IN THE UNITED STATES DISTRICT COURT
`FOR THE EASTERN DISTRICT OF VIRGINIA
`RICHMOND DIVISION
`
`
`
`
`
`THE TRUSTEES OF COLUMBIA
`UNIVERSITY IN THE CITY OF NEW
`YORK,
`
`Plaintiff
`
`Civil Action No. 3:13-cv-00808-JRS
`
`
`CONTAINS MATERIALS
`DESIGNATED HIGHLY
`CONFIDENTIAL OUTSIDE
`COUNSEL ONLY
`
`
`
`
`
`
`
`
`v.
`
`SYMANTEC CORPORATION,
`
`
`
`Defendant
`
`EXPERT REPORT OF DR. TRENT JAEGER REGARDING INVALIDITY OF U.S.
`PATENT NOS. 7,487,544 & 7,979,907
`
`
`Exhibit Page 1
`
`Columbia Ex. 2004
`Symantec v. Columbia
`IPR2015-00375
`
`

`
`CONTAINS MATERIALS DESIGNATED HIGHLY CONFIDENTIAL OUTSIDE COUNSEL ONLY
`
`
`
`MIMEsweeper Publications
`
`
`III. BASIS FOR OPINIONS
`
`A.
`
`Qualifications
`
`10. My experience and education are detailed in my curriculum vita, which is
`
`attached as Appendix 2 to this report.
`
`11.
`
`I am currently a Professor in the Department of Computer Science and
`
`Engineering at The Pennsylvania State University. I am Co-Director of the Systems and Internet
`
`Infrastructure Security (SIIS) Lab in the Department of Computer Science and Engineering. As
`
`the name indicates, the SIIS Lab focuses on computer security research. I am also Chair of the
`
`Association of Computing Machinery’s (ACM’s) Special Interest Group on Security, Audit, and
`
`Control (SIGSAC). SIGSAC is among the largest organizations of computer security research in
`
`the world.
`
`12.
`
`I received my B.S. in Chemical Engineering from California State Polytechnic
`
`University, Pomona. I received my M.S.E. in Computer Science from the University of
`
`Michigan in 1993. Subsequently, in 1997, I received a Ph.D. in Computer Science and
`
`Engineering from the University of Michigan, Ann Arbor. My thesis research was on the
`
`development of security mechanisms to control the execution of downloaded executables. A
`
`downloaded executable is a computer program that is sent from one computer to another, as
`
`email attachments are. My paper entitled, “Support for the File System Security Requirements
`
`of Computational E-Mail Systems” was published in the Proceedings of the 2nd ACM
`
`Conference on Computer and Communications Security in 1994. This paper examined the
`
`security challenges in controlling the executables delivered as email attachments.
`
`13.
`
`In addition, I have been working in the software field for over 25 years and in
`
`computer and network security for over 20 years. From 1986 to 1991, I worked for Electronic
`
`
`
`
`6
`
`
`Exhibit Page 2
`
`Columbia Ex. 2004
`Symantec v. Columbia
`IPR2015-00375
`
`

`
`CONTAINS MATERIALS DESIGNATED HIGHLY CONFIDENTIAL OUTSIDE COUNSEL ONLY
`
`
`
`Data Systems in its Artificial Intelligence Services group, where I worked on various projects
`
`that leveraged artificial intelligence (AI) theory and techniques. At the University of Michigan, I
`
`also took several courses in AI, including a course devoted to machine learning. I passed the AI
`
`qualifying exam.
`
`14.
`
`After pursuing research on applying AI techniques to the design of software
`
`processes, I switched focus to computer and network security for my thesis work. After
`
`graduating from the University of Michigan, I continued working in the area of computer and
`
`network security at IBM Research between 1996 and 2005. In 2005, I moved to The
`
`Pennsylvania State University, where my research focus has been computer and network
`
`security. I have published over 100 refereed conference and journal papers related to computer
`
`and network security. I have authored the book Operating Systems Security, which examines
`
`how operating system designs control the executables that they run. This book has been used in
`
`computer security courses in universities around the world. I have developed and taught several
`
`classes on computer security, for graduate and undergraduate students.
`
`B. Materials Considered
`
`15.
`
`As part of my preparation for writing this report, I reviewed the materials listed in
`
`Appendix 1.
`
`C.
`
`16.
`
`Level of Ordinary Skill in the Art
`
`I understand that a person having ordinary skill in the art is a hypothetical person
`
`who analyzes the prior art without the benefit of hindsight. I further understand that a person of
`
`ordinary skill in the art is presumed to be one who thinks along the lines of conventional wisdom
`
`in the art and is not one who undertakes to innovate, whether by extraordinary insights or by
`
`patient and often expensive systematic research. I understand a person of ordinary skill is also a
`
`person of ordinary creativity, not an automaton.
`
`
`
`
`7
`
`
`Exhibit Page 3
`
`Columbia Ex. 2004
`Symantec v. Columbia
`IPR2015-00375
`
`

`
`CONTAINS MATERIALS DESIGNATED HIGHLY CONFIDENTIAL OUTSIDE COUNSEL ONLY
`
`
`
`17.
`
`I understand that the hypothetical person of ordinary skill is presumed to have
`
`knowledge of all references that are sufficiently related to one another and to the pertinent art,
`
`and to have knowledge of all arts reasonably pertinent to the particular problem that the claimed
`
`invention addresses.
`
`18.
`
`In my opinion, a person of ordinary skill in the art at the time of the alleged
`
`invention would be a person with a Master’s degree in computer science, computer engineering,
`
`or a similar field, or a Bachelor’s degree in computer science, computer engineering, or a similar
`
`field, with approximately two years of industry experience relating to computer security.
`
`Additional graduate education might substitute for experience, while significant experience in
`
`the field of computer programming and computer security might substitute for formal education.
`
`19.
`
`I understand that Columbia contends a person of ordinary skill in the art is a
`
`person with an undergraduate degree in computer science or mathematics, and one to two years
`
`of experience in the field of computer security. [Declaration of Professor Douglas C. Szajda
`
`(Dkt. No. 106-1) ¶ 21] My opinions discussed below would remain the same under either
`
`definition of a person of ordinary skill.
`
`20.
`
`I meet the criteria I describe above, as well as the criteria proposed by Columbia,
`
`and consider myself a person with at least ordinary skill in the art pertaining to the ‘544 and ‘907
`
`patents. I would have been such a person at the time of alleged invention of the ’544 and ‘907
`
`patents.
`
`IV.
`
`LEGAL STANDARDS
`
`21.
`
`In this section I describe my understanding of certain legal standards. I have been
`
`informed of these legal standards by Symantec’s attorneys. I am not an attorney and I am relying
`
`only on instructions from Symantec’s attorneys for these legal standards.
`
`
`
`
`8
`
`
`Exhibit Page 4
`
`Columbia Ex. 2004
`Symantec v. Columbia
`IPR2015-00375
`
`

`
` %
`r.Tre
`
`
`
`/0 I7 2%)
`Date
`
`Exhibit Page 5
`
`Columbia Ex. 2004
`
`Symantec V. Columbia
`IPR201 5-003 75
`
`
`Exhibit Page 5
`
`Columbia Ex. 2004
`Symantec v. Columbia
`IPR2015-00375