`
`
`
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`_____________________
`
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_____________________
`
`
`GOOGLE, INC.
`Petitioner
`
`v.
`
`BLACKBERRY, LTD.
`Patent Owner
`
`_____________________
`
`IPR No. IPR2017-01620
`U.S. Patent 8,489,868
`_____________________
`
`DECLARATION OF DR. GEORGE T. LIGLER
`
`Patent Owner Ex. 2002, p. cover
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`TABLE OF CONTENTS
`
`I.
`
`INTRODUCTION ........................................................................................ 1
`A. ENGAGEMENT .................................................................................................. 1
`B. BACKGROUND AND QUALIFICATIONS .............................................................. 2
`C. LIST OF MATERIALS CONSIDERED/REVIEWED ................................................. 6
`II.
`LEGAL STANDARDS FOR PATENTABILITY ..................................... 7
`A. ANTICIPATION ................................................................................................. 8
`B. OBVIOUSNESS .................................................................................................. 9
`III. THE ‘868 PATENT .................................................................................... 10
`A. OVERVIEW OF THE ‘868 PATENT ................................................................... 10
`B. PRIORITY DATE ............................................................................................. 14
`C. PERSON OF ORDINARY SKILL IN THE ART ...................................................... 14
`IV. CLAIM CONSTRUCTION ...................................................................... 15
`A. “ABRIDGED VERSION OF A SOFTWARE APPLICATION” (CLAIM 86) ............... 17
`V.
`THE CHALLENGED CLAIMS ARE PATENTABLE OVER LIN .... 18
`A. OVERVIEW OF LIN ......................................................................................... 19
`B. DR. MCDANIEL’S ANALYSIS OF INDEPENDENT CLAIMS 1 AND 76 IMPROPERLY
`MIXES LIN’S DISTINCT EMBODIMENTS .......................................................... 20
`C. LIN DOES NOT DISCLOSE “BASED UPON VERIFYING THE DIGITAL SIGNATURE
`AT THE MOBILE DEVICE, THE MOBILE DEVICE ALLOWING THE SOFTWARE
`APPLICATION ACCESS TO THE SENSITIVE API” ............................................... 29
`D. LIN DOES NOT DISCLOSE “WHEREIN THE PRIVATE KEY IS NOT ACCESSIBLE TO
`THE MOBILE DEVICE” ..................................................................................... 39
`VI. CLAIMS 78 AND 81 ARE PATENTABLE OVER LIN ........................ 42
`VII. CLAIMS 85 AND 104 ARE PATENTABLE OVER LIN ...................... 49
`VIII. CLAIM 95 IS PATENTABLE OVER LIN ............................................. 52
`IX. CLAIMS 13, 88, AND 98 ARE PATENTABLE OVER LIN AND
`GARST ........................................................................................................ 54
`A. CLAIMS 13 AND 88 ........................................................................................ 54
`B. CLAIM 98 ....................................................................................................... 56
`X.
`CLAIMS 77, 79 AND 82 ARE PATENTABLE OVER LIN AND
`DAVIS .......................................................................................................... 58
`XI. CLAIM 86 IS PATENTABLE OVER LIN AND SIBERT .................... 61
`
` Patent Owner Ex. 2002, p. i
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`XII. CLAIM 112 IS PATENTABLE OVER LIN AND GONG .................... 65
`A. CLAIMS 112 ................................................................................................... 65
`
`
`
` Patent Owner Ex. 2002, p. ii
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`PETITIONER’S EXHIBITS CONSIDERED
`
`[Ne[FsaibiDeserpdon
`
`1008|The Authoritative Dictionary of IEEE Standards Terms, IEEE Std. 100-
`2000 (7th ed. 2000
`1009|Bruce Schneier, “Applied Cryptography”(2nd ed. 1996)
`
`1014|U-S. Patent No. 5,724,425 (“Chang”)
`
`1015|U.S. Patent No. 7,243,236 (“Sibert”)
`
`
`1016|Li Gong,“Inside Java 2 Platform Security Architecture: Cryptography,
`
`1018|U-S. Patent No. 5,657,378 (“Haddock”)
`
`1019|US. Provisional Patent Application No. 60/146,426
`
`1010|BlackBerry’s First Amended Complaint, BlackBerry LTD.v. Blu
`Products, Inc., Case No. 1:16-cv-23535 (S.D. Fla.
