UNITED STATES PATENT AND TRADEMARK OFFICE
`
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`____________
`
`AMAZON.COM, INC., AMAZON.COM, LLC,
`
`AMAZON WEB SERVICES, INC., BAZAARVOICE, INC., AND
`
`GEARBOX SOFTWARE, LLC.,
`
`Petitioners,
`
`v.
`
`ZITOVAULT, LLC,
`
`Patent Owner
`
`____________
`
`Case IPR2016-00021
`
`Patent 6,484,257
`
`____________
`
`DECLARATION OF JONATHAN KATZ, PH.D. IN SUPPORT OF
`PATENT OWNER’S RESPONSE TO PETITION
`
`1
`
`Zitovault - Ex. 2007
`Amazon v. Zitovault
`IPR2016-00021
`
`Page 1 of 76
`
`
`
`____________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`____________
`
`AMAZON.COM, INC., AMAZON.COM, LLC,
`
`AMAZON WEB SERVICES, INC., BAZAARVOICE, INC., AND
`
`GEARBOX SOFTWARE, LLC.,
`
`Petitioners,
`
`v.
`
`ZITOVAULT, LLC,
`
`Patent Owner
`
`____________
`
`Case IPR2016-00021
`
`Patent 6,484,257
`
`____________
`
`DECLARATION OF JONATHAN KATZ, PH.D. IN SUPPORT OF
`PATENT OWNER’S RESPONSE TO PETITION
`
`1
`
`Zitovault - Ex. 2007
`Amazon v. Zitovault
`IPR2016-00021
`
`Page 1 of 76
`
`
`
`I, Jonathan Katz, hereby declare:
`
`1.
`
`I am currently a Professor in the Department of Computer Science at
`
`the University of Maryland where, among other things, I teach classes in the
`
`area of cybersecurity, conduct research in this field, and supervise graduate-
`
`student research. I am also currently the Director of the Maryland
`
`Cybersecurity Center (MC2), as part of which I interact regularly with the
`
`cybersecurity industry and oversee faculty conducting research in various
`
`sub-fields of cybersecurity including cryptography, network security, and
`
`mobile-phone security. I received my Ph.D. (with distinction) in Computer
`
`Science from Columbia University in 2002.
`
`2. My curriculum vitae is attached hereto as Appendix A, and the list of
`
`cases in which I have been an expert in the last five years is attached hereto
`
`as Appendix B.
`
`3.
`
`I have been retained by ZitoVault, LLC to provide an expert opinion
`
`in IPR2016-00021.
`
`4.
`
`I have reviewed the material shown in Appendix C in preparing this
`
`declaration.
`
`In connection with my work as an expert, I am being compensated at a rate
`
`of $375 per hour for consulting services including time spent testifying at
`
`any hearing that may be held. I am also being reimbursed for reasonable and
`
`
`
`2
`
`Page 2 of 76
`
`
`
`customary expenses associated with my work in this case. I receive no other
`
`forms of compensation related to this case. No portion of my compensation
`
`is dependent or otherwise contingent upon the results of this proceeding or
`
`the specifics of my testimony.
`
`I.
`
`5.
`
`Grounds for Review
`
`I understand that on April 15, 2016 the Patent and Trial Appeal Board
`
`(PTAB) of the U.S. Patent and Trademark Office (USPTO) issued a
`
`Decision to institute an Inter Partes Review (IPR) of U.S. Patent No.
`
`6,484,257 (“the ‘257 patent” or “the Ellis patent”), but only for claims 1, 3,
`
`5-8, and 10. Institution Decision (“Decision”) at 1.
`
`6.
`
`I understand that the Petition relied upon U.S. Patent Nos. 6,065,046
`
`(“Feinberg”), Ex. 1002; U.S. Patent No. 6,266,355 (“Bhaskharan”), Ex.
`
`1003; and Refik Molva, et al., Authentication of Mobile Users, IEEE
`
`Network, March/April 1994. Ex. 1004 (“Molva”).
`
`7.
