IPR2015-01856, No. 1025-8 Exhibit - Petitioners Demonstrative Exhibits (P.T.A.B. Oct. 28, 2016)

MCAFEE, INC.,
`
`PETITIONER
`V.
`
`CAP CO., LTD.,
`
`PATENT OWNER.
`____________________________________
`
`CASES IPR2015-01856 AND IPR2015-01876
`PATENT NO. 8,544,078 B2
`_____________________________________
`
`PETITIONERʼS ORAL ARGUMENT
`DEMONSTRATIVE EXHIBITS
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 1
`
`

`
`EXEMPLARY CLAIM
`
`7. A network security method controlling inbound traffic by using a
`firewall, the firewall protecting a corresponding network connection of
`a computer to a network by setting restrictions on information
`communicated between networks, comprising:
`[a] storing in an internal permitted program storage a list of programs
`permitted by the firewall;
`[b] adding a network communication program to the list of programs
`by extracting information about the network communication program
`for which communication is to be permitted by the firewall;
`[c] extracting information about a server port, wherein the server port
`is designated as a port of the network communication program;
`[d] automatically storing, by the firewall, the extracted information
`about the server port in an internal permitted port storage if the
`network communication program is registered in the list of programs
`stored in the internal permitted program storage;
`[e] determining whether the network communication program is
`registered in the list of programs stored in the internal permitted
`program storage;
`[f] determining whether a port of a packet of inbound traffic matches
`with the server port; and blocking the packet of inbound traffic if the
`port does not match with the server port.
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 29-49, ʼ76 Petition at 30-51
`
`Preamble
`
`Program steps:
`- storing (a) &
`- adding (b)
`
`Port steps:
`- extracting (c) &
`- storing (d)
`
`Determining steps:
`- program stored (e) &
`- port stored (f)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 2
`
`

`
`EXEMPLARY CLAIM:
`LIMITATIONS NOT CHALLENGED BY CAP
`
`7. A network security method controlling inbound traffic by using a
`firewall, the firewall protecting a corresponding network connection of
`a computer to a network by setting restrictions on information
`communicated between networks, comprising:
`[a] storing in an internal permitted program storage a list of programs
`permitted by the firewall;
`[b] adding a network communication program to the list of programs
`by extracting information about the network communication program
`for which communication is to be permitted by the firewall;
`[c] extracting information about a server port, wherein the server port
`is designated as a port of the network communication program;
`[d] automatically storing, by the firewall, the extracted information
`about the server port in an internal permitted port storage if the
`network communication program is registered in the list of programs
`stored in the internal permitted program storage;
`[e] determining whether the network communication program is
`registered in the list of programs stored in the internal permitted
`program storage;
`[f] determining whether a port of a packet of inbound traffic matches
`with the server port; and blocking the packet of inbound traffic if the
`port does not match with the server port.
`
`Preamble
`
`Not challenged by
`CAP
`
`Program step:
`- adding (b)
`
`Port steps:
`- extracting (c) &
`- storing (d)
`
`Not challenged by
`CAP
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 15
`(citing ʼ56 & ʼ76 P.O. Resp. at 2, 30 (listing challenged limitations))
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 3
`
`

`
`EXEMPLARY CLAIM:
`LIMITATIONS NOT CHALLENGED BY CAP
`
`7. A network security method controlling inbound traffic by using a
`firewall, the firewall protecting a corresponding network connection of
`a computer to a network by setting restrictions on information
`communicated between networks, comprising:
`[a] storing in an internal permitted program storage a list of programs
`permitted by the firewall;
`[b] adding a network communication program to the list of programs
`by extracting information about the network communication program
`for which communication is to be permitted by the firewall;
`[c] extracting information about a server port, wherein the server port
`is designated as a port of the network communication program;
`[d] automatically storing, by the firewall, the extracted information
`about the server port in an internal permitted port storage if the
`network communication program is registered in the list of programs
`stored in the internal permitted program storage;
`[e] determining whether the network communication program is
`registered in the list of programs stored in the internal permitted
`program storage;
`[f] determining whether a port of a packet of inbound traffic matches
`with the server port; and blocking the packet of inbound traffic if the
`port does not match with the server port.
`
`Admitted by CAPʼs
`expert, Mr. Bernstein
`
`Program step:
`- adding (b)
`
`Admitted by CAPʼs
`expert, Mr. Bernstein
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 1, 6-7, 17-19, 23-24 (citing Bernstein, Ex. 1022 at
`74:18-78:3, 84:12-85:11 (port steps), 85:17-87:6 (firewall); Ex. 2007¶113)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 4
`
`