`101]|U-S. Patent No. 6,766,353 (“Lin”)
`
`1012.|U.S. Patent No. 6,188,995 (“Garst’) 1013|U.S. Patent No. 5,844,986 (“Davis”)
`
`Gary McGrawetal., “Securing Java” (1999)
`
`U.S. Patent No. 6,298,354 (“Saulpaugh”)
`
`US. Patent No. 5,421,013 (“Smith”)
`
`Dorothy E. Denning, “Cryptography and Data Security” (1982)
`
`Patent Owner Ex. 2002,p. 111
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`Fm
`
`
`
`1029|U.S. Patent No. 6,721,809 (“Roy”)
`
`1030|U.S. Patent No. 6,678,887 (“Hallman”)
`
`103]|David Flanagan, “Java in a Nutshell” (Nov. 1999)
`
`1032.|Bill Venners, “Inside the Java 2 Virtual Machine” (1999)
`
`PATENT OWNER’S EXHIBITS CONSIDERED
`
`2004|Deposition Transcript of Dr. Patrick D. McDaniel (Feb. 21, 2018)
`
`Exhibit Description
`
`Webster’s NewWorld Dictionary (1984)
`
`Patent OwnerEx. 2002,p. iv
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`I.
`
`INTRODUCTION
`A. Engagement
`1.
`I have been retained on behalf of Patent Owner Blackberry, Ltd.
`
`(“Blackberry”) to offer statements and opinions generally regarding the novelty
`
`and understanding of a person of ordinary skill in the art (“POSA”) in the industry
`
`as it relates to U.S. Patent No. 8,489,868 (Ex. 1001, “the ’868 patent”), which is
`
`entitled “Software Code Signing System and Method.” I understand that Petitioner
`
`Google LLC (“Petitioner”) has challenged claims 1, 13, 76-86, 88-95, 98, 100,
`
`104, 112, 113, 137, 139, and 142 of the ’868 patent as unpatentable over certain
`
`prior art. I have been asked to provide my opinion and analysis of the various
`
`references and opinions advanced in the Declaration of Dr. Patrick D. McDaniel,
`
`which I understand to be Exhibit 1002 to these proceedings (“McDaniel
`
`Declaration”).
`
`2.
`
`I have personal knowledge of the facts and opinions set forth in this
`
`declaration, and believe them to be true. If called upon to do so, I would testify
`
`competently thereto. I have been warned that willful false statements and the like
`
`are punishable by fine or imprisonment, or both.
`
`3.
`
`I am being compensated for my time at the rate of $600 per hour for
`
`my work in connection with this matter. I am being reimbursed for reasonable and
`
`customary expenses associated with my work in this investigation. This
`
`
`
` Patent Owner Ex. 2002, p. 1
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`compensation is not dependent in any way on the contents of this Declaration, the
`
`substance of any further opinions or testimony that I may provide or the ultimate
`
`outcome of this matter.
`
`B.
`4.
`
`Background and Qualifications
`I am self-employed as the sole proprietor of GTL Associates. I
`
`provide consulting services primarily related to systems engineering of computer
`
`systems, both hardware and software, and telecommunications. “Systems
`
`engineering” is the engineering that it takes to put together a computer system,
`
`starting from requirements through design, implementation and fielding. Since I
`
`began GTL Associates in 1988, I have worked with 42 clients in the United States,
`
`Europe and Asia. I have also served on a pro bono basis both (1) on five
`
`panels/committees formed by the National Academies of Sciences, Engineering,
`
`and Medicine to advise the Government on issues related to computer system
`
`technology, design and implementation and, (2) at the request of then-Secretary of
`
`Commerce Gutierrez, on a 2008 Expert Panel related to technology
`
`implementation for the 2010 Census.
`
`5.
`
`I earned a Bachelor’s degree in Mathematics (summa cum laude) from
`
`Furman University in 1971, and Master of Science (M.Sc.) and Doctorate (D.Phil.)
`
`degrees in Computer Science from Oxford University in 1973 and 1975,
`
`respectively. My studies at Oxford were supported by a Rhodes Scholarship. My
`
`
`
` Patent Owner Ex. 2002, p. 2
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`doctoral dissertation was directed to the design of computer programming
`
`languages.
`
`6.
