NENAD MEDVIDOVIC, Ph.D.
`
` UNITED STATES PATENT AND TRADEMARK OFFICE
`
` BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_____________________________
`
`PALO ALTO NETWORKS, INC., )
`
` Petitioner, )
`
` -against- )
`
`FINJAN, INC., )
`
` Patent Owner. )
`
`Patent No. 8,141,154 )
`
`Inter Partes Review No. )
`
`IPR2016-00151 )
`
`______________________________________________
`
` DEPOSITION OF NENAD MEDVIDOVIC, Ph.D.
`
` Los Angeles, California
`
` Tuesday, November 22, 2016
`
` Volume I
`
`Reported by:
`
`LORI SCINTA, RPR
`
`CSR No. 4811
`
`Job No. 2480305
`
`PAGES 1 - 41
`
`1
`
`2
`
`3 4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 1
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 1
`
`
`
` UNITED STATES PATENT AND TRADEMARK OFFICE
`
` BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_____________________________
`
`PALO ALTO NETWORKS, INC., )
`
` Petitioner, )
`
` -against- )
`
`FINJAN, INC., )
`
` Patent Owner. )
`
`Patent No. 8,141,154 )
`
`Inter Partes Review No. )
`
`IPR2016-00151 )
`
`______________________________________________
`
` DEPOSITION OF NENAD MEDVIDOVIC, Ph.D.
`
` Los Angeles, California
`
` Tuesday, November 22, 2016
`
` Volume I
`
`Reported by:
`
`LORI SCINTA, RPR
`
`CSR No. 4811
`
`Job No. 2480305
`
`PAGES 1 - 41
`
`1
`
`2
`
`3 4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 1
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 1
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` UNITED STATES PATENT AND TRADEMARK OFFICE
`
` BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_____________________________
`
`PALO ALTO NETWORKS, INC., )
`
` Petitioner, )
`
` -against- )
`
`FINJAN, INC., )
`
` Patent Owner. )
`
`Patent No. 8,141,154 )
`
`Inter Partes Review No. )
`
`IPR2016-00151 )
`
`______________________________________________
`
` Deposition of NENAD MEDVIDOVIC, Ph.D.,
`
`Volume I, taken on behalf of Petitioner, at
`
`Morrison & Foerster, 707 Wilshire Boulevard,
`
`Suite 6000, Los Angeles, California, beginning at
`
`9:37 A.M. and ending at 10:32 A.M. on Tuesday,
`
`November 22, 2016, before LORI SCINTA, RPR, Certified
`
`Shorthand Reporter No. 4811.
`
`1
`
`2
`
`3 4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 2
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 2
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`A P P E A R A N C E S :
`
`F o r P e t i t i o n e r :
`
` M O R R I S O N & F O E R S T E R L L P
`
` B Y : M A T T H E W I . K R E E G E R
`
` A t t o r n e y a t L a w
`
` 4 2 5 M a r k e t S t r e e t
`
` S a n F r a n c i s c o , C a l i f o r n i a 9 4 1 0 5 - 2 4 8 2
`
` 4 1 5 . 2 6 8 . 6 4 6 7
`
` E m a i l : m k r e e g e r @ m o f o . c o m
`
` - - a n d - -
`
` M O R R I S O N & F O E R S T E R L L P
`
` B Y : S H O U V I K B I S W A S
`
` A t t o r n e y a t L a w
`
` 1 6 5 0 T y s o n s B o u l e v a r d
`
` M c L e a n , V i r g i n i a 2 2 1 0 2
`
` 7 0 3 . 7 6 0 . 7 7 7 4
`
` E m a i l : s b i s w a s @ m o f o . c o m
`
`1
`
`2 3
`
`4 5
`
`6
`
`7
`
`8
`
`9
`
`1 0
`
`1 1
`
`1 2
`
`1 3
`
`1 4
`
`1 5
`
`1 6
`
`1 7
`
`1 8
`
`1 9
`
`2 0
`
`2 1
`
`2 2
`
`2 3
`
`2 4
`
`2 5
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 3
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 3
