Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`
`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`
`
`Palo Alto Networks, Inc.
`Petitioner
`
`v.
`
`Finjan, Inc.
`Patent Owner
`
`U.S. Patent No. 8,677,494
`Filing Date: Nov. 7, 2011
`Issue Date: Mar. 18, 2014
`Title: Malicious Mobile Code Runtime Monitoring System and Methods
`
`Inter Partes Review No. 2016-00159
`
`DECLARATION OF AVIEL D. RUBIN IN SUPPORT OF PETITION FOR
`INTER PARTES REVIEW OF U.S. PATENT NO. 8,677,494
`
`
`
`
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 1
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`Table of Contents
`
`
`II.
`
`Page
`SUMMARY OF OPINIONS .................................................................................... 4
`I.
`INTRODUCTION AND QUALIFICATIONS .............................................. 5
`Education .............................................................................................. 5
`A.
`B.
`Career ................................................................................................... 5
`C.
`Publications: ......................................................................................... 9
`D.
`Curriculum Vitae ................................................................................ 10
`E. Materials Considered .......................................................................... 10
`LEGAL PRINCIPLES USED IN THE ANALYSIS ................................... 15
`A.
`Person Having Ordinary Skill in the Art (“POSA”) .......................... 15
`B.
`Prior Art .............................................................................................. 16
`C.
`Broadest Reasonable Interpretations .................................................. 17
`D.
`Standards for Anticipation and Obviousness ..................................... 21
`III. BACKGROUND OF TECHNOLOGY RELATED TO THE ʼ494
`PATENT ....................................................................................................... 34
`IV. THE ʼ494 PATENT ...................................................................................... 38
`A. Overview of the ʼ494 Patent ............................................................... 38
`B.
`The Claims of the ʼ494 Patent ............................................................ 40
`C.
`The Priority Claims of the ʼ494 Patent .............................................. 42
`V. OVERVIEW OF THE PRIOR ART ............................................................ 44
`A. Overview of Touboul ......................................................................... 44
`B. Overview of Swimmer ....................................................................... 45
`C. Overview of Ji .................................................................................... 46
`D. Overview of Martin ............................................................................ 47
`E.
`Touboul, Swimmer, Ji, and Martin Are All Analogous Art .............. 48
`VI. ANALYSIS ................................................................................................... 50
`
`
`
`
`
`i
`
`
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 2
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`Table of Contents
`(continued)
`
`Page
`
`A.
`
`B.
`
`C.
`
`D.
`
`E.
`
`Claims 1, 3-6, 9, 10, 12-15, and 18 Are Anticipated Under 35
`U.S.C. § 102(b) by Touboul ............................................................... 50
`1.
`Claim 10 ................................................................................... 50
`a.
`Claim element 10[b] – Receiver for
`Downloadables .............................................................. 50
`Claim element 10[d] – Database Manager .................... 50
`b.
`Claims 3-5 & 12-14 ................................................................. 51
`2.
`Claims 6 & 15 .......................................................................... 54
`3.
`Claims 9 & 18 .......................................................................... 56
`4.
`Touboul, or Touboul in light of Swimmer Renders Claims 2 &
`11 Obvious Under 35 U.S.C. § 103(a) ............................................... 57
`Touboul, or Touboul in light of Ji Renders Claims 7 & 16
`Obvious Under 35 U.S.C. § 103(a) .................................................... 61
`Touboul Renders Claims 8 & 17 Obvious Under 35 U.S.C.
`§ 103(a) ............................................................................................... 63
`Swimmer Renders Claims 1-2, 6, 10-11, and 15 Obvious Under
`35 U.S.C. § 103(a) .............................................................................. 65
`1.
`Claim 1 ..................................................................................... 65
`a.
`Claim element 1[b] – Receiving .................................... 65
`b.
`Claim element 1[c] – Deriving Security Profile
`Data ................................................................................ 66
`Claim element 1[d] – Database ..................................... 67
`c.
`Claim 10 ................................................................................... 68
`a.
`Claim element 10[b] – Receiver .................................... 68
`b.
`Claim element 10[d] – Database Manager .................... 69
`Claims 2 and 11 – Date and Time ............................................ 70
`Claims 6 and 15 – Specific Types of Suspicious
`Operations ................................................................................ 70
`
`3.
`4.
`
`2.