`
`I have forty-one years of professional experience in the design and
`
`development of hardware and software for computer and telecommunications
`
`systems (as well as the design and development of those systems in their entirety)
`
`for a wide variety of applications. These computer systems vary from embedded
`
`real-time microprocessor-based application-specific systems to color graphics
`
`monitors and display generators for industrial control applications to data
`
`communication systems employing cellular telephones to physiological signal
`
`monitoring systems such as pulse oximeters to personal-computer based systems to
`
`major national and international data communications networks. Additionally, I
`
`have reviewed the software and/or hardware for many products, ranging from
`
`operating systems and browsers to cellular phones and base stations and network
`
`middleware.
`
`7.
`
`I have been involved in the research, development, specification,
`
`and/or assessment of a number of systems involving presentation of graphical
`
`images and user interfaces on displays (e.g., graphical user interfaces and data
`
`applications for cellular telephones and personal computers; specialized displays
`
`for air traffic control towers; avionics systems for aeronautical flight management,
`
`navigation, telecommunications, and surveillance; color raster scan monitors and
`
`
`
` Patent Owner Ex. 2002, p. 3
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`display generators for industrial and military control applications; image
`
`processing systems; and artificial intelligence-based systems for pattern
`
`recognition in infrared images). As a specific example, during the 1990s I worked
`
`with a major cellular carrier on cellular data applications for the trucking industry.
`
`This involved, among other things, providing a user interface on a cellular
`
`telephone.
`
`8.
`
`Additionally, I have been involved in the research, development,
`
`specification, and/or assessment of a number of systems involving
`
`information/data security. For example, in the 1980’s I was involved with a
`
`number of data network communication link encryption devices for both classified
`
`and Sensitive but Unclassified Information (SUI)1. One such device was a
`
`commercial product certified by the U.S. National Security Agency for the
`
`protection of SUI. In the early and mid-1990’s, I led and/or participated in the
`
`development of several aviation standards involving integrity and security
`
`considerations for data being communicated between ground facilities and aircraft
`
`(e.g., assuring that data received by the aircraft was the same data as that
`
`transmitted from the ground; assuring that the messages received by the aircraft
`
`
`1 SUI is designation of information in the United States federal government
`
`that, though unclassified, often requires strict controls over its distribution.
`
`
`
` Patent Owner Ex. 2002, p. 4
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`were from a valid ground station in the context of the operation being performed
`
`by the aircraft). I have subsequently been involved in the development and/or
`
`assessment of several systems dealing with database security and database access
`
`controls using cryptographic techniques.
`
`9.
`
`In February 2017, I was elected to membership in the National
`
`Academy of Engineering (NAE) and am a member of the Academy’s Section on
`
`Special Fields and Interdisciplinary Engineering. NAE membership is “one of the
`
`highest professional honors accorded an engineer. Members have distinguished
`
`themselves in business and academic management, in technical positions, as
`
`university faculty, and as leaders in government and private engineering
`
`organizations. Members are elected to NAE membership by their peers (current
`
`NAE members).” (https://www.nae.edu/MembersSection.aspx) Additionally, I am
`
`a Life Senior Member of the Institute for Electrical and Electronics Engineers
`
`(IEEE), and a member of the IEEE Computer Society, the Association for
`
`Computing Machinery (ACM), the Institute of Navigation, and the American
`
`Association of Rhodes Scholars.
`
`10.
`
`I have authored or co-authored twenty-one technical publications in
`
`several fields, including articles relating to computer graphics, computer
`
`programming languages, computer software development methodologies, and
`
`computer/computer system architecture. I have also co-authored five reports of the
`
`
`
` Patent Owner Ex. 2002, p. 5
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`National Academies of Sciences, Engineering and Medicine and been both a leader
`
`and major contributor to the development of six major national/international
`
`standards in the aviation industry for navigation and surveillance systems on
`
`aircraft as well as on the ground. As mentioned above, several of these standards
`
`included consideration of e.g., assuring that data transmitted over a network was
`
`not altered prior to that data being received.
`
`11. A copy of my resume is provided as Exhibit 2003 along with a list of
`
`my publications. My resume lists a number of major awards related to my work in
`
`interdisciplinary computer system engineering for which I have been a recipient or
`
`co-recipient.
