`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`––––––––––––––––––
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`––––––––––––––––––
`
`GOOGLE LLC,
`Petitioner,
`
`v.
`
`BLACKBERRY LTD.,
`Patent Owner.
`
`––––––––––––––––––
`
`Case No. IPR2017-01619
`U.S. Patent No. 8,489,868
`
`––––––––––––––––––
`
`DECLARATION OF DR. GEORGE T. LIGLER
`
`Patent Owner Ex. 2002, p. Cover
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`TABLE OF CONTENTS
`
`Petitioner’s Exhibits Considered .............................................................................. iii
`
`Patent Owners’s Exhibits Considered ....................................................................... iv
`
`I.
`
`Introduction ...................................................................................................... 1
`
`A.
`
`B.
`
`C.
`
`Engagement ........................................................................................... 1
`
`Background and Qualifications ............................................................. 2
`
`List of Materials Considered/Reviewed ................................................ 6
`
`II.
`
`Legal Standards for Patentability .................................................................... 7
`
`A. Anticipation ........................................................................................... 8
`
`B.
`
`Obviousness ........................................................................................... 9
`
`III. The ‘868 Patent .............................................................................................. 10
`
`A. Overview of the ‘868 Patent ................................................................ 10
`
`B.
`
`C.
`
`Priority Date ........................................................................................ 14
`
`Person of Ordinary Skill in the Art ..................................................... 15
`
`IV. Claim Construction ........................................................................................ 16
`
`A.
`
`B.
`
`C.
`
`D.
`
`“Signed Software Application” ........................................................... 17
`
`“Sensitive API” ................................................................................... 28
`
`“Non-sensitive API” ............................................................................ 31
`
`“Abridged Version of a Software Application” (Claim 86) ............... 32
`
`V.
`
`Claims 1, 13, 76, 78, 81, 84, 85, 87, 88, 90-93, 95, 98, 100, 104, 108, 112,
`113, 137-39, and 142-44 Are Patentable Over Garst and Gong ................... 33
`
`A.
`
`Brief Overview of Garst (Ex. 1012) .................................................... 33
`
`Patent Owner Ex. 2002, p. i
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`B.
`
`C.
`
`Brief Overview of Gong (Ex. 1016) ................................................... 34
`
`Garst Does Not Disclose or Render Obvious a “Signed Software
`Application” (Claims 1 and 76) .......................................................... 35
`
`i.
`
`ii.
`
`Garst Discloses Signing a License String, Not a Software
`Application ................................................................................ 35
`
`It Would Not Have Been Obvious to Sign the Software
`Application Using the API Vendor’s Private Key .................... 40
`
`D. Garst Does Not Disclose a “Sensitive API” (Claims 1 and 76) .......... 45
`
`E.
`
`Garst Does Not Disclose Allowing Access to Non-Sensitive APIs
`“Upon Verifying the Digital Signature” (Claim 112) ......................... 47
`
`VI. Claims 77, 79, 80, and 82 Are Patentable Over Garst, Gong, and Davis ..... 49
`
`VII. Claim 86 Is Patentable Over Garst, Gong, and Sibert ................................... 52
`
`VIII. Remaining Claims and Grounds .................................................................... 55
`
`
`
`
`
`Patent Owner Ex. 2002, p. ii
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`PETITIONER’S EXHIBITS CONSIDERED
`
`No.|Exhibit Description
`U:S. Patent No. 8,489,868
`
`1001
`
`
`
`1002
`
`Declaration of Patrick D. McDaniel, Ph.D.
`
`1003
`
`Curriculum Vitae of Patrick D. McDaniel, Ph.D.
`
`1004
`
`1005
`
`1006
`
`1007
`
`1008
`
`1009
`
`1010
`
`1011
`
`1012
`
`1013
`
`1014
`
`1015
`
`1016
`
`1017
`
`1018
`
`1019
`
`1021
`
`1024
`
`1025
`
`1026
`
`1027
`
`Prosecution History of U.S. Patent No. 8,489,868
`
`U.S. Provisional Application No. 60/270,663
`
`US. Provisional Application No. 60/235,354
`
`U.S. Provisional Application No. 60/234,152
`The Authoritative Dictionary of IEEE Standards Terms, IEEE Std.
