`
` BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`VISA INC. and VISA USA, INC., )
`
` )
`
` Petitioner )
`
` )
`
` vs. ) Patent No. 8,856,539
`
` )
`
`UNIVERSAL SECURE REGISTRY LLC,)
`
` )
`
` Patent Owner )
`
`______________________________)
`
` Deposition of Justin Douglas Tygar, Ph.D.
`
` San Francisco, California
`
` Friday, April 19, 2019
`
`Reported by:
`
`JOANNE M. FARRELL, RPR, CRR
`
`CSR Nos. 4838(CA) 506(HI) 507(NM)
`
`Job No. 3293303
`
`Pages 1 - 95
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 1
`
`1
`
`2
`
`3 4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`USR Exhibit No. 2005
`
`
`
`1 INDEX
`2 WITNESS
`3 Justin Douglas Tygar, Ph.D.
`4 EXAMINATION PAGE
`5 BY MR. MESSERIAN 5
`
`6 7
`
` EXHIBITS
`8 NUMBER PAGE
`9 Exhibit 1 International Publication 11
` Number WO 00/14648
`
`10
`
`Exhibit 2 Declaration of Justin Douglas 36
`11 Tygar, Ph.D.
`12 Exhibit 3 United States Patent, Weiss, 41
` Patent Number 4,885,778
`
`13
`
`Exhibit 4 United States Patent Desai, et 73
`14 al., Patent No. 6,820,204
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1 UNITED STATES PATENT AND TRADEMARK OFFICE
`2 BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`3 4
`
`VISA INC. and VISA USA, INC., )
` )
`5 Petitioner )
` )
`6 vs. ) Patent No. 8,856,539
` )
`7 UNIVERSAL SECURE REGISTRY LLC,)
` )
`8 Patent Owner )
`______________________________)
`
`9
`10
`11 Deposition of Justin Douglas Tygar, Ph.D.,
`12 taken on behalf of Respondent, at One Market Plaza,
`13 Spear Street Tower, Floor 3300, San Francisco,
`14 California, beginning at 9:01 a.m., on Friday,
`15 April 19, 2019, before Joanne M. Farrell, Certified
`16 Shorthand Reporter No. 4838.
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Page 2
`
`Page 4
`
`1 APPEARANCES:
`2 For Petitioner:
`3 WILSON SONSINI GOODRICH & ROSATI
`4 By: MATTHEW A. ARGENTI, ESQ.
`5 JAMIE YOO OTTO, ESQ.
`6 650 Page Mill Road
`7 Palo Alto, California 94304
`8 650.493.9300
`9 margenti@wsgr.com
`10 jotto@wsgr.com
`11
`12 For Patent Owner:
`13 QUINN EMANUEL URQUHART & SULLIVAN, LLP
`14 By: RAZMIG HAGOP MESSERIAN, ESQ.
`15 865 S. Figueroa Street, Floor 10
`16 Los Angeles, California 90017
`17 213.443.3000
`18
`19 Also Present: Christina Hollander, Senior Counsel,
` Visa
`
`20
`21
`22
`23
`24
`25
`
`1 San Francisco, California, Friday, April 19, 2019
`2 9:01 a.m.
`3 ---o0o---
`4 Justin Douglas Tygar, Ph.D.,
`5 having been administered an oath, was examined and
`6 testified as follows:
`7 EXAMINATION
`8 BY MR. MESSERIAN:
`9 Q. Good morning.
`10 A. Good morning.
`11 Q. How are you?
`12 A. Very well, thank you. And yourself?
`13 Q. Good. So my name, again, is Raz Messerian.
`14 I'm from Quinn Emanuel.
`15 Today we are here for the IPR of U.S.
`16 Patent Number 8,856,539. You understand that,
`17 correct?
`18 A. I do.
`19 Q. Okay. And could you please state your name
`20 for the record.
`21 A. My name is Justin Douglas Tygar. The last
`22 name is spelled T-Y-G-A-R.