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`A P P E A R A N C E S ( C o n t i n u e d ) :
`
`F o r C o - P e t i t i o n e r S y m a n t e c C o r p . :
`
` Q U I N N E M A N U E L U R Q U H A R T & S U L L I V A N , L L P
`
` B Y : N A T H A N H A M S T R A
`
` A t t o r n e y a t L a w
`
` 5 0 0 W e s t M a d i s o n S t r e e t
`
` S u i t e 2 4 5 0
`
` C h i c a g o , I l l i n o i s 6 0 6 6 1
`
` 3 1 2 . 7 0 5 . 7 4 0 0
`
` E m a i l : n a t h a n h a m s t r a @ q u i n n e m a n u a l . c o m
`
`F o r P a t e n t O w n e r :
`
` K R A M E R L E V I N N A F T A L I S & F R A N K E L L L P
`
` B Y : J A M E S H A N N A H
`
` A t t o r n e y a t L a w
`
` 9 9 0 M a r s h R o a d
`
` M e n l o P a r k , C a l i f o r n i a 9 4 0 2 5 - 1 9 4 9
`
` 6 5 0 . 7 5 2 . 1 7 1 2
`
` E m a i l : j h a n n a h @ k r a m e r l e v i n . c o m
`
`1
`
`2 3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`1 0
`
`1 1
`
`1 2
`
`1 3
`
`1 4
`
`1 5
`
`1 6
`
`1 7
`
`1 8
`
`1 9
`
`2 0
`
`2 1
`
`2 2
`
`2 3
`
`2 4
`
`2 5
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 4
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 4
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` INDEX
`
`WITNESS EXAMINATION
`
`NENAD MEDVIDOVIC, Ph.D.
`
`Volume I
`
` BY MR. KREEGER 6
`
` NEWLY MARKED EXHIBITS
`
` (None)
`
` PREVIOUSLY MARKED EXHIBITS
`
` (Not attached hereto)
`
`NUMBER PAGE
`
`Exhibit 1001 14
`
`Exhibit 1003 7
`
`Exhibit 2035 16
`
` INFORMATION REQUESTED
`
` (None)
`
` REFERENCE REQUESTED
`
` (None)
`
` INSTRUCTION NOT TO ANSWER
`
` (None)
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6 7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 5
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 5
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` Los Angeles, California, Tuesday, November 22, 2016
`
` 9:37 A.M.
`
` NENAD MEDVIDOVIC, Ph.D.,
`
`having been administered an oath, was examined and
`
`testified as follows:
`
` EXAMINATION
`
`BY MR. KREEGER:
`
` Q Good morning, Doctor. My name is Matthew
`
`Kreeger. I know we met briefly off the record.
`
` A Good morning.
`
` Q I'm here to take your deposition.
`
` I hear you've done this before?
`
` A I have.
`
` Q I'm going to ask you a series of questions and
`
`you are to answer the questions to the best of your
`
`ability.
`
` If at any point my questions are unclear,
`
`please ask me for clarification, and I'll do my best to
`
`clarify.
`
` A Okay.
`
` Q There is a court reporter taking down what we
`
`say, so it's important that we speak one at a time.
`
` Now that we've begun this deposition until
`
`1
`
`2
`
`3 4
`
`5
`
`6
`
`7 8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 6
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 6
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`NENAD MEDVIDOVIC, Ph.D.
`
`we're complete, you're not to consult with anyone
`
`including counsel for Finjan about the substance of your
`
`testimony.
`
` A Right.
`
` Q Okay?
`
` Any questions about what we're doing here
`
`today?
`
` A No.
`
` Q All right. Well, let's just dive right in,
`
`shall we?
`
` Let's reference the Ross Exhibit 1003.
`
` So you're familiar with this document, Doctor?
`
` A I am.
`
` Q Let's start with Figure 4, which I believe you
`
`excerpted in your declaration.
