throbber
·1· · · · · · · IN THE UNITED STATES DISTRICT COURT
`
`·2· · · · · · FOR THE CENTRAL DISTRICT OF CALIFORNIA
`
`·3· · · · · · · · · · · ·SOUTHERN DIVISION
`
`·4
`
`·5· ·KINGLITE HOLDINGS INC.,· · · · · · )
`· · · · · Plaintiff,· · · · · · · · · · )
`·6· · · · · · · · · · · · · · · · · · · ) Case No.:
`· · · · · · · · · · · · · · · · · · · · ) CV 14-03009 JVS (PJWx)
`·7· · · · vs.· · · · · · · · · · · · · ·) Consolidated with
`· · · · · · · · · · · · · · · · · · · · ) Case No.:
`·8· · · · · · · · · · · · · · · · · · · ) CV 14-04989 JVS (PJWx)
`· · · · · · · · · · · · · · · · · · · · )
`·9· ·MICRO-STAR INTERNATIONAL CO., LTD; )
`· · ·MSI COMPUTER CORP.; GIGA-BYTE· · · )
`10· ·TECHNOLOGY CO., LTD.; G.B.T., INC.;)
`· · ·and AMERICAN MEGATRENDS INC.,· · · )
`11· · · · Defendants.· · · · · · · · · ·)
`· · ·___________________________________)
`12
`
`13
`
`14
`
`15· · · · · · · VIDEOTAPED DEPOSITION OF PAUL DREWS
`
`16· · · · · · · Taken in behalf of the Defendants
`
`17· · · · · · · · · Tuesday, February 24, 2015
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`1
`
`EX 1011
`IPR of Pat. No. 6,892,304
`
`

`

`·1· · · · BE IT REMEMBERED that the deposition of PAUL DREWS
`
`·2· ·was taken before Victoria A. Guerrero, Certified
`
`·3· ·Shorthand Reporter, Registered Merit Reporter, Certified
`
`·4· ·Realtime Reporter, on Tuesday, February 24, 2015,
`
`·5· ·commencing at the hour of 9:03 a.m., in the conference
`
`·6· ·room of the Pacific University, in the City of Forest
`
`·7· ·Grove, County of Washington, State of Oregon.
`
`·8
`
`·9· · · · · · · · · · · · · · · -:-
`
`10
`
`11· · · · · · · · · · · · ·APPEARANCES:
`
`12
`
`13· ·For the Plaintiff:
`
`14· ·STADHEIM & GREAR
`· · ·GEORGE C. SUMMERFIELD
`15· ·400 North Michigan Avenue, Suite 2200
`· · ·Chicago, Illinois· 60611
`16· ·Phone 312.755.4400
`· · ·E-mail:· Summerfield@stadheimgrear.com
`17
`
`18
`
`19· ·For the Defendant:
`
`20· ·HILL, KERTSCHER & WHARTON, LLP
`· · ·STEVEN G. HILL
`21· ·VIVEK A. GANTI
`· · ·3350 Riverwood Parkway, Suite 800
`22· ·Atlanta, Georgia· 30339
`· · ·Phone 770.953.0995· Fax 770.953.1358
`23· ·E-mail:· Sgh@hkw-law.com
`· · ·E-mail:· Vg@hkw-law.com
`24
`
`25
`
`2
`
`

`

`·1· ·APPEARANCES:· (cont'd)
`
`·2
`
`·3· ·For the Witness:
`
`·4· ·PERKINS COIE
`· · ·TYLER R. BOWEN
`·5· ·2901 North Central Avenue, Suite 2000
`· · ·Phoenix, Arizona· 85012-2788
`·6· ·Phone 602.351.8448· Fax 602.648.7007
`· · ·E-mail:· Tbowen@perkinscoie.com
`·7
`
`·8
`
`·9· ·ALSO PRESENT:
`
`10· · · · · · ·Mick Irwin, Videographer
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`3
`
`

`

`·1· · · · · · · · · · ·INDEX TO EXAMINATION
`
`·2· · · · · · · · · · ·WITNESS:· PAUL DREWS
`
`·3
`
`·4· ·EXAMINATION:· · · · · · · · · · · · · · · · · ·PAGE· ·LINE
`
`·5· ·By Mr. Hill· · · · · · · · · · · · · · · · · · · 7· · · ·8
`
`·6· ·By Mr. Summerfield· · · · · · · · · · · · · · · 71· · · 20
`
`·7· ·By Mr. Hill· · · · · · · · · · · · · · · · · · ·86· · · 11
`
`·8· ·By Mr. Summerfield· · · · · · · · · · · · · · · 88· · · ·9
`
`·9· ·By Mr. Hill· · · · · · · · · · · · · · · · · · ·91· · · ·3
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`4
`
`