`
`
`
`
`
`ii
`
`
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 3
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`Table of Contents
`(continued)
`
`Page
`
`F.
`
`Swimmer in Light of Martin Renders Claims 3-5 and 12-14
`Obvious Under 35 U.S.C. § 103(a) .................................................... 71
`Secondary Considerations of Non-Obviousness ................................ 73
`G.
`VII. CONCLUSION ............................................................................................. 74
`
`
`
`
`
`iii
`
`
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 4
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`I, Aviel Rubin, declare as follows:
`
`I have personal knowledge of the facts stated in this declaration, and could
`
`and would testify to these facts under oath if called upon to do so.
`
`I have been retained by counsel for Palo Alto Networks, Inc. (Petitioner) in
`
`this case as an expert in the relevant art. I am being compensated for my work at
`
`the rate of $688 per hour. No part of my compensation is contingent upon the
`
`outcome of this petition.
`
`I was asked to study U.S. Patent 8,677,494, its prosecution history, and the
`
`prior art and to render opinions on the obviousness or non-obviousness of the
`
`claims of the ʼ494 patent in light of the teachings of the prior art, as understood by
`
`a person of ordinary skill in the art in the 1996 time frame.
`
`Summary of Opinions
`
`After studying the ʼ494 patent, relevant excerpts of its file history, and the
`
`prior art, and considering the subject matter of the claims of the ʼ494 patent in light
`
`of the state of technical advancement in security programs (including content
`
`scanners for program code), in the 1996 time frame, I reached the following
`
`conclusions. Each of the claims of the ʼ494 patent addressed in this declaration
`
`were invalid as obvious in the 1996 time frame in light of the knowledge of skill in
`
`the art at that time and the teachings, suggestions, and motivations present in the
`
`prior art.
`
`
`
`4
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 5
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`I.
`
`INTRODUCTION AND QUALIFICATIONS
`A. Education
`1.
`I possess the knowledge, skills, experience, training and the education
`
`to form an expert opinion and testimony in this matter. I have 22 years of
`
`experience in the field of computer science, and specifically in Internet and
`
`computer security. I received my Ph.D. in Computer Science and Engineering from
`
`the University of Michigan, Ann Arbor in 1994, with a specialty in computer
`
`security and cryptographic protocols. My thesis was entitled “Nonmonotonic
`
`Cryptographic Protocols” and concerned authentication
`
`in
`
`long-running
`
`networking operations.
`
`B. Career
`2.
`I will discuss my current position as a professor first, followed by a
`
`synopsis of my career and work from when I received my Ph.D. to the present.
`
`3.
`
`I am currently employed as Professor of Computer Science at Johns
`
`Hopkins University, where I perform research, teach graduate courses in computer
`
`science and related subjects, and supervise the research of Ph.D. candidates and
`
`other students. Courses I have taught include Security and Privacy in Computing
`
`and Advanced Topics in Computer Security. I am also the Technical Director of
`
`the Johns Hopkins University Information Security Institute, the University’s focal
`
`point for research and education in information security, assurance, and privacy.
`
`
`
`5
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 6
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`The University, through the Information Security Institute’s leadership, has been
`
`designated as a Center of Academic Excellence in Information Assurance by the
`
`National Security Agency and leading experts in the field. The focus of my work
`
`over my career has been computer security, and my current research concentrates
`
`on systems and networking security, with special attention to software and network
`
`security.
`
`4.
`
`After receiving my Ph.D., I began working at Bellcore in its
`
`Cryptography and Network Security Research Group from 1994 to 1996. During
`
`this period I focused my work on Internet and Computer Security. While at
`
`Bellcore, I published an article titled “Blocking Java Applets at the Firewall”
`
`(Martin, Ex. 1047) about the security challenges of dealing with JAVA applets and
`
`firewalls, and a system that we built to overcome those challenges.
`
`5.
`
`In 1997, I moved to AT&T Labs, Secure Systems Research
`
`Department, where I continued to focus on Internet and computer security. From
`
`1995 through 1999, in addition to my work in industry, I served as Adjunct
`
`Professor at New York University, where I taught undergraduate classes on
`
`computer, network and Internet security issues.
`
`6.
`
`I stayed in my position at AT&T until 2003, when I left to accept a
`
`full time academic position at Johns Hopkins University. The University promoted
`
`me to full professor with tenure in April, 2004.