`
` Are you with me?
`
` A Yes.
`
` Q So in Figure 4, there is an element labeled
`
`"404"?
`
` A Correct.
`
` Q That's the hook script, correct?
`
` A Yes, it says at the top it is the "Generated
`
`Hook Script."
`
` Q And there is a portion within the hook script
`
`that says, "//Security checks go here."
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 7
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 7
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` Do you see that?
`
` A I do.
`
` Q And Ross is teaching there that one of -- that
`
`one is to insert at that location code that will cause
`
`security checks to be performed?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Well, that's what the comment
`
`says.
`
` I don't think that Ross particularly teaches
`
`about what kinds or how the security checks done here
`
`would be done, but the implication is that some kind of
`
`security check would happen at that point.
`
`BY MR. KREEGER:
`
` Q That's what one with ordinary skill in the art
`
`would understand?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: They would understand what the
`
`comment says, which is the, "Security checks go here."
`
`BY MR. KREEGER:
`
` Q Okay. And one way to insert the security
`
`checks at that location would be to insert a call to a
`
`function that performs the security checks, correct?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: A call to a function would be
`
`possible, but this is -- I don't mean to be rude, so to
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 8
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 8
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`speak, but your example is incomplete. It's unclear
`
`what that call would have.
`
` So, in computer science, a call to a function
`
`is always possible. But what kind of call, et cetera,
`
`that doesn't seem clear from your question.
`
`BY MR. KREEGER:
`
` Q Well, how would one skilled in the art
`
`understand security checks should be inserted at that
`
`location?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: In the patent, they give at least
`
`one example that says that they would do, if I remember
`
`correctly -- and I don't have the patent in front of
`
`me -- actually, I do.
`
` In fact, I do. Thank you.
`
` In the patent, they say that one of the ways
`
`you could do this would be through a signature check.
`
`BY MR. KREEGER:
`
` Q Okay.
`
` A And that could be either done in line or by
`
`separate module. But whether that involves some kind of
`
`a function call or not is unclear based on what the
`
`patent says.
`
` Q Okay. So you're talking about, for example, in
`
`Paragraph 37 of Ross to where it refers to the decision
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 9
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 9
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`NENAD MEDVIDOVIC, Ph.D.
`
`service making -- exchanging messages with a signature
`
`database?
`
` A Correct.
`
` Q Okay. So that's one way to perform security
`
`checks, according to Ross?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: So it talks about it in the
`
`context of this decision service which is in Figure 6,
`
`Element 624.
`
`BY MR. KREEGER:
`
` Q Right.
`
` A So that module would presumably do something
`
`with respect to checking for security.
`
` Q Right. That's -- I'm sorry. Please.
`
` A It's okay.
`
` I don't think that Ross connects the dots for
`
`the -- for one of ordinary skill in the art to explain
`
`exactly how this commented line here would, for example,
`
`pertain to the decision service.
`
` Q Okay. Now, further down on Element 404 in
`
`Figure 4, there's a reference -- or there's a statement
`
`that says, "ActiveXObject = HookedActiveXObject."
`
` Do you see that statement?
`
` A I do.
`
` Q And that statement will cause the
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 10
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 10
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`HookedActiveXObject to be invoked whenever the original
`
`function is called?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Presumably this would be a
`
`variable assignment.
`
` And, in this particular case, it would be --
`
`the variable is a function. So presumably, again, when
`
`you call ActiveXObject, you would really be referencing
`
`the variable itself, which is assigned to be
`
`HookedActiveXObject.
`
`BY MR. KREEGER:
`
` Q So when ActiveXObject is called, the function
`
`HookedActiveXObject will be invoked?
`
` A Well, more specifically, when ActiveXObject is
`
`constructed in like about five lines lower --
`
` Q Uh-huh.
`
` A -- which I think is what you were pointing to a
`
`second ago, at that point, the constructor would really
`
`construct a HookedActiveXObject.
`
` Q And what do you mean by "construct"?