`100-2000 (7th ed. 2000)
`
`Bruce Schneier, “Applied Cryptography” (2nd ed. 1996)
`BlackBerry’s First Amended Complaint, BlackBerry LTD. v. Blu
`Products, Inc., Case No. 1:16-cv-23535 (S.D. Fla.)
`
`US. Patent No. 6,766,353 (“Lin”)
`
`U.S. Patent No. 6,188,995 (“Gars?’)
`
`U.S. Patent No. 5,844,986 (“Davis”)
`
`U.S. Patent No. 5,724,425 (“Chang”)
`
`US. Patent No. 7,243,236 (“Siberr’)
`Li Gong,“Inside Java 2 Platform Security Architecture: Cryptography,
`APIs, and Implementation” (1999) (“Gong’’)
`
`US. Patent No. 6,131,166 (“Wong-Insley’)
`
`U.S. Patent No. 5,657,378 (“Haddock”)
`
`U.S.Provisional Patent Application No. 60/146,426
`
`U.S. Patent No. 6,298,354 (“Saulpaugh’’)
`
`Dorothy E. Denning, “Cryptography and Data Security” (1982)
`
`U.S. Patent No. 5,845,282 (“Alley”)
`
`PCT Publication No. WO 97/09813 (“Nguyen”)
`
`PCT Publication No. WO 99/41520 (“Huang”)
`
`Patent Owner Ex. 2002,p. 111
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`‘No._|Exhibit Description
`1028|Scott Oaks, “Java Security” (Feb. 1999)
`
`1032|Bill Venners, “Inside the Java 2 Virtual Machine”(1999)
`
`1031|David Flanagan,“Java in a Nutshell” (Nov. 1999)
`
`PATENT OWNERS’S EXHIBITS CONSIDERED
`
`No._|Exhibit Description
`
`2004|Deposition Transcript of Dr. Patrick D. McDaniel (Feb. 21, 2018) 2005|Webster’s NewWorld Dictionary (1984)
`
`Patent OwnerEx. 2002,p. iv
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`I.
`
`INTRODUCTION
`A. Engagement
`
`1.
`
`I have been retained on behalf of Patent Owner Blackberry, Ltd.
`
`(“Blackberry”) to offer statements and opinions generally regarding the novelty
`
`and understanding of a person of ordinary skill in the art (“POSA”) in the industry
`
`as it relates to U.S. Patent No. 8,489,868 (Ex. 1001, “the ’868 patent”), which is
`
`entitled “Software Code Signing System and Method.” I understand that Petitioner
`
`Google LLC (“Petitioner”) has challenged claims 1, 13, 76-95, 98, 100, 104, 108,
`
`112, 113, 137-39, and 142-44 of the ’868 patent as unpatentable over certain prior
`
`art. I have been asked to provide my opinion and analysis of the various references
`
`and opinions advanced in the Declaration of Dr. Patrick D. McDaniel, which I
`
`understand to be Exhibit 1002 to these proceedings (“McDaniel Declaration”).
`
`2.
`
`I have personal knowledge of the facts and opinions set forth in this
`
`declaration, and believe them to be true. If called upon to do so, I would testify
`
`competently thereto. I have been warned that willful false statements and the like
`
`are punishable by fine or imprisonment, or both.
`
`3.
`
`I am being compensated for my time at the rate of $600 per hour for
`
`my work in connection with this matter. I am being reimbursed for reasonable and
`
`customary expenses associated with my work in this investigation. This
`
`compensation is not dependent in any way on the contents of this Declaration, the
`
`Patent Owner Ex. 2002, p. 1
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`substance of any further opinions or testimony that I may provide or the ultimate
`
`outcome of this matter.
`
`B.
`
`4.