`
`I understand that the PTAB instituted a review of claims 6 and 10 of
`
`the ‘257 patent based on an allegation that claims 6 and 10 were anticipated
`
`under 35 U.S.C. § 102(e) by Feinberg. Decision at 40. I understand that the
`
`PTAB instituted a review of claims 1, 3, 6, and 10 of the ‘257 patent based
`
`on an allegation that those claims were obvious under 35 U.S.C. § 103(a)
`
`over Feinberg and Bhaskaran. Decision at 40. I further understand that the
`
`
`
`3
`
`Page 3 of 76
`
`
`
`PTAB instituted a review of claims 5, 7, and 8 of the ‘257 patent based on
`
`an allegation that those claims were obvious under 35 U.S.C. § 103(a) over
`
`Feinberg and Molva. Decision at 40.
`
`8. My opinions in this declaration are limited to the instituted grounds.
`
`
`
`II.
`
`Legal Standards and Claim Construction
`
`9.
`
`It has been explained to me that the standard for patentability under 35
`
`U.S.C. § 102(a) is that of “anticipation” and that anticipation requires that
`
`the asserted reference teaches, either explicitly or implicitly, all of the
`
`limitations of a claim, and in the order or configuration of the claim.
`
`10.
`
`It has been explained to me that the standard for patentability under 35
`
`U.S.C. § 103 is that of “obviousness” and that obviousness is a question of
`
`law based on underlying factual findings, including: (1) the scope and
`
`content of the prior art; (2) the differences between the claims and the prior
`
`art; (3) the level of ordinary skill in the art; and (4) objective considerations
`
`of nonobviousness. I further understand that examples of objective
`
`considerations of nonobviousness (or “secondary considerations”) include:
`
`(1) the invention's commercial success, (2) long felt but unresolved needs,
`
`(3) the failure of others, (4) skepticism by experts, (5) praise by others, (6)
`
`
`
`4
`
`Page 4 of 76
`
`
`
`teaching away by others, (7) recognition of a problem, and (8) copying of
`
`the invention by competitors.
`
`11.
`
`I also understand that the PTAB uses the “preponderance of the
`
`evidence” standard such that a Petition must show that any claim asserted to
`
`be unpatenable is proven to be unpatentable by a “preponderance of the
`
`evidence.” I take that to mean that the Petition must prove that it is more
`
`likely than not that each challenged claim is unpatentable.
`
`12.
`
`I understand that the factors considered in determining the ordinary
`
`level of skill in the art include the level of education and experience of
`
`persons working in the field; the types of problems encountered in the field;
`
`and the sophistication of the technology. For the purposes of this
`
`declaration, I have assumed that a person of ordinary skill in the art of the
`
`patent-in-suit at the time of the invention would have had a bachelor’s
`
`degree in computer science, electrical engineering, computer engineering, or
`
`its equivalent, and 2 years’ experience in network security or cryptography.
`
`Additional work experience in relevant industries could compensate for less
`
`education, or an education in a different field. Similarly, advanced education
`
`and degrees could compensate for less work experience. I believe that this is
`
`a similar level of ordinary skill in the art to what Dr. Rubin assumed (i.e.,
`
`that one of ordinary skill in the art would have held at least a Master’s
`
`
`
`5
`
`Page 5 of 76
`
`
`
`degree in computer science, computer engineering, or electrical engineering,
`
`or equivalent degree from an accredited university program and would have
`
`taken at least one introductory course in network security or cryptography;
`
`or a Bachelor’s degree in computer science, computer engineering, or
`
`electrical engineering, or equivalent degree from an accredited university
`
`program, and at least two years of relevant work experience in a field
`
`directly related to network security. My opinions would not be different
`
`under either standard.
`
`13. Based on my industry, research, and teaching experience, I believe
`
`that I qualify as an expert in the area of cryptographic systems such as those
`
`described and claimed in the ‘257 patent. Furthermore, based on my review
`
`of the state of the art at the time of the filing of the patent, I believe that I am
`
`qualified to opine on what those of ordinary skill in the art would have
`
`understood at the time of the filing of the patent and what he/she would or
`
`would not have been motivated to do.
