IN THE UNITED STATES DISTRICT COURT
`FOR THE NORTHERN DISTRICT OF GEORGIA
`ATLANTA DIVISION
`
`AIRWATCH LLC,
`
`Plaintiff,
`
`v.
`
`
`GOOD TECHNOLOGY
`CORPORATION and GOOD
`TECHNOLOGY SOFTWARE, INC.,
`
`Defendants.
`
`Civil Action No. 14-cv-02281-SCJ
`
`
`
`
`
`
`
`
`AIRWATCH LLC’S INITIAL INFRINGEMENT CONTENTIONS
`
`Plaintiff AirWatch LLC (“AirWatch”) provides its initial infringement
`
`contentions and initial document production pursuant to Patent Local Rule 4.1.
`
`GENERAL RESERVATIONS
`
`
`
`AirWatch’s investigation into the infringement by Good Technology
`
`Corporation and Good Technology Software, Inc. (collectively, “Good”) is
`
`ongoing, and the following disclosures are based solely on the information
`
`currently available to AirWatch. Discovery in this matter is just underway, and
`
`Good has yet to produce any technical documentation or source code related to its
`
`accused products. AirWatch reserves the right, and currently intends, to
`
`supplement or modify these disclosures as new information becomes available,
`
`la-1265994
`
`Good Technology Software, Inc., Ex. 1007 - 1
`
`

`

`through discovery or otherwise.
`
`
`
`The following disclosures are made without waiving attorney-client
`
`privilege, work-product protection, or any other privilege or protection.
`
`INFORMATION RESPONSIVE TO L.P.R. 4.1(b)(1)
`
`I.
`Good has infringed and continues to infringe claims 1–15 of United States
`
`Patent No. 8,713,646 (the “’646 Patent”). Good has not yet produced documents
`
`or made available any other discovery related to its infringement. Accordingly,
`
`AirWatch reserves the right to amend its identification of asserted claims based
`
`upon its review of the relevant documentation and continued investigation.
`
`INFORMATION RESPONSIVE TO L.P.R. 4.1(b)(2)
`
`II.
`Based on AirWatch’s investigation thus far, AirWatch has determined that
`
`all Good products that rely on what Good refers to as the “Good for Enterprise
`
`platform,” the “Good Dynamics platform,” and/or or the “Good Dynamics Secure
`
`Mobility platform” (individually and collectively, the “Good Accused System”)
`
`infringe claims 1–7 and claims 9–14 of the ’646 Patent. These infringing products
`
`include, without limitation, Good for Enterprise, Good Connect, Good Share, Good
`
`Collaboration Suite, the Good Access and Good Mobile Access browsers, and all
`
`Good Secure ISV Applications.
`
`Furthermore, certain implementations of the Good Accused System—
`
`
`la-1265994
`
`2
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 2
`
`

`

`namely, all implementations in which authentication is based on user name,
`
`password, and biometric data related to at least one of facial recognition,
`
`fingerprint recognition, and retina recognition—infringe claims 8 and 15 of the
`
`’646 Patent. These accused implementations include, without limitation,
`
`implementations incorporating Precise Biometrics fingerprint-based authentication.
`
`See, e.g., http://www.telegraphindia.com/pressrelease/prnw/sf40755.html.
`
`AirWatch’s investigation is ongoing. AirWatch reserves the right to identify
`
`additional accused instrumentalities based on its review of the relevant
`
`documentation and continued investigation.
`
`INFORMATION RESPONSIVE TO L.P.R. 4.1(b)(3)
`
`III.
`Attached hereto as Exhibit A are AirWatch’s preliminary infringement claim
`
`charts for the ’646 Patent. AirWatch does not contend that any limitation of the
`
`asserted claims is governed by 35 U.S.C. § 112(6).
`
`The evidence of Good’s infringement cited in Exhibit A is exemplary and
`
`provided solely in order to identify with greater specificity where each limitation
`
`of the asserted claims is found in the Good Accused System. AirWatch reserves
`
`the right to rely on any additional evidence of Good’s infringement, including but
`
`not limited to any evidence obtained through discovery or further investigation.
`
`Good has not yet produced documents (including source code) or made available
`
`
`la-1265994
`
`3
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 3
`
`