`
`
`
`6
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 7
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`7.
`
`I serve, or have served, on a number of technical and editorial
`
`advisory boards. For example, I served on the Editorial and Advisory Board for the
`
`International Journal of Information and Computer Security. I also served on the
`
`Editorial Board for the Journal of Privacy Technology. I have been Associate
`
`Editor of IEEE Security and Privacy Magazine, and served as Associate Editor of
`
`ACM Transactions on Internet Technology. I am currently an Associate Editor of
`
`the journal Communications of the ACM. I was an Advisory Board Member of
`
`Springer’s Information Security and Cryptography Book Series. I have served in
`
`the past as a member of the DARPA Information Science and Technology Study
`
`Group, a member of the Government Infosec Science and Technology Study
`
`Group of Malicious Code, a member of the AT&T Intellectual Property Review
`
`Team, Associate Editor of Electronic Commerce Research Journal, Co-editor of
`
`the Electronic Newsletter of the IEEE Technical Committee on Security and
`
`Privacy, a member of the board of directors of the USENIX Association, the
`
`leading academic computing systems society, and a member of the editorial board
`
`of the Bellcore Security Update Newsletter.
`
`8.
`
`I have spoken on information security and electronic privacy issues at
`
`more than 50 seminars and symposia. For example, I presented keynote addresses
`
`on the topics “Security of Electronic Voting” at Computer Security 2004 Mexico
`
`in Mexico City in May 2004; “Electronic Voting” to the Secure Trusted Systems
`
`
`
`7
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 8
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`Consortium 5th Annual Symposium in Washington DC in December 2003;
`
`“Security Problems on the Web” to the AT&T EUA Customer conference in
`
`March, 2000; and “Security on the Internet” to the AT&T Security Workshop in
`
`June 1997. I also presented a talk about hacking devices at the TEDx conference in
`
`October 2011 and also another TEDx talk on the same topic in September 2015.
`
`9.
`
`I was founder and President of Independent Security Evaluators (ISE),
`
`a computer security consulting firm, from 2005-2011. In that capacity, I guided
`
`ISE through the qualification as an independent testing lab for Consumer Union,
`
`which produces Consumer Reports magazine. As an independent testing lab for
`
`Consumer Union, I managed an annual project where we tested all of the popular
`
`anti-virus products. Our results were published in Consumer Reports each year for
`
`three consecutive years. I am currently the founder and managing partner of
`
`Harbor Labs, a software and networking consulting firm.
`
`10. As is apparent from the above description, virtually my entire
`
`professional career has been dedicated to issues relating to information and
`
`network security. Moreover, through my consulting work and my work at AT&T
`
`and Bellcore, I am familiar with the practical aspects of designing, analyzing, and
`
`deploying security applications in network environments.
`
`
`
`8
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 9
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`Publications:
`
`C.
`11.
`
`I am a named inventor on ten United States patents, all in the
`
`information security area. The patent numbers and titles as well as my co-inventors
`
`are listed on the attached curriculum vitae. (See Ex. 1037.)
`
`12.
`
`In March 2004, I was asked by the Federal Trade Commission to
`
`submit a report commenting on the viability and usefulness of a national do not e-
`
`mail registry. I submitted my report entitled “A Report to the Federal Trade
`
`Commission on Responses to Their Request for Information on Establishing a
`
`National Do Not E-mail Registry” on May 10, 2004.
`
`13.
`
`I have also testified before Congress regarding the security issues with
`
`electronic voting machines and in the United States Senate on the issue of
`
`censorship. I also testified in Congress on November 19, 2013 about security
`
`issues related to the government’s Healthcare.gov web site.
`
`14.
`
`I am author or co-author of five books regarding information security
`
`issues: Brave New Ballot, Random House, 2006; Firewalls and Internet Security
`
`(second edition), Addison Wesley, 2003; White-Hat Security Arsenal, Addison
`
`Wesley, 2001; Peer-to-Peer, O’Reilly, 2001; and Web Security Sourcebook, John
`
`Wiley & Sons, 1997. I am also the author of numerous journal and conference
`
`publications.
`
`
`
`9
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 10
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`D. Curriculum Vitae
`15. Additional details of my education and employment history, recent
`
`professional service, patents, publications, and other testimony are set forth in my
`
`current curriculum vitae, attached to this declaration as Ex. 1037.