`
`A. “Distributed automaton ... for servicing N number of simultaneous
`
`cryptographic sessions”
`
`14. Claim 1 of the ‘257 patent recites “a distributed automaton …
`
`comprising M agents for servicing N number of simultaneous cryptographic
`
`sessions.” Similarly, claim 10 recites “a distributed automaton comprising M
`
`
`
`6
`
`Page 6 of 76
`
`
`
`automata for servicing a plurality of N simultaneous crypto sessions.” The
`
`Petition alleges that “a distributed automaton ... for servicing a plurality of
`
`cryptographic sessions” should be interpreted to mean “a collection of
`
`software that encrypts and/or decrypts packets.” Petition at 10. The
`
`Decision held that “a distributed automaton at least encompasses ‘a
`
`collection of software that encrypts and/or decrypts packets.’ ” Decision at
`
`12. I believe that such an interpretation specifies a function that is not
`
`inherent in the terms “distributed automaton” and “automata” themselves
`
`since the function of the automaton is specified in a later part of the claim.
`
`Indeed, the Decision itself notes that “a proper construction … would be
`
`broader than that advocated for by the Petitioner.” Decision at 12. Instead, I
`
`believe one of ordinary skill in the art would interpret the terms “distributed
`
`automaton” and “automata” in the context of the entire phrases in which
`
`they appear. Thus, the phrase “a distributed automaton ... for servicing N
`
`number of simultaneous cryptographic sessions” in claim 1, if it is to be
`
`construed at all, should be interpreted as “a collection of software … for
`
`servicing N number of simultaneous cryptographic sessions,” and similarly
`
`for claim 10.
`
`
`
`7
`
`Page 7 of 76
`
`
`
`B.
`
`“Session(s)”
`
`15.
`
`I also understand that the Decision adopted a definition of “session”
`
`as “a set of transmitters and receivers, and the data streams that flow
`
`between them.” Decision at 13. This definition of “session” is part of a
`
`definition from Newton’s Telecom Dictionary, 19th Ed., p. 715, 2003 (Ex.
`
`3002). The Decision did not adopt the second part of the definition from
`
`that same reference, which continues: “In other words, an active
`
`communication, measured from beginning to end, between devices or
`
`applications over a network.” By omitting the portion of the definition
`
`relating to the temporal aspect of a session, I believe the Decision made the
`
`definition of “session,” especially in the context of a “cryptographic
`
`session,” unreasonably broad in light of the specification.
`
`16. Starting with the first part of the Newton’s definition, I do not believe
`
`that “A set of transmitters and receivers, and the data streams that flow
`
`between them” is equivalent to merely encrypting and decrypting packets.
`
`Packets by themselves are not data streams, as described in Ch. 12 of
`
`Internetworking with TCP/IP, Vol. I, Principles, Protocols and Architecture,
`
`Douglas C. Comer, 1991 (Ex. 2005). Section 12.3 describes that the
`
`PTAB’s interpretation of a session as simply packets does not capture what a
`
`
`
`8
`
`Page 8 of 76
`
`
`
`stream is. A stream provides a “Virtual Circuit Connection.” Section 12.3
`
`describes such a “Virtual Circuit Connection” as follows:
`
`Making a stream transfer is analogous to placing a telephone call.
`
`Before transfer can start, both the sending and receiving application
`
`programs interact with their respective operating systems, informing
`
`them of the desire for a stream transfer. Conceptually, one machine
`
`places a "call" which must be accepted by the other. Protocol software
`
`modules in the two operating systems communicate by sending
`
`messages across an internet, verifying that the transfer is authorized,
`
`and that both sides are ready. Once all details have been settled, the
`
`protocol modules inform the application programs that a connection
`
`has been established and that transfer can begin. During transfer,
`
`protocol software on the two machines continue to communicate to
`
`verify that data is received correctly.
`
`Ex. 2005, pg. 172.
`
`17. The definition of “session” adopted by the Decision also is
`
`unreasonably broad in light of the specification in that it equates “sessions”
`
`with data exchanges without incorporating the temporal aspect of “sessions.”
`
`I do not believe that one of ordinary skill in the art would have interpreted
`
`“sessions” that broadly, especially since the specification explicitly describes
`
`
`
`9
`
`Page 9 of 76
`
`
`
`“establishing, maintaining and destroying cryptographic sessions” (Abstract)
`
`and “initiating secure sessions, transferring secure sessions and terminating
`
`secure sessions.” Col. 7, lines 15-16. The specification further confirms this
`
`understanding by providing examples of how sessions can be established in
`
`exemplary embodiments, for example when it discloses “SSL sessions are
`
`established in four steps.” Ex. 1001, col. 2, line 36.