`
`12. For the purposes of this Declaration, I have assumed that the priority
`
`date of the ’868 patent is September 21, 2000. Well before September 21, 2000,
`
`my level of skill in the art was at least that of a POSA, as discussed above. I am
`
`qualified to provide opinions concerning what a POSA would have known and
`
`understood at that time, and my analysis and conclusions herein are from the
`
`perspective of a POSA as of September 21, 2000.
`
`C. List of Materials Considered/Reviewed
`13. My opinions are based on my years of education, research, and
`
`experience, as well as my investigation and study of relevant materials. In forming
`
`my opinions, I have considered the materials I identify in this report, those listed in
`
`
`
` Patent Owner Ex. 2002, p. 6
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`the exhibit lists included at the beginning of this report, BlackBerry’s Patent
`
`Owner Preliminary Response, and the Board’s Institution Decision in this
`
`proceeding.
`
`14. This report represents only those opinions I have formed to date. I
`
`reserve the right to revise, supplement, and/or amend my opinions stated herein
`
`based on any new information and on my continuing analysis of the materials
`
`already provided.
`
`II. LEGAL STANDARDS FOR PATENTABILITY
`15. Certain basic legal principles have been explained to me by counsel
`
`for Patent Owner. These legal standards, as they were explained to me, are
`
`described below.
`
`16.
`
`I understand that for an invention claimed in a patent to be found
`
`patentable, it must be, among other things, new and not obvious from what was
`
`known before the invention was made. I understand the information that is used to
`
`evaluate whether an invention is new and not obvious is generally referred to as
`
`“prior art” and can include, for example, patents and printed publications.
`
`17.
`
`I understand that in this proceeding Petitioner Google has the burden
`
`of proving that the claims of the ’868 Patent are unpatentable over the prior art by
`
`a preponderance of the evidence. I understand that “a preponderance of the
`
`evidence” is evidence sufficient to show that a fact is more likely true than it is not.
`
`
`
` Patent Owner Ex. 2002, p. 7
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`18.
`
`I understand that there are two ways in which prior art may render a
`
`patent claim unpatentable. The prior art can be shown to “anticipate” the claim or it
`
`can be shown to have made the claim “obvious.”
`
`A. Anticipation
`
`19.
`
`I understand that, for a patent claim to be “anticipated” by the prior
`
`art, each and every requirement of the claim must be found, expressly or
`
`inherently, in a single prior art reference as recited in the claim.
`
`20.
`
`I understand that claim limitations that are not expressly described in
`
`a prior art reference may still be there if they are “inherent” to the thing or process
`
`being described in the prior art.
`
`21.
`
`I understand that it can be acceptable to consider evidence other than
`
`the information in a particular prior art document to determine if a feature is
`
`necessarily present in or inherently described by that document.
`
`22.
`
`I understand that to be anticipatory, a reference must not only
`
`explicitly or inherently disclose every claimed feature, but those features must also
`
`be “arranged as in the claim.” Differences between the prior art reference and a
`
`claimed invention, however slight, invoke the question of obviousness, not
`
`anticipation.
`
`
`
` Patent Owner Ex. 2002, p. 8
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`B. Obviousness
`
`23.
`
`I understand that a claimed invention is not patentable if it would have
`
`been obvious to a person of ordinary skill in the field of the invention at the time
`
`the invention was made. I understand that in determining whether a patent claim is
`
`obvious, one must consider the following four factors: (i) the scope and content of
`
`the prior art, (ii) the differences between the prior art and the claims at issue, (iii)
`
`the knowledge of a person of ordinary skill in the pertinent art; and (iv) objective
`
`factors indicating obviousness or non-obviousness, if present (such as commercial
`
`success or industry praise).
`
`24.
`
`In addition, I understand that the obviousness inquiry should not be
`
`done in hindsight, but must be done using the perspective of a person of ordinary
`
`skill in the relevant art as of the effective filing date of the patent claim.
`
`25.
`
`I understand that the Supreme Court has rejected a rigid approach to
`
`determining the question of obviousness. I understand that while there is no
`
`requirement to identify a “teaching, suggestion, or motivation to combine” known
`
`elements to establish obviousness, it still is necessary to identify a reason that
`
`would have prompted a person of ordinary skill in the art to combine the known
`
`elements.
`
`26.