`
`E. Materials Considered
`16. My analysis is based on my experience in the computer industry since
`
`1994, including the documents I have read and authored and systems I have
`
`developed and used since then.
`
`17. Furthermore, I have reviewed the various relevant publications from
`
`the art at the time of the alleged invention and the claim charts that are included in
`
`the Petition for Inter Partes Review of the ʼ494 patent, to which this Declaration
`
`relates. Based on my experience as a person having ordinary skill in the art
`
`(“POSA”) at the time of the alleged invention, the references accurately
`
`characterize the state of the art at the relevant time. Specifically, I have reviewed
`
`the following:
`
`Exhibit
`Description of Document
`No.
`1001 U.S. Patent No. 8,677,494 to Edery, et al. (“the ʼ494 patent”)
`Excerpts from trial transcripts of Finjan, Inc. v. Symantec Corp., et al.,
`1003
`Case No. 10-593-GMS (December 12, 2012)
`1004 Virus Bulletin (May 1996)
`ThunderBYTE Anti-Virus Utilities-User Manual (1996)
`1005
`(“ThunderBYTE”, or “TB”)
`
`
`
`10
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 11
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`1019
`
`Exhibit
`Description of Document
`No.
`Morton Swimmer, “Dynamic Detection and Classification of Computer
`1006
`Viruses Using General Behaviour Patterns” (Sept. 1995)
`INFOWorld (Dec. 11, 1995)
`1007
`1008 U.S. Patent No. 5,761,436 (“the ʼ436 Patent”)
`1009 U.S. Patent No. 5,925,106 (“the ʼ106 Patent”)
`1010 U.S. Patent No. 5,983,348 (“Ji”)
`Dmitry O. Gryaznov, “Scanners of the Year 2000: Heuristics, Virus
`1011
`Bulletin Conference” (Sept. 1995)
`1012 The Virus Bulletin (Sept. 1995)
`1013 U.S. Patent No. 6,092,194 (“the ʼ194 Patent”)
`1014 U.S. Patent Application No. 09/861,229 (“the ʼ229 Application”)
`1015 U.S. Patent No. 7,613,926 (“the ʼ926 Patent”)
`1016 U.S. Patent No. 7,058,822 (“the ʼ822 Patent”)
`Decision Granting Petition to Accept Unintentionally Delayed Priority
`1017
`Claim Under 37 C.F.R. U.S. Patent No 7,058,822 File History
`1018 SurfinGate Press Release (1996)
`Joint Claim Construction and Pre-Hearing Statement Pursuant to Patent
`Local Rule 4-3. Finjan v. Proofpoint, Inc., and Armorize Technologies,
`Inc. (Jan. 26, 2015)
`1020 U.S. Patent No. 6,154,844 (“the ʼ844 Patent”)
`Elmasri and Navathe, Fundamentals of Database Systems, 2d. Ed.,
`1021
`Addison-Wesley Publishing Co. (1994)
`Terry Halpin, Conceptual Schema Relational Database Design, 2d. Ed.,
`Prentice Hall Australia (1995)
`Order Construing the Terms of U.S. Patent Nos. 6,092,194; 6,804,780;
`7,058,822; 6,357,010; and 7,185,361, Finjan v. Secure Computing
`Corp., et al. Case 1:06-cv-00369-GMS (Dec. 11, 2007) (D.I. 142)
`Order Construing the Terms of U.S. Patent Nos. 6,092,194 & 6,480,962
`1024
`Finjan v. McAfee, Inc., et al. Case No. 10-cv-593-GMS (Feb. 29, 2012)
`1025 Excerpted U.S. Patent No. 8,677,494 File History
`International Publ. No. WO 98/21683 to Touboul (“Touboul”)
`1026
`
`1022
`
`1023
`
`
`
`11
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 12
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`1028
`
`1036
`
`Exhibit
`Description of Document
`No.