`23 Q. That clarifies it for me too. I wasn't
`24 sure if it's Tygar or Tygar. Thank you.
`25 I understand you've been deposed before,
`
`Page 3
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 5
`
`2 (Pages 2 - 5)
`
`USR Exhibit No. 2005
`
`
`
`1 right?
`2 A. I have.
`3 Q. So you're pretty familiar with the ground
`4 rules, I assume, but I'm going to go through them
`5 quickly anyway.
`6 You understand you're here to testify and
`7 you're taking an oath, the same oath that would be
`8 before a court; is that right?
`9 A. Yes.
`10 Q. Is there anything that would interfere with
`11 your ability to testify today; for example, are you
`12 on any medication or anything of that sort?
`13 A. There's no medication that I'm on that
`14 would interfere with my ability to testify and give
`15 accurate answers.
`16 Q. Great. And do you understand the court
`17 reporter is here today to transcribe everything you
`18 say?
`19 A. Yes.
`20 Q. And to make that easier for her, it would
`21 be helpful if you could provide only audible answers
`22 and refrain from gestures such as nodding your head
`23 yes or no.
`24 Do you understand that?
`25 A. Yes.
`
`1 A. I'll do my best.
`2 Q. Thank you. All right.
`3 What did you do to prepare for this
`4 deposition?
`5 A. I reread my declaration in this matter. I
`6 reread the '539 patent, the Weiss reference, the
`7 Brener reference and the Desai reference.
`8 I had a telephone meeting with Mr. Argenti
`9 and Ms. Otto, and I had two days of in-person
`10 meetings with Mr. Argenti, Ms. Otto, and in-house
`11 counsel at Visa.
`12 Q. Roughly how many hours would you say you
`13 spent preparing for this deposition?
`14 A. Perhaps 20.
`15 Q. So it seems to me that you reviewed your
`16 declaration and you understand, I presume, the
`17 opinions that you laid out in your declaration?
`18 MR. ARGENTI: Objection. Form.
`19 THE WITNESS: Could we do one question at a
`20 time, please?
`21 BY MR. MESSERIAN:
`22 Q. Sure. Do you understand the opinions that
`23 are laid out in your declaration?
`24 MR. ARGENTI: Objection. Form.
`25 THE WITNESS: I believe so.
`
`Page 6
`
`Page 8
`
`1 Q. And do you also understand that it would be
`2 helpful for her if we don't talk over one another
`3 and let us finish each other's sentences so she can
`4 get it all down?
`5 A. Yes.
`6 Q. And so at any point in time if I'm unclear
`7 with my questions, I ask that you tell me to
`8 clarify; otherwise I'll presume that you understood
`9 what I asked.
`10 Could you do that for me, please?
`11 A. I'll do my best.
`12 Q. So if you answer a question, I'm going to
`13 presume that you understood my question; is that
`14 fair?
`15 A. Of course.
`16 Q. If at any point you want to take a break,
`17 just let me know; but I ask that if we are in the
`18 middle of a question, that you answer the question
`19 first before we do so.
`20 And then, finally, Mr. Argenti here might
`21 make objections, I'm sure, to some of my questions.
`22 If he does so I ask that you, unless specifically
`23 told not to answer the question, to go ahead and
`24 answer the question.
`25 Can you do that for me, please?
`
`Page 7
`
`1 BY MR. MESSERIAN:
`2 Q. And so you stand by those opinions in your
`3 declaration?
`4 A. There are some minor grammar errors, but
`5 there's nothing substantive in my declaration that
`6 I've changed my mind about.
`7 Q. So there's no substantive inaccuracies,
`8 right?
`9 A. Not to the best of my knowledge.
`10 Q. All right. I've read through your CV. Is
`11 it fair to say that you know a little bit about
`12 cryptography?
`13 MR. ARGENTI: Objection. Form.
`14 THE WITNESS: No. I think I know a lot
`15 about cryptography.