`

`·1· · · · · · · · · · · ·INDEX TO EXHIBITS
`
`·2· · · · · · · · · · · · · PAUL DREWS
`
`·3· · · · Kinglite Holdings vs. Micro-Star International
`
`·4· · · · · · · · · Tuesday, February 24, 2015
`
`·5· · · · · · · Victoria A. Guerrero, CSR, RMR, CRR
`
`·6
`
`·7· ·MARKED· · · · · · · · · DESCRIPTION· · · · · · · · PAGE· LINE
`
`·8· ·Exhibit 1· · · · ·US Patent No. 6,539,480 dated· · · 10· · 19
`· · · · · · · · · · · ·3-25-03; Bates Nos. DEF
`·9· · · · · · · · · · ·00003990 through 4000
`
`10· ·Exhibit 2· · · · ·Boot Integrity Services· · · · · · 54· · 19
`· · · · · · · · · · · ·Application Programming
`11· · · · · · · · · · ·Interface Version 1.0; Bates
`· · · · · · · · · · · ·Nos. DEF 00008024 through 8087
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`5
`
`

`

`·1· · · · · · ·Tuesday, February 24, 2015; 9:03 a.m.
`
`·2· · · · · · · · · · ·Forest Grove, Oregon
`
`·3· · · · · · · · · · · · · · ·ooOoo
`
`·4
`
`·5· · · · · · THE VIDEOGRAPHER:· Here begins the videotaped
`
`·6· ·deposition of Mr. Paul Drews in the matter Kinglite
`
`·7· ·Holdings versus Micro-Star International, et al.· Case
`
`·8· ·No. CV-14-03009 JVS in the United States District Court
`
`·9· ·for the Central District of California, the Southern
`
`10· ·Division.
`
`11· · · · · · Can the attorneys present please state their
`
`12· ·appearances for the record.
`
`13· · · · · · MR. HILL:· For the defendants, Steve Hill and
`
`14· ·Vivek Ganti, Hill, Kertscher & Wharton.
`
`15· · · · · · MR. SUMMERFIELD:· For the plaintiff, George
`
`16· ·Summerfield.
`
`17· · · · · · MR. BOWEN:· For the witness and Intel
`
`18· ·Corporation, Tyler Bowen of Perkins Coie.
`
`19· ·///
`
`20· ·///
`
`21· ·///
`
`22· ·///
`
`23· ·///
`
`24· ·///
`
`25· ·///
`
`6
`
`

`

`·1· · · · · · · · · · · · · · ·ooOoo
`
`·2· · · · · · · · · Whereupon, PAUL DREWS was called as a
`
`·3· · · · · · witness by and on behalf of the Defendant, and
`
`·4· · · · · · having been first duly sworn by the Certified
`
`·5· · · · · · Shorthand Reporter, was examined and testified
`
`·6· · · · · · as follows:
`
`·7
`
`·8· · · · · · · · · · · · · EXAMINATION
`
`·9
`
`10· ·BY MR. HILL:
`
`11· · · ·Q· · Good morning.
`
`12· · · ·A· · Thank you.
`
`13· · · ·Q· · We met briefly before we went on the record.
`
`14· ·My name is Steve Hill and I represent defendants in this
`
`15· ·case which are America Megatrends, Incorporated,
`
`16· ·Micro-Star International, and Giga-Byte, and their US
`
`17· ·subsidiaries.
`
`18· · · · · · Have you been deposed before?
`
`19· · · ·A· · No, I have not.
`
`20· · · ·Q· · Do you understand that the oath that you were
`
`21· ·administered at the outset of the deposition is the same
`
`22· ·oath that you would take if we were testifying live
`
`23· ·today in front of the judge or jury in this case?
`
`24· · · ·A· · Yes.
`
`25· · · ·Q· · And today where are we located for the
`
`7
`
`

`

`·1· ·deposition?
`
`·2· · · ·A· · We are in a building owned by Pacific
`
`·3· ·University campus.· I see the sign on the wall says,
`
`·4· ·President's Conference Room.
`
`·5· · · ·Q· · And what city and state, please?
`
`·6· · · ·A· · This is Forest Grove, Oregon, USA.
`
`·7· · · ·Q· · And do you reside in Oregon?
`
`·8· · · ·A· · Yes, I do.
`
`·9· · · ·Q· · And how long have you lived in Oregon,
`
`10· ·Mr. Drews?
`
`11· · · ·A· · I moved here in 1982.
`
`12· · · ·Q· · And what is your full legal name, for the
`
`13· ·record?
`
`14· · · ·A· · Paul Christian Drews.
`
`15· · · ·Q· · How long have you lived in Oregon?
`
`16· · · ·A· · So it's since 1982, I've lived here
`
`17· ·continuously that whole time, if you subtract.
`
`18· · · ·Q· · Do you have any residential address in Orange
`
`19· ·County, California?
`
`20· · · ·A· · No, I don't.
`
`21· · · ·Q· · Are you presently employed?
`
`22· · · ·A· · No.
`
`23· · · ·Q· · Who was your employer at the time that you
`
`24· ·retired from employment?
`
`25· · · ·A· · Intel Corporation.
`
`8
`
`