`
`18. The temporal nature of a session is confirmed by Petitioner’s own
`
`expert, who states “After a connection between a sender and recipient is
`
`established, a secure ‘session’ is created between the two entities. A session
`
`generally refers to one or more communications exchanged between two
`
`entities over some period of time….After the expiration of the
`
`predetermined period of time or after a predetermined period of inactivity,
`
`the session would terminate, and a new session would need to be established
`
`for future communications between the client and server.” Declaration of Dr.
`
`Aviel D. Rubin (hereinafter “the Rubin Declaration” or Ex. 1005), paragraph
`
`41.
`
`19.
`
`If merely sending and receiving packets (or even sending and
`
`receiving a single packet) constitutes a session, then there is nothing to
`
`“establish” or “terminate.” Moreover, there would be no way to distinguish
`
`whether two packets were in the same session or different sessions.
`
`
`
`10
`
`Page 10 of 76
`
`
`
`20. By omitting the second half of the Newton definition, I believe the
`
`Decision’s definition of “session” neglects the fact that a session has a
`
`discernable beginning and end. A session acts as a virtual connection with a
`
`well-defined beginning and end that can be cryptographically secured. The
`
`temporal aspect of a session means that a receiver can distinguish packets
`
`related to a pre-existing session from packets related to a request for a new
`
`session. The temporal aspect of a session is also essential for establishing
`
`security on a per-session basis using a session key.
`
`21.
`
`I have based my opinions in this declaration on the complete
`
`definition from the Board’s Newton Telecom Dictionary definition, as one
`
`of ordinary skill in the art would have understood it as described above.
`
`
`
`C. “Cryptographic Session(s)”
`
`22. Claims 1 and 7 of the ‘257 patent recite “cryptographic sessions.”
`
`Similarly, claims 5 and 6 recite “secure session(s),” claim 8 recites a “secure
`
`cryptographic session,” and claim 10 recites “crypto sessions.”
`
`23.
`
`I believe that the definition of “session” adopted by the Decision fails
`
`to recognize that the terms “cryptographic session” and “secure session”
`
`carry particular meaning in the context of the ‘257 patent above and beyond
`
`that of the term “session” alone. If “cryptographic session” is to be
`
`
`
`11
`
`Page 11 of 76
`
`
`
`interpreted, I believe it should be interpreted to mean “a session wherein
`
`communication is cryptographically protected using a shared session key
`
`specific to that session.”
`
`24. Dr. Rubin’s deposition testimony confirms that session keys are
`
`specific to a session. Ex. 2006, 29:15-19 (“Q. Is it your understanding that,
`
`in the context of the Ellis patent, session keys are specific to a session? ... A.
`
`Yes.”)
`
`D.
`
`“Registration Entity”
`
`25. Claim 5 of the ‘257 patent recites “a registration entity.” The Petition
`
`alleges that the broadest reasonable interpretation of “registration entity” is
`
`“data structure(s) containing identification information for agents and clients
`
`in the network and keys used to encrypt and decrypt communications within
`
`the network.” Petition at 11. The Decision construed “registration entity” as
`
`being “at least as broad as ‘data structure(s) containing identification
`
`information for agents and clients in the network and keys used to encrypt
`
`and decrypt communications within the network.’ ” Decision at 14-15.
`
`26.
`
`I believe that the Decision’s interpretation of “registration entity” is
`
`inconsistent with the specification. As acknowledged in the Decision (at
`
`14), the abstract of the ‘257 patent discloses that “[a] registration entity is
`
`identified as the session arbitrator through which N devices on a network
`
`
`
`12
`
`Page 12 of 76
`
`
`
`dynamically participate in establishing, maintaining and destroying
`
`cryptographic sessions.” Thus, a registration entity is an active element
`
`(e.g., a sub-process), not a passive element like a data structure. This
`
`understanding is also consistent with the specification’s disclosure of a
`
`“registration sub-process.” Ex. 1001, col. 10, line 12. Dr. Rubin
`
`acknowledged in his deposition that a data structure is not an active entity.