`
`Background and Qualifications
`
`I am self-employed as the sole proprietor of GTL Associates. I
`
`provide consulting services primarily related to systems engineering of computer
`
`systems, both hardware and software, and telecommunications. “Systems
`
`engineering” is the engineering that it takes to put together a computer system,
`
`starting from requirements through design, implementation and fielding. Since I
`
`began GTL Associates in 1988, I have worked with 42 clients in the United States,
`
`Europe and Asia. I have also served on a pro bono basis both (1) on five
`
`panels/committees formed by the National Academies of Sciences, Engineering,
`
`and Medicine to advise the Government on issues related to computer system
`
`technology, design and implementation and, (2) at the request of then-Secretary of
`
`Commerce Gutierrez, on a 2008 Expert Panel related to technology
`
`implementation for the 2010 Census.
`
`5.
`
`I earned a Bachelor’s degree in Mathematics (summa cum laude) from
`
`Furman University in 1971, and Master of Science (M.Sc.) and Doctorate (D.Phil.)
`
`degrees in Computer Science from Oxford University in 1973 and 1975,
`
`respectively. My studies at Oxford were supported by a Rhodes Scholarship. My
`
`Patent Owner Ex. 2002, p. 2
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`doctoral dissertation was directed to the design of computer programming
`
`languages.
`
`6.
`
`I have forty-one years of professional experience in the design and
`
`development of hardware and software for computer and telecommunications
`
`systems (as well as the design and development of those systems in their entirety)
`
`for a wide variety of applications. These computer systems vary from embedded
`
`real-time microprocessor-based application-specific systems to color graphics
`
`monitors and display generators for industrial control applications to data
`
`communication systems employing cellular telephones to physiological signal
`
`monitoring systems such as pulse oximeters to personal-computer based systems to
`
`major national and international data communications networks. Additionally, I
`
`have reviewed the software and/or hardware for many products, ranging from
`
`operating systems and browsers to cellular phones and base stations and network
`
`middleware.
`
`7.
`
`I have been involved in the research, development, specification,
`
`and/or assessment of a number of systems involving presentation of graphical
`
`images and user interfaces on displays (e.g., graphical user interfaces and data
`
`applications for cellular telephones and personal computers; specialized displays
`
`for air traffic control towers; avionics systems for aeronautical flight management,
`
`navigation, telecommunications, and surveillance; color raster scan monitors and
`
`Patent Owner Ex. 2002, p. 3
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`display generators for industrial and military control applications; image
`
`processing systems; and artificial intelligence-based systems for pattern
`
`recognition in infrared images). As a specific example, during the 1990s I worked
`
`with a major cellular carrier on cellular data applications for the trucking industry.
`
`This involved, among other things, providing a user interface on a cellular
`
`telephone.
`
`8.
`
`Additionally, I have been involved in the research, development,
`
`specification, and/or assessment of a number of systems involving
`
`information/data security. For example, in the 1980’s I was involved with a
`
`number of data network communication link encryption devices for both classified
`
`and Sensitive but Unclassified Information (SUI)9. One such device was a
`
`commercial product certified by the U.S. National Security Agency for the
`
`protection of SUI. In the early and mid-1990’s, I led and/or participated in the
`
`development of several aviation standards involving integrity and security
`
`considerations for data being communicated between ground facilities and aircraft
`
`(e.g., assuring that data received by the aircraft was the same data as that
`
`transmitted from the ground; assuring that the messages received by the aircraft
`
`
`
`9 SUI is designation of information in the United States federal government that,
`
`though unclassified, often requires strict controls over its distribution.
`
`Patent Owner Ex. 2002, p. 4
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`were from a valid ground station in the context of the operation being performed
`
`by the aircraft). I have subsequently been involved in the development and/or
`
`assessment of several systems dealing with database security and database access
`
`controls using cryptographic techniques.
`
`9.