`

`·1· · · ·Q· · How many years did you work for Intel?
`
`·2· · · ·A· · Thirty-one years.
`
`·3· · · ·Q· · From what year to what year, approximately?
`
`·4· · · ·A· · It was 1982, summer of 1982 till December of
`
`·5· ·2003.
`
`·6· · · ·Q· · And when you worked for Intel, did you work out
`
`·7· ·of an Intel facility in Oregon?
`
`·8· · · ·A· · I was always in Intel facilities in Oregon,
`
`·9· ·yes.
`
`10· · · ·Q· · What positions did you hold during your tenure
`
`11· ·at Intel?· You can answer in general terms.· Don't need
`
`12· ·to give --
`
`13· · · ·A· · In general, I was hired as a -- as a junior
`
`14· ·engineer and worked my way up to senior engineer.· Intel
`
`15· ·has job numbers that they give you.· I was a -- when I
`
`16· ·retired I was a level eight, I believe it is.
`
`17· · · ·Q· · You started as a junior engineer.· Did you have
`
`18· ·an educational background in engineering?
`
`19· · · ·A· · I had a Bachelor of Arts degree.
`
`20· · · ·Q· · And what was your college major?
`
`21· · · ·A· · I had a triple major in physics, math, and
`
`22· ·computer science.
`
`23· · · ·Q· · Any advanced degrees after --
`
`24· · · ·A· · No degrees after that.
`
`25· · · ·Q· · What year did you graduate college?
`
`9
`
`

`

`·1· · · ·A· · 1979.
`
`·2· · · ·Q· · From which institution?
`
`·3· · · ·A· · Luther College, it's in Decorah, Iowa.
`
`·4· · · ·Q· · And was the job with Intel the first job that
`
`·5· ·you had coming out of school?
`
`·6· · · ·A· · No.
`
`·7· · · ·Q· · Where did you work before joining Intel?
`
`·8· · · ·A· · I worked for the college for three years right
`
`·9· ·after graduating.
`
`10· · · ·Q· · Okay.· In the math or science department?
`
`11· · · ·A· · I worked in the computer center.
`
`12· · · ·Q· · Doing lab work?
`
`13· · · ·A· · I was building some computer equipment for the
`
`14· ·place and doing some programming for administrative that
`
`15· ·they had for grade keeping and so forth.
`
`16· · · ·Q· · The court reporter has marked as Exhibit 1
`
`17· ·United States Patent 6,539,480.· I'll let the court
`
`18· ·reporter hand the witness, this is Drews Exhibit 1.
`
`19· · · · · · (Exhibit 1, US Patent No. 6,539,480 dated
`
`20· · · · · · 3-25-03; Bates Nos. DEF 00003990 through 4000,
`
`21· · · · · · was marked.)
`
`22· ·BY MR. HILL:
`
`23· · · ·Q· · Take a moment, if you would, and just flip
`
`24· ·through the pages of Drews Exhibit 1 and let me know if
`
`25· ·you recognize this document.
`
`10
`
`

`

`·1· · · ·A· · Yes, I do.
`
`·2· · · ·Q· · Can you just state in general terms what you
`
`·3· ·recognize Drews Exhibit 1 to be?
`
`·4· · · · · · MR. SUMMERFIELD:· Object to the form.
`
`·5· · · · · · MR. HILL:· You can still answer.
`
`·6· · · · · · THE WITNESS:· It's a patent that I did with,
`
`·7· ·you know, for Intel.· It's quite some time ago now.· Do
`
`·8· ·you want my summary of the details or what?
`
`·9· ·BY MR. HILL:
`
`10· · · ·Q· · No.
`
`11· · · ·A· · Okay.
`
`12· · · ·Q· · So do you recognize Drews Exhibit 1 to be a
`
`13· ·patent that you were responsible for?
`
`14· · · ·A· · Yes.· Yes.
`
`15· · · ·Q· · And was this a patent that you applied for with
`
`16· ·the assistance of Intel counsel?
`
`17· · · ·A· · Yes, with the assistance of Intel.
`
`18· · · ·Q· · Who, to the best of your ability to recall,
`
`19· ·actually prepared the contents of the patent?
`
`20· · · ·A· · I do not recall the name of the patent
`
`21· ·attorney, but Intel assigns a patent attorney and they
`
`22· ·work with me to construct the actual text of this and
`
`23· ·there's a lot of back and forth review of it.
`
`24· · · ·Q· · Now, on the first page of the Exhibit 1, which
`
`25· ·I'm going to refer to it as the '480 patent, looking at
`
`11
`
`