`

`any other discovery related to its infringement. AirWatch reserves the right to
`
`supplement or amend the claim charts based on its review of the relevant
`
`documentation and continued investigation.
`
`INFORMATION RESPONSIVE TO L.P.R. 4.1(b)(4)
`
`IV.
`As shown in Exhibit A, AirWatch contends that each limitation of each
`
`asserted claim is literally present in the Good Accused System. However, the
`
`Court has not yet construed the asserted claims. Furthermore, Good has not
`
`provided any basis for contending that it does not literally infringe the asserted
`
`claims. If the Court construes a claim term in such a way as to call literal
`
`infringement into question or if Good identifies accused features as not literally
`
`infringing, AirWatch reserves the right to amend these contentions to add further
`
`support for its allegations of infringement under the doctrine of equivalents.
`
`INFORMATION RESPONSIVE TO L.P.R. 4.1(b)(5)
`
`V.
`The ’646 Patent does not claim priority to an earlier application. Thus, no
`
`response is required under Patent Local Rule 4.1(b)(5). For each asserted claim of
`
`the ’646 Patent, AirWatch reserves the right to claim priority to earlier invention
`
`dates based upon evidence that is obtained through discovery or from other sources
`
`regarding the conception and reduction to practice of the claimed inventions.
`
`
`la-1265994
`
`4
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 4
`
`

`

`VI. DOCUMENT PRODUCTION ACCOMPANYING INITIAL
`INFRINGEMENT CONTENTIONS
`
`AirWatch is producing documents in the categories set forth in Patent Local
`
`Rule 4.1(c) that AirWatch has located based on its reasonable investigation to date.
`
`Pursuant to paragraphs 14 and 15 of the stipulated protective order, AirWatch will
`
`make highly confidential source code related to the conception and reduction to
`
`practice of the invention available for inspection at the office of Kilpatrick
`
`Townsend & Stockton LLP, Suite 2800, 1100 Peachtree Street NE, Atlanta, GA
`
`30309-4528. AirWatch reserves the right to produce and rely upon any additional
`
`documents that it may locate during future investigations.
`
`
`
`
`la-1265994
`
`5
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 5
`
`

`

`Dated: October 17, 2014
`
`
`
`
`
`
`
`
`
`
`
`Susan A. Cahoon (GA SBN 102000)
`SCahoon@kilpatricktownsend.com
`Joshua H. Lee (GA SBN 489842)
`JLee@kilpatricktownsend.com
`KILPATRICK TOWNSEND
`1100 Peachtree St. NE, Ste. 2800
`Atlanta, GA 30309-4528
`Telephone: 404.815.6325
`Facsimile: 404.541.3145
`
`
`
`
`
`
`
`Respectfully submitted,
`
`By: /s/ Michael A. Jacobs
`Michael A. Jacobs
`Pro Hac Vice, CA Bar No. 111664
`MJacobs@mofo.com
`MORRISON & FOERSTER LLP
`425 Market Street
`San Francisco, CA 94105-2482
`Telephone: 415.268.7000
`Facsimile: 415.268.7522
`
`Bita Rahebi
`Pro Hac Vice, CA Bar No. 209351
`BRahebi@mofo.com
`MORRISON & FOERSTER LLP
`707 Wilshire Boulevard
`Los Angeles, CA 90017-3543
`Telephone: 213.892.5200
`Facsimile: 213.892.5454
`
`Attorneys for Plaintiff
`AIRWATCH LLC
`
`
`
`
`
`
`
`
`
`la-1265994
`
`6
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 6
`
`