`
`In February 2017, I was elected to membership in the National
`
`Academy of Engineering (NAE) and am a member of the Academy’s Section on
`
`Special Fields and Interdisciplinary Engineering. NAE membership is “one of the
`
`highest professional honors accorded an engineer. Members have distinguished
`
`themselves in business and academic management, in technical positions, as
`
`university faculty, and as leaders in government and private engineering
`
`organizations. Members are elected to NAE membership by their peers (current
`
`NAE members).” (https://www.nae.edu/MembersSection.aspx) Additionally, I am
`
`a Life Senior Member of the Institute for Electrical and Electronics Engineers
`
`(IEEE), and a member of the IEEE Computer Society, the Association for
`
`Computing Machinery (ACM), the Institute of Navigation, and the American
`
`Association of Rhodes Scholars.
`
`10.
`
`I have authored or co-authored twenty-one technical publications in
`
`several fields, including articles relating to computer graphics, computer
`
`programming languages, computer software development methodologies, and
`
`computer/computer system architecture. I have also co-authored five reports of the
`
`Patent Owner Ex. 2002, p. 5
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`National Academies of Sciences, Engineering and Medicine and been both a leader
`
`and major contributor to the development of six major national/international
`
`standards in the aviation industry for navigation and surveillance systems on
`
`aircraft as well as on the ground. As mentioned above, several of these standards
`
`included consideration of e.g., assuring that data transmitted over a network was
`
`not altered prior to that data being received.
`
`11. A copy of my resume is provided as Exhibit 2003 along with a list of
`
`my publications. My resume lists a number of major awards related to my work in
`
`interdisciplinary computer system engineering for which I have been a recipient or
`
`co-recipient.
`
`12. For the purposes of this Declaration, I have assumed that the priority
`
`date of the ’868 patent is September 21, 2000. Well before September 21, 2000,
`
`my level of skill in the art was at least that of a POSA, as discussed above. I am
`
`qualified to provide opinions concerning what a POSA would have known and
`
`understood at that time, and my analysis and conclusions herein are from the
`
`perspective of a POSA as of September 21, 2000.
`
`C. List of Materials Considered/Reviewed
`
`13. My opinions are based on my years of education, research, and
`
`experience, as well as my investigation and study of relevant materials. In forming
`
`my opinions, I have considered the materials I identify in this report, those listed in
`
`Patent Owner Ex. 2002, p. 6
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`the exhibit lists included at the beginning of this report, BlackBerry’s Patent
`
`Owner Preliminary Response, and the Board’s Institution Decision in this
`
`proceeding.
`
`14. This report represents only those opinions I have formed to date. I
`
`reserve the right to revise, supplement, and/or amend my opinions stated herein
`
`based on any new information and on my continuing analysis of the materials
`
`already provided.
`
`II. LEGAL STANDARDS FOR PATENTABILITY
`
`15. Certain basic legal principles have been explained to me by counsel
`
`for Patent Owner. These legal standards, as they were explained to me, are
`
`described below.
`
`16.
`
`I understand that for an invention claimed in a patent to be found
`
`patentable, it must be, among other things, new and not obvious from what was
`
`known before the invention was made. I understand the information that is used to
`
`evaluate whether an invention is new and not obvious is generally referred to as
`
`“prior art” and can include, for example, patents and printed publications.
`
`17.
`
`I understand that in this proceeding Petitioner Google has the burden
`
`of proving that the claims of the ’868 Patent are unpatentable over the prior art by
`
`a preponderance of the evidence. I understand that “a preponderance of the
`
`evidence” is evidence sufficient to show that a fact is more likely true than it is not.
`
`Patent Owner Ex. 2002, p. 7
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`18.
`
`I understand that there are two ways in which prior art may render a
`
`patent claim unpatentable. The prior art can be shown to “anticipate” the claim or it
`
`can be shown to have made the claim “obvious.”
`
`A. Anticipation
`
`19.
`
`I understand that, for a patent claim to be “anticipated” by the prior
`
`art, each and every requirement of the claim must be found, expressly or
`
`inherently, in a single prior art reference as recited in the claim.
`
`20.
`
`I understand that claim limitations that are not expressly described in
`
`a prior art reference may still be there if they are “inherent” to the thing or process
`
`being described in the prior art.
`
`21.
`
`I understand that it can be acceptable to consider evidence other than
`
`the information in a particular prior art document to determine if a feature is
`
`necessarily present in or inherently described by that document.