`16 BY MR. MESSERIAN:
`17 Q. I thought you'd say that. Would you
`18 consider yourself an expert in cryptography?
`19 A. Yes.
`20 Q. Would you say that you're also an expert in
`21 computer and network security?
`22 A. Yes.
`23 Q. And you were retained by Visa to provide
`24 opinions on the invalidity of the '539 patent,
`25 correct?
`
`Page 9
`
`3 (Pages 6 - 9)
`
`Veritext Legal Solutions
`866 299-5127
`
`USR Exhibit No. 2005
`
`
`
`1 A. I don't recall the exact wording in my --
`2 in my retainer agreement, but among the tasks I was
`3 asked to do was to look at and provide opinions on
`4 the '539 patent.
`5 Q. What were some of your other tasks?
`6 MR. ARGENTI: Objection. Form. Scope.
`7 THE WITNESS: I don't remember, as I said,
`8 what was in the retainer letter. I think I
`9 summarize in my declaration what I was retained to
`10 do.
`11 BY MR. MESSERIAN:
`12 Q. Were you asked to ever consider Visa's
`13 infringement of the '539 patent?
`14 MR. ARGENTI: Objection. Scope.
`15 Relevance.
`16 THE WITNESS: I am not aware that Visa
`17 infringes. I've been told that there is some
`18 litigation, patent litigation in district court, but
`19 I don't know anything about it. I've never looked
`20 at infringement issues associated with this matter.
`21 BY MR. MESSERIAN:
`22 Q. Okay. All right. I'd like to turn to some
`23 of the prior art references that you address in your
`24 declaration. Let's start with what I'd like to mark
`25 PCT Publication Number WO 00/14648, which is the
`Page 10
`
`1 Q. Let's start with that.
`2 A. I did read through it, albeit rather
`3 quickly, last week.
`4 Q. Okay. Did you review it last night or this
`5 morning?
`6 A. I reviewed portions of it.
`7 Q. All in all, would you say you've spent
`8 sufficient time going through the Brener reference
`9 so that you have a good understanding of what it
`10 teaches?
`11 A. With regard to the issues that came up in
`12 my analysis, yes.
`13 Q. Okay. Based on your understanding of
`14 Brener, is it fair to say that Brener generally
`15 describes a system that allows customers to
`16 anonymously purchase goods or anonymously shop?
`17 A. The summary, which is on page 1, beginning
`18 at line 6, specifically identifies:
`19 "Conducting electronic commerce allowing a
`20 customer to anonymously visit vendor
`21 websites, anonymously purchase goods, and
`22 anonymously receive goods without
`23 disclosing the customer's identification
`24 and home address information to the website
`25 vendor."
`
`Page 12
`
`1 Brener reference, as Exhibit Number 1 in the Tygar
`2 deposition.
`3 (Exhibit 1 was marked for identification by
`4 the court reporter and is attached hereto.)
`5 MR. ARGENTI: Sorry. Before you get
`6 started, Counsel, just as a point of clarification.
`7 Would it be more clear if we used the
`8 existing exhibit numbers from the IPR? We'd be fine
`9 with that from our perspective.
`10 BY MR. MESSERIAN:
`11 Q. Are you okay with calling it just the
`12 "Brener reference"? Would you understand it that
`13 way?
`14 A. I understand what you mean when you say the
`15 "Brener reference."
`16 Q. Let's do that. It's easier for me to call
`17 it Brener, Weiss, Desai.
`18 This is Exhibit Number 1 in the IPR.
`19 Now, is that a copy of the Brener reference
`20 that I'm handing you now that you're familiar with?
`21 A. It appears to be.
`22 Q. Great. And you mentioned that you reviewed
`23 the Brener reference. When is the last time you
`24 read through it?
`25 A. From beginning to end?
`
`1 Q. Would you believe that to summarize the
`2 invention?
`3 MR. ARGENTI: Objection. Form.
`4 THE WITNESS: I think it's a fair summary.