`
`Ex. 2006, 74:11-14 (“Q. So a data structure is not an active entity, correct?
`
`... A. I agree with that characterization.”). In fact, he agreed that data
`
`structures do not perform any operations; rather, operations get performed
`
`on data structures. He also agreed that data structures are neither computer
`
`processes nor subroutines. Ex. 2006, 73:11-74:10.
`
`27. Thus, I believe Patent Owner’s construction of “registration entity”
`
`should be adopted such that “registration entity” means “an entity (e.g., a
`
`sub-process) that handles registrations.”
`
`
`
`III. Discussion of the Applied References
`
`
`
`A.
`
`Feinberg
`
`28. U.S. Patent No. 6,065,046 to Feinberg et al. (hereinafter “Feinberg” or
`
`Ex. 1002) relates to “storage and transfer of computer programs between
`
`computers on a network to facilitate interactive program usage.” Ex. 1002,
`
`
`
`13
`
`Page 13 of 76
`
`
`
`Abstract, lines 2-4. The stated purpose of Feinberg is to provide a way to
`
`update computer programs on user devices. (“The present invention
`
`provides for the updating of an applications program in users’ machines.”
`
`Ex. 1002, 5:57-58.) Feinberg discloses the use of encryption when code
`
`modules or other resources are transmitted, as well as when “user
`
`authentification codes” are sent as part of users’ requests. Ex. 1002, 5:21-23,
`
`5:46-51, 12:50-63, 15:51-58. Feinberg also discloses encryption for various
`
`other purposes, e.g., for “credit requests and responses thereto” and in the
`
`context of an “update to a prohibition list.” Ex. 1002, 14:2-3, 20:61-21:3.
`
`29. The Petition alleges that Feinberg discloses “enlist[ing] additional
`
`agent servers to support incremental secure sessions. . . .” See Petition at 21.
`
`For at least the reasons set forth below, I do not agree that Feinberg discloses
`
`this limitation.
`
`30. First, although Feinberg states that encrypted data can be transmitted,
`
`Feinberg does not disclose “secure sessions” or “cryptographic sessions.”
`
`Indeed, Petitioners do not state which of Feinberg’s uses of encryption
`
`constitute a secure session, nor do Petitioners offer any analysis as to how
`
`any of Feinberg’s disclosed uses of encryption would qualify as a secure
`
`session. Petition at 11-13, 21. Merely sending encrypted data does not
`
`constitute a secure session. Moreover, Feinberg does not disclose the use of
`
`
`
`14
`
`Page 14 of 76
`
`
`
`session keys as are used in secure sessions. Indeed, the fact that Petitioners
`
`rely on Bhaskaran and Molva to disclose limitations related to encryption
`
`and session keys indicates that even Petitioner recognizes that the use of
`
`encryption in Feinberg does not qualify as a secure session.
`
`31. Second, given that Feinberg does not disclose “secure sessions,”
`
`Feinberg further does not disclose “enlist[ing] additional agent servers to
`
`support incremental secure sessions. . . .”
`
`32. The Petition fails to show that the “shunting” technique of Feinberg
`
`discloses the techniques disclosed in the ‘257 patent for managing
`
`cryptographic sessions. The Petition cites Feinberg as disclosing a set of
`
`servers available for responding to user requests. Petition at 12 (citing
`
`10:51-64). It also explains that, if a user requests a module from a server
`
`and that server cannot satisfy the request, it can “shunt” the request to a
`
`different server. Id. (citing 4:31-39; 10:61-64). However, Feinberg does not
`
`disclose (implicitly or explicitly) or suggest the communication protocol
`
`used between the interpreter of Feinberg and any server that the interpreter
`
`talks to. (See Ex. 1002, in the paragraph crossing cols. 9 and 10, disclosing
`
`that the TenCore interpreter bypasses the use of a web browser and launches
`
`a TenCore application directly.) Feinberg also does not disclose (implicitly
`
`
`
`15
`
`Page 15 of 76
`
`
`
`or explicitly) or suggest the communication protocol used between any of
`
`the servers.