`
`22.
`
`I understand that to be anticipatory, a reference must not only
`
`explicitly or inherently disclose every claimed feature, but those features must also
`
`be “arranged as in the claim.” Differences between the prior art reference and a
`
`claimed invention, however slight, invoke the question of obviousness, not
`
`anticipation.
`
`Patent Owner Ex. 2002, p. 8
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`B. Obviousness
`
`23.
`
`I understand that a claimed invention is not patentable if it would have
`
`been obvious to a person of ordinary skill in the field of the invention at the time
`
`the invention was made. I understand that in determining whether a patent claim is
`
`obvious, one must consider the following four factors: (i) the scope and content of
`
`the prior art, (ii) the differences between the prior art and the claims at issue, (iii)
`
`the knowledge of a person of ordinary skill in the pertinent art; and (iv) objective
`
`factors indicating obviousness or non-obviousness, if present (such as commercial
`
`success or industry praise).
`
`24.
`
`In addition, I understand that the obviousness inquiry should not be
`
`done in hindsight, but must be done using the perspective of a person of ordinary
`
`skill in the relevant art as of the effective filing date of the patent claim.
`
`25.
`
`I understand that the Supreme Court has rejected a rigid approach to
`
`determining the question of obviousness. I understand that while there is no
`
`requirement to identify a “teaching, suggestion, or motivation to combine” known
`
`elements to establish obviousness, it still is necessary to identify a reason that
`
`would have prompted a person of ordinary skill in the art to combine the known
`
`elements.
`
`26.
`
`I understand that an invention that might be considered an obvious
`
`variation or modification of the prior art may be considered non-obvious if one or
`
`Patent Owner Ex. 2002, p. 9
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`more prior art references discourages or leads away from the line of inquiry
`
`disclosed in the reference(s). My understanding of the doctrine of teaching away
`
`requires a clear indication that the modification should not be attempted (e.g.,
`
`because it would not work or statements that the modification should not be made).
`
`III. THE ‘868 PATENT
`A. Overview of the ‘868 Patent
`
`27. The ’868 patent generally describes security protocols involving
`
`software code signing schemes for mobile devices. Ex. 1001 at 1:18-25. The ’868
`
`patent explains that application developers may create software applications that
`
`may require access to one or more application programming interfaces (“APIs”).
`
`Id. at 3:9-45. APIs allow a software application to interact with the device
`
`resources associated with those APIs. Id.
`
`28. Because prior code signing protocols were not “secure and rely solely
`
`on the judgment of the user, there is a serious risk that destructive, ‘Trojan horse’
`
`type software applications may be downloaded and installed onto a mobile
`
`device.” Id. at 1:39-43. The ’868 patent explains that among a device’s APIs,
`
`certain “sensitive” APIs may expose functionality that is particularly vulnerable to
`
`a virus or malicious code in a device software application. Id. at 3:46-50. For
`
`example, APIs “that interface with cryptographic routines, wireless communication
`
`Patent Owner Ex. 2002, p. 10
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`functions, or proprietary data models such as address book or calendar entries”
`
`may be deemed “sensitive.” Id. at 3:50-54.
`
`29. The ’868 patent further explains that an API on a device may be
`
`classified as a “sensitive” API if, for example, the mobile device manufacturer,
`
`API author, wireless network operator, device owner or operator, or some other
`
`entity could be adversely impacted should a virus or malicious program access the
`
`API. Ex. 1001 at 3:46-54. Figure 3 below shows various API Libraries A, B, C,
`
`and D on mobile device 62. API Libraries A and C include sensitive APIs and API
`
`Libraries B and D do not include sensitive APIs:
`
`Ex. 1001 at Fig. 3; see also id. at 7:19-23.