`5 BY MR. MESSERIAN:
`6 Q. Fair enough. Does Brener describe the
`7 cryptographic scheme to secure this anonymous
`8 purchase, you know, transaction system? Strike
`9 that.
`10 Does Brener describe a cryptographic
`11 process to secure the system?
`12 A. He does make reference to cryptography in
`13 the application.
`14 Q. In particular, does Brener state a
`15 preference for any one particular cryptographic
`16 scheme to secure its anonymous purchase
`17 transactional system?
`18 THE WITNESS: Madam Court Reporter, could
`19 you please reread that question to me slowly.
`20 THE COURT REPORTER: "Question: In
`21 particular, does Brener state a
`22 preference for any one particular
`23 cryptographic scheme to secure its
`24 anonymous purchase transactional system?"
`25 MR. ARGENTI: Objection. Form.
`
`Page 11
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 13
`
`4 (Pages 10 - 13)
`
`USR Exhibit No. 2005
`
`
`
`1 THE WITNESS: On page 13 at line 6, Brener
`2 states that:
`3 "Credit card transactions, when authorized
`4 by the customer or customer object
`5 identifier, are preferably done through
`6 secure transaction protocols."
`7 And then he has an additional comment,
`8 "Such as digital signatures and digital
`9 certificates."
`10 So I understand from this passage that
`11 Brener prefers the use of secure transaction
`12 protocols, including secure transaction protocols
`13 that use asymmetric cryptography.
`14 Elsewhere, on page 15 in the paragraph
`15 beginning at line 25, the reference states:
`16 "In order to provide for secure
`17 transmissions over the Internet, the
`18 present invention can use different
`19 inscription methods to provide users with
`20 anonymity and to prevent third parties from
`21 improperly obtaining a user's credit card
`22 number or bank account number. To this
`23 end, in one preferred embodiment the system
`24 uses an RSA public encryption."
`25 I understand from this passage that he
`
`1 "beginning on line 11." Let me reread the passage.
`2 Q. Sure.
`3 A. Would you repeat your question?
`4 Q. Yes. So in that passage starting at
`5 line 20, Brener recites:
`6 "The bank computer 150 can then request
`7 that the customer computer 100, using the
`8 private key, quote, sign for the purchase."
`9 What is Brener talking about there?
`10 A. So reading the paragraph in context, this
`11 is talking about a, as I mentioned, going back to
`12 page 15, one preferred embodiment.
`13 In this embodiment, the -- in this
`14 embodiment, as you can see from line -- as you can
`15 see from line -- beginning at line 15, the customer
`16 computer has notified the vendor computer the
`17 customer wants to make a purchase, and the
`18 transaction number and the amount of the purchase is
`19 going to be forwarded to a bank computer.
`20 The bank computer is then asking the
`21 customer computer to do an operation that in
`22 asymmetric cryptography is called "digital
`23 signatures."
`24 There are multiple ways to do digital
`25 signatures. One way in which to do a digital
`
`Page 14
`
`Page 16
`
`1 states that in one embodiment his system would use
`2 RSA.
`3 BY MR. MESSERIAN:
`4 Q. That passage that you just read, would you
`5 say that Brener expresses that it's one embodiment
`6 or a preferred embodiment?
`7 A. As I just said, the literal wording, and
`8 this is at page 15, line 28, is "One preferred
`9 embodiment."
`10 Q. So Brener uses public-key cryptography to
`11 secure its system, at least in one preferred
`12 embodiment, correct?
`13 A. Yes.
`14 Q. Can you flip to page 16. Starting at
`15 line 11 through 24, if you could just read that
`16 either to yourself or out loud.
`17 A. Go ahead.
`18 Q. Can you explain to me what it means when
`19 Brener says that "The bank computer can then request
`20 that customer computer 100 using its private key,
`21 quote, sign for the purchase"?
`22 A. I'm sorry. I must have been looking at a
`23 different line. I thought you said page 16 line 11.