`
` A So this keyword "new" indicates that this is an
`
`object that's getting instantiated at run time.
`
` Q All right. So at run time when the
`
`ActiveXObject is instantiated, it will instead be a call
`
`to HookedActiveXObject?
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 11
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 11
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: What this will result in, in this
`
`particular case, would be the assignment of a newly
`
`created HookedActiveXObject to this variable Req, R-e-q.
`
` That's what this line of code specifically
`
`does.
`
`BY MR. KREEGER:
`
` Q All right. So what the line "ActiveXObject =
`
`HookedActiveXObject" does is it assigns to the
`
`ActiveXObject variable the function HookedActiveXObject?
`
` A That --
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: It assigns a variable of type
`
`HookedActiveXObject.
`
` So both of these are variables, in a sense.
`
` So in a language such as what this is showing
`
`here, which is -- it says, "Highly
`
`simplified...JavaScript," these variables are accessed
`
`by reference, meaning that ActiveXObject is now a
`
`reference in memory that's going to be pointing to
`
`something of typed HookedActiveXObject.
`
`BY MR. KREEGER:
`
` Q All right. So when -- in other portions of the
`
`script, if there is a reference to "ActiveXObject" -- a
`
`call -- start again.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 12
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 12
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` If in some other part of the script there is a
`
`call to the function ActiveXObject, that call will
`
`result in HookedActiveXObject being invoked; is that
`
`right?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: So I like the first -- the
`
`characterization you started with and then you corrected
`
`yourself, because I think it is more correct. When
`
`there is a reference to ActiveXObject, the actual object
`
`that's getting referenced is HookedActiveXObject.
`
` This object happens to be a function but, as
`
`far as the programming language is concerned, it's
`
`treated by any other object.
`
`BY MR. KREEGER:
`
` Q Right. But elsewhere in the script, there
`
`might be a call to the ActiveXObject function, correct?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: There might be. It's not shown.
`
` Other than the constructor about five lines
`
`below that we've talked about before, it doesn't show a
`
`call to a HookedActiveXObject.
`
`BY MR. KREEGER:
`
` Q Okay. Ross makes it clear that this figure for
`
`script is an example script.
`
` Correct?
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 13
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 13
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Ross says at the very top that
`
`this is a "Highly simplified example."
`
`BY MR. KREEGER:
`
` Q And one of skill in the art would understand
`
`that there were different ways to follow the teachings
`
`of Ross to generate scripts of this type?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: I would have to disagree with
`
`that.
`
`BY MR. KREEGER:
`
` Q You don't think one of skill in the art would
`
`understand that there are other ways to generate scripts
`
`of the form in Figure 4?
`
` A So this question that you're asking me now is
`
`different from the question a second ago.
`
` I agree that one of skill in the art would
`
`understand that there are different ways of generating
`
`these scripts, meaning that this is not the only way.
`
`But I disagree that they could follow Ross in -- or
`
`Ross's teaching in figuring out how to do that.
`
` MR. KREEGER: Okay.
`
` Let's turn to the patent, the patent at issue,
`
`Exhibit 1001.
`
` I'll show you what's been previously marked as
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 14
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 14
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`Exhibit 1001.
`
` THE WITNESS: Thank you.
`
`BY MR. KREEGER:
`
` Q And if you could turn to the claims at the back
`
`of this.
`
` A Okay.
`
` Q Claim 1 references about three lines down,
`
`"Content received over a network."
`
` Do you see that?
`
` A I do.
`
` Q And in your view, where it says, "Content
`
`received over a network," that has to be a single
`
`network.
`
` Is that right?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: The way I'm reading the patent in
`
`the context of the discussion, the -- all of the
`
`discussion points to a single network.
`
`BY MR. KREEGER:
`
` Q So in your view where it says, "a network,"
`
`that must be construed to mean a single network?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Based on everything I've seen in
`
`the patent and the file history, yes.