`
`ISSUES
`
`• Construction of adding a program
`
`• Yadav and Freund both disclosed adding a program
`
`• Yadav disclosed extracting and automatically
`storing a server port
`
`• Yadav and Freund both disclosed a firewall
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 5
`
`

`
`ADDINGAPROGRAM: CAPʼS CONSTRUCTION
`
`• Claim term: adds a programto the list by extracting information about
`the program for which communication is to be permitted by the firewall
`[Ex. 1001, cl. 1; see also cls. 7, 13, 16, 21]
`
`• CAPʼs construction: adds a new program to the list of programs
`permitted by the firewall by extracting information about the program
`for which communication is to be permitted, i.e., a trusted program [P.O.
`Resp. at 26 (emphasis added)]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 6-7
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 6
`
`

`
`WHAT CAP MEANS BY ADDINGANEWPROGRAM
`
`New to the list
`
`CAP: new to the computer
`
`“[T]he ʻ078 patent is directed at the creation of
`new firewall rules when a new application is
`installed.” [P.O. Resp. at 4 (emphasis added)]
`
`“Yadav and Freundhad no idea how to deal
`with an unseen server application without
`substantially increasing the vulnerability of the
`security system.” [P.O. Resp. at 46 (emphasis added)]
`
`“[T]he ʼ078 Patent contained the unique
`teachings . . . of (1) [t]he previously unknown
`application is either approved or rejected̶that
`is becomes trusted.” [Ex. 2007 at¶51 (emphasis
`added)]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 6-14 (citing Ex. 1002 at 7:24-46; Ex. 1023¶42; P.O. Resp.
`at 4, 34, 46; Ex. 2007¶7, 51, 80-81); see also ʼ56 Petition at 35-37; ʼ76 Petition at 40-42 (Ex. 1002 at 3:39-44)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 7
`
`

`
`ADDINGAPROGRAM:
`THE PLAIN MEANING CONTRADICTS CAP
`CAPʼs construction is contrary to the plain meaning of the claims:
`Claims 1 & 16
`
`Claims 7, 13 & 21
`
`[Ex. 1001 at 8:51-53, 9:24-28, 9:67-10:3, 10:38-41, 11:10-14]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 7
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 8
`
`

`
`CAPʼS UNSUPPORTED ARGUMENT FOR “AUTOMATIC”
`ADDITIONOFPROGRAMS
`CAP argues [P.O. Resp. at 5]:
`
`And according to CAPʼs expert, Mr. Bernstein, the ʼ078 Patent discloses the following steps
`[Ex. 2007 at ¶ ¶ 80-81]:
`
`IPR2015-01856, -01876: discussed in Pet. Reply at 8-10
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 9
`
`

`
`ADDINGAPROGRAM:
`THE PLAIN LANGUAGE OF THE CLAIMS CONTRADICTS CAP
`7. A network security method controlling inbound traffic by using a
`firewall, the firewall protecting a corresponding network connection of
`a computer to a network by setting restrictions on information
`communicated between networks, comprising:
`[a] storing in an internal permitted program storage a list of programs
`permitted by the firewall;
`[b] adding a network communication program to the list of programs
`by extracting information about the network communication program
`for which communication is to be permitted by the firewall;
`[c] extracting information about a server port, wherein the server port
`is designated as a port of the network communication program;
`[d] automatically storing, by the firewall, the extracted information
`about the server port in an internal permitted port storage if the
`network communication program is registered in the list of programs
`stored in the internal permitted program storage;
`[e] determining whether the network communication program is
`registered in the list of programs stored in the internal permitted
`program storage;
`[f] determining whether a port of a packet of inbound traffic matches
`with the server port; and blocking the packet of inbound traffic if the
`port does not match with the server port.
`
`Port steps:
`- extracting (c) &
`- storing (d)
`
`Program steps:
`- storing (a) &
`- adding (b)
`
`IPR2015-01856, -01876: discussed in Pet. Reply at 8-10
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 10
`
`