`
`33. While this shunting technique may be appropriate for downloading
`
`code modules, the Petition fails to disclose any teaching in Feinberg as to
`
`how this system could be adapted to scaleably manage secure sessions such
`
`as IPsec or SSL connections that, as noted in the ’257 patent, use session
`
`keys tied to connections between communicating parties. See, e.g., Ex.
`
`1001, 2:36-2:49.
`
`34. Moreover, the Petition fails to appreciate that Feinberg discloses an
`
`application-level protocol. For example, Feinberg states:
`
`When a user sends a request for a code module to a
`
`server, the request includes a specification of the version of the
`
`program code sought. The server processing the request checks
`
`whether the requested version is the latest version available.
`
`When a newer version of a requested code module is available,
`
`the server informs the user and inquires whether the user could
`
`use the newer version of the requested module. The user could
`
`then send a request for the updated version of the desired code
`
`module.
`
`
`
`16
`
`Page 16 of 76
`
`
`
`Ex. 1002, 5:57-6:16. As explained more fully below, the application-
`
`level exchange protocol of Feinberg could not be easily combined
`
`with the other cited references, which operate at lower levels, nor does
`
`the Petition describe how the resulting system would be configured
`
`even if the references were combined.
`
`B.
`
`Bhaskaran
`
`
`
`35. U.S. Patent No. 6,266,335 to Bhaskaran (hereinafter “Bhaskaran” or
`
`Ex. 1003) relates to “A network flow switch … provided for connecting a
`
`pool of IP routers to a cluster of IP servers sharing a single IP address
`
`without requiring translation of the IP address.” Ex. 1003, Abstract, lines 1-
`
`3. In order to achieve this sharing of a single IP address, Bhaskaran
`
`discloses the use of a change to the low-level portions of a communications
`
`hierarchy such that the “network flow switch routes packets to individual
`
`servers by writing the Data Link Layer address of the destination IP server in
`
`the destination Data Link Layer address field of the packet.” Ex. 1003,
`
`Abstract, lines 4-7.
`
`36. More specifically, Bhaskaran addresses situations in which “servers
`
`and routers ... all implement standard TCP/IP communications protocols, or
`
`some other protocol stack in conformance with the ISO/OSI 7-layer model
`
`
`
`17
`
`Page 17 of 76
`
`
`
`for computer communications.” Ex. 1003, 3:64-4:1. Bhaskaran utilizes a
`
`“network flow switch” where the “network flow switch, by operating
`
`transparently at the 150 [sic; ISO] layers 2 and 3, enables cross-platform
`
`clustering of servers and routers, these routers being the so-called ‘first-hop’
`
`routers used by the servers to communicate with the outside world.” Ex.
`
`1003, 3:49-53.
`
`37.
`
`In order to perform routing to a specific server in a cluster of servers,
`
`Bhaskaran teaches:
`
`The routers are used to connect cluster 200 to external networks
`
`(not shown) via network flow switch 205. Thus, in order to
`
`transmit packets of information to cluster 200, a device
`
`connected to one of the external networks (e.g., a router) issues
`
`a standard ARP query to network flow switch 205 to obtain the
`
`virtual Data Link Layer address of cluster 200; network flow
`
`switch 205 returns a Data Link Layer address of the selected
`
`receiving device (e.g., one of the IP servers) to the requesting
`
`device (e.g., the router). The network connected device then
`
`transmits a series of packets to network flow switch 205 (e.g.,
`
`through one of network routers 260, 270 or 280 connected to
`
`the external network). The packets are then re-routed by
`
`
`
`18
`
`Page 18 of 76
`
`
`
`network flow switch 205 to exactly one of IP servers 210, 220,
`
`230, 240 and 250.
`
`Ex. 1003, 6:5-18.
`
`38. Because the approach proposed by Bhaskaran operates at level 2/3 of
`
`the OSI/ISO hierarchy, Bhaskaran does not directly deal with “sessions” at
`
`all. Bhaskaran also does not directly deal with encryption or decryption.
`
`Indeed, one of the claimed advantages of Bhaskaran’s approach is that it
`
`eliminates the need for the network flow switch to perform decryption. Ex.