`
`BY MR. KREEGER:
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 15
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 15
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` Q Okay. And your opinions --
`
` (Addressing Mr. Biswas) Actually, can you get
`
`his declaration, please. That's Exhibit 2035.
`
` So I'm showing you what has previously been
`
`marked as Exhibit 2035.
`
` A All right.
`
` Q This is your declaration, correct?
`
` A Just a second. I know you guys don't like
`
`using staples.
`
` Q My apologizes.
`
` A No worries. I just want to be sure not to mess
`
`things up.
`
` Yes, that is correct.
`
` Q All right. So in your Paragraphs 63 and 64,
`
`you talk about this issue about content received over a
`
`network.
`
` Is that right?
`
` A At least in those paragraphs. It might be in
`
`other places, too.
`
` Q Okay. So your opinions in Paragraphs 63 and 64
`
`are based on your view that a network as used in the
`
`claims of the patent should be construed to mean a
`
`single network.
`
` Is that right?
`
` MR. HANNAH: Objection. Form.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 16
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 16
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` THE WITNESS: In those two paragraphs, I would
`
`say that is probably accurate, yes.
`
`BY MR. KREEGER:
`
` Q Okay. And, in your view, Ross doesn't disclose
`
`this content received over a network because the content
`
`at issue in Ross is received over two networks?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: If I may be a little bit more
`
`precise, it's not that the content is received over two
`
`networks. The content is received -- the http content
`
`as shown in Figure 6 is received over a network.
`
` In order for a particular embodiment of Ross's
`
`to match the '154 patent, it is argued that this --
`
`these hooks that are generated by the hook script
`
`generator -- or hook scripts, rather, that are generated
`
`by the hook script generator, are also coming over a
`
`network because this is the only way that this fits what
`
`'154 teaches.
`
` In that case, because of how Ross deals with
`
`these hook scripts and how they end up getting
`
`generated, those would, in fact, come from a second
`
`network.
`
`BY MR. KREEGER:
`
` Q Okay. So in your view, in Ross, the http
`
`content comes over one network and the hook scripts come
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 17
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 17
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`over a second network?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: That is how Ross describes the
`
`embodiments that are described inside of Ross.
`
`BY MR. KREEGER:
`
` Q Okay. And you mentioned Figure 6.
`
` In your view -- there are a lot of arrows on
`
`Figure 6. In your view, are all these arrows different
`
`networks?
`
` A No, I don't believe so.
`
` Q Okay. Figure 6 is described in the Ross patent
`
`as a data flow block diagram, isn't it?
`
` A I will tell you in one second. Sorry. Let me
`
`just confirm that.
`
` Yes. It says so in Paragraph 20 of Ross.
`
` Q What is a data flow block diagram?
`
` A It is a diagram -- well, it is a block diagram,
`
`meaning that the pieces in the diagram are blocks that
`
`shows how the data is intended to flow in the system.
`
` Q Okay. And this is different from a network
`
`diagram, isn't it?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Precisely speaking, one would not
`
`call a network diagram a data flow diagram or the other
`
`way around.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 18
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 18
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`BY MR. KREEGER:
`
` Q Because they're different concepts?
`
` A Well, they're different kinds of diagrams.
`
` Q Okay. So -- and you mentioned that -- well,
`
`let me start again.
`
` You mentioned that there is disclosure in Ross
`
`of the hook scripts being transmitted over a network.
`
` Is that right?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: I believe that Ross mentions at
`
`some point that it is possible for these hook scripts to
`
`be sent over a network link.
`
`BY MR. KREEGER:
`
` Q Okay. And where do you see that in Ross?
`
` A Give me a second --
`
` Q Absolutely.
`
` A -- please.
`
` So if you look at Paragraph 26 --
`
` Q Uh-huh.
`
` A -- about a third of the way down of the entire
`
`paragraph, there is a sentence that starts with,
`
`"Alternatively..."
`
` "Alternatively, hook script generator
`
` may create a generic hook script
`
` off-line for archive or reading in --
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 19
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 19
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`NENAD MEDVIDOVIC, Ph.D.