`
`ADDINGAPROGRAM:
`THE SPECIFICATION CONTRADICTS CAP
`
`CAPʼs construction is also contrary to the specification:
`
`[Ex. 1001 at 1:7-14]
`
`The specification also describes the “Technical Problem” and the “object
`of the present invention” as automatically adding ports, and describes the
`“Technical Solution” simply in terms of “programs.” [Ex. 1001 at 2:27-60]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 9-10
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 11
`
`

`
`ADDINGAPROGRAM:
`THE PROSECUTION HISTORY CONTRADICTS CAP
`
`[Ex. 2002 at 66]
`
`[Ex. 2002 at 112]
`
`
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 9-10IPR2015-01856, -01876: discussed at Pet. Reply at 11
`
`[Ex. 2002 at 113]
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 12
`
`

`
`YADAV DISCLOSED ADDINGAPROGRAM
`
`Requirements: 1) adds a program 2) by extracting information about [it]
`
`When an application was invoked, Yadav add[ed] a program to the list by (1) extracting the name, file-path, and hash of
`each program seeking network access; (2) using that information to look up the programʼs policy; and (3) loading the
`policy into the local repository and memory.
`
`The ARE Component then identifies the invoked application (305).
`
`To do so, the ARE component may determine the full path (directory and
`file name) of the loading application executable . . . , examine machine
`instructions embodying the application . . . to identify the application, and
`/or may crosscheck this identification with file properties information,
`such as name, size and version number. Examining the machine instruc-
`tions may involve applying a hash function. [Ex. 1002 at 7:24-34]
`
`Ex. 1002, Fig. 3
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 20-22; ʼ56 Petition at 35-37; ʼ76 Petition at 40-43
`
`Ex. 1002 at 7:22-52
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 15
`
`

`
`YADAV DISCLOSED ADDINGAPROGRAM
`
`Requirements: 1) adds a program
`
`2) by extracting information about [it]
`
`When an application was invoked, Yadav add[ed] a program to the list by (1) extracting the name, file-path, and hash of
`each program seeking network access; (2) using that information to look up the programʼs policy; and (3) loading the
`policy into the local repository and memory.
`
`The method begins when an application and the ARE component are in-
`voked (300). [Ex. 1002 at 7:22-24]
`
`The ARE Component then identifies the invoked application (305).
`
`To do so, the ARE component may determine the full path (directory and
`file name) of the loading application executable . . . , examine machine
`instructions embodying the application . . . to identify the application, and
`/or may crosscheck this identification with file properties information,
`such as name, size and version number. Examining the machine instruc-
`tions may involve applying a hash function. [Ex. 1002 at 7:24-34]
`
`Once the invoked application is identified, an application-specific
`network policy is loaded (310). [Ex. 1002 at 7:45-46]
`
`Ex. 1002, Fig. 3
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 20-22; ʼ56 Petition at 35-37; ʼ76 Petition at 40-43
`
`Ex. 1002 at 7:22-52
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 17
`
`

`
`YADAV SEPARATELY DISCLOSED STORING... ALISTOF
`PROGRAMSAND ADDINGAPROGRAMTO THAT LIST
`
`Yadav disclosed adding to program storages in a “local repository” and a local cache memory:
`
`Dr. Prakash explained this as follows:
`
`[Ex. 1002 at 7:53-60]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 12, 22; ʼ56 Petition at 30-32, 35-37;
`ʼ76 Petition at 35-38, 40-43
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 18
`
`[Ex. 1004 at ¶ 268]
`
`