`
`I understand that an invention that might be considered an obvious
`
`variation or modification of the prior art may be considered non-obvious if one or
`
`
`
` Patent Owner Ex. 2002, p. 9
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`more prior art references discourages or leads away from the line of inquiry
`
`disclosed in the reference(s). My understanding of the doctrine of teaching away
`
`requires a clear indication that the modification should not be attempted (e.g.,
`
`because it would not work or statements that the modification should not be made).
`
`III. THE ‘868 PATENT
`A. Overview of the ‘868 Patent
`27. The ’868 patent generally describes security protocols involving
`
`software code signing schemes for mobile devices. Ex. 1001 at 1:18-25. The ’868
`
`patent explains that application developers may create software applications that
`
`may require access to one or more application programming interfaces (“APIs”).
`
`Id. at 3:9-45. APIs allow a software application to interact with the device
`
`resources associated with those APIs. Id.
`
`28. Because prior code signing protocols were not “secure and rely solely
`
`on the judgment of the user, there is a serious risk that destructive, ‘Trojan horse’
`
`type software applications may be downloaded and installed onto a mobile
`
`device.” Id. at 1:39-43. The ’868 patent explains that among a device’s APIs,
`
`certain “sensitive” APIs may expose functionality that is particularly vulnerable to
`
`a virus or malicious code in a device software application. Id. at 3:46-50. For
`
`example, APIs “that interface with cryptographic routines, wireless communication
`
`
`
` Patent Owner Ex. 2002, p. 10
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`functions, or proprietary data models such as address book or calendar entries”
`
`may be deemed “sensitive.” Id. at 3:50-54.
`
`29. The ’868 patent further explains that an API on a device may be
`
`classified as a “sensitive” API if, for example, the mobile device manufacturer,
`
`API author, wireless network operator, device owner or operator, or some other
`
`entity could be adversely impacted should a virus or malicious program access the
`
`API. Ex. 1001 at 3:46-54. Figure 3 below shows various API Libraries A, B, C,
`
`and D on mobile device 62. API Libraries A and C include sensitive APIs and API
`
`Libraries B and D do not include sensitive APIs:
`
`Ex. 1001 at Fig. 3; see also id. at 7:19-23.
`
`
`
`
`
` Patent Owner Ex. 2002, p. 11
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`30. To protect against unauthorized access to sensitive APIs, the ‘868
`
`patent provides a mechanism for controlling access to sensitive APIs by using
`
`digital signatures. Ex. 1001 at 3:54-61. For example, as depicted below in Figure
`
`1, in one embodiment, the application developer 12 sends its software application
`
`Y 14 to code signing authority 16, which generates one or more digital signatures,
`
`appends the signature(s) to software application Y 14, and sends the signed
`
`software application Y 22, “comprising the software application Y 14 and the
`
`digital signature,” to the developer 12. Id. at 4:24-43, 3:62-4:12. The signed
`
`software application Y 22 may then be downloaded by mobile device 28. Id. at
`
`4:56-58.
`
`Id. at Fig. 1.
`
`
`
`
`
` Patent Owner Ex. 2002, p. 12
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`31. Once a digitally signed software application is downloaded onto the
`
`mobile device, the mobile device verifies the one or more digital signatures before
`
`granting access to an API library, including an API library classified as sensitive.
`
`Ex. 1001 at 4:66-5:3. The ’868 patent also describes scenarios in which the
`
`software application can be signed with multiple signatures. In some such
`
`scenarios, “all APIs are restricted and locked until a ‘global’ signature is verified
`
`for a software application. . . . Access to sensitive device APIs and libraries, if
`
`any, could then be further restricted” and locked until corresponding digital
`
`signatures are verified. Id. at 4:1-12.
`
`32. The ’868 patent also discloses that the device may display a message
`
`to the user before the software application accesses a sensitive API and after
`
`appropriate digital signatures have been verified, thereby giving the user final
`
`control to grant or deny access to the sensitive API. Id. at 8:11-18, 9:45-51.
`
`33.