`
`1003, 6: 37-47.
`
`C. Molva
`
`
`
`39. R. Molva et al., “Authentication of Mobile Users,” IEEE Network,
`
`vol. 8, no. 2 (March/April 1994), pp. 26-34 (hereinafter “Molva” or Ex.
`
`1004) relates to mobile communications devices that may need to
`
`authenticate themselves to “foreign” networks. For example, Molva
`
`describes hand-off techniques when cell phone users move from one
`
`network to another. Ex. 1004, pg. 27. While the Petition states that Molva
`
`discloses limitations related to the passing of session keys, Molva does not
`
`relate to load balancing with respect to agent servers and is not relevant to
`
`the challenged claims in which it is cited.
`
`
`
`19
`
`Page 19 of 76
`
`
`
`40. The Petition cites Molva as disclosing the limitation of passing a
`
`session key when an agent is saturated. However, Molva is directed to a
`
`very different environment than Feinberg. Molva states:
`
`
`
`In a highly-dynamic wireless environment where users
`
`frequently cross domain boundaries in the middle of
`
`communication, it is crucial to transfer the necessary state
`
`between domains in a manner transparent to the user. The same
`
`problem also occurs when users migrate among different cells
`
`within the same domain. ...
`
`
`
`GSM, for example, makes provisions for very fast
`
`transfer of users’ authentication between domains.
`
`Ex. 1004, pg. 33. Thus, the system of Molva is for use in “a highly-dynamic
`
`wireless environment where users frequently cross domain boundaries in the
`
`middle of communication,” which does not relate to the user-level protocols
`
`of Feinberg. In fact, Feinberg is specifically designed so that servers store a
`
`set of user encryption keys instead of passing session keys back and forth.
`
`Feinberg at 11:66-12:2 (“Encryption/decryption unit 44 consults a memory
`
`area 46 containing a plurality of possible encryption keys and selects an
`
`encryption key identified by header information in the encryption packet
`
`containing the user request.”)
`
`
`
`20
`
`Page 20 of 76
`
`
`
`41. Even if Molva and Feinberg could be combined, the Petition fails to
`
`show that the alleged passing of network keys occurs in relation to when an
`
`alleged agent is saturated. In fact, Molva is directed towards the very
`
`different problem of allowing mobile phone users to move between different
`
`networks.
`
`
`
`IV. The Challenged Claims of the ‘257 Patent Are All Patentable
`
`A.
`
`Claim 6 Is Not Anticipated by Feinberg
`
`42.
`
`Independent claim 6 recites:
`
`6. A method for implementing a scaleable software crypto
`
`system between a main server and one or more agent servers
`
`communicating with one or more clients such that performance of the
`
`crypto system is increased to meet any demand comprising providing
`
`a secure communication between the main server, agent server, and
`
`one or more clients such that communication between the main server
`
`and agent server enlists additional agent servers to support
`
`incremental secure sessions in response to maintaining performance at
`
`a desired level.
`
`
`
`21
`
`Page 21 of 76
`
`
`
`43. As part of the limitation of “providing a secure communication
`
`between the main server, agent server, and one or more clients such that
`
`communication between the main server and agent server enlists additional
`
`agent servers to support incremental secure sessions in response to
`
`maintaining performance at a desired level,” the Petition does not show that
`
`Feinberg teaches “enlist[ing] additional agent servers to support incremental
`
`secure sessions” (emphasis added). Indeed, Feinberg does not disclose the
`
`use of secure sessions at all.
`
`44. The Decision held that “Patent Owner’s argument presumes an unduly
`
`narrow interpretation of a ‘session’ as something different from the
`
`exchange of encrypted packets ... [while the Decision] adopt[s] a broader
`
`construction of the term ‘session’ that encompasses simply the exchange of
`
`[encrypted] packets.” Decision at 19. However, as I have discussed above, I
`
`believe that the definitions of “session” and “secure session” adopted in the
`
`Decision are unreasonably broad.