`

`
`
`Claim 1
`1. A system,
`comprising:
`
`
`EXHIBIT A
`Good’s Infringement of the ’646 Patent
`
`Good’s Infringement
`The Accused Good System satisfies each limitation of claim 1.
`Illustrations of some infringing implementations of the Accused Good
`System are provided below:
`
`
`Good Dynamics Security White Paper, p. 3.
`
`
`
`
`
`
`
`
`http://www1.good.com/good-dynamics-platform/deployment-options.html.
`
`Good’s infringement is not limited to these illustrative embodiments. For
`example, the Accused Good System also infringes in a “Direct Connect”
`architecture, which does not use the Good NOC. As another example, the
`Accused Good System can comprise multiple proxy servers and/or control
`servers.
`As illustrated above, the Accused Good System includes a Good Proxy
`Server (also known by other names such as “GP Server” and “Good
`Messaging Server”) and a Good Control Server (also known by other
`names such as “GC Server,” “Good Mobile Control Server,” and “GMC
`
`a proxy server that
`receives a request
`from a user of one
`of a plurality of
`
`la-1265994
`
`Good Technology Software, Inc., Ex. 1007 - 7
`
`

`

`client devices to
`access at least one
`enterprise resource
`provided by an
`enterprise device on
`a network, wherein
`the request
`comprises a set of
`user access
`credentials
`associated with the
`user and a device
`identifier associated
`with the one of the
`plurality of client
`devices,
`
`Server”). The Good Proxy Server, individually and/or in conjunction with
`the Good Control Server, is a “proxy server” within the meaning of the
`claims. The Good Proxy Server receives requests from users of client
`devices for enterprise resources provided by an enterprise device on the
`network. The client devices include, but are not limited to, mobile phones
`and tablet computers. The enterprise resources include, but are not
`limited to, documents, emails, intranet data, calendars, messages,
`contacts, files, and any other Good application data.
`
`The request comprises a set of user access credentials associated with the
`user and a device identifier associated with the one of the plurality of
`client devices. These credentials and identifiers include, without
`limitation, user credentials such as login and password, a client device ID
`(e.g., a UDID), an authentication token, and a session key. The Good
`Proxy Server uses such credentials and identifiers to authenticate the user
`and the client device.
`
`Public literature about Good’s products provides ample evidence of
`Good’s infringement with respect to this limitation. See, e.g., Good
`Dynamics Security White Paper; Good Mobile Messaging—Good Mobile
`Control for Microsoft Exchange Administrator’s Guide, Version 1.3.5 and
`subsequent versions (“GMC Admin Guide”); Good Mobile Manager
`Administrator’s Guide, Version 2.4.1 and subsequent versions (“GMM
`Admin Guide”); Good Mobile Messaging—Good Mobile Control for
`IBM Lotus Domino Administrator’s Guide (“GMC Domino Admin
`Guide”), Version 1.3.5. and subsequent versions; Good Mobile Access
`(Secure Browser) Guide, Version 2.4.1 and subsequent versions; GMM
`Server 8.2 Deployment Planning Guide; http://www1.good.com/good-
`dynamics-platform/deployment-options.html;
`http://media.www1.good.com/documents/sb-secure-mobility-solution.pdf;
`http://business.scoop.co.nz/2014/07/24/good-technology-good-dynamics-
`secure-mobility-platform/; http://www1.good.com/good-dynamics-
`platform/single-sign-on.html;
`https://www.gov.uk/government/publications/good-for-enterprise-and-
`good-dynamics-security-guidance/good-for-enterprise-and-good-
`dynamics-security-guidance;
`https://community.good.com/blogs/product_blog/2012/07/25/an-
`important-note-about-the-next-release-of-good-for-enterprise--ios-and-
`apples-unique-device-identifier-udid).
`
`Evidence of Good’s infringement with respect to this limitation includes,
`but is not limited to, the following example excerpts from public literature
`about Good’s products:
`
`
`
`la-1265994
`
`2
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 8
`
`

