36. I have also been informed that, in order for a patent claim to have been obvious, there
`
`should be a reasoned explanation as to why collectively the prior art references would
`
`have rendered the claimed invention obvious. Depending on the real-world context of the
`
`invention described in a patent, various factors or reasons can suffice as a reason to
`
`modify or combine the subject matter disclosed in prior art references.
`
`37. These factors and reasons include the following: (a) obvious to try — choosing from a
`
`finite number of identified, predictable solutions, with a reasonable expectation of
`
`success, (b) common sense, (c) combining or substituting known elements fiom the prior
`
`art to obtain predictable results, (d) ordinary creativity, (e) whether the need or problem
`
`addressed by the patent was known in the prior art, (f) use of known techniques to
`
`improve similar devices in the same way, (g) a teaching, suggestion, or motivation, either
`
`in the references themselves or in the knowledge generally available to one of ordinary
`
`skill in the art, to modify a reference or combine reference teachings, and (h) when a
`
`work is available in one field of endeavor, design incentives and other market forces can
`
`prompt variations of it, either in the same field or a different one. I understand that these
`
`factors are identified in the U.S. Supreme Court’s decision in KSR v. Teleflex.
`
`38. I understand that the Patent Office follows its published guidelines for determining
`
`whether a patent claim would have been obvious at the time the invention was made to a
`
`person of ordinary skill in the art. Those guidelines are in the Patent Off1ce’s
`
`“Examination Guidelines for Determining Obviousness Under 35 U.S.C. 103
`
`(http://www.uspto.gov/web/offices/pac/mpep/s2141.htrnl), and I have read those
`
`guidelines and applied them below when I analyze a claim for obviousness.
`
`Declaration of Dr. John P. J. Kelly
`
`12
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 12
`
`

`
`39. I understand that prior art under 35 U.S.C. § l02(a) includes patents and printed
`
`publications before the invention by the applicant.
`
`1 also understand that prior art under §
`
`l02(a) also includes those things known or used by others in the United States before the
`
`invention by the applicant.
`
`I understand that the earliest date of invention asserted by the
`
`‘358 patent applicant is May 1, 1996 (See application 90/006529; Affidavit of
`
`10/ l 2/2004).
`
`40. I understand that prior art under 35 U.S.C. § l02(b) includes patents and printed
`
`publications that were available more than one year before the effective filing date of the
`
`‘358 patent, i.e. before May 7, 1997.
`
`41. All of the prior art references I discuss in this declaration are prior art under § l02(a) or
`
`(b), or (e).
`
`Claim Construction
`
`42. Though claim terms are entitled their broadest reasonable construction, upon review of
`
`the ‘358 patent, it is my understanding that the inventors specifically defined certain
`
`claim terms.
`
`43. Based on my reading of the ‘358 patent, the term “document” is explicitly construed as “a
`
`named, structural unit of text, graphics and/or other data that can be stored, retrieved and
`
`exchanged among systems and users as a separate unit.” Col. 5, 11. 62-65. Based on this
`
`construction and use of the term in the patent, it is my opinion that use of the term
`
`“document” in the ‘358 patent is synonymous with the term “file” used in computer
`
`programming and other literature of the time. See, e.g., System/36 Environment
`
`Programming at 1-2 (defining “file” as “a set of related records treated as a unit”).
`
`Indeed, the patent itself uses the terms “document” and “file” interchangeably. See, e.g.,
`
`Declaration of Dr. John P. J. Kelly
`
`13
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 13
`
`

`
`Col. 8, 11. 10-12 (“As described above, the EDM database 345 includes a list of encrypted
`
`documents in an encrypted files table.”).
`
`44. Based on my reading of the ‘358 patent, the term “key name” is construed as “an
`
`alphanumeric descriptor which may be used by the user and/or system administrator for
`
`administering the encryption key value.” Col. 8, 11. 39-42. As noted previously, the key
`
`name is not the actual encryption key, but rather the name given to the encryption key
`
`value. In my example above, it would be the “Blue Key”.
`
`45. Based on my reading of the ‘358 patent, the term “key value” represents that actual
`
`encryption key used to encrypt or decrypt a document. The broadest reasonable
`
`construction of that term is “an alphanumeric descriptor used by the user to encrypt or
`
`decrypt a document.” See Col. 8, 11. 35-52.
`
`46. As previously discussed, the term “crypto server” means “a processor or software module
`
`which handles encryption and decryption of documents.” See col. 7, 11. 8-11; col. 5, 11.51-
`
`52; Fig. 3.
`
`Invalidity Opinions
`
`47. Several distinct prior art references specifically disclose the claimed invention of the ‘358
`
`patent. In the following sections and attached exhibits, I review two primary references
`
`that anticipate or render obvious the ‘358 patent claims. They include:
`
`a. U.S. Patent No. 5,694,472 to Johnson (“Johnson ‘472”) and
`
`b. CFS Source Code.
`
`48. I will also review obvious combinations of these primary references in combination with
`
`each other and with other prior art references in the art. They include:
`
`Declaration of Dr. John P. J. Kelly
`
`14
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 14
`
`