`1027 Provisional Patent Application No. 60/030,639
`CheckPoint Software Technologies Ltd., Press Release, “Leading
`Content Security Vendors Announce Support for Check Point FireWall-
`13.0” (Oct. 7, 1996)
`1029 Great Circle, Firewalls Mailing List and Correspondence
`1030 Glenn Fowler , “cql – A Flat File Database Query Language” (1994)
`1031 Webpage: Welcome to Finjan Software (Dec. 1996)
`Paul Merenbloom, “Don’t Let Rogue Java Applets Imperil Network
`1032
`Security” (Dec. 1996)
`1033 Rohit Khare, Microsoft Authenticode Analyzed (July 22, 1996)
`David Chappell, Understanding ActiveX and OLE: A Guide for
`1034
`Developers and Managers (Strategic Technology) (1996) (“Chappell”)
`1035 Dan Raywood, Press Release - M86 Security completes acquisition of
`Finjan (Nov. 3, 2009)
`iMPERVA, Hacker Intelligence Initiative, Monthly Trend Report #14
`(2012)
`1038 The Virus Bulletin Paper (Nov. 1994)
`1039 Drew Dean, et al. “Java Security: Web Browsers and Beyond” (1997)
`1040 Chung Kei Wong, “PGP Enhancement to Java Applet” (1996)
`1041 Pat Newcombe, “Librarians in Quandary Over Web Access” (1996)
`1042 Phillip A. Porras, et al. “Live Traffic Analysis of TCP/IP Gateways”
`(1997)
`1043 Steve Suehring MySQL Bible (2002)
`1044 Press Release:“Microsoft Announces ActiveX Technologies” (1996)
`1045 U.S. Patent No. 6,268,852 (“the ‘852 Patent”)
`Press Release, “Netscape and Sun Announce JavaScript, the Open,
`Cross-Platform Object Scripting Language for Enterprise Networks and
`the Internet” (1995)
`1047 David M. Martin, et al. “Blocking Applets at the Firewall” (1997)
`
`1046
`
`
`
`12
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 13
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`Exhibit
`Description of Document
`No.
`1048 Benjamin Schwarz, et al. “Disassembly of Executable Code
`Revisited” (2002)
`1049 Karen Kent, et al. “Guide to Computer Security Log Management”
`(2006)
`1050 Webpage: Wikipedia, Syslog
`1051 Python Documentation by Version
`Jaime Jaworski “JAVA Developer’s Guide” (1996)
`1052
`1053 Colin Jackson, et al. “Protecting Browser State from Web Privacy
`Attacks” (2006)
`1054
`JavaScript Security: Same Origin (2001)
`Li Gong, et al. “Going Beyond the Sandbox: An Overview of the New
`1055
`Security Architecture in the Java Development Kit 1.2” (1997)
`1056 Douglas Terry, et al. “Continuous Queries over Append-Only
`Databases” (1992)
`1057 Drew Dean, et al. “Java Security: From HotJava to Netscape and
`Beyond” (1996)
`1058 Webpage: “Crackers Shuffle Cash with Quicken, ActiveX” (1997)
`1059 Alan Mark, “Exploring the NetWare Web Server, Part 3: A Complete
`Innerweb Solution” (1996)
`1060 Larry Masinter, “Document Management, Digital Libraries and the
`Web” (1995)
`1061 Dr. Eugene Spafford Declaration (March 20, 2015)
`1062 Virus Bulletin (Nov. 1991)
`1063 Claim Construction Order, Finjan v. Sophos, Case No. 14-cv-01197-
`WHO, D.I. 73 (N.D. Cal., 2014)
`1064 Finjan, Inc. v. Symantec Corp., et al. 2013 WL 5302560 (D. Del. Sept.
`19, 2013)
`1065 U.S. Patent No. 5,696,822 (“Nachenberg”)
`1066 Virus Bulletin (Sept. 1994)
`
`
`
`13
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 14
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`Exhibit
`Description of Document
`No.
`Excerpts from trial transcripts of Finjan, Inc. v. Secure Computing, et
`1067
`al. Case No. 05-369-GMS (March 10, 2008)
`1068 Riel & Feng, Documentation for /proc/sys/kernel/* (2009)
`1069 U.S. Patent Application No. 11/370,114
`1070 U.S. Patent Application No. 09/861,229
`1071 U.S. Patent Application No. 09/539,667
`1072 U.S. Patent Application No. 09/551,302
`1073 U.S. Provisional Patent Application No. 60/205,591
`1074 U.S. Patent Application No. 08/964,388
`1075 U.S. Patent Application No. 08/790,097
`1076 Webpage: Oracle 3.4 JDK 1.4 java.util.logging
`Sun Press Release “Sun Announces Latest Version of Java 2 Platform
`1077
`Standard Edition (February 6, 2002)
`1078 Webpage: Oracle 2.3 Logging Framework
`Michael Reiter and Aviel Rubin “Crowds: Anonymity for Web
`1079
`Transactions
`1080 Webpage: Oracle man pages section 3: Basic Library Functions
`Stephen Hansen and E. Todd Atkins “Automated System Monitoring
`1081
`and Notification with Swatch” (November 1-5, 1993)
`Final Office Action mailed September 8, 2014, in U.S. Control No.