`

`“The GP server gets authentication data from the GC server by
`using SOAP over HTTPS to authenticate connections from GD
`apps. . . . The upper GRP layer is the end-to-end protocol between
`the GD app and the GP server that carries application data. This
`layer is encrypted with a session key that is not known to the
`Relay server. The GRP authentication service is used to negotiate
`the authentication token, and the session key for upper GRP layer.
`The authentication token is used by the GD app to authenticate
`itself to the GP server for each connection. The session key is used
`for encrypting data for each upper GRP layer connection. An
`authentication token and session key combination can be used for
`24 hours, after which they expire.”
`Good Dynamics Security White Paper, pp. 8, 10.
`
`“With the Good Dynamics Secure Mobility Platform, mobile app
`developers get: integrat[ion] with Kerberos constrained delegation
`(KCD) SSO systems, allowing users to access enterprise resources
`with their app credentials and never require entry of corporate
`credentials.”
` http://media.www1.good.com/documents/sb-gd-secure-mobility-platform.pdf.
`
`“A users’ network credentials, required to authenticate into
`behind-the-firewall enterprise resources, are akin to the “keys to
`the castle.” Single sign-on authentication via Kerberos
`Constrained Delegation (KCD) means a user never has to enter
`enterprise credentials on a mobile device. Authenticating into
`Good-secured apps transparently allows use of enterprise
`resources (e.g., file sharing server, HR systems, etc.). Enterprise
`Single Sign-On with KCD allays any security concerns that a
`business might have about corporate credentials being transmitted
`from or saved to mobile devices, as those credentials never even
`leave the corporate network.”
`http://www1.good.com/good-dynamics-platform/single-sign-on.html.
`
`“Q: What is the UDID being used for?
`A: Good Technology uses the UDID to uniquely identify the
`device.”
`https://community.good.com/blogs/product_blog/2012/07/25/an-important-
`note-about-the-next-release-of-good-for-enterprise--ios-and-apples-unique-
`device-identifier-udid).
`
`“Good Technology will generate a random number as a method
`for uniquely identifying the device.”
`https://community.good.com/blogs/product_blog/2012/07/25/an-important-
`note-about-the-next-release-of-good-for-enterprise--ios-and-apples-unique-
`
`
`
`
`
`
`la-1265994
`
`3
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 9
`
`

`

`device-identifier-udid.
`
`“Due to privacy concerns, Apple is now requiring all apps using
`the Unique Device Identifier (UDID) to obtain the device owner's
`consent. Since Good for Enterprise utilizes the UDID to uniquely
`identify the device, you will now be prompted to allow or deny
`use of the UDID when you upgrade or install the next release. If
`you decide not to allow the use the UDID, you will need to re-
`provision the app. . . .”
`https://community.good.com/blogs/product_blog/2012/07/25/an-important-
`note-about-the-next-release-of-good-for-enterprise--ios-and-apples-unique-
`device-identifier-udid.
`
`“Good Mobile Control (GMC) manages user, device, and profile
`data stored in a SQL database.”
`GMM Server 8.2 Deployment Planning Guide, p. 15.
`
`
`Good Dynamics Security White Paper, p. 3.
`
`
`
`
`
`
`
`
`
`
`
`http://www1.good.com/good-dynamics-platform/deployment-options.html.
`
`
`In the Accused Good System, the proxy server is configured to perform
`
`the proxy server
`
`
`la-1265994
`
`4
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 10
`
`