`
`c.
`
`“A Cryptographic File System for Unix”, 1993 Proceedings of the 1st ACM
`
`Conference of Computer & Communication Security in November 1993 (“CFS
`
`I”);
`
`d. U.S. Patent No. 5,713,018 to Chan (“Chan”); and
`
`e. U.S. Patent No. 5,550,976 to Henderson (“Henderson”).
`
`f. Rackman U.S. Pat. No. 5,903,646 (“the Rackman ‘646”)
`
`49. Specifically, I assert the following opinions in the sections that follow:
`
`g. Claims 1, 4-15 of the ‘358 patent are anticipated by Johnson ‘472;
`
`h. Claim 11 of the ‘358 patent is obvious over Johnson.
`
`i. Claims 1, 4-8, 11-13 of the ‘358 patent are anticipated by CFS Source Code;
`
`j. Claims 1, 4-15 of the ‘358 patent are obvious over CFS Source Code in view of
`
`CFS I;
`
`k. Claim 3 of the ‘358 patent is obvious over CFS Source Code in view of Rackman
`
`‘646;
`
`1. Claim 2 of the ‘358 patent is obvious over CFS Source Code in view of Chan
`
`‘018;
`
`m. Claims 1-15 of the ‘358 patent are obvious over Johnson ‘472 in view of CFS I,
`
`CFS Source Code, Chan ‘018, Rackman ‘646, and/or Henderson ‘976.
`
`Knowledge of Persons of Ordinary Skill in the Art
`
`50. In addition to the specific prior art references listed above, it is my fiirther opinion that
`
`many of the concepts and solutions identified by the ‘358 patent were well known to
`
`persons of ordinary skill in the art at the time of the effective filing date of this patent.
`
`Declaration of Dr. John P. J. Kelly
`
`15
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 15
`
`

`
`51. A person of ordinary skill in the art would know and understand the need to encrypt data
`
`in a computer system. In fact, the background section of the ‘358 patent acknowledges
`
`this. There is further evidence of this as well, including the Unix operating system which
`
`included crypt command to encrypt and decrypt a file at least as of 1996.
`
`[See, e.g.,
`
`Peter Dyson, The Unix Desk Reference, Sybex, 1996 at p. 102.] As another example,
`
`Microsoft operating system included several application programming interfaces (APIs)
`
`that are provided to the developers so that the developers can use the Microsoft operating
`
`system’s inbuilt encryption/decryption capabilities at least as of 1997. As an example,
`
`Windows NT 4 provided over 80 API functions that pertain to security in Windows NT
`
`and many more CryptoAPI functions.
`
`[See, e.g., Ben Ezzel and Jim Blaney, NT
`
`4/Windows 95 Developer’s Handbook, Sybex, 1997 at p.590.] Furthermore, the National
`
`Institute of Standards and Technology developed and published standards for encryption
`
`including Federal Information Processing Standard (FIPS) for Advanced Encryption
`
`Standard (AES).
`
`[See, e.g., http://csrc.nist.gov/archive/aes/pre-round1/aes_970l.txt.]
`
`52. In addition to being generally knowledgeable of encryption techniques, a person of skill
`
`in the art would be aware of the need to secure and obfuscate sensitive encryption
`
`information, such as the encryption key itself An encrypted file does very little to
`
`protect sensitive information if an intruder has easy access to the key that decrypts the
`
`file. Several methods were known for persons skilled in the art well before the effective
`
`filing date of the ‘358 patent. One such known method was to safeguard the key by
`
`encrypting the key itself. Another known method to safeguard was to store the key at a
`
`random location in the file.
`
`[See, e.g., Ben Ezzel and Jim Blaney, NT 4/Windows 95
`
`Developer’s Handbook, Sybex, 1997 at p.642.] In addition, it was also well known to
`
`Declaration of Dr. John P. J. Kelly
`
`16
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 16
`
`