`1082
`90/013,017
`IBM Dictionary of Computing (1994)
`1083
`1084 Ray Duncan Advanced MS-DOS Programming, 2nd Ed. (1988)
`Insik Shin and John C., Mitchell “Java Bytecode Modification and
`1085
`Applet Security” (1998)
`1086 U.S. Patent No. 6,061,515 to Chang, et al. (“the ʼ515 patent”)
`1087 Fred R. McFadden et al. Modern Database Management, 4th Ed. (1994)
`1088 Declaration of John Hawes of Virus Bulletin
`
`14
`
`
`
`
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 15
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`II. LEGAL PRINCIPLES USED IN THE ANALYSIS
`18.
`I am not a patent attorney, nor have I independently researched the
`
`law on patent validity. Attorneys for the Petitioner have explained certain legal
`
`principles to me that I have relied upon in forming my opinions set forth in this
`
`report.
`
`A.
`19.
`
`Person Having Ordinary Skill in the Art (“POSA”)
`
`I understand that I must undertake my assessment of the claims of the
`
`ʼ494 patent from the perspective of what would have been known or understood by
`
`a POSA as of the earliest claimed priority date of the patent claim.
`
`20. Counsel has advised me that to determine the appropriate level of one
`
`of ordinary skill in the art, I may consider the following factors: (a) the types of
`
`problems encountered by those working in the field and prior art solutions thereto;
`
`(b) the sophistication of the technology in question, and the rapidity with which
`
`innovations occur in the field; (c) the educational level of active workers in the
`
`field; and (d) the educational level of the inventor.
`
`21. The relevant technology field for the ʼ494 patent is security programs,
`
`including content scanners for program code. Based on this, and the four factors
`
`above, it is my opinion that POSA would hold a bachelor’s degree or the
`
`equivalent in computer science (or related academic fields) and three to four years
`
`of additional experience in the field of computer security, or equivalent work
`
`
`
`15
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 16
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`experience. This definition of the POSA would not change whether the time of the
`
`alleged invention is deemed to be 1996, 2000, or 2006.
`
`22. Unless otherwise specified, when I mention a POSA or someone of
`
`ordinary skill, I am referring to someone with the above level of knowledge and
`
`understanding.
`
`23. Based on my experiences, I have a good understanding of the
`
`capabilities of a person of ordinary skill in the relevant field. Indeed, in addition to
`
`being a person of at least ordinary skill in the art, I have worked closely with many
`
`such persons over the course of my career, and I have regularly taught material
`
`fundamental to the art in my role as professor and researcher over the past 22
`
`years.
`
`B.
`24.
`
`Prior Art
`
`I understand that the law provides categories of information that
`
`constitute prior art that may be used to anticipate or render obvious patent claims.
`
`To be prior art to a particular patent under the relevant law, a reference must have
`
`been made, known used, published, or patented, or be the subject of a patent
`
`application by another, before the priority date of the patent. I also understand that
`
`the POSA is presumed to have knowledge of the relevant prior art.
`
`25. As discussed below, I understand that the Petitioner has determined
`
`that various claims of the ʼ494 patent are entitled to different priority dates. These
`
`
`
`16
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 17
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`dates range from 2000 to 2009. However, other than the differences in which art
`
`is considered prior art, my conclusions and discussion in this declaration would
`
`not be substantively different regardless of which date in that range is ascribed to
`
`the POSA.
`
`C. Broadest Reasonable Interpretations
`26.
`I understand that, in Inter Partes Review, the claim terms are to be
`
`given their broadest reasonable interpretation (BRI) in light of the specification.
`
`See 37 C.F.R. § 42.100(b). In performing my analysis and rendering my opinions, I
`
`have interpreted claim terms for which the Petitioner has not proposed a BRI
`
`construction by giving them the ordinary meaning they would have to a the POSA,
`
`reading the ʼ494 Patent with its earliest priority filing date for the claims petitioned
`
`in this proceeding (March 30, 2000) in mind, and in light of its specification and
`
`file history.