`24 Q. 11 through 24, uh-huh.
`25 A. I'm sorry. I only heard the sentence
`
`Page 15
`
`1 signature is to take a message, compute a secure
`2 hash on the message, and then encrypt that message
`3 in the public key.
`4 If you want, I can go into the mechanics of
`5 how it's done in RSA.
`6 Q. But at a very high level it provides a
`7 digital signature to that bank computer -- and when
`8 I say "it," I mean the customer computer -- is that
`9 right?
`10 MR. ARGENTI: Objection. Form.
`11 THE WITNESS: Repeat the question, please.
`12 THE COURT REPORTER: "Question: But
`13 at a very high level it provides a
`14 digital signature to that bank computer --
`15 and when I say "it," I mean the customer
`16 computer -- is that right?"
`17 THE WITNESS: It is not clear to me from
`18 this passage that the digital signature is sent to
`19 the bank computer directly from the customer
`20 computer as opposed through an intermediary.
`21 BY MR. MESSERIAN:
`22 Q. Whether it flows through an intermediary or
`23 it goes directly to the bank computer, is it fair to
`24 say that the customer computer generates a digital
`25 signature using one of various methods, as you
`Page 17
`
`Veritext Legal Solutions
`866 299-5127
`
`5 (Pages 14 - 17)
`
`USR Exhibit No. 2005
`
`
`
`1 mentioned, and provides it to the bank computer?
`2 A. I think it would be fair to say that the
`3 customer computer calculates a digital signature,
`4 and that digital signature is ultimately provided to
`5 the bank computer.
`6 Q. How does the bank computer verify -- strike
`7 that.
`8 What does the bank computer do with this
`9 digital signature?
`10 A. So turning back to page 13, in the
`11 paragraph beginning at line 16, you can see that
`12 there are several embodiments' discussion. At
`13 line 19, one embodiment has the bank computer being
`14 provided with a database of linking information of
`15 customer object -- objects or public keys.
`16 In another embodiment, the credit card
`17 company retrieves the customer object or public key
`18 from the secure provider computer.
`19 But, in any case, the bank computer uses
`20 this linking information and the public key to
`21 verify that the signature is properly formed. It's
`22 a valid digital signature.
`23 Q. Can you explain to me how the bank computer
`24 uses the customer object to verify the digital
`25 signature?
`
`Page 18
`
`1 would you say a person of ordinary skill in the art
`2 would interpret this to know that the bank
`3 computer -- strike that.
`4 This public key that the bank computer has
`5 in its possession, regardless of how it obtains it,
`6 how does it know it belongs and is associated with
`7 the customer computer?
`8 A. It is either in the database, which was
`9 provided to it, or it was obtained from the secure
`10 provider.
`11 If you look at Figure 1, you'll notice that
`12 there are different bank computers indicated as
`13 object 150 and associated with them are databases.
`14 So in one embodiment that information is on the
`15 database.
`16 In a second -- you'll also notice there's a
`17 database 130 that's associated with the secure
`18 provider computer, which is acting in this case as
`19 what is sometimes called in the art "a trusted third
`20 party."
`21 Q. To back up a step, you said there's
`22 information stored on the databases linked to the
`23 bank computer; number 170 would be the database
`24 there in that figure.
`25 What information were you talking about as
`Page 20
`
`1 A. The customer object can be used to request
`2 linking information, or if a linking table is
`3 provided, to look up linking information to retrieve
`4 the public key.
`5 Q. So the bank computer uses the customer's
`6 public key to verify the digital signature; is that
`7 fair to say?
`8 A. Yes.
`9 Q. So let me ask you this: How does the bank
`10 computer know that the public key that it has for
`11 the customer computer that it's going to use to
`12 verify that digital signature truly belongs to the
`13 customer computer making the purchase request?
`14 A. Well, there are multiple ways in which
`15 that -- that to one of ordinary skill in the art
`16 would recognize of doing that.