`
` in to a remote client through a
`
` network or other delivery means."
`
` Q Okay. Do you also see lower down the paragraph
`
`it says at about fourth from the bottom of the page,
`
` "Some portion or all of detection engine
`
` 240 may be moved onto another platform
`
` termed a third device, and may be
`
` implemented as another client device
`
` (not shown), an auxiliary device
`
` operationally connected to client 202
`
` (not shown), and/or a network
`
` device...."
`
` Do you see that disclosure, as well?
`
` A I do.
`
` Q What is a network device?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: It's any kind of device on a
`
`network. It could be a proxy, a server, a gateway. So
`
`it's some kind of device on a network.
`
`BY MR. KREEGER:
`
` Q Okay. And a network device could communicate
`
`over a TCP/IP network, couldn't it?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: In general, yes. Outside of any
`
`context of this particular patent, yes, a network device
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 20
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 20
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`could communicate through TCP/IP.
`
`BY MR. KREEGER:
`
` Q In the context of this patent, you don't think
`
`so?
`
` A If you're talking about data content or ACTP
`
`content, communicating through just an open TCP/IP
`
`network for that original content is what is assumed,
`
`which is why we assumed that that content may be
`
`malicious.
`
` For generated scripts, it -- without -- and the
`
`patent, in fact, doesn't specify this -- but without
`
`additional information, one would have to guess that
`
`grabbing this stuff over an unsecure network would
`
`render the scripts themselves potentially unsecure or
`
`malicious, as well.
`
` Q Well, there's nothing -- as you say, there's
`
`nothing in the patent that makes it clear that the --
`
`what type of network the network device is connected to,
`
`does it?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Again, the patent itself doesn't
`
`say anything about how any of that would work if this
`
`were implemented as a network device.
`
` So one of ordinary skill in the art has two
`
`choices: One of them is to basically say, "This patent
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 21
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 21
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
`doesn't teach how this can be done," which is really
`
`what I would prefer to do.
`
` But, to answer your question, since you are
`
`asking a specific question, I think that if you were to
`
`say, "Well, how might one do this," my assumption is
`
`that you wouldn't necessarily go just to an open network
`
`because then anybody could intercept and tamper with the
`
`scripts.
`
` But, again, the patent itself doesn't teach any
`
`of this.
`
`BY MR. KREEGER:
`
` Q Well, there's nothing in Ross that requires
`
`that the network device be on a different network from
`
`the network that provides the data content, is there?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Other than this one statement and
`
`maybe a couple of other places where Ross throws in this
`
`idea that this could be done on a network, there is
`
`nothing in Ross that shows how any of this could be
`
`done, period. I don't think that what they suggest here
`
`is, in fact, doable, having these -- what do they call
`
`them? Give me just a second.
`
` Generic scripts, Ross didn't show a single
`
`generic script, so I don't even know what those would
`
`look like.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 22
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 22
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` But, you know, to give them kind of their due
`
`respect, because they mention this here, yes, there is
`
`mention of a network. They don't say anything about how
`
`this can be done, what purpose this may play in the
`
`system, how this is all going to be hooked up, et
`
`cetera.
`
` So, to answer your question, I would have to
`
`speculate. And I already did that once, but you didn't
`
`like my answer, so --
`
`BY MR. KREEGER:
`
` Q I'm not expressing any dislike, Doctor.
`
` My question is simply, and I don't believe you
`
`answered it, there's nothing in Ross that requires that
`
`the network device be on a different network from the
`
`network that provides the data content?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: All that Ross says is that it is
`
`possible among all these other options to have this be
`
`on a network device. He doesn't say anything else.
`
` So, technically, he doesn't -- well, it doesn't
`
`say anything else.
`
`BY MR. KREEGER:
`
` Q Okay. Let's turn back to your declaration, and
`
`I'd like to turn your attention to Paragraph 70.