`

`·1· ·the last three digits of the patent number.· Will you
`
`·2· ·understand --
`
`·3· · · ·A· · Yes.
`
`·4· · · ·Q· · -- when I refer to the '480 patent I'm
`
`·5· ·referring to Exhibit 1?
`
`·6· · · ·A· · Okay.
`
`·7· · · ·Q· · So in looking at the '480 patent, do you -- on
`
`·8· ·the first page, do you see that it reflects a filing
`
`·9· ·date in the -- in the left-hand column of the first
`
`10· ·page?· It says the application number and then below
`
`11· ·that it says filed.
`
`12· · · ·A· · Oh, yes.· Oh, there it is.· Okay.
`
`13· · · ·Q· · Can you just state what the date of the filing
`
`14· ·of the application that led to the '480 patent is?
`
`15· · · ·A· · It says filed December 31, 1998.
`
`16· · · ·Q· · And does that comport with your recollection of
`
`17· ·the approximate time frame of when you applied for what
`
`18· ·became the '480 patent?
`
`19· · · ·A· · Approximately, yes.
`
`20· · · ·Q· · And the title of the patent is also shown on
`
`21· ·the first page of the '480 patent; do you see the title
`
`22· ·of this patent?
`
`23· · · ·A· · Yes, I do.
`
`24· · · ·Q· · Can you just state what the title of the patent
`
`25· ·is for the judge and jury?
`
`12
`
`

`

`·1· · · ·A· · Secure transfer of trust in a computing system.
`
`·2· · · ·Q· · And I'm not going to ask you to read the
`
`·3· ·abstract into the record, but could you just read the
`
`·4· ·abstract of the patent as recited on the cover page of
`
`·5· ·the '480 patent to yourself?
`
`·6· · · · · · And then what I'm going to ask you to do is if
`
`·7· ·you could summarize for the judge and jury what the
`
`·8· ·invention described in the '480 patent is?
`
`·9· · · · · · MR. SUMMERFIELD:· Object to the form.
`
`10· ·BY MR. HILL:
`
`11· · · ·Q· · Okay.· Well, let's take it in pieces.· Let me
`
`12· ·know when you've had a chance to read the abstract of
`
`13· ·the patent to yourself.
`
`14· · · ·A· · Okay.
`
`15· · · ·Q· · And then I'm going to ask you some questions.
`
`16· · · ·A· · Okay.· I've read it.
`
`17· · · ·Q· · Can you explain in high level terms what the
`
`18· ·invention was that caused you to seek what became the
`
`19· ·'480 patent?
`
`20· · · ·A· · There was a need to -- there's some prior
`
`21· ·motivation for this, but there was a need to --
`
`22· ·basically you have a computer system that can validate
`
`23· ·things, incoming information, using a -- using a public
`
`24· ·key or some sort of key to validate it.
`
`25· · · · · · And if -- for example, if I'm the manufacturer
`
`13
`
`

`

`·1· ·of this computer and, for example -- well, it's easy to
`
`·2· ·explain with examples here.
`
`·3· · · · · · So for example, the computer receives a boot
`
`·4· ·image.· It can validate whether the boot image has been
`
`·5· ·damaged in transit and has come from an authority that I
`
`·6· ·trust by validating a digital signature of the boot
`
`·7· ·image.
`
`·8· · · · · · Now, it would have to validate that against a
`
`·9· ·-- probably a public key that it holds inside that's
`
`10· ·already inside the computer.· As manufacturer of the
`
`11· ·computer, I would install that public key and I would --
`
`12· ·I would use my private key to sign those boot images.
`
`13· · · · · · If I sell this computer to somebody else, I'm
`
`14· ·no longer in charge of supplying boot images for this, I
`
`15· ·would want to transfer that authority to someone else.
`
`16· · · · · · So how would I do that in a secure way?· That's
`
`17· ·the motivation for this.· The way this works is in very
`
`18· ·high level summary, is you would construct a request to
`
`19· ·change the public key that's installed in the computer
`
`20· ·and sign that with the corresponding private key, and
`
`21· ·you would put some other -- you do some other things to
`
`22· ·make sure, to guard against replay of this kind of a
`
`23· ·message.
`
`24· · · · · · And then issue this request to the computer
`
`25· ·saying, okay, go ahead and change the public key.· And
`
`14
`
`

`

`·1· ·then the software in there would validate the message,
`
`·2· ·make sure that it passes the, you know, the signature's
`
`·3· ·valid, that the data is valid, that this is a unique
`
`·4· ·request that's not being replayed from somewhere else.
`
`·5· · · · · · And then it would go ahead and change the
`
`·6· ·public key to the new one that was supplied.· And then
`
`·7· ·presumably that public key would be supplied by a
`
`·8· ·customer that I'm selling this thing to and they're in
`
`·9· ·charge of it now.
`
`10· · · ·Q· · I see.
`
`11· · · ·A· · So that's an example.· You can use this for
`
`12· ·validating other kinds of configuration data.
`
`13· · · ·Q· · When you use the term configuration data, can
`
`14· ·you tell me what that term means to you?
`
`15· · · ·A· · All sorts of things.· It can be very broad.· It
`
`16· ·could be, you know, for example it could be the BIOS.
`
`17· ·BIOSes have many settings.· It could be any collection
`
`18· ·of those settings of the BIOS.
`
`19· · · · · · It could be operation parameters of a machine,
`
`20· ·say a cell phone or something like that, screen
`
`21· ·background color, the radio power or something like
`
`22· ·that.· Those are configuration settings that could be
`
`23· ·sensitive.· You might want to control who can change
`
`24· ·that stuff, who has the authority to change that stuff.
`
`25· · · ·Q· · Now, you mentioned -- you mentioned some keys
`
`15
`
`