`

`being configured to: each of the steps recited below.
`In the Accused Good System, the proxy server is configured to receive
`store a copy of a
`and store periodically updated device profiles for each client device. The
`plurality of device
`Accused Good System uses these periodically updated device profiles for
`profiles respectively
`the purpose of performing compliance checks (discussed below). The
`associated with the
`device profiles are stored, for example, in a SQL database.
`plurality of client
`
`devices, receive
`Public literature about Good’s products provides ample evidence of
`periodic updates to
`Good’s infringement with respect to this limitation. See, e.g., Good
`the plurality of
`Dynamics Security White Paper; Good Mobile Messaging—Good Mobile
`device profiles from
`Control for Microsoft Exchange Administrator’s Guide, Version 1.3.5 and
`the respectively
`subsequent versions (“GMC Admin Guide”); Good Mobile Manager
`associated plurality
`Administrator’s Guide, Version 2.4.1 and subsequent versions (“GMM
`of client devices,
`Admin Guide”); Good Mobile Messaging—Good Mobile Control for
`and
`IBM Lotus Domino Administrator’s Guide (“GMC Domino Admin
`Guide”), Version 1.3.5. and subsequent versions; Good Mobile Access
`(Secure Browser) Guide, Version 2.4.1 and subsequent versions;
`http://www1.good.com/good-dynamics-platform/deployment-
`options.html; http://media.www1.good.com/documents/sb-secure-
`mobility-solution.pdf; http://business.scoop.co.nz/2014/07/24/good-
`technology-good-dynamics-secure-mobility-platform/;
`https://www.gov.uk/government/publications/good-for-enterprise-and-
`good-dynamics-security-guidance/good-for-enterprise-and-good-
`dynamics-security-guidance.
`
`Evidence of Good’s infringement with respect to this limitation includes,
`but is not limited to, the following example excerpts from public literature
`about Good’s products:
`
`
`“From the Check Every dropdown, choose how often you want the
`compliance rule checked while the handheld is running (from
`every minute to once every 24 hours). Frequency may impact
`performance and battery life. The rule is also checked at Client
`startup and launch.
`
`* * *
`You can explicitly monitor the presence or absence of a list of
`applications on a device. You use compliance-management
`policies to do so. . . . Application checks occur automatically on a
`handheld when it is set up for the first time and whenever Good
`for Enterprise starts up or exits on it and then by default once
`every 12 hours (as well as when policy changes are received). To
`specify more frequent checks for a particular rule, click the “edit”
`link for the rule. In the Edit compliance rule window that opens,
`choose the desired frequency from the “Check every” dropdown
`menu and then click OK.
`
`* * *
`
`
`la-1265994
`
`5
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 11
`
`

`

`Out-of-compliance causes can include jailbreak detection,
`connectivity verification (device must have connected to Good
`within a specified time), OS version verification, hardware model
`verification, etc. Out-of-compliance actions can include exiting
`from the Good Client on the device, deactivating the Client, and
`creating a compliance report.
`
`* * *
`For each policy set, there are policy settings available in the
`following categories:
`
`General policies:
` Handheld Authentication
` Messaging
` Network Communication
` Provisioning
` Storage Cards
` File Handling
`Application Policies:
` Blocked Applications
` Compliance Manager
` Data Encryption
` Application Management
`Plugin Policies:
`
`iOS configuration
` Android configuration
` Good Mobile Access Secure Browser (an integrated
`browser for Intranet use)”
`GMC Domino Admin Guide, pp. 121–262.
`
`“Creating and Changing Handheld Policy Sets and Templates
`Every handheld has a named policy set associated with it.”
`GMC Domino Admin Guide, p. 129.
`
`“Good Mobile Control (GMC) manages user, device, and profile
`data stored in a SQL database.”
`GMM Server 8.2 Deployment Planning Guide, p. 15.
`
`“The GMC database is an SQL database that stores all policy,
`configuration and container information. It can be installed on the
`GMC server or a separate SQL server.”
`https://www.gov.uk/government/publications/good-for-enterprise-and-good-
`dynamics-security-guidance/good-for-enterprise-and-good-dynamics-security-
`guidance
`
`“With the profiles installed on the device, the Operations Center
`periodically, via the APNS, requests the device to contact it when
`asked by the GMC to do so, to gather information from the device.
`The GMC displays this information. In addition, GMC can
`transmit actions to the device through the Operations Center, such
`
`6
`
`
`
`
`
`
`
`
`la-1265994
`
`Good Technology Software, Inc., Ex. 1007 - 12
`
`