`
`45. Moreover, Feinberg does not meet this limitation, as Feinberg never
`
`discloses using session-specific session keys. In Dr. Rubin’s deposition
`
`testimony, he agreed, as do I, that in the context of the ‘257 patent sessions
`
`use session-specific session keys. Ex. 2006, 29:15-19. Dr. Rubin agreed
`
`that Feinberg “doesn’t say anything about where the keys come from in the
`
`
`
`22
`
`Page 22 of 76
`
`
`
`first place” (Id. at 143:8-11), so there is no evidence that Feinberg’s keys are
`
`session keys. Since Feinberg does not disclose session keys, Feinberg does
`
`not teach this limitation.
`
`46. Thus, I do not believe that Feinberg anticipates all the limitations of
`
`claim 6.
`
`
`
`B.
`
`Claim 10 Is Not Anticipated by Feinberg
`
`47.
`
`Independent claim 10 recites:
`
`10. A method for distributed encryption/decryption
`
`implemented in software across a computer network employing a
`
`distributed automaton comprising M automata for servicing a plurality
`
`of N simultaneous crypto sessions which provides bandwidth
`
`scalability limited only by the M automata comprising:
`
`sharing spare CPU cycles of the computer network for
`
`encrypting and decrypting communication to provide N simultaneous
`
`secure session among said network of computers.
`
`
`
`23
`
`Page 23 of 76
`
`
`
`48. As part of the limitation of “sharing spare CPU cycles of the computer
`
`network for encrypting and decrypting communication to provide N
`
`simultaneous secure session among said network of computers,” the Petition
`
`does not show that Feinberg teaches “provid[ing] N simultaneous secure
`
`session among said network of computers” (emphasis added). Indeed, as
`
`discussed above, Feinberg does not disclose the use of secure sessions at all.
`
`49. The Decision held that “the ’257 Patent provides no narrowing
`
`definition of a session commensurate with Patent Owner’s argument.”
`
`Decision at 21. However, as I have discussed above, I believe that the
`
`definitions of “session” and “secure session” adopted in the Decision are
`
`unreasonably broad.
`
`50. Moreover, Feinberg does not meet this limitation, as Feinberg never
`
`discloses using session-specific session keys. In Dr. Rubin’s deposition
`
`testimony, he agreed, as do I, that in the context of the ‘257 patent sessions
`
`use session-specific session keys. Ex. 2006, 29:15-19. Dr. Rubin agreed
`
`that Feinberg “doesn’t say anything about where the keys come from in the
`
`first place” (Id. at 143:8-11), so there is no evidence that Feinberg’s keys are
`
`session keys. Since Feinberg does not disclose session keys, Feinberg does
`
`not teach this limitation.
`
`
`
`24
`
`Page 24 of 76
`
`
`
`51. Thus, I do not believe that Feinberg anticipates all the limitations of
`
`claim 10.
`
`
`
`C.
`
`Claims 1, 3, 6, and 10 Are Not Obvious Over the Combination
`
`of Feinberg and Bhaskaran
`
`1.
`
`Feinberg and Bhaskaran are Not in the Same Field of
`
`Endeavor, They Are Not Analogous Art, and They Do
`
`Not Address the Same Problem
`
`52. The Petition alleges that “Feinberg and Bhaskaran are in the same
`
`field of endeavor: distributed computing networks.” Petition at 27. I
`
`understand that the Decision found the “characterization of the field of
`
`endeavor of Feinberg and Bhaskaran unduly broad,” (Decision at 23), and I
`
`agree. Such a characterization is so general that it attempts to include all
`
`uses of networked computers into a single field of endeavor.
`
`53. Feinberg and Bhaskaran, in fact, are not in the same field of endeavor
`
`as the claims of the patent under review. The claims of the ‘257 patent are
`
`directed to the distribution of the cryptographic computation related to
`
`sessions among a number of agents/servers. By contrast, Feinberg is related
`
`to the replication of resources among a primary server and a number of
`
`secondary servers that request from the primary server resources unavailable
`
`
`
`25
`
`Page 25 of 76
`
`
`
`at the secondary servers for distribution to clients. Feinberg does not
`
`disclose cryptographic sessions at all, nor does it disclose that it is
`
`attempting to distribute cryptographic computation.
`
`54. Similarly, Bhaskaran is directed to a network flow switch that
`
`distributes data requests to IP se
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