`
`YADAV SEPARATELY DISCLOSED STORING... ALISTOF
`PROGRAMSAND ADDINGAPROGRAMTO THAT LIST
`
`Dr. Prakashʼs illustrated additions to Yadavʼs local memory over time:
`
`[Ex. 1023 at ¶38]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 12, 22; ʼ56 Petition at 30-32, 35-37;
`ʼ76 Petition at 35-38, 40-43
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 19
`
`

`
`YADAV DISCLOSED ADDINGAPROGRAMTHAT
`WAS NEW TO THE LIST
`
`Dr. Prakashʼs illustrated additions to Yadavʼs local memory over time:
`
`[Ex. 1023 at ¶38]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 12, 22; ʼ56 Petition at 30-32, 35-37;
`ʼ76 Petition at 35-38, 40-43
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 20
`
`

`
`CAP ADMITS THAT YADAV DISCLOSED ADDINGAPROGRAM
`THAT WAS NEW TO THE LIST
`
`CAPʼs expert, Mr. Bernstein, admitted that Yadav disclosed an internal permitted program storage:
`
`CAP admitted “new” programs were added to the list [Pet. Resp. at 34]:
`
`[Ex. 1022 at 18:24-19:4]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 6-14, 20-22 (citing Ex. 1002 at 7:24-46; Ex. 1023 at ¶42(cid:4667)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 22
`
`

`
`YADAV DISCLOSED ADDINGAPROGRAMTOTHELISTOF
`PROGRAMSBYEXTRACTINGINFORMATIONABOUTIT
`
`Ex. 1002 at Fig. 3, 7:22-52
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 12-13, 20-22; ʼ56 Petition at 35-37; ʼ76 Petition at 40-43
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 23
`
`

`
`FREUND DISCLOSED ADDINGAPROGRAM
`
`The ʼ078 Patent
`
`Freund .
`746
`
`740b
`
`745
`
`747
`
`[Ex. 1001 at Fig. 5]
`
`[Testimony of Bernstein, Ex. 2007 at ¶78]
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 21, 23; ʼ56 Petition at 37-40; ʼ76 Petition at 43-45
`
`[Ex. 1003 at Fig. 7D, 25:20-26]
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 24
`
`

`
`FREUND DISCLOSED ADDINGAPROGRAM:
`MR. BERNSTEIN AGREED
`
`The ʼ078 Patent
`
`Freund .
`
`[Ex. 1001 at Fig. 5]
`
`[Ex. 1003 at Fig. 7D]
`
`IPR2015-01856, -01876: Pet. Reply at 21 (citing Ex. 1022 at 46:7-23, 89:23-92:20)
`
`[Ex. 1022 at 46:7-17]
`
`[Ex. 1022 at 92:3-18]
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 25
`
`

`
`YADAV DISCLOSED EXTRACTINGAND AUTOMATICALLY
`STORING. . . ASERVERPORT
`
`Yadavʼs ARE
`intercepted network
`I/O requests,
`including to “listen”
`on a server port
`[Ex. 1002 at 3:52-61]
`
`and sent the port
`information to the
`NTE
`[Ex. 1002 at 7:53-60]
`
`which then stored the
`port information
`[Ex. 1002 at 8:16-24]
`
`Yadavʼs ARE [Ex. 1002, Fig. 3]:
`
`Yadavʼs NTE [Ex. 1002, Fig. 4]:
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 16-19; ʼ56 Petition at 40-41, 43-47;
`ʼ76 Petition at 31-33, 47-50
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 27
`
`

`
`YADAV DISCLOSED EXTRACTINGAND AUTOMATICALLY
`STORING. . . ASERVERPORT: MR. BERNSTEIN AGREED
`
`IPR2015-01856, -01876: Pet. Reply at 16-19; ʼ56 Petition at 40-41, 43-47; ʼ76 Petition at 31-33, 47-50
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 28
`
`[Ex. 1022 at 74:18-75:10]
`
`