`

`as refreshing data, locking/unlocking the device, resetting the
`device password, and wiping the device”
`GMM Admin Guide, p. 3.
`
`“The Good Mobile Control Console (GMC) serves as your
`primary device-management tool. You use the GMC to add
`users/devices to the system, configure policies that manage device
`use, and monitor the devices after they are set up.”
`GMM Admin Guide, p. 1.
`
`“Compliance-management policies cause Good for Enterprise to
`check user handhelds periodically for specified applications. If
`these required applications are not present (or, in some cases,
`present but not running), you can choose from the following
`failure actions, when supported: quit Good for Enterprise, force
`download of the missing application to the handheld (when the
`rule involves checking for an application), or wipe the Good data
`or complete device.”
`http://www.steelcloud.com/sw_mobile/veriscan/InstallGuides/Good/GoodAdmi
`nGuide_2.2.0_exchange.pdf.
`
`
`
`“Compliance management policies cause Good Messaging to
`check user handhelds periodically for specified applications. If
`these applications are not present, Good Messaging will be
`disabled on the handheld.”
`http://www.demogood.com/media/pdf/documentation/GMM_Admin_Exchange
`/Stoli%20Exchange%20Admin%20HTML-07-04.html.
`
`
`See generally, e.g., GMM Admin Guide, pp. 71–118; GMC Admin
`Guide, pp.161–318; GMC Domino Admin Guide, pp. 121–262.
`In the Good Accused System, the proxy server is configured to
`authenticate the user and client device, using the user access credentials
`and device identifiers discussed above, in order to determine whether the
`user is authorized to access to enterprise resources.
`
`Public literature about Good’s products provides ample evidence of
`Good’s infringement with respect to this limitation. See, e.g., Good
`Dynamics Security White Paper; Good Mobile Messaging—Good Mobile
`Control for Microsoft Exchange Administrator’s Guide, Version 1.3.5 and
`subsequent versions (“GMC Admin Guide”); Good Mobile Manager
`Administrator’s Guide, Version 2.4.1 and subsequent versions (“GMM
`Admin Guide”); Good Mobile Messaging—Good Mobile Control for
`IBM Lotus Domino Administrator’s Guide (“GMC Domino Admin
`Guide”), Version 1.3.5. and subsequent versions; Good Mobile Access
`(Secure Browser) Guide, Version 2.4.1 and subsequent versions; GMM
`Server 8.2 Deployment Planning Guide; http://www1.good.com/good-
`dynamics-platform/deployment-options.html;
`
`7
`
`
`
`authenticate the
`user and the client
`device to determine
`whether the user is
`authorized to access
`to access the
`requested at least
`one enterprise
`resource from the
`client device,
`wherein the proxy
`server authenticates
`the user based at
`least in part on the
`set of user access
`credentials
`associated with the
`
`
`la-1265994
`
`Good Technology Software, Inc., Ex. 1007 - 13
`
`

`

`user and
`authenticates the
`client device based
`at least in part on
`the device identifier
`associated with the
`client device;
`
`http://media.www1.good.com/documents/sb-secure-mobility-solution.pdf;
`http://business.scoop.co.nz/2014/07/24/good-technology-good-dynamics-
`secure-mobility-platform/; http://www1.good.com/good-dynamics-
`platform/single-sign-on.html;
`https://www.gov.uk/government/publications/good-for-enterprise-and-
`good-dynamics-security-guidance/good-for-enterprise-and-good-
`dynamics-security-guidance;
`https://community.good.com/blogs/product_blog/2012/07/25/an-
`important-note-about-the-next-release-of-good-for-enterprise--ios-and-
`apples-unique-device-identifier-udid).
`
`Evidence of Good’s infringement with respect to this limitation includes,
`but is not limited to, the following example excerpts from public literature
`about Good’s products:
`
`
`
`
`“The GP server gets authentication data from the GC server by
`using SOAP over HTTPS to authenticate connections from GD
`apps. . . . The upper GRP layer is the end-to-end protocol between
`the GD app and the GP server that carries application data. This
`layer is encrypted with a session key that is not known to the
`Relay server. The GRP authentication service is used to negotiate
`the authentication token, and the session key for upper GRP layer.
`The authentication token is used by the GD app to authenticate
`itself to the GP server for each connection. The session key is used
`for encrypting data for each upper GRP layer connection. An
`authentication token and session key combination can be used for
`24 hours, after which they expire.”
`Good Dynamics Security White Paper, pp. 8, 10.
`
`“With the Good Dynamics Secure Mobility Platform, mobile app
`developers get: integrat[ion] with Kerberos constrained delegation
`(KCD) SSO systems, allowing users to access enterprise resources
`with their app credentials and never require entry of corporate
`credentials.”
` http://media.www1.good.com/documents/sb-gd-secure-mobility-platform.pdf.
`
`“A users’ network credentials, required to authenticate into
`behind-the-firewall enterprise resources, are akin to the “keys to
`the castle.” Single sign-on authentication via Kerberos
`Constrained Delegation (KCD) means a user never has to enter
`enterprise credentials on a mobile device. Authenticating into
`Good-secured apps transparently allows use of enterprise
`resources (e.g., file sharing server, HR systems, etc.). Enterprise
`Single Sign-On with KCD allays any security concerns that a
`
`
`la-1265994
`
`8
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 14
`
`