`
` A Oh, I'm sorry.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 23
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 23
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` If I may although correct myself, Ross does
`
`mention that there are multiple networks in the patent,
`
`so it -- again, it doesn't say how this is going to be
`
`organized, so one has to figure this out, but it does
`
`talk about all traffic between connection networks 208
`
`and 210.
`
` Q Okay.
`
` A So that's the language they do use.
`
` Q All right.
`
` Now, Paragraph 70 of your declaration, please.
`
` A Okay.
`
` Q And here you're discussing the claim
`
`limitation, "...a receiver for receiving an indicator
`
`from the security computer whether it is safe to invoke
`
`the second function with the input...."
`
` Do you see that?
`
` A I do.
`
` Q Okay. And now, going back to Ross, the
`
`decision service in Ross is a security computer; is that
`
`right?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: I believe that it is
`
`characterized in a way that can be construed as a
`
`security computer --
`
`BY MR. KREEGER:
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 24
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 24
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` Q Okay.
`
` A -- or the equivalent thereof.
`
` Q All right.
`
` Now, the decision service in Ross receives
`
`information passed to it from the script processing
`
`engine; isn't that right?
`
` A Yes, that's what Figure 6 indicates.
`
` Q Okay. And among information passed to the
`
`decision service by the script processing engine is a
`
`method name, the object name, any parameters passed to
`
`the method, as well as object properties or global
`
`variable values.
`
` Isn't that what Ross indicates in Paragraph 36?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: That's what Paragraph 36 says.
`
`Ross is not clear as to what specific method name,
`
`object name and parameters it is referring to, and none
`
`of the examples show it.
`
`BY MR. KREEGER:
`
` Q Well, let me just stick with what is actually
`
`disclosed.
`
` What it is -- what do you as one of skill in
`
`the art take to -- the meaning to be "parameters passed
`
`to the method"?
`
` What does that mean?
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 25
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 25
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` A "Parameters passed to the method" would be,
`
`well, parameters passed to the method. That would be
`
`the data supplied to the method for processing when --
`
` (Speaking simultaneously.)
`
` Q Is that inputs to the method?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: You can -- you can think of it as
`
`inputs to the method, yes.
`
`BY MR. KREEGER:
`
` Q Okay. So -- and Ross later in that same
`
`paragraph -- let me see if I can find it -- all right.
`
` So further down the paragraph on the following
`
`page, it discusses what the decision service does. And
`
`it says it, "...performs detailed analysis of
`
` suspected malicious code functions and
`
` one or more arguments to gauge whether
`
` those arguments and functions in
`
` combination or separately may
`
` constitute an undesirable code
`
` behavior and/or a security threat."
`
` Do you see that?
`
` A I found it.
`
` Yes, I see that.
`
` Q And when it says "arguments," those are also
`
`another way to describe inputs to the function?
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 26
`
`Palo Alto Networks, Inc. Exhibit 1011 Page 26
`
`
`
`NENAD MEDVIDOVIC, Ph.D.
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: But, again, I don't know what
`
`function we're talking about here.
`
`BY MR. KREEGER:
`
` Q Leaving that aside, when it says "arguments,"
`
`it's referring to inputs to a function, correct?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: An argument is an actual
`
`instantiated parameter, so yes.
`
`BY MR. KREEGER:
`
` Q Okay. When it says that it's performing a
`
`vulnerability assessment on suspicious malicious code
`
`functions and their arguments, isn't that determining
`
`whether it's safe to invoke a function with its input?
`
` MR. HANNAH: Objection. Form.
`
` THE WITNESS: Again, I have no idea based on
`
`what is described here what is actually being passed, so
`
`I don't know what this malicious code itself is, because
`
`this is all discussed in the context of -- to use Ross's
`
`specific terminology is hook functions, and the example
`
`shows hook functions.
`
` But since the hook function is generated
`
`specifically to deal with malicious code, my guess is it
`
`doesn't make any sense to pass the inputs to the hook
`
`function. But there is no indication of anything else
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