`
`Independent claim 76 recites a method related to the above
`
`disclosures:
`
`76. A method for controlling access to an application platform of a mobile
`device, comprising:
`
`storing a plurality of application programming interfaces (APIs) at the
`
`mobile device, wherein at least one API comprises a sensitive API to which
`access is restricted;
`
`receiving, at the mobile device, an indication that a software
`application on the mobile device is requesting access to the sensitive API
`stored at the mobile device;
`
`
`
`
` Patent Owner Ex. 2002, p. 13
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`determining, at the mobile device, whether the software application is
`
`signed, wherein a signed software application includes a digital signature
`generated using a private key of a private key-public key pair, wherein the
`private key is not accessible to the mobile device;
`
`mobile device using a public key of the private key-public key pair to
`
`verify of the digital signature of the software application; and
`
`based upon verifying the digital signature at the mobile device, the
`
`mobile device allowing the software application access to the sensitive API.
`
`B.
`Priority Date
`34. The ‘868 patent issued from Patent Application No. 10/381,219, filed
`
`on March 20, 2003. The ‘868 patent claims priority to U.S. Provisional
`
`Application No. 60/234,152, filed September 21, 2000, U.S. Provisional
`
`Application No. 60/235,354, filed September 26, 2000, and U.S. Provisional
`
`Application No. 60/270,663, filed February 20, 2001. The McDaniel Declaration
`
`uses “the mid-to-late 2000 time frame, including the September 21, 2000 filing
`
`date of the ’152 provisional application” as the timeframe used in his analysis (Ex.
`
`1002 ¶ 17). For purposes of this Declaration, I have assumed the same relevant
`
`time frame.
`
`C.
`35.
`
`Person of Ordinary Skill in the Art
`I understand that with regard to discussions of patent validity, a patent
`
`claim must be analyzed from the perspective of a POSA at the time of the
`
`invention.
`
`
`
` Patent Owner Ex. 2002, p. 14
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`36.
`
`I understand that, in ascertaining the appropriate level of ordinary skill
`
`in a field of art, several factors should be considered, including (1) the types of
`
`problems encountered in the art; (2) the prior art solutions to those problems; (3)
`
`the rapidity with which innovations are made; (4) the sophistication of the
`
`technology; and (5) the educational level of active workers in the field of the
`
`patent.
`
`37.
`
`I further understand that a POSA is not a specific real individual, but
`
`rather is a hypothetical individual having the qualities reflected by the factors
`
`above.
`
`38. Having considered these factors, in my opinion, on or before
`
`September 21, 2000, a POSA in the field of the ’868 patent would likely have had
`
`(1) at least a bachelor’s degree in computer science, or the equivalent and (2) at
`
`least two years of experience in secure systems, including security protocols for
`
`software applications. More education can substitute for practical experience, and
`
`vice-versa.
`
`IV. CLAIM CONSTRUCTION
`39.
`I understand that in an inter partes review proceeding of an unexpired
`
`patent the claims of the patent are to be given their broadest reasonable
`
`interpretation in light of the patent specification. I also understand that, under the
`
`broadest reasonable interpretation standard, the claim terms must be evaluated
`
`
`
` Patent Owner Ex. 2002, p. 15
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`using the ordinary meaning of the words being used in those claims from the
`
`perspective of a person of ordinary skill in the art in light of the specification.
`
`40.
`
`I understand that the ’868 patent is not expired, so the claims must be
`
`given the broadest reasonable interpretation consistent with the specification.
`
`Accordingly, in formulating my opinions, I have applied such a broadest
`
`reasonable interpretation to the claims of the ’868 patent as I perceive a person of
`
`ordinary skill in the art would have understood them at the time of the earliest
`
`priority date of the ’868 patent, after reading the ’868 patent specification and
`
`prosecution file history.
`
`41.
`
`I am concurrently submitting a declaration in IPR2017-01619, which
`
`also involves claims of the ’868 patent. There, I discuss three terms for which I
`
`understand Patent Owner is proposing constructions:
`
`Claim Term
`“signed software application”
`
`Patent Owner’s Proposed Construction
`a software application that is itself signed
`
`“sensitive API”
`
`“non-sensitive API”
`
`
`
`an API that is classified as implicating a
`security concern
`an API that is not classified as implicating
`a security concern
`
`42. As discussed in detail in my declaration in IPR2017-01619, I believe
`
`Patent Owner’s proposed constructions for all three terms are consistent with the
`
`intrinsic and extrinsic record for the ’868 patent. The proper constructions of those
`
`
`
` Patent Owner Ex. 2002, p. 16
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`terms, however, do not impact my analysis in this Declaration. I, therefore, do not
`
`address the proper constructions of those terms in this declaration.