`17 As I sit here now, the methods that I
`18 remember that are explicitly discussed in this
`19 disclosure are, first of all, the one that's stated
`20 in page 13, the sentence beginning at line 19;
`21 namely, "The bank computer has a database of
`22 information." Or the one in which, which is on
`23 page 13 beginning at line 22, "The bank computer
`24 retrieves the public key from the secure provider."
`25 Q. Once it's retrieved that public key, how
`
`1 being stored there to help the bank computer know
`2 that the public key it has actually belongs to the
`3 customer computer?
`4 A. The disclosure states on page 13, line 19:
`5 "In one preferred embodiment, bank computer
`6 is provided with a database of the linking
`7 information of customer object or public
`8 key and customer information that allows
`9 the bank computer 150 or credit card
`10 company computer to determine who the
`11 actual customer is."
`12 So in this embodiment, one possibility is
`13 that the public key is already in the database.
`14 Q. Isn't it true that the linking information
`15 described there is to link the customer object,
`16 which in one case could be the public key, to real
`17 account information like a credit card number of the
`18 customer computer?
`19 MR. ARGENTI: Objection. Form.
`20 THE WITNESS: Will you repeat the question,
`21 please, Madam Court Reporter.
`22 THE COURT REPORTER: "Question: Isn't
`23 it true that the linking information
`24 described there is to link the customer
`25 object, which in one case could be the
`
`Page 19
`
`Veritext Legal Solutions
`866 299-5127
`
`Page 21
`
`6 (Pages 18 - 21)
`
`USR Exhibit No. 2005
`
`
`
`1 public key, to real account information
`2 like a credit card number of the customer
`3 computer?
`4 THE WITNESS: That indeed could be one of
`5 its purposes, but this could also be describing a
`6 table of public keys.
`7 BY MR. MESSERIAN:
`8 Q. Let's assume that indeed, it includes a
`9 table of public keys. How does that help the bank
`10 computer know that any one particular public key in
`11 that database truly belongs to the customer computer
`12 that it's supposed to allegedly belong to?
`13 A. Well, this is an aspect -- how that
`14 database is initialized is -- sorry. Let me look at
`15 this and -- sorry. I do recall there was a passage.
`16 Let me give you a clean answer.
`17 Okay. So look at page 8, the paragraph
`18 beginning at line 3. And this paragraph describes
`19 several embodiments for storing linking tables. And
`20 the linking table match up customer's objects with
`21 customer's personal information.
`22 And in the sentence -- in the sentence
`23 beginning at line 11, "An embodiment is discussed
`24 where the linking table is stored at the secured
`25 provider computer."
`
`1 MR. ARGENTI: Objection. Form.
`2 THE WITNESS: There are multiple ways well
`3 known.
`4 BY MR. MESSERIAN:
`5 Q. What's the most common in a public key
`6 cryptographic scheme?
`7 MR. ARGENTI: Objection. Form.
`8 THE WITNESS: Well, the two most common are
`9 the public key infrastructure, or PKI system, and
`10 one standard is X509 for that system in which a
`11 public key comes with a public key certificate,
`12 which is itself a digitally signed message from an
`13 entity known as a certificate authority that attests
`14 to the public key.
`15 A second method is to use a directory-based
`16 approach where one looks up a public key in a
`17 directory. For example, in a popular email
`18 encryption system there are a number of directories
`19 of public keys. One of them is operated by MIT, for
`20 example, that you can use to look up by email
`21 address a given user's public key.
`22 BY MR. MESSERIAN:
`23 Q. Let's talk about the first of those two
`24 examples, digital certificates that are issued by
`25 certificate authorities.
`
`Page 22
`
`Page 24
`
`1 And in the sentence beginning at line 14,
`2 "That linking table is stored in that database 170."
`3 And I understand that to be the embodiment
`4 that you're speaking to me about now.