`

`·1· ·in your prior description of the technology?
`
`·2· · · ·A· · Uh-huh.
`
`·3· · · ·Q· · And I just want to take a step back.· How did
`
`·4· ·you become familiar with public keys and private keys?
`
`·5· · · ·A· · So the first information about that stuff came
`
`·6· ·out, I first encountered this as a young teenager in
`
`·7· ·Scientific America articles.· I didn't really have the
`
`·8· ·math background at the time to understand the basis for
`
`·9· ·it, but I could understand what was going on.· I only
`
`10· ·encountered that professionally around the time of, you
`
`11· ·know, within a couple years of this patent here.· And I
`
`12· ·read up on it with whatever information I could find and
`
`13· ·learned how you use these things and what you can do
`
`14· ·with them and so forth.
`
`15· · · ·Q· · I noticed on the cover page of the '480 patent
`
`16· ·that there's a reference in publications that were
`
`17· ·disclosed.· If you look at the top of the right-hand
`
`18· ·column on the cover page of the patent, there's a
`
`19· ·reference to a publication by Bruce Schneier --
`
`20· · · ·A· · Uh-huh.
`
`21· · · ·Q· · -- called Applied Cryptography:· Protocols,
`
`22· ·Algorithms, and Source Code in C., dated October of
`
`23· ·1995.
`
`24· · · · · · Was that one of the materials that you used to
`
`25· ·refresh your recollection as to public and private keys?
`
`16
`
`

`

`·1· · · ·A· · I don't recall reading this.
`
`·2· · · ·Q· · Are you familiar with Mr. Schneier's work in
`
`·3· ·the field of applied cryptography?
`
`·4· · · ·A· · No, I'm not.
`
`·5· · · ·Q· · Do you recall anything about the specific
`
`·6· ·articles or publications that you read up on prior to
`
`·7· ·doing the work that led to this particular patent?
`
`·8· · · ·A· · No, I don't.· I don't recall details of that.
`
`·9· · · ·Q· · So to the best of your ability to recall, what
`
`10· ·was your understanding as you were working on the
`
`11· ·technology that led to the '480 patent of how the public
`
`12· ·key and the private key worked in an applied
`
`13· ·cryptography scheme?
`
`14· · · ·A· · So basically -- so I have a basic understanding
`
`15· ·of what you can do with it.· Basically, you take -- you
`
`16· ·have -- somebody generates a key pair.· I do not know
`
`17· ·the algorithms that these things are used to generate
`
`18· ·them, but I know what you can do with them.· It involves
`
`19· ·large prime numbers at some point.
`
`20· · · · · · And one of the things that makes this work,
`
`21· ·although I don't know exactly how, is the fact that it's
`
`22· ·difficult to factor a very large number that's a product
`
`23· ·of two prime numbers.· And you generate a key pair.· You
`
`24· ·designate one as public, you designate another one as
`
`25· ·private.· You can hand out the public one to anybody.
`
`17
`
`

`

`·1· ·And you keep the private key secret.
`
`·2· · · · · · And then when you want to generate a -- so you
`
`·3· ·can use these things for encryption and decryption. I
`
`·4· ·don't think we use anything explicitly in this patent
`
`·5· ·for that, although there's a variation of digital
`
`·6· ·signatures that involves that, but doesn't have to
`
`·7· ·necessarily.
`
`·8· · · · · · But you use them in this patent, they're
`
`·9· ·heavily used for signing, making digital signatures and
`
`10· ·verifying digital signatures.· Basically, when you sign
`
`11· ·you sign with a private key, you supply -- basically
`
`12· ·supply the data that you want to sign and your private
`
`13· ·key.· And then the algorithm goes and produces a digital
`
`14· ·signature which is just a large bit pattern.
`
`15· · · · · · You can hand that bit pattern to anybody else.
`
`16· ·They can take the public key and verify.· Basically they
`
`17· ·take a -- they take what's supposed to be the same data
`
`18· ·and the public key and verify, and the signature, and
`
`19· ·verify that that public key is indeed the corresponding
`
`20· ·one to the private key that was used to generate that
`
`21· ·signature.· You verify the signature there.
`
`22· · · · · · The other interesting part of sort of
`
`23· ·cryptography is the notion of a cryptographic hash
`
`24· ·that's used in this patent in several places.· Basically
`
`25· ·you have a bunch of data, you compute a cryptographic
`
`18
`
`