`
`A.
`
`43.
`
`“Abridged Version of a Software Application” (Claim 86)
`
`I understand that Patent Owner has proposed that an “abridged version
`
`of a software application” be construed as “a unique transformation of the software
`
`application that is smaller than the software application.” I believe this is
`
`consistent with both the intrinsic and extrinsic record.
`
`44. The ’868 patent describes the concept of an “abridging scheme or
`
`algorithm,” which is used like a hash function to “generate different outputs for
`
`different inputs.” Ex. 1001, 6:32-37. A POSA would understand this abridging
`
`function to be an example of the application-specific “transformed version of the
`
`information” that the ’868 patent describes when explaining the process through
`
`which signatures are generated. Id., 4:50-55, 10:64-11:2 (“[T]he digital signature
`
`is preferably generated from a hash or otherwise transformed version of the
`
`software application and is therefore application-specific.”).
`
`45. Like a hash function, an abridging function “generates different
`
`outputs for different inputs,” thus ensuring “that every software application will
`
`have a different abridged version and thus a different signature.” Id., 6:37-41. The
`
`abridging schemes used in the context of this signing process have the
`
`characteristic that each of them “generates different outputs for different inputs.”
`
`
`
` Patent Owner Ex. 2002, p. 17
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`Id., 6:32-37. This is consistent with the ordinary meaning of “abridge” generally:
`
`“to reduce in scope, extent, etc.; shorten” and “to shorten by using fewer words
`
`but keeping the main contents; condense.” Ex. 2005 at 3.
`
`46. A POSA would have understood that, in the context of the ’868
`
`patent, an abridging function thus generates a unique transformation of the
`
`software application to be used in a signature process. Ex. 1001, 4:50-55, 6:32-41,
`
`10:64-11:2. This transformation is “unique” to the software application because,
`
`like a hash function, “every software application will have a different abridged
`
`version.” Id., 6:32-41.
`
`V. THE CHALLENGED CLAIMS ARE PATENTABLE OVER LIN
`47. The McDaniel Declaration states and discusses Dr. McDaniel’s
`
`opinion that every limitation of independent claims 1 and 76 of the ‘868 patent is
`
`expressly or necessarily disclosed by Lin. (Ex. 1002 ¶¶ 130-200). I disagree for
`
`the reasons given below. Because Lin does not disclose—either expressly or
`
`inherently—each and every limitation of independent claims 1 and 76, Lin cannot
`
`disclose each and every limitation of the other challenged claims, all of which
`
`depend on either claim 1 or 76.
`
`
`
` Patent Owner Ex. 2002, p. 18
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`A. Overview of Lin
`48. U.S. Patent Number 6,766,353 (Ex. 1011, “Lin”) is entitled “Method
`
`for Authenticating Java Archive (JAR) for Portable Devices.” The patent
`
`application that led to Lin was filed on July 11, 2000.
`
`49. Lin explains that prior art methods of authenticating whether an
`
`application originated from a trusted source were designed for desktop personal
`
`computers, but were not well-suited for small, portable devices (e.g., personal
`
`organizers and mobile communication devices) due to, e.g., the limited memory
`
`resources available on the smaller mobile devices. Ex. 1011 at 1:40-58. In
`
`particular, Lin notes that compared to the limited memory resources of smaller
`
`mobile devices, the X.509 certificates that were widely used for authentication on
`
`desktop computers are large files and that “since the certificate comes bundled
`
`with the application typically, the device must load both the application and the
`
`certificate.” Id. at 1:50-56.
`
`50. Lin proposes solving the problem of downloading and authenticating
`
`the author of an application on a client device with limited computing resources by
`
`creating an application descriptor file (“ADF”) that is digitally signed by the
`
`application developer and contains information associated with an application and
`
`information against which the application can be authenticated. Ex. 1011 at 2:32-
`
`35. Unlike in the prior art, where the X.509 certificate was bundled with the
`
`
`
` Patent Owner Ex. 2002, p. 19
`Google Inc. v. BlackBerry Ltd., IPR2017-01620
`
`

`

`application so that the device must load both, the signed ADF may be downloaded
`
`first onto the client device separately from the application. Id. at 4:66-5:1.
`
`51. Once certain info