`
`Patent Owner Ex. 2002, p. 11
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`30. To protect against unauthorized access to sensitive APIs, the ‘868
`
`patent provides a mechanism for controlling access to sensitive APIs by using
`
`digital signatures. Ex. 1001 at 3:54-61. For example, as depicted below in Figure
`
`1, in one embodiment, the application developer 12 sends its software application
`
`Y 14 to code signing authority 16, which generates one or more digital signatures,
`
`appends the signature(s) to software application Y 14, and sends the signed
`
`software application Y 22, “comprising the software application Y 14 and the
`
`digital signature,” to the developer 12. Id. at 4:24-43, 3:62-4:12. The signed
`
`software application Y 22 may then be downloaded by mobile device 28. Id. at
`
`4:56-58.
`
`
`
`Patent Owner Ex. 2002, p. 12
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`Id. at Fig. 1.
`
`31. Once a digitally signed software application is downloaded onto the
`
`mobile device, the mobile device verifies the one or more digital signatures before
`
`granting access to an API library, including an API library classified as sensitive.
`
`Ex. 1001 at 4:66-5:3. The ’868 patent also describes scenarios in which the
`
`software application can be signed with multiple signatures. In some such
`
`scenarios, “all APIs are restricted and locked until a ‘global’ signature is verified
`
`for a software application. . . . Access to sensitive device APIs and libraries, if
`
`any, could then be further restricted” and locked until corresponding digital
`
`signatures are verified. Id. at 4:1-12.
`
`32. The ’868 patent also discloses that the device may display a message
`
`to the user before the software application accesses a sensitive API and after
`
`appropriate digital signatures have been verified, thereby giving the user final
`
`control to grant or deny access to the sensitive API. Id. at 8:11-18, 9:45-51.
`
`33.
`
`Independent claim 76 recites a method related to the above
`
`disclosures:
`
`76. A method for controlling access to an application platform of a
`mobile device, comprising:
`
`storing a plurality of application programming interfaces (APIs)
`
`at the mobile device, wherein at least one API comprises a sensitive
`API to which access is restricted;
`
`Patent Owner Ex. 2002, p. 13
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`receiving, at the mobile device, an indication that a software
`
`application on the mobile device is requesting access to the sensitive
`API stored at the mobile device;
`
`determining, at the mobile device, whether the software
`
`application is signed, wherein a signed software application includes a
`digital signature generated using a private key of a private key-public
`key pair, wherein the private key is not accessible to the mobile
`device;
`
`mobile device using a public key of the private key-public key
`
`pair to verify of the digital signature of the software application; and
`
`based upon verifying the digital signature at the mobile device,
`
`the mobile device allowing the software application access to the
`sensitive API.
`
`
`B.
`
`Priority Date
`
`34. The ‘868 patent issued from Patent Application No. 10/381,219, filed
`
`on March 20, 2003. The ‘868 patent claims priority to U.S. Provisional
`
`Application No. 60/234,152, filed September 21, 2000, U.S. Provisional
`
`Application No. 60/235,354, filed September 26, 2000, and U.S. Provisional
`
`Application No. 60/270,663, filed February 20, 2001. The McDaniel Declaration
`
`uses “the mid-to-late 2000 time frame, including the September 21, 2000 filing
`
`date of the ’152 provisional application” as the timeframe used in his analysis (Ex.
`
`1002, ¶ 17). For purposes of this Declaration, I have assumed the same relevant
`
`time frame.
`
`Patent Owner Ex. 2002, p. 14
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`C.
`
`35.
`
`Person of Ordinary Skill in the Art
`
`I understand that with regard to discussions of patent validity, a patent
`
`claim must be analyzed from the perspective of a POSA at the time of the
`
`invention.
`
`36.
`
`I understand that, in ascertaining the appropriate level of ordinary skill
`
`in a field of art, several factors should be considered, including (1) the types of
`
`problems encountered in the art; (2) the prior art solutions to those problems; (3)
`
`the rapidity with which innovations are made; (4) the sophistication of the
`
`technology; and (5) the educational level of active workers in the field of the
`
`patent.
`
`37.
`
`I further understand that a POSA is not a specific real individual, but
`
`rather is a hypothetical individual having the qualities reflected by the factors
`
`above.