`
`persons skilled in the art at the time to combine two or more techniques associated with
`
`encryption to create a much stronger resulting technique or algorithm to encrypt data.
`
`[See, e.g., Ben Ezzel and Jim Blaney, NT 4/Windows 95 DeVeloper’s Handbook, Sybex,
`
`1997 at p.64l.]
`
`53. It was also well known for persons of ordinary skill in the art prior to the effective filing
`
`date of the ‘358 patent that multiple layers of encryption can be performed on the data
`
`with different keys associated with each layer. Furthermore, the keys associated with
`
`each layer can be stored in different location. For example, as early as 1997, Content
`
`Scrambling System (CSS) was used to encrypt audio/Video data on the DVDs. The
`
`audio/Video data was encrypted using one key. The key was further encrypted using
`
`another key2. These different keys are stored in different locations. [See, e.g., Jim Taylor
`
`et. al., DVD Demystified, Third Edition, McGraw Hill, 2006 at pp. 2 — ll — 2-13 and 5-4
`
`— 5-9.]
`
`54. Another method is to add indirection to the process by separating the direct association
`
`of the file with its key. For example, Key Escrows have been known to the person of
`
`ordinary skill in the art at least as of 1994. The keys are separated fiom the files and
`
`escrowed with a trusted caretaker. The escrowed care taker could be a smart card.
`
`[See,
`
`e.g., hfip://csrc.nist.gov/publications/fips/fips185/fipsl85.txt; “Key Management in an
`
`Encrypting File System” by Matt Blaze at Proceedings of the summer 1994 USENIX
`
`Conference held on June 6-10, 1994 in Boston at pp. 2-3.]
`
`55. It was known to persons skilled in the art prior to the effective filing date of the ‘358
`
`patent to store the file name and keys in separate tables with some common element
`
`linking the two tables. This way, one table with the file name can reside on the computer
`
`2 This is only a partial description of CSS.
`
`Declaration of Dr. John P. J. Kelly
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 17
`
`17
`
`

`
`that contains the file and the other table with the key can reside on a smart card (key
`
`escrow.) [See, e.g., “Key Management in an Encrypting File System” by Matt Blaze at
`
`Proceedings of the summer 1994 USENIX Conference held on June 6-10, 1994 in Boston
`
`at pp. 2-3.]
`
`56. Furthermore, it was also known to one skilled in the art prior to the effective filing date
`
`of the ‘358 patent that any enhancements to, for example, the file system need to be
`
`automated, transparent and seamless. For example, at least as of 1996, the access
`
`controls of the Windows operating system allow users to share access to specific files or
`
`directories in an automated, easy and transparent manner.
`
`[See, e.g., Jim Boyce, et al.,
`
`Windows NT Workstation 4.0 Advanced Technical Reference, Que, 1996 at p. 742.]
`
`Similarly, it was known to persons of ordinary skill in the art by this time that in order to
`
`implement enhancements to electronic document management systems, like file
`
`encryption, they needed to be automated, easy and transparent.
`
`57. Furthermore, it was well known to persons of ordinary skill in the art prior to the
`
`effective filing date of the ‘358 patent that tables are simply the orderly arrangement of
`
`information (typically into rows and columns). The claims of the ‘358 patent require two
`
`tables — one skilled in the art would recognize that the data structure of Johnson, if not
`
`deemed to explicitly be stored in tables, could be stored in tables.
`
`Claims 1, 4-15 of the ‘358 Patent Are Anticipated by Johnson ‘472
`
`58. As further explained in the attached claim chart at Exhibit C , it is my opinion that claims
`
`1, 4-15 of the ‘358 patent are anticipated by Johnson ‘472.
`
`59. Johnson ‘472 is a lengthy patent filed in the Patent Office on February 13, 1995 and
`
`issued on December 2, 1997. It is entitled “Personal Access Management System” and
`
`Declaration of Dr. John P. J. Kelly
`
`18
`
`PETITIONER - ORACLE-APPLE - EXHIBIT 1008 - Page 18
`
`

`
`describes a system to allow secure access to information on a computer system.
`
`Specifically, Johnson ‘472 discloses a system that “provides a highly secure mechanism
`
`for transferring information from one party to another.” Johnson ‘472, Abstract.
`
`60. In Johnson ‘472, a provider supplies to users a smart card containing encryption keys and
`
`authentication. The user can use the smart card to securely access provider sites for
`
`communication systems, transactional systems, and authorization systems for
`
`communicating information, making a transaction, or authorizing a device. Johnson ‘472
`77
`LC
`
`describes opening and decrypting files on the smart card “file names
`
`operational key
`
`7
`
`file names,” and “operational key codes” using two separate tables to store that
`
`information.
`
`61. Johnson ‘472 describes all elements of the independent claims as well as many
`
`limitations added by the dependent claims. I have provided my s