`

`
`
`
`
`business might have about corporate credentials being transmitted
`from or saved to mobile devices, as those credentials never even
`leave the corporate network.”
`http://www1.good.com/good-dynamics-platform/single-sign-on.html.
`
`“Q: What is the UDID being used for?
`A: Good Technology uses the UDID to uniquely identify the
`device.”
`https://community.good.com/blogs/product_blog/2012/07/25/an-important-
`note-about-the-next-release-of-good-for-enterprise--ios-and-apples-unique-
`device-identifier-udid).
`
`“Good Technology will generate a random number as a method
`for uniquely identifying the device.”
`https://community.good.com/blogs/product_blog/2012/07/25/an-important-
`note-about-the-next-release-of-good-for-enterprise--ios-and-apples-unique-
`device-identifier-udid.
`
`“Due to privacy concerns, Apple is now requiring all apps using
`the Unique Device Identifier (UDID) to obtain the device owner's
`consent. Since Good for Enterprise utilizes the UDID to uniquely
`identify the device, you will now be prompted to allow or deny
`use of the UDID when you upgrade or install the next release. If
`you decide not to allow the use the UDID, you will need to re-
`provision the app. . . .”
`https://community.good.com/blogs/product_blog/2012/07/25/an-important-
`note-about-the-next-release-of-good-for-enterprise--ios-and-apples-unique-
`device-identifier-udid.
`
`
`Good Dynamics Security White Paper, p. 3.
`
`
`
`la-1265994
`
`9
`
`
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 15
`
`

`

`
`
`
`
`
`
`http://www1.good.com/good-dynamics-platform/deployment-options.html.
`In the Accused Good System, after the user and client device are
`authenticated by the proxy server, a compliance service performs a
`compliance check to determine whether the stored periodically updated
`device profile for the client device is in compliance with one or more
`compliance rules (e.g., policy sets). If the client device passes that
`compliance check, the compliance service authorizes the client device to
`communicate with the enterprise device (e.g., to access requested
`resources).
`
`Public literature about Good’s products provides ample evidence of
`Good’s infringement with respect to this limitation. See, e.g., Good
`Dynamics Security White Paper; Good Mobile Messaging—Good Mobile
`Control for Microsoft Exchange Administrator’s Guide, Version 1.3.5 and
`subsequent versions (“GMC Admin Guide”); Good Mobile Manager
`Administrator’s Guide, Version 2.4.1 and subsequent versions (“GMM
`Admin Guide”); Good Mobile Messaging—Good Mobile Control for
`IBM Lotus Domino Administrator’s Guide (“GMC Domino Admin
`Guide”), Version 1.3.5. and subsequent versions; Good Mobile Access
`(Secure Browser) Guide, Version 2.4.1 and subsequent versions; GMM
`Server 8.2 Deployment Planning Guide; http://www1.good.com/good-
`dynamics-platform/deployment-options.html;
`http://media.www1.good.com/documents/sb-secure-mobility-solution.pdf;
`http://business.scoop.co.nz/2014/07/24/good-technology-good-dynamics-
`secure-mobility-platform/; http://www1.good.com/good-dynamics-
`platform/single-sign-on.html;
`https://www.gov.uk/government/publications/good-for-enterprise-and-
`good-dynamics-security-guidance/good-for-enterprise-and-good-
`dynamics-security-guidance;
`https://community.good.com/blogs/product_blog/2012/07/25/an-
`important-note-about-the-next-release-of-good-for-enterprise--ios-and-
`apples-unique-device-identifier-udid).
`
`Evidence of Good’s infringement with respect to this limitation includes,
`but is not limited to, the following example excerpts from public literature
`
`a compliance
`service that
`authorizes the client
`device to
`communicate with
`the enterprise
`device in response
`to the proxy server
`authenticating the
`user and the client
`device, wherein the
`compliance service
`authorizes the client
`device based at
`least in part on a
`determination of
`whether the
`periodically
`updated device
`profile associated
`with the client
`device stored on the
`proxy server is in
`compliance with at
`least one
`compliance rule;
`and
`
`
`la-1265994
`
`10
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 16
`
`