`

`·1· ·hash.· It amounts to -- it's basically like a check sum.
`
`·2· · · · · · But it has to have -- in order to be a good
`
`·3· ·quality cryptographic hash, it has the property that
`
`·4· ·it's basically impossible for anybody to figure out a
`
`·5· ·different pattern of data that would result in the same
`
`·6· ·check sum.
`
`·7· · · · · · And if you change anything about the data, the
`
`·8· ·cryptographic hash changes in a way that's essentially
`
`·9· ·uncorrelated with the previous one.· Add more data to
`
`10· ·it, change one bit of the original data, take some bits
`
`11· ·out, the new cryptographic hash that you get under those
`
`12· ·circumstances uncorrelated with that.
`
`13· · · · · · So that's -- that's -- it's used, for example,
`
`14· ·in this patent to say if I have a large amount of
`
`15· ·configuration data and I wanted to say, you know, sort
`
`16· ·of a unique notion of what it is, I can compute a small
`
`17· ·cryptographic hash of that and that cryptographic hash
`
`18· ·represents uniquely that set of configuration data while
`
`19· ·still being very compact.
`
`20· · · · · · I guess the other interesting property of
`
`21· ·cryptographic hash, if you have the cryptographic hash
`
`22· ·you can't figure out what the data was.· You can't go
`
`23· ·backwards through that.
`
`24· · · ·Q· · So were there particular problems that you can
`
`25· ·recall trying to solve for as you were working your way
`
`19
`
`

`

`·1· ·through to develop the technology that became the '480
`
`·2· ·patent?
`
`·3· · · ·A· · Sure.· Digital signature's sort of fairly well
`
`·4· ·understood.· One of the problems is if you have --
`
`·5· ·there's various different kinds of threats that can
`
`·6· ·occur if I'm changing the configuration data of a
`
`·7· ·computer.
`
`·8· · · · · · If somebody sends me a message, if somebody
`
`·9· ·sends in a message to change the configuration data of
`
`10· ·this computer, it might be okay once, it might not be
`
`11· ·okay the second time on that same computer, it might not
`
`12· ·be okay to make that same change on another computer.
`
`13· ·So forth.
`
`14· · · · · · So there's various kinds of replay scenarios
`
`15· ·that you need to guard against.· And that's largely what
`
`16· ·the patent does, is a bunch of things to guard against
`
`17· ·those kinds of replay scenarios here.
`
`18· · · ·Q· · Can I direct your attention to column one of
`
`19· ·the '480 patent, please.· It's the first page of full
`
`20· ·text after the diagrams.
`
`21· · · ·A· · Okay.
`
`22· · · ·Q· · Direct your attention to the paragraph that
`
`23· ·starts at line 22.
`
`24· · · ·A· · All right.
`
`25· · · ·Q· · Do you see the first two sentences there where
`
`20
`
`

`

`·1· ·it states, One of the more difficult challenges is
`
`·2· ·preventing unauthorized individuals from changing the
`
`·3· ·basic configuration of a computer such as changing the
`
`·4· ·software that is used to start the computer.· In order
`
`·5· ·to prevent changes to such software known as the boot
`
`·6· ·image, conventional systems rely on passwords and other
`
`·7· ·security measures to prevent unauthorized physical
`
`·8· ·access.
`
`·9· · · · · · Can you comment on how digital signature
`
`10· ·technology could be used through the technology that you
`
`11· ·developed in order to combat that specific challenge?
`
`12· · · · · · MR. SUMMERFIELD:· Object to the form.
`
`13· ·BY MR. HILL:
`
`14· · · ·Q· · You can still answer.
`
`15· · · ·A· · How to phrase this.· So I can have a public key
`
`16· ·inside the computer.· When I receive a boot image,
`
`17· ·however I got it, I can also expect to receive a digital
`
`18· ·signature of that boot image.
`
`19· · · · · · And then I can use my public key to verify the
`
`20· ·digital signature over that data and make sure that, A,
`
`21· ·it came from the person who holds that private key who I
`
`22· ·deem to be the authority that's allowed to do that; and
`
`23· ·B, that it hasn't been altered since they signed it.
`
`24· · · ·Q· · Looking at the next couple of sentences
`
`25· ·starting at line 28, there's a discussion of protecting
`
`21
`
`