`5 But it's stated that that linking table is
`6 stored in a secure computer which shields that
`7 linking information from third parties. And it also
`8 states that using this linking table, either the
`9 secure provider computer in one embodiment or the
`10 bank computer in another embodiment can determine
`11 which customer a given customer object represents.
`12 Now, as we've discussed, the public key
`13 could be part of that information in that linking
`14 table, so that's one way in which the bank computer
`15 can determine the public key of the customer.
`16 Alternatively, the bank could request it
`17 from the secure provider computer, which would use
`18 the linking table stored at the secure provider
`19 computer.
`20 Q. Stepping away from Brener for a second,
`21 generally talking about public key cryptographic
`22 systems, public key infrastructure, how does a
`23 recipient of a message of a digital signature know
`24 that the public key that it's going to use to verify
`25 that digital signature truly belongs to the sender?
`Page 23
`
`1 Does Brener make any reference to digital
`2 certificates in its scheme?
`3 A. Sure. He uses the phrase "digital
`4 certificate" in places in his disclosure -- in its
`5 disclosure.
`6 Q. Why don't you turn to page 10, line 27. It
`7 states "In one embodiment, this object," and it's
`8 speaking about the customer object, to give it some
`9 context, "may have both a public and private segment
`10 to a digital certificate."
`11 Would you understand, based on that
`12 sentence, that at least in one instance the customer
`13 object can be a digital certificate?
`14 A. That's not quite the way I read this
`15 phrase. So if you read the sentence immediately
`16 preceding it, you can see that the context of this
`17 is the customer creating a persona or customer
`18 object that's stored on database 130 of the secure
`19 provider computer.
`20 And there's a discussion of the public and
`21 private segment. And there's also the personal
`22 information associated with the customer that is
`23 stored in a linking table that is discussed
`24 beginning in line 28.
`25 I would understand that the public key
`
`Page 25
`
`7 (Pages 22 - 25)
`
`Veritext Legal Solutions
`866 299-5127
`
`USR Exhibit No. 2005
`
`
`
`1 that's mentioned here or the digital certificate
`2 that's mentioned here, a portion of it may be
`3 associated with a customer object. But there's also
`4 a private segment associated with it, as well. So
`5 it doesn't necessarily represent a full digital
`6 certificate.
`7 Q. What do you believe the private segment of
`8 the digital certificate refers to?
`9 A. As I sit here now, I don't recall the
`10 patent elaborating on this point. So one of
`11 ordinary skill in the art could imagine any number
`12 of different possibilities.
`13 Q. What would one of those possibilities be?
`14 A. In one possibility the public portion might
`15 be an alphanumeric identifier such as GOLFO, an
`16 example that is mentioned in -- repeatedly in the
`17 disclosure.
`18 And the private -- and that would be a
`19 field in a digital certificate. But the rest of the
`20 digital certificate could be kept private.
`21 Q. What would one of ordinary skill in the art
`22 understand the private segment to a digital
`23 certificate to mean in this context?
`24 MR. ARGENTI: Objection. Form.
`25 THE WITNESS: Again, a multitude of
`
`Page 26
`
`1 possibilities would exist.
`2 BY MR. MESSERIAN:
`3 Q. What is one of those possibilities?
`4 MR. ARGENTI: Objection. Form.
`5 THE WITNESS: The one that I just
`6 mentioned. One of those possibilities would be that
`7 the portion -- that the alphanumeric portion that
`8 the customer chose would be the public portion, and
`9 other information would be kept private.
`10 BY MR. MESSERIAN:
`11 Q. What would that other information be?
`12 A. So that other information could be other
`13 fields in the X509 certificate.
`14 Q. Is it fair to say that it might be the
`15 digital signature of the certificate authority?
`16 A. Sure. That's another field in the
`17 certificate.
`18 Q. Regardless of what the public and private
`19 segments to this digital certificate represent, is
`20 it fair to say at least that Brener envisions
`21 incorporating a digital certificate in its scheme?
`22 MR. ARGENTI: Objection. Form.