`
`27.
`
`I understand that the Petitioner has made determinations about the
`
`BRIs of several of the claim terms in the ʼ494 patent. I have identified these BRIs
`
`in the table below.
`
`Term
`“Downloadable security
`
`Broadest Reasonable Interpretation (BRI)
`“information related to whether executing a
`
`file profile [DSP] data”
`
`downloadable is a security risk.”
`
`“database”
`
`“a collection of interrelated data organized
`
`
`
`17
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 18
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`Term
`
`Broadest Reasonable Interpretation (BRI)
`according to a database schema to serve one or
`
`more applications.”
`
`“downloadable”
`
`“an executable application program, which is
`
`downloaded from a source computer and run on the
`
`destination computer.”
`
`
`
`28. My analysis in this declaration assumes that the terms in Table 2
`
`above are defined using the indicated BRIs. From my reading of the ʼ494 patent,
`
`I believe that these BRIs are consistent with how one of skill in the art at the time
`
`the ʼ494 patent was filed would interpret those claim terms. The Petitioner has
`
`determined that the BRIs of several of the terms in the ʼ494 patent are not
`
`limiting. However, I am providing analysis in my declaration showing that even
`
`if the terms are limiting, the associated claim elements are disclosed in the prior
`
`art. I also note that for at least the term “database,” the POSA’s understanding of
`
`that term would not be any different whether the time of the alleged invention is
`
`deemed to be 1996, 2000, 2011, or later.
`
`29. With respect to the term “Downloadable security profile data” (DSP
`
`data), I note that the ʼ194 patent specification and claims help define what the
`
`term DSP data encompasses. The specification notes that “DSP data 310 includes
`
`
`
`18
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 19
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`the list of all potentially hostile or suspicious computer operations that may be
`
`attempted by each known Downloadable 307, and may also include the
`
`respective arguments of these operations.” (Ex. 1013 at 4:33-38.) And the claims
`
`broaden this list of concepts to include other indicia of the relative risk of a
`
`particular Downloadable. Dependent claims 8 and 17 recite that the DSP data
`
`may also “includ[e] a digital certificate,” and claims 7 and 16 recite that the DSP
`
`data may include “a URL from where the Downloadable originated.”
`
`30. Digital certificates, just like the types of operations and the
`
`parameters that are sent to those operations, are indicators of how risky running
`
`an application is likely to be. For example, a certificate from a trusted source,
`
`such as a large computer software manufacturer is likely to indicate that a
`
`Downloadable is relatively less likely to be Malware, even if certain operations
`
`within that Downloadable are otherwise suspicious. (Ex. 1055 at 4, § 2-1.)
`
`Likewise, a URL can be an indicator of how risky running an application is likely
`
`to be. For example, if a Downloadable is encountered that originates from a URL
`
`with a history of being a source of malware, this indicates a potentially higher
`
`risk of the Downloadable being malicious.
`
`31. With respect to the term “database,” counsel has informed me that
`
`the Board recently adopted the BRI “a collection of interrelated data organized
`
`according to a database schema to serve one or more applications” in another
`
`
`
`19
`
`BLUE COAT SYSTEMS - Exhibit 1002 Page 20
`
`

`
`Declaration of Aviel D. Rubin
`Petition for Inter Partes Review of Patent No. 8,677,494
`
`
`inter partes review involving the ʼ494 patent. See IPR2015-01022, Paper No. 7,
`
`at 9-10. Counsel has also informed me that this BRI coincides with the district
`
`court’s construction of “database” in Patent Owner’s litigation with Sophos, Inc.
`
`(See Ex. 1063 at 17.) In my opinion, the BRI of “database” in this proceeding
`
`should be at least as broad as the BRI of “database” adopted in the Sophos IPR
`
`and litigation. Requiring a “database schema” and that the database “serve one or
`
`more applications” is consistent with the specifications of the ʼ494 patent and the
`
`applications and patents related to the ʼ494 patent. For example, Fig. 3 of the
`
`ʼ194 patent shows “Security Database 240” as being separate and distinct from
`
`“Event Log 245,” indicating that the “database” recited in the claims of the ʼ494
`
`patent is not merely a log file. Instead, it can be inferred that the “Security
`
`Database 240” is organized in accordance with a structure