`
`38. Having considered these factors, in my opinion, on or before
`
`September 21, 2000, a POSA in the field of the ’868 patent would likely have had
`
`(1) at least a bachelor’s degree in computer science, or the equivalent and (2) at
`
`least two years of experience in secure systems, including security protocols for
`
`software applications. More education can substitute for practical experience, and
`
`vice-versa.
`
`Patent Owner Ex. 2002, p. 15
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`IV. CLAIM CONSTRUCTION
`
`39.
`
`I understand that in an inter partes review proceeding of an unexpired
`
`patent the claims of the patent are to be given their broadest reasonable
`
`interpretation in light of the patent specification. I also understand that, under the
`
`broadest reasonable interpretation standard, the claim terms must be evaluated
`
`using the ordinary meaning of the words being used in those claims from the
`
`perspective of a person of ordinary skill in the art in light of the specification.
`
`40.
`
`I understand that the ’868 patent is not expired, so the claims must be
`
`given the broadest reasonable interpretation consistent with the specification.
`
`Accordingly, in formulating my opinions, I have applied such a broadest
`
`reasonable interpretation to the claims of the ’868 patent as I perceive a person of
`
`ordinary skill in the art would have understood them at the time of the earliest
`
`priority date of the ’868 patent, after reading the ’868 patent specification and
`
`prosecution file history.
`
`41. For certain claim terms discussed below, I have applied constructions
`
`which I understand are being proposed by Patent Owner and which I believe to be
`
`consistent with the intrinsic record for the ’868 patent, extrinsic evidence, the
`
`understanding of a POSA.
`
`Patent Owner Ex. 2002, p. 16
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`A.
`
`42.
`
`“Signed Software Application”
`
`I understand that Patent Owner has proposed that “signed software
`
`application” be construed as “a software application that is itself signed.” I believe
`
`that this construction is consistent with the intrinsic record for the ’868 patent,
`
`extrinsic evidence, and the understanding of a POSA.
`
`43.
`
`Independent claims 1 and 76 require a “signed software application,”
`
`i.e., a software application that is signed. A digital signature that just happens to
`
`be included in or with the software application is insufficient to meet the claims
`
`unless that the signature is of the software application or a unique transformation
`
`of the software application, such as a hash or the ’868 patent’s abridging
`
`function.10
`
`44. This is consistent with the following claim 1 recitations: “determining
`
`… whether the software application is signed” and “digital signature of the
`
`software application.” A POSA would understand that both of these limitations
`
`explicitly link the claimed digital signature as the signature of the software
`
`application. A POSA would understand the claims to relate the signature, in this
`
`
`
`10 In my declaration, I refer to hash or abridging functions as providing a “unique”
`
`transformation for a given input. By unique, I mean that the function would
`
`generate a different output for a different input with almost certain probability.
`
`Patent Owner Ex. 2002, p. 17
`Google LLC v. BlackBerry Ltd., IPR2017-01619
`
`
`
`IPR2017-01619 (U.S. Patent No. 8,489,868)
`
`Decl. of Dr. George T. Ligler
`
`case a digital signature, to the software application such that it operates as a
`
`signature of the software application.
`
`45. The ’868 patent’s discussion of signed software applications confirms
`
`this interpretation. For example, the ’868 patent describes the process used to
`
`create a digital signature:
`
`For example, according to one signature scheme, a hash of the
`software application Y 14 may be generated, using a hashing
`algorithm such as the Secure Hash Algorithm SHA1, and then used
`with the private signature key 18 to create the digital signature. In
`some signature schemes, the private signature key is used to encrypt a
`hash of information to be signed, such as software application Y 14,
`whereas in other schemes, the private key may be used in other ways
`to generate a signature from the information to be signed or a
`transformed version of the information.
`
`Ex. 1001, 4:36-55 (emphasis added). Here, the ’868 patent explains that
`
`information to be signed is used as an input into a digital signature process, which
`
`then generates a signature from the information to be signed. One example of
`
`information that may be is software application Y 14, which is the example
`
`expressly claimed by claims 1 and 76 of the ’868 patent.
`
`46. Every example of generating a signed message, signed information, or
`
`a signed software application in the ’868 patent involves signing the