`23 THE WITNESS: In one embodiment, it does.
`24 It's not the only embodiment discussed.
`25
`
`Page 27
`
`1 BY MR. MESSERIAN:
`2 Q. Turn to page 11. Starting with line 23,
`3 why don't you read through line 23 up until the end
`4 of that page.
`5 Is it fair to say that Brener is making
`6 additional references here to a digital certificate
`7 of the customer computer in its public cryptography
`8 scheme?
`9 A. Madam Court Reporter, would you please
`10 repeat the question.
`11 THE COURT REPORTER: "Question: Is
`12 it fair to say that Brenner is making
`13 additional references here to a digital
`14 certificate of the customer computer in its
`15 public cryptography scheme?"
`16 THE WITNESS: I'm sorry. I don't
`17 understand the phrase "digital certificate of the
`18 customer computer."
`19 BY MR. MESSERIAN:
`20 Q. What I meant by that is a digital
`21 certificate issued by a certificate authority that
`22 associates a public key of that customer computer to
`23 the customer computer.
`24 Strike that.
`25 What do you think Brener is talking about
`Page 28
`
`1 here in that section you just read when it talks
`2 about a certificate?
`3 MR. ARGENTI: Objection. Form.
`4 THE WITNESS: I think it is talking about
`5 information issued or obtained by or generated by a
`6 customer that uniquely identifies a digital
`7 certificate.
`8 BY MR. MESSERIAN:
`9 Q. So when Brener refers to certificate here,
`10 it's talking about a digital certificate?
`11 MR. ARGENTI: Objection. Form.
`12 THE WITNESS: Brener doesn't use the
`13 phrase -- in the sentence beginning on line 25 of
`14 page 11, he does not use the phrase "digital
`15 certificate," but I think it's fair to infer that
`16 the reference is to a digital object.
`17 BY MR. MESSERIAN:
`18 Q. Whose certificate or digital certificate do
`19 you believe a person of ordinary skill in the art
`20 would infer this is associated with?
`21 MR. ARGENTI: Objection. Form.
`22 THE WITNESS: It's associated with the
`23 customer.
`24 BY MR. MESSERIAN:
`25 Q. Can you turn to page 13 and read lines 6
`Page 29
`
`Veritext Legal Solutions
`866 299-5127
`
`8 (Pages 26 - 29)
`
`USR Exhibit No. 2005
`
`
`
`1 through 10.
`2 A. (Witness complies.)
`3 Q. Is it fair to say that, again, Brener makes
`4 references to the use of digital certificates in its
`5 secure purchase transaction scheme?
`6 A. I believe there is an assumption in your
`7 question which -- which is not necessarily true.
`8 Look at the sentence beginning at line 6 of page 13.
`9 It states that:
`10 "Credit card transactions, when authorized
`11 by the customer or customer object
`12 identifier, are preferably done through
`13 secure transaction protocols."
`14 And it ends saying "Such as digital
`15 signature and digital certificates."
`16 So one of ordinary skill in the art reading
`17 this sentence would understand that at the time of
`18 Brener, which was filed I see in September of 1999,
`19 there were multiple secure transaction protocols.
`20 There's a secure communication protocol that was
`21 quite popular at that time called "secure socket
`22 layer." And it's also known by its later name,
`23 "transport layer security."
`24 And that protocol did indeed use digital
`25 signatures and digital certificates.
`
`1 It wants those operations to be done
`2 through secure transaction protocols. I think
`3 that's a fair assessment.
`4 One way of doing that is through the use of
`5 protocols that use digital signatures and digital
`6 certificates.
`7 There are other ways that are also -- were
`8 also well known at the time. For example, methods
`9 that used symmetric cryptography.
`10 We've been going for about an hour. If
`11 it's okay I'd like to take a break.
`12 BY MR. MESSERIAN:
`13 Q. Sure. Go for it.
`14 A. Thanks.
`15 (Recess taken at 11:03 a.m.)
`16 (Procee