`

`·1· ·network computers; do you see that?
`
`·2· · · ·A· · Yes.
`
`·3· · · ·Q· · What was your thinking about how the
`
`·4· ·incorporation of digital signature, of the use of the
`
`·5· ·digital signature could assist in protecting network
`
`·6· ·computers?
`
`·7· · · ·A· · So during the time, actually somewhat before
`
`·8· ·this invention was -- this patent was written up, there
`
`·9· ·was a bunch of work to allow computers to boot over a
`
`10· ·network.· And there's a -- there are network
`
`11· ·specifications for how to do this.
`
`12· · · · · · They involve using something called trivial
`
`13· ·file transfer protocol, TFTP, to transfer the stuff.
`
`14· ·TFTP has a very weak check sum system.· And so it's easy
`
`15· ·for -- data could be damaged in transit for various
`
`16· ·different reasons, accidentally or maliciously or
`
`17· ·whatever.· And since the check sum algorithm is very
`
`18· ·weak, you can't tell.· You know, it'd be easy for
`
`19· ·somebody to sort of forge the wrong data.
`
`20· · · · · · And so what we wanted to do was add capability
`
`21· ·to that so that you could, after, you know, as part of
`
`22· ·receiving this downloaded image over the network, you
`
`23· ·could also receive a digital signature and go through
`
`24· ·and do the verification to see that it came from who you
`
`25· ·expected and it hadn't been modified in transit any way.
`
`22
`
`

`

`·1· · · ·Q· · And there's a statement, looking just a little
`
`·2· ·bit farther down in the same column.· Line 41, quote,
`
`·3· ·There is a need in the art for a security model that
`
`·4· ·protects a computer against unauthorized changes to
`
`·5· ·configuration data; do you see that quote?
`
`·6· · · ·A· · Okay.· It says security module.
`
`·7· · · ·Q· · Yes, for a security module.
`
`·8· · · ·A· · Yes.
`
`·9· · · ·Q· · Was this need a need that you were attempting
`
`10· ·to address as you developed the technology that became
`
`11· ·the '480 patent?
`
`12· · · ·A· · Yes.
`
`13· · · ·Q· · So let's look back to the cover pages, to the
`
`14· ·diagram on the cover page, because the last reference
`
`15· ·that we were looking at talked about a security module.
`
`16· ·And there's a box on the cover page of the '480 patent
`
`17· ·that has inside of it a box that is marked security
`
`18· ·module 30; do you see that?
`
`19· · · ·A· · Yes.
`
`20· · · ·Q· · What do you recall the purpose of security
`
`21· ·module 30 being in your '480 patent?
`
`22· · · ·A· · So that would be a module that knows how to --
`
`23· ·yeah, knows how to do basic operations with -- well,
`
`24· ·verification of digital signatures.· And there's a
`
`25· ·couple other algorithms that are shown later in the
`
`23
`
`

`

`·1· ·figures and it would know how to execute those
`
`·2· ·algorithms.· It would contain the implementation of
`
`·3· ·those algorithms.
`
`·4· · · ·Q· · Now, if I could direct your attention to column
`
`·5· ·3, line 15.· Do you see the paragraph that starts, as
`
`·6· ·explained in detail below?
`
`·7· · · ·A· · Yes.
`
`·8· · · ·Q· · Can you just read that paragraph into the
`
`·9· ·record, please.
`
`10· · · ·A· · As explained in detail below, security module
`
`11· ·30 grants a request to update trusted authority
`
`12· ·information 45 or to modify configuration data 60 as a
`
`13· ·function of the trusted authority information 45
`
`14· ·maintained in persistent store 40.· The calling entity
`
`15· ·that issues the modification request is typically either
`
`16· ·BIOS 35 or operating system 37 in response to a proposed
`
`17· ·action via system administrator 20.
`
`18· · · ·Q· · So there are several things that are mentioned
`
`19· ·in that paragraph as being relevant to the operation of
`
`20· ·your security module 30.· The first thing that it says
`
`21· ·is that it grants a request to update trusted authority
`
`22· ·information 45.
`
`23· · · · · · Can you comment on what trusted information --
`
`24· ·trusted authority information 45 refers to?
`
`25· · · ·A· · So, for example, that would be -- so the
`
`24
`
`

`

`·1· ·trusted authority 45 could be represented, could be
`
`·2· ·embodied as a public key that corresponds to the private
`
`·3· ·key that is held by the authority that we trust to do
`
`·4· ·these things.
`
`·5· · · ·Q· · And if you look at column three, starting at
`
`·6· ·line 65, and read that paragraph silently to yourself
`
`·7· ·ending at column 4, line 15, let me know after you've
`
`·8· ·had a chance to read that paragraph silently.
`
`·9· · · ·A· · Okay.
`
`10· · · ·Q· · Is the language that you used in the patent
`
`11· ·starting at line 3, 65, consistent with the notion that
`
`12· ·the trusted authority information can include the public
`
`13· ·key?
`
`14· · · ·A· · Yes.
`
`15· · · ·Q· · Can you read the sentence in column 4 that
`
`16· ·starts with, for example, in line 10?
`
`17· · · ·A· · For example, in one embodiment, security module
`
`18· ·30 uses public key-based digital signatures to validate
`
`19· ·any request to modify protected configuration data or
`
`20· ·trusted authority information.
`
`21· · · ·Q· · So in using digital signatures to validate any
`
`22· ·request to modify protected configuration data, let's
`
`23· ·look at how protected configuration data 60 is defined
`
`24· ·in your patent.
`
`25· · · · · · Can you look at column 3, line 22, the
`
`25
`
`