`

`about Good’s products:
`
`
`“From the Check Every dropdown, choose how often you want the
`compliance rule checked while the handheld is running (from
`every minute to once every 24 hours). Frequency may impact
`performance and battery life. The rule is also checked at Client
`startup and launch.
`
`* * *
`You can explicitly monitor the presence or absence of a list of
`applications on a device. You use compliance-management
`policies to do so. . . . Application checks occur automatically on a
`handheld when it is set up for the first time and whenever Good
`for Enterprise starts up or exits on it and then by default once
`every 12 hours (as well as when policy changes are received). To
`specify more frequent checks for a particular rule, click the “edit”
`link for the rule. In the Edit compliance rule window that opens,
`choose the desired frequency from the “Check every” dropdown
`menu and then click OK.
`
`
`
`
`la-1265994
`
`* * *
`Out-of-compliance causes can include jailbreak detection,
`connectivity verification (device must have connected to Good
`within a specified time), OS version verification, hardware model
`verification, etc. Out-of-compliance actions can include exiting
`from the Good Client on the device, deactivating the Client, and
`creating a compliance report.
`
`* * *
`For each policy set, there are policy settings available in the
`following categories:
`
`General policies:
` Handheld Authentication
` Messaging
` Network Communication
` Provisioning
` Storage Cards
` File Handling
`Application Policies:
` Blocked Applications
` Compliance Manager
` Data Encryption
` Application Management
`Plugin Policies:
`
`iOS configuration
` Android configuration
` Good Mobile Access Secure Browser (an integrated
`browser for Intranet use)”
`GMC Domino Admin Guide, pp. 121–262.
`
`11
`
`
`
`Good Technology Software, Inc., Ex. 1007 - 17
`
`

`

`“Creating and Changing Handheld Policy Sets and Templates
`Every handheld has a named policy set associated with it.”
`GMC Domino Admin Guide, p. 129.
`
`“With the profiles installed on the device, the Operations Center
`periodically, via the APNS, requests the device to contact it when
`asked by the GMC to do so, to gather information from the device.
`The GMC displays this information. In addition, GMC can
`transmit actions to the device through the Operations Center, such
`as refreshing data, locking/unlocking the device, resetting the
`device password, and wiping the device”
`GMM Admin Guide, p. 3.
`
`“The Good Mobile Control Console (GMC) serves as your
`primary device-management tool. You use the GMC to add
`users/devices to the system, configure policies that manage device
`use, and monitor the devices after they are set up.”
`GMM Admin Guide, p. 1.
`
`“Compliance-management policies cause Good for Enterprise to
`check user handhelds periodically for specified applications. If
`these required applications are not present (or, in some cases,
`present but not running), you can choose from the following
`failure actions, when supported: quit Good for Enterprise, force
`download of the missing application to the handheld (when the
`rule involves checking for an application), or wipe the Good data
`or complete device.”
`http://www.steelcloud.com/sw_mobile/veriscan/InstallGuides/Good/GoodAdmi
`nGuide_2.2.0_exchange.pdf.
`
`
`
`
`
`“Compliance management policies cause Good Messaging to
`check user handhelds periodically for specified applications. If
`these applications are not present, Good Messaging will be
`disabled on the handheld.”
`http://www.demogood.com/media/pd