`
`YADAV DISCLOSED EXTRACTINGAND AUTOMATICALLY
`STORING. . . ASERVERPORT: MR. BERNSTEIN AGREED
`
`[Ex. 1022 at 76:3-8]
`
`[Ex. 1022 at 76:24-77:5]
`
`[Ex. 1022 at 85:5-8]
`
`IPR2015-01856, -01876: Pet. Reply at 16-19; ʼ56 Petition at 40-41, 43-47; ʼ76 Petition at 31-33, 47-50
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 29
`
`

`
`YADAV ADDRESSED SERVERPORTS: MR. BERNSTEIN AGREED
`
`[Ex. 1022 at 64:7-14]
`
`IPR2015-01856, -01876: Pet. Reply at 16-19; ʼ56 Petition at 40-41, 43-47; ʼ76 Petition at 31-33, 47-50
`
`[Ex. 1022 at 65:1-12]
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 30
`
`

`
`YADAV DISCLOSED A FIREWALL
`
`.• Yadav disclosed a firewall[Ex. 1002 at Abst., 3:15-21]:
`
`• Mr. Bernstein agreed [Ex. 1022 at 86:17-21]:
`
`IPR2015-01856, -01876: Pet. Reply at 19
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 32
`
`

`
`FREUND DISCLOSED A FIREWALL
`
`• Freund disclosed a firewall[Ex. 1003 at 5:21-30]:
`
`• Mr. Bernstein agreed [Ex. 2007 ¶113; Ex. 1022 at 86:4-6]:
`
`IPR2015-01856, -01876: Pet. Reply at 23-24
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 33
`
`

`
`YADAV DISCLOSED A FIREWALLFLEXIBLEDEVICE
`
`Mr. Bernstein viewed the terms “firewall” and “firewall flexible device” interchangeably:
`
`IPR2015-01856, -01876: Pet. Reply at 19, 23-24
`
`[Ex. 1022 at 85:24-86:13]
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 34
`
`

`
`ADDITIONAL
`ISSUES
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 35
`
`

`
`adding a program ... by
`extracting information about it
`Claims 1c, 7b, 13b, 16c, 21b
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 36
`
`

`
`CAPʼS ARGUMENT THAT THE EXTRACTED INFORMATION
`MUST BE ADDED IS WRONG
`CAP argues [P.O. Resp. at 23, 25-26]:
`
`* * *
`
`IPR2015-01856, -01876: P.O. Resp. at 23, 25-26; discussed in Pet. Reply at 12-13, 20-22
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 38
`
`

`
`THE CLAIMS ONLY REQUIRE ADDINGBYEXTRACTING
`
`7. A network security method controlling inbound traffic by using a
`firewall, the firewall protecting a corresponding network connection of
`a computer to a network by setting restrictions on information
`communicated between networks, comprising:
`[a] storing in an internal permitted program storage a list of programs
`permitted by the firewall;
`[b] adding a network communication program to the list of programs
`by extracting information about the network communication program
`for which communication is to be permitted by the firewall;
`[c] extracting information about a server port, wherein the server port
`is designated as a port of the network communication program;
`[d] automatically storing, by the firewall, the extracted information
`about the server port in an internal permitted port storage if the
`network communication program is registered in the list of programs
`stored in the internal permitted program storage;
`[e] determining whether the network communication program is
`registered in the list of programs stored in the internal permitted
`program storage;
`[f] determining whether a port of a packet of inbound traffic matches
`with the server port; and blocking the packet of inbound traffic if the
`port does not match with the server port.
`
`Program steps:
`- storing (a) &
`- adding (b)
`
`Port steps:
`- extracting (c) &
`- storing (d)
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 12-13, 20-22
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 39
`
`

`
`ADDINGAPROGRAMTO A LIST BYEXTRACTING:
`ʼ078 SPECIFICATION
`
`ʼ76 Petition at 40-45, 52 (citing Ex. 1004 at ¶¶ 355-357)
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 12-13, 20-22; ʼ56 Petition at 35-40, 49-50;
`
`[Ex. 1002 at Fig. 5, 6:37-50]
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 40
`
`

`
`a list of programspermitted by
`the firewall
`Claims 1b, 7a, 13a, 16b, 21a
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 41
`
`

`
`YADAV DISCLOSED ALISTOFPROGRAMS
`
`IPR2015-01856, -01876: Ex. 1002 at 3:37-44, 3:58-4:17
`(discussed at ʼ56 Petition at 30-32, 44; ʼ76 Petition at 35-38, 46)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 42
`
`

`
`YADAV DISCLOSED ALISTOFPROGRAMS
`
`As Dr. Prakash explained [Ex. 1004 at ¶¶ 275-79]:
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 30-32; ʼ76 Petition at 35-38
`(citing Ex. 1002 at 3:39-40, 3:58-4:7, 7:22-25, 45-55, Ex. 1004 at ¶¶ 275-79)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 43
`
`

`
`YADAV DISCLOSED ALISTOFPROGRAMS
`
`Yadav
`
`* * *
`
`* * *
`
`ʼ078 Patent
`
`[Ex. 1002 at 3:39-40, 7:45-46]
`
`Dr. Prakash illustrated the result of Yadavʼs teachings:
`
`[Ex. 1001 at 6:37-50]
`
`[Ex. 1004 at ¶ 276]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 30-32; ʼ76 Petition at 35-38
`(citing Ex. 1002 at 3:39-40, 3:58-4:7, 7:22-25, 45-55, Ex. 1004 at ¶¶ 275-79)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 44
`
`

`
`FREUND DISCLOSED ALISTOFPROGRAMS
`
`[Ex. 1003 at 4:5-17]
`
`[Ex. 1003 at 5:53-60]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 32-34; ʼ76 Petition at 38-40
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 45
`
`

`
`FREUND DISCLOSED ADDINGAPROGRAM: CAPʼS
`ARGUMENT ABOUT PORT IDENTIFICATION IS IRRELEVANT
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 24-25
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 46
`
`[P.O. Resp. at 38-39 (citing Ex. 1003 at Fig. 7B]
`
`

`
`determining whether the ...
`program is registered in the
`list of programs ...
`Claims 1d, 7e, 13e, 16d, 21e
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 47
`
`

`
`YADAV DISCLOSED DETERMININGWHETHERTHEPROGRAMIS
`REGISTERED
`
`Yadavʼs ARE [Ex. 1002, Fig. 3]:
`
`Yadav explained that the ARE would determine
`whether programs were authorized to make
`network I/O requests [Ex. 1002 at 3:52-55]:
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 43-47; ʼ76 Petition at 45-46
`(citing Ex. 1002 at Figs. 1, 3, 4, 2:10-14, 3:39-57, 4:8-17, 7:22-60, 8:20-24)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 48
`
`

`
`determining whether a port of a
`packet of inbound traffic matches
`with the server port; and blocking
`the packetof inbound traffic if
`the port does not match
`Claims 1f, 7f, 13f, 16f, 21f
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 49
`
`

`
`YADAV DISCLOSED DETERMININGWHETHERAPACKETOF
`INBOUNDTRAFFICWAS REGISTERED & BLOCKINGIT IF NOT
`
`Yadav disclosed that its NTE would check packets of
`inbound traffic to see if they corresponded to open
`channels (denoted by port, etc.) in the NTEʼs
`Authorization List:
`
`Yadavʼs NTE:
`[Ex. 1002, Fig. 4]
`
`[Ex. 1002 at Figs. 2B, 5:1-4, 6:25-36]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 47-49; ʼ76 Petition at 50-51
`(citing Ex. 1002 at Figs. 2A, 2B, 4, 5:1-4, 42-45, 6:25-36, 8:15-28)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 50
`
`

`
`firewall flexible device
`Claims 1, 16
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 51
`
`

`
`YADAV DISCLOSED A FIREWALLFLEXIBLEDEVICE
`
`.• Yadav disclosed a firewall[Ex. 1002 at Abst., 3:15-21]:
`
`• Mr. Bernstein agreed [Ex. 1022 at 86:17-21]:
`
`IPR2015-01856, -01876: discussed at ʼ76 Petition at 45-46; Pet. Reply at 19
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 52
`
`

`
`YADAV DISCLOSED A FIREWALLFLEXIBLEDEVICE:
`MR. BERNSTEINʼS TESTIMONY
`
`Mr. Bernstein viewed the terms “firewall” and “firewall flexible device” interchangeably:
`
`IPR2015-01856, -01876: discussed at Pet. Reply at 19 (see also ʼ76 Petition at 45-46)
`
`[Ex. 1022 at 85:24-86:13]
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 53
`
`

`
`wherein the information about the
`program includes information about
`at least one of a program name, an
`entire path of the program, and a
`program hash value
`Claims 2, 8, 18, 23
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 54
`
`

`
`YADAV DISCLOSED A PROGRAMNAME, PATH, ANDHASH
`VALUE
`
`Yadav taught that the ARE identified programs by:
`
`program name
`
`entire path
`
`hash value
`
`[Ex. 1002 at 7:24-37]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 49-50, 58; ʼ76 Petition at 52, 59-60
`(citing Ex. 1002 at 3:39-44, 7:22-44)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 55
`
`

`
`FREUND DISCLOSED A PROGRAMNAME, PATH, ANDHASH
`VALUE
`
`Freund disclosed that its “database of applications” included the following program identifiers:
`
`program name
`
`hash value
`
`[Ex. 1003 at 5:56-60, 13:34-38]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 49-50, 58; ʼ76 Petition at 52, 59-60
`(citing Ex. 1003 at 13:34-38, 5:56-60)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 56
`
`

`
`wherein the information about
`the server port includes
`information about at least one of
`an entire path of the program, a
`protocol, and a port
`Claims 3, 9, 19, 24
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 57
`
`

`
`YADAV DISCLOSED A PROTOCOLAND A PORT
`
`Yadav disclosed at least a protocol and a port associated with each permitted port:
`
`port
`
`port
`
`port
`
`protocol
`
`protocol
`
`[Ex. 1002 at 3:58-61, 4:12-15, 7:55-58]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 50, 59; ʼ76 Petition at 53, 60
`(citing Ex. 1002 at 3:58-61, 4:8-17, 7:55-58)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 58
`
`

`
`allowing the packet of
`inbound traffic to bypass the
`firewall if the port matches
`Claims 4, 10, 20, 25
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 59
`
`

`
`YADAV DISCLOSED ALLOWINGPACKET[S] TOBYPASSTHE
`FIREWALL
`
`Yadav stated that its NTE allow a packet of inbound traffic to “pass” if it corresponded to an open
`channel (denoted by its ports):
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 51, 59; ʼ76 Petition at 53-55, 60
`(citing Ex. 1002, Figs. 2B, 4, 3:26-30, 4:4-21, 6:9-16)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 60
`
`[Ex. 1002, 4:18-21, 6:9-14]
`
`

`
`storing the extracted
`information about the server
`port ... if the server port is
`determined to be opened
`Claims 5, 11, 14, 16e, 21d
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 61
`
`

`
`YADAV DISCLOSED STORINGA SERVERPORTIF IT WAS
`DETERMINEDTOBEOPENED
`
`Yadav taught that its NTE added channels to its authorization list only after the ARE had determined
`that they were open:
`
`Yadavʼs ARE [Ex. 1002 at Fig. 3]
`
`Yadavʼs NTE [Ex. 1002 at Fig. 4]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 51-52, 53-54, 56-57; ʼ76 Petition at 55-56, 58-59
`(citing Ex. 1002 at Figs. 3, 4, 7:53-60, 8:21-24).
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 62
`
`

`
`deleting the extracted
`information about the server
`port ... if the server port is
`determined to be closed
`Claim 15
`
`IPR2015-01856, -01876
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 63
`
`

`
`YADAV DISCLOSED STORINGA SERVERPORTIF IT WAS
`DETERMINEDTOBEOPENED
`
`Yadav taught that its NTE removed channels from its authorization list if the ARE determined that they
`were closed:
`
`Yadavʼs ARE [Ex. 1002 at Fig. 3]
`
`Yadavʼs NTE [Ex. 1002 at Fig. 4]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 54-55 (citing Ex. 1002 at Figs. 3, 4, 8:14-15)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 64
`
`

`
`THE ʼ078 PATENT, YADAV & FREUND ALL RELIED ON
`WINDOWS-BASED WINSOCK HOOKING
`
`ʼ078 Patent [Ex. 1001 at 5:63-6:17]
`
`Yadav [Ex. 1002 at 5:14-24]
`
`Freund [Ex. 1003 at 31:3-9]
`
`IPR2015-01856, -01876: discussed at ʼ56 Petition at 24-28; ʼ76 Petition at 21-25
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 65
`
`

`
`MCAFEEʼS EXPERT: DR. ATUL PRAKASH
`
`• 30 years of experience in computer security, including firewalls, web security,
`network security, client-server systems, host security, and security policies
`• Professor/Assistant Professor, University of Michigan, Computer Science Dept.
`since 1989
`• Information and computer security consulting in the private sector (e.g., IBM TJ
`Watson Research Center)
`• More than 100 publications for books, technical journals, and symposia
`• Keynote Speaker at Intʼl Conf. on Information Systems and Security (2007) and
`8th Intʼl Conf. on Security and Privacy in Communication Networks (2012)
`• Ph.D. & M.S. in Electrical Engineering and Computer Science, University of
`California, Berkeley (1984, 1989)
`• B. Tech. in Electrical Engineering, Indian Institute of Technology, Delhi (1982)
`
`IPR2015-01856, -01876: Exs. 1004 (Prakash Declaration), 1011 (Prakash CV)
`
`McAfee, Inc., Exhibit 1025
`Petitionerʼs Demonstrative 66

This document is available on Docket Alarm but you must sign up to view it.

Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

Up-to-date information for this case.
Email alerts whenever there is an update.
Full text search for other cases.
Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.

Access Government Site

We are redirecting you
to a mobile optimized page.

Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket

Supplemental Search

Search for PTAB Motions

PTAB Analytics

TTAB Analytics

Basic Search

Filters

Party Search

Advanced

Selected Courts

Recently Selected Courts

Find PTAB Decisions

PTAB Analytics

Special PTAB Alerts

Orange Book

Directly Search Federal Courts

Search Trademark ...

This document is available on Docket Alarm but you must sign up to view it.

Accessing this document will incur an additional charge of $.

Still Working On It

A few More Minutes ... Still Working

This document could not be displayed.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

One Moment Please

Your document is on its way!

Sealed Document

We are redirecting youto a mobile optimized page.

Document Unreadable or Corrupt

We are unable to display this document.

STEP 2 of 2

Choose your membership type

Flat-Fee

Pay-As-You-Go Monthly

Add your payment information

Login or Join

Enter your corporate Email

Thousands of your peers are saving time and gaining a competitive advantage with Docket Alarm.

Join Docket Alarm to perform smarter legal research.

Download this document and millions of others instantly with a Docket Alarm membership.

Join Docket Alarm and start performing smarter legal research.

Start tracking this docket instantly with a Docket Alarm membership.

Join thousands of your peers and start performing smarter legal research.

STEP 1 of 2

Millions of Documents | 15 Seconds to Signup

Hi !

Welcome to Docket Alarm

Welcome to Docket Alarm!

Explore Litigation Insights andManage Your Cases

Reset Password

What is PACER?

Why do I need it?

What will I be charged?

Do other courts have fees?

Basic Free Access

Welcome

Thank you

Check Firm Account

We are redirecting you
to a mobile optimized page.

Explore Litigation Insights and
Manage Your Cases