`

`·1· ·paragraph that begins, In what embodiment?
`
`·2· · · ·A· · Okay.
`
`·3· · · ·Q· · It's just a little bit to the left, just a
`
`·4· ·little bit lower on the page.
`
`·5· · · ·A· · Yes, I see it.
`
`·6· · · ·Q· · So if you would read to yourself, starting at
`
`·7· ·column 3, line 22, down through line 32, and let me know
`
`·8· ·when you have finished --
`
`·9· · · ·A· · Okay.
`
`10· · · ·Q· · -- reading that to yourself.· I have a couple
`
`11· ·questions about configuration data.
`
`12· · · ·A· · Okay.
`
`13· · · ·Q· · So have you familiarized -- refamiliarized
`
`14· ·yourself with examples of configuration data 60 in your
`
`15· ·patent?
`
`16· · · ·A· · Yes.
`
`17· · · ·Q· · And can you give some examples of what
`
`18· ·configuration data 60 would refer to in the context of
`
`19· ·using a digital signature to validate a request to
`
`20· ·modify protected configuration data?
`
`21· · · · · · MR. SUMMERFIELD:· Object to the form.
`
`22· ·BY MR. HILL:
`
`23· · · ·Q· · You can still answer.
`
`24· · · ·A· · So the examples given here, one example is boot
`
`25· ·image.· It's software that I would run as I start up the
`
`26
`
`

`

`·1· ·computer.· And it says operating system that would
`
`·2· ·continue to run as I'm continuing to use the computer.
`
`·3· ·That's one example given here.
`
`·4· · · · · · Then another example given here is
`
`·5· ·configuration -- well, it's basically, it says -- it's
`
`·6· ·the public key, basically.· It's the verification data.
`
`·7· · · · · · And then there's a sentence there that says,
`
`·8· ·not limited to protecting these sorts of things. I
`
`·9· ·earlier discussed, for example, other configuration data
`
`10· ·such as a new power level of a radio in a cell phone or
`
`11· ·something like that, plenty of other configuration data
`
`12· ·that lives inside a device persistently that you could
`
`13· ·guard with this.
`
`14· · · ·Q· · You say in column 3, line 29, the invention,
`
`15· ·however, is not limited to protecting startup software
`
`16· ·configuration data 60, therefore, represents any stored
`
`17· ·item that is desirable to protect such as cryptographic
`
`18· ·information; did I read that correctly?
`
`19· · · ·A· · Correct.
`
`20· · · ·Q· · And is that an example of protected
`
`21· ·configuration data, what protected configuration data 60
`
`22· ·could be as you understood it in your '480 patent?
`
`23· · · · · · MR. SUMMERFIELD:· Object to the form.
`
`24· ·BY MR. HILL:
`
`25· · · ·Q· · Let me rephrase.
`
`27
`
`

`

`·1· · · · · · Was it in your contemplation as you were
`
`·2· ·inventing what became the '480 patent that configuration
`
`·3· ·data 60 could represent any stored item that is
`
`·4· ·desirable to protect?
`
`·5· · · · · · MR. SUMMERFIELD:· Same objection.
`
`·6· · · · · · MR. BOWEN:· You can answer.
`
`·7· · · · · · THE WITNESS:· I would describe it as -- so that
`
`·8· ·specific example I would describe as stored information
`
`·9· ·that helps you verify -- well, helps you do
`
`10· ·cryptographic verification.
`
`11· ·BY MR. HILL:
`
`12· · · ·Q· · So looking at column 4, starting at line 10
`
`13· ·again, where the public key-based digital signature is
`
`14· ·used to validate, was it your idea to use a public
`
`15· ·key-based digital signature to validate the
`
`16· ·configuration data itself?
`
`17· · · · · · Or to validate the request to modify protected
`
`18· ·configuration data?
`
`19· · · · · · MR. SUMMERFIELD:· Object to the form.
`
`20· ·BY MR. HILL:
`
`21· · · ·Q· · You can still answer.
`
`22· · · ·A· · It's to validate the request to modify.
`
`23· · · ·Q· · So looking back to the cover page, the diagram
`
`24· ·on the cover page of the '480 patent, the security
`
`25· ·module 30 is inside of a dashed box marked 35; do you
`
`28
`
`

`

`·1· ·see that?
`
`·2· · · ·A· · Yes.
`
`·3· · · ·Q· · What is the significance of the dashed box 35?
`
`·4· · · · · · MR. SUMMERFIELD:· Object to the form.
`
`·5· ·BY MR. HILL:
`
`·6· · · ·Q·

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket