Exhibit C: Claim Chart Comparing US. Patent No. 5,694,472 to Johnson (“Johnson ‘472) and Obvious
`Combinations to Claims of the ‘358 Patent
`
`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`1. A process of decrypting
`documents comprising:
`
`The Johnson ‘472 patent anticipates claim 1 of the ‘358 patent as described below.
`
`The Johnson ‘472 patent discloses “a process of decrypting documents.”
`
`
`
`The Johnson ‘472 patent concerns a process of decrypting documents. Johnson ‘472 refers to
`the encryption and decryption of “files” rather than using the term “document” used in the ‘358
`patent. As used in Johnson ‘472, “file” would be considered a “document” as used in the ‘358
`patent because computer files are inherently a “structural unit of . .. data that can be stored,
`retrieved, and exchanged
`as a separate unit” as the ‘358 patent requires. Computer files to a
`person of ordinary skill in the art at the time and now were simply “a set of related records
`treated as a unit.” (See, e.g., [MB System/36 Environment Pogromming, First Edition
`(http://pic.dhe.ibm.com/infocenter/iseries/v6r1m0/topic/books_web/sc4 1 4730.pdf) at 1—2.)
`
`“In the UAS 12 shown in FIG. 2a, the encryption/decryption function is performed by having
`processor 30 execute the encryption modules 56 stored in the non-volatile memory 38.” (C01. 8,
`11. 6—9.)
`
`“. .. they encrypt and decrypt data according to a selected algorithm.” (Col. 7, 11. 62-63.)
`
`“Processor 30 preferably begins the establishment process by decrypting 244 the information
`stored in file 152 of the EKE 14.” (C01 26, 11. 25-27)
`
`“Preferably, processor 30 carries out desired functions by executing program instructions stored
`on external storage devices. Interface 32 enables the processor 30 to execute instructions stored
`on external devices by receiving one of a number of different storage devices, and coupling the
`
`BlackBerry Corporation Exhibit 1016, pg. 1
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`— storage device to the processor 30” (Col. 7, ll. 19-21.)
`
`[A] providing plural documents
`having respective names
`
`The Johnson ‘472 patent discloses a process of providing multiple files/documents that each
`have a respective name (i. e., a “file name”)
`
`“For each of the managed data files 154-164, 170, there are six corresponding parameters: (1) a
`file name...” (Col. 26, ll. 36-40).
`
`[B] providing a crypto server for
`causing documents to be decrypted
`
`The Johnson ‘472 patent discloses “providing a crypto server ...”
`
`The Johnson ‘472 patent describes software and hardware that act as a crypto server for
`decrypting documents. For example, Johnson ‘472 provides encryption modules stored in
`memory (i.e., software) that is executed by the processor 30 of Johnson ‘472 (i.e., the hardware).
`
`“In the UAS 12 shown in FIG. 2a, the encryption/decryption function is performed by having
`processor 30 execute the encryption modules 56 stored in the non-volatile memory 38.” (Col. 8
`11. 6-9.)
`
`[C] providing a first table having
`the names of encrypted documents
`
`The Johnson ‘472 patent discloses “providing a first table ...”
`
`Table 370 of the Johnson ‘472 patent is a first table and contains the “file name” of encrypted
`documents.
`
`
`
`“As shown in FIG. 8a, a m 370 of file information is preferably maintained within file 152.
`For each of the managed data files 154-164, 170, there are six corresponding parameters: (1) a
`file name; (2) a file address; (3) a file identification code; (4) a file status; (5) an operational key
`file name; and (6) a file reference code.” (Col. 26, ll. 36-40 & FIG. 8a (emphasis added)).
`
`[D] for each of the names of
`encrypted documents in the first
`
`The Johnson ‘472 patent discloses “for each of the names ...”
`
`BlackBerry Corporation Exhibit 1016, pg. 2
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`table, a key name associated with a
`decryption key value for the
`encrypted document
`
`Johnson ‘472 provides a key name for each name of the encrypted documents. Johnson refers to
`the key name as the “operational key file name.” The “operational key file name” in Johnson
`‘472 is associated with and used to access the actual decryption key value referred to in Johnson
`‘472 as the “operational key code.”
`
`“For each of the managed data files 154-164, 170, there are six corresponding parameters: (1) a
`file name;. .. (5) an operational key file name” (col. 26, 11. 36-40 and FIG. 8a, emphasis added)
`
`“Once retrieved, the operational key file name“ is used by processor 30 to access section 1160
`of the RAM 40, and to retrieve therefrom the operational key code [value] (operational key
`code“) corresponding to the operational key file name“. Once that is done, processor 30 uses
`the operational key code11 as a decryption key to decrypt the data contained in file 154 of the
`EKE 14” (col. 38, 11. 26—32).
`
`“. . .storage device 14 will be referred to as the electronic key executive (EKE) (col. 6, l. 67 — col.
`7, 1.1)
`
`
`
`[E] detecting an open command
`for a given document issuing from
`a user of an application program
`using a user input device
`
`The Johnson ‘472 patent discloses “detecting an open command ...”
`
`Johnson ‘472 discloses a process for detecting an “open” command initiated by a user. In
`Johnson ‘472 a user initiates an “open” command by connecting a smart card. This connection
`is detected by the system and begins the process of retrieving the file or files marked open on the
`card.
`
`“An overall user device 16 is formed by coupling the EKE 14 to the UAS 12 via the storage
`device interface 32. Once coupled, the processor 30 on the UAS 12 accesses and executes the
`PFM 140 stored on the EKE 14.” C01. 22, lines 36-39.
`
`“once it has been determined that the EKE 14 is new, processor 30 prompts 178 the user to
`provide the initial key code used to encrypt the PFM 140 and the data files 152—164 on the new
`
`BlackBerry Corporation Exhibit 1016, pg. 3
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`EKE 14. Once this key code is received from the user via the keyboard subsystem 52, processor
`30 uses the key code to decrypt 179 the encrypted portions of the PFM 140, including the
`encrypted portion of the UAS-EKE control portion 142, and the user device-PAS control portion
`144” Col. 23, 11. 44-49)
`
`memory (e.g. RAM, PROM, flash memory, etc.).” Col. 4 11. 61-65.
`
`“. . .storage device 14 Will be referred to as the electronic key executive (EKE) ....” (Col. 6 l. 66
`— col. 7 l. 1.)
`
`“storage device 14 may take on a number of different forms including magnetic media (e.g. hard
`and floppy disks, magnetic stripe cards, etc.), optical media (e. g. CD-ROM), and semiconductor
`
`“Preferably, the information stored in file 152 is decrypted by executing encryption modules 56,
`using the initial key code provided by the user as the decryption key.” Col. 26, 11. 27-29,
`emphasis added.
`
`“Processor 30 preferably begins establishing file management data by choosing one of the
`managed files (file 154, for example) and selecting 246 an operational key file name to associate
`with the file.” Col. 26 11. 53-56, emphasis added.
`
`“if the processed file identification code is consistent With the file reference code stored in table
`370 for the selected file, then the file status flag in table 370 corresponding to the selected file is
`set 280 to "open”.” (col. 38, 11. 8-11).
`
`“Note that the operational key file names and the operational key codes are thus far stored only
`in the RAM 40 of the UAS 12. This information will be lost once the UAS 12 is deactivated due
`
`to the volatile nature of the RAM 40. In order to preserve the information for future reference,
`the information is preferably stored in section 60 of the non—volatile memory 38, and in section
`76 of the master EKE 70.” C01. 12, 11. 36-45 (emphasis added).
`
`BlackBerry Corporation Exhibit 1016, pg. 4
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`The EKE “takes the form of a PCMCIA memory card having a PCMCIA interface ...” Col. 10,
`11. 5-7.
`
`and decrypted as needed.” P. 14, col. 2, 1St full par.
`
`F]in response to the open
`command, the crypto server using
`the first table to determine if the
`
`given document should be
`decrypted
`
`The Johnson ‘472 patent discloses “in response to the open command .. ”
`
`When the open command is initiated in Johnson ‘472 by inserting the card, the Johnson ‘472
`system will determine if a file needs to be decrypted by reviewing the status flags in table 370.
`If a flag is set to “open” then it will need to be decrypted.
`
`Johnson ‘472
`
`“If all of the status flags in table 370 have been set to "open", then processor 30 proceeds to step
`286 to decrypt and store the data in all of the managed files 154-164, 170 into RAM 40 for
`subsequent access and manipulation” (col. 38, ll. 17-21).
`
`“With regard to the entries in the “File Reference Code” column of table 370, the [ ] are used to
`indicate that the quantity contained therein is encrypted ....” Col. 27 11. 13-16.
`
`To the extent, Johnson ‘472 doesn’t disclose this, Johnson ‘472 in combination with CFS I
`renders obvious “in response to the open command...” as described below.
`
`CFS I discloses the use of file descriptors for files (which are part of the first table) to
`appropriately encrypt and decrypt as needed.
`
`CFS I
`
`“To avoid repeated open and close calls, cfsd also maintains a small cache of file descriptors for
`files on which there have been recent operations. Directory and symbolic link operations, such as
`readdir, readlink, and lookup are similarly translated into appropriate system calls and encrypted
`
`BlackBerry Corporation Exhibit 1016, pg. 5
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`CFS Source Code
`
`Alternatively, Johnson ‘472 in combination with the CFS Source Code renders obvious “in
`response to the open command ...” as described below.
`
`See claim 1 element F of the CFS Source Code claim chart.
`
`[G] if the given document should
`be decrypted, then
`
`Johnson ‘472 discloses “if the given document ...”
`
`“For each encrypted file accessed through an attach point, cfsd generates a unique file handle
`that is used by the client NFS interface to refer to the file. For each attach point, the CFS daemon
`maintains a table of handles and their corresponding underlying encrypted names. When a read
`or write operation occurs, the handle is used as an index into this table to find the underlying file
`name.”
`
`
`
`Johnson ‘472 determines whether a document should be decrypted by reviewing which files are
`set to “open” in table 370.
`
`Johnson ‘472
`
`“If all of the status flags in table 370 have been set to "open", then processor 30 proceeds to step
`286 to decrypt and store the data in all of the managed files 154-164, 170 into RAM 40 for
`subsequent access and manipulation” (Col. 38, 11. 17-21. See Fig. Sc).
`
`CFS I
`
`To the extent, Johnson ‘472 doesn’t disclose this, Johnson ‘472 in combination with CFS I
`
`renders obvious “in response to the open command...” as described below.
`See claim 1, element [F] above.
`
`CFS Source Code
`
`Alternatively, Johnson ‘472 in combination with the CFS Source Code renders obvious “in
`response to the open command ...” as described below.
`
`BlackBerry Corporation Exhibit 1016, pg. 6
`
`

`

`[H] retrieving the key name
`associated with the name of the
`
`given document from the first table
`
`Johnson ‘472 discloses‘‘retrieving the key name.
`
`Step 286 is the decryption process in Johnson ‘472. To begin that process, the Johnson ‘472
`system retrieves the key name from table 370. Table 370 associates both the “operational key
`file name” and the “file name.” Figure 5c demonstrates the organization of this table.
`
`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`26).
`
`_“Process 286 preferably begins with processor 30 selecting one of the files (file 154, for
`example) listed in the table 370. Then, processor 30 retrieves from the table 370 the operational
`key file name (operational key file name“) associated with the selected file 154.” (col. 38, ll. 22-
`
`BlackBerry Corporation Exhibit 1016, pg. 7
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`file ,0 Code
`
`File Status Operational Key File Name
`
`MI 0041954
`
`Closed Operational Key File Name”
`
`We :55
`
`Norma-’56
`
`ID Cad: 1.56
`
`Closed Operational Key File Name”
`
`file 3‘53
`
`Nam-3’58
`
`ID Code L55
`
`Closed Operollanal Key file Names,
`
`file 160
`
`Address l60
`
`lD Code l60
`
`Closed Operalrbnal Key Flle Name” [l0 Codcwo} E I?
`
`file 162' Name”? Addmsslfi2
`’9 Gating-2
`- Address-m lo 0959154
`Address 170
`{0 Code ’70
`
`[l0 Coders?) £1
`Closed Operafrbaal Key are Namer
`[l0 Comm} 55
`Closed Dparaflbnal Key File Mame£5
`Closed Operatibnal Key file Name” [l0 Codewaj £11
`
`
`
`[I] retrieving the decryption key
`value associated With the key name
`from a second table, the second
`table having at least one
`decryption key value
`
`Johnson ‘472 discloses “retrieving the decryption key ...”
`
`Once the operational key file name (i.e., key name) has been retrieved from the table 370 (i.e.,
`the first table) in Johnson ‘472, it is used to retrieve the actual operational key code (i.e., key
`value) in a second table stored in RAM 40. Figure 5a shows the organization of the second
`table With operational key file names associated With their corresponding operational key code
`such that they can be retrieved by the processor.
`
`“Then, using the selected operational key file name, processor 30 retrieves 234 the operational
`key code corresponding to the selected operational key file name. For example, with reference to
`
`BlackBerry Corporation Exhibit 1016, pg. 8
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`FIG. 5a (which shows the operational key file names and the operational key codes currently
`stored in RAM 40), if operational key file namel is selected, then operational key codel is
`retrieved from RAM 40.” (Col. 24, 11. 28-35.)
`
`“FIG. 5a depicts the manner in which the recognition and comprehension parameters (the
`operational key file names and the corresponding operational key codes) are organized and
`stored in RAM 40...” (Col. 3, 11.20-24)
`
`“Once retrieved, the operational key file name“ is used by processor 30 to access section 1160
`of the RAM 40, and to retrieve therefrom the operational key code (operational key codel 1)
`corresponding to the operational key file namell.” (Col. 38, ll. 26—32).
`
`Operational Key coa’en
`
`Operational Key File Name 1
`
`Operational Key File Name2
`
`Operational Key code 1
`
`Operational Key codeg
`
`Operational Key File Name"
`
`BlackBerry Corporation Exhibit 1016, pg. 9
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`FIG. 5a
`
`Tables generally are simply the orderly arrangement of information (typically into rows and
`columns). This is precisely what is shown in Figure 5a.
`In my opinion, Figure 5a and the
`associated disclosure is encompassed by the “second table” limitation of the ‘358 patent claims.
`
`
`
`For the reasons stated in W 71-73 of my declaration, it is my opinion that it would be obvious to
`comprising providing an electronic
`modify the document management system of Johnson ‘472 to include an SQL database by
`document management system
`comprising a SQL database, a SQL combining it with a SQL database system like that disclosed in Chan. Using a database to store
`database server and a SQL
`tables such as table 370 of Johnson is well known in the art. Such a combination would satisfy
`database client, wherein the
`all elements of claim 2.
`electronic document management
`system performs the detecting step. Chan ‘018
`
`[J] causing the given document to
`be decrypted.
`
`Johnson ‘472 discloses “causing the given document to be decrypted.”
`
`“Once that is done, processor 30 uses the operational key code11 as a decryption key to decrypt
`the data contained in file 154 of the EKE 14” (C01. 38, 11. 26-32).
`
`2. The process of decrypting
`documents of claim 1 further
`
`Johnson ‘472 in combination with Chan ‘018 and CPS Source Code renders claim 2 obvious.
`
`Chan ‘018 discloses an electronic document management system comprising a SQL database
`management system (DBMS). This includes SQL database, SQL database server and SQL
`database clients.
`
`“The information server includes a database management system (DBMS) with an interface
`procedure for receiving and responding to SQL statements from client computers.
`The
`database access procedure includes embedded encrypted SQL statements, representing a
`predefined subset of a predefined full set of SQL statements ....” Abstract (emphasis added).
`
`BlackBerry Corporation Exhibit 1016, pg. 10
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`computers to access data in a database server using standard SQL-level statements ....” (Col. 1,
`11. 4-6 (emphasis added)).
`
`Since the database resides on the SQL electronic document management system, commands to
`open the documents residing on the SQL database are detected by the SQL electronic document
`management system.
`
`3. The process of decrypting
`documents of claim 1 further
`
`Johnson ‘472
`
`
`
`comprising providing a database,
`the database including an indicator
`of whether the documents should
`
`be decrypted if the indicator in the
`database does not indicate that the
`
`given document is to be decrypted,
`determining that the document
`should not be decrypted.
`
`“With regard to the entries in the “File Reference Code” column of table 370, the [ ] are used to
`indicate that the quantity contained therein is encrypted ....” Col. 27 11. 13-16.
`
`Furthermore, it would be obvious to a person of ordinary skill in the art at the effective priority
`date of the ‘358 patent that an electronic file management system like that disclosed in Johnson
`‘472 would require an indication of which files need to be decrypted before decryption begins.
`A person of skill in the art would be motivated to combine Johnson with art, such as Rackman,
`that discloses the use of one or more flags in a database to indicate whether a file is encrypted.
`[See, also, 1i 72 of Kelly declaration.]
`
`Rackman ’646
`
`Rackman discloses a database in a document production system. The database stores images of
`documents For example, in the system of Rackman, “Field 2 consists of two bits, a redaction-
`exists flag, and a this-is-it flag. The former flag is a 1 if the document is being produced to
`opposing counsel in redacted form. As discussed above, what is actually produced is an image
`pair--an encrypted unredacted image, and an unencrypted redacted image. (Even the latter image
`may have been encrypted with a confidentiality encryption key, and the former image may have
`been doubly encrypted if it is confidential.) The second flag identifies a particular image as one
`of these two forms. If the this-is-it flag is a 1, then the associated image is in redacted form; if
`
`BlackBerry Corporation Exhibit 1016, pg. 11
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`the flag is a 0, then the associated image is not redacted (although it will be encrypted). If the
`redaction-exists flag is a 0, then there is only one associated (unredacted) image, and the value of
`the this-is-it flag is irrelevant” (See Rackman, col. 6, 11. 14-29).
`
`The flags of Rackman clearly indicate whether a file needs to be decrypted or encrypted. It
`would be obvious for one of skill in the art to combine the flags in the database of Rackman with
`Johnson to provide “a database. . .including an indicator of Whether documents should be
`decrypted,” as recited in claim 3.
`
`
`
`4. The process of decrypting
`documents of claim 1 further
`
`comprising decrypting the given
`document with a DES algorithm.
`
`5. The process of decrypting
`documents of claim 1 wherein the
`
`second table is stored in a smart
`card.
`
`Johnson ‘472 anticipates claim 4 of the ‘358 patent as described below.
`
`Johnson ‘472 expressly states that the encryption algorithms used can be DES algorithms.
`
`“The encryption algorithms implemented by modules 56 may include DES, SKIPJACK, and
`various other algorithms.” Col. 7, lines 64—65.
`
`Johnson ‘472 anticipates claim 5 of the ‘358 patent as described below.
`
`Johnson ‘472 expressly discloses that the second table containing the key names and key values
`can be stored in places other than RAM 40, such as the electronic key executive storage device
`of other media such as hard disk, floppy disks, CD—ROMs, magnetic stripe cards, PCMCIA
`cards, and flash memory. These are the same as a smart card device described in the ‘358 patent
`as, for example, hard disk and PCMCIA card include an integrated microprocessor chip and non-
`volatile electronic memory.
`
`“Note that the operational key file names and the operational key codes are thus far stored only
`in the RAM 40 of the UAS 12. This information will be lost once the UAS 12 is deactivated due
`
`to the volatile nature of the RAM 40. In order to preserve the information for future reference,
`the information is preferably stored in section 60 of the non-volatile memory 38, and in section
`
`BlackBerry Corporation Exhibit 1016, pg. 12
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`76 of the master EKE 70.” C01. 12, 11. 36-45 (emphasis added).
`
`“. . .storage device 14 will be referred to as the electronic key executive (EKE) ....” (Col. 6 l. 66
`— col. 7 l. 1.)
`
`6. A computer program product
`comprising a computer usable
`medium having computer readable
`program code embodied therein
`for decrypting documents, the
`program code for causing a
`processor to
`
`cause plural documents to be
`decrypted, the documents having
`respective names
`
`record in a first table
`
`the names of the encrypted
`documents
`
`See claim 1, element [C]. for each of the names of encrypted
`
`“storage device 14 may take on a number of different forms including magnetic media (e.g. hard
`and floppy disks, magnetic stripe cards, etc.), optical media (e. g. CD-ROM), and semiconductor
`memory (e.g. RAM, PROM, flash memory, etc.).” Col. 4 11. 61-65.
`
`The EKE “takes the form of a PCMCIA memory card having a PCMCIA interface ...” Col. 10,
`11. 5—7.
`
`Johnson ‘472 anticipates claim 6 of the ‘358 patent as described below.
`
`See claim 1 preamble and Element [B].
`
`See claim 1, element [A].
`
`documents in the first table, a key
`
`See claim 1, element [D].
`
`BlackBerry Corporation Exhibit 1016, pg. 13
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`name associated with a decryption
`key value for the encrypted
`document
`
`detect an open command for a
`given document issuing from a
`user of an application program
`using a user input device
`
`in response to the open command
`use the first table to determine if
`
`the given document should be
`decrypted
`
`See claim 1, element [E].
`
`See claim 1, element [F].
`
`decrypted.
`
`if the given document should be
`decrypted, then
`
`See claim 1, element [G].
`
`retrieve the key name associated
`with the name of the given
`document from the first table
`
`retrieve the decryption key value
`associated with the key name from
`a second table, the second table
`having at least one decryption key
`value
`
`See claim 1, element [H].
`
`See claim 1, element [1].
`
`cause the given document to be
`
`See claim 1, element [J].
`
`BlackBerry Corporation Exhibit 1016, pg. 14
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`Johnson ‘472 anticipates claim 7 of the ‘358 patent as described below.
`
`See claim 4.
`
`
`
`7. The computer program product
`of claim 6, the program code
`further for causing the processor to
`decrypt the given document with a
`DES algorithm.
`
`8. A general purpose computer
`system comprising the computer
`program product of claim 6.
`
`9. The computer program product
`of claim 6, the program code
`further for causing the processor to
`obtain decryption key values from
`a portable data storage device.
`
`10. The computer program product
`of claim 6 wherein the second
`
`Johnson ‘472 anticipates claim 8 of the ‘358 patent as described below.
`
`Johnson ‘472 expressly discloses that the system is preferably operated on a general purpose
`computer system.
`
`“UAS 12 is preferably a general purpose processing device.” (Col. 7 ll. 17—18.)
`
`Johnson ‘472 anticipates claim 9 of the ‘358 patent as described below.
`
`See claim 5.
`
`Johnson ‘472 anticipates claim 10 of the ‘358 patent as described below.
`
`table is stored in a smart card.
`
`See claim 5.
`
`11. A computer program product
`comprising a computer usable
`medium having computer readable
`program code embodied therein
`for encrypting documents, the
`program code for causing a
`processor to
`
`Johnson ‘472 anticipates claim 11 of the ‘358 patent as described below.
`
`See Claim 1, Preamble and element [B]
`
`BlackBerry Corporation Exhibit 1016, pg. 15
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`See Claim 1, element [A]
`
`See Claim 1, element [C]
`
`See Claim 1, element [D]
`
`[A] cause plural documents to be
`encrypted, the documents having
`respective names
`
`[B] record in a first table
`the names of the encrypted
`documents
`
`[C] for each of the names of
`encrypted documents in the first
`table, a key name associated with
`an encryption key value for the
`encrypted document
`
`[D] detect a close command for a
`given document issuing from a
`user of an application program
`using a user input device
`
`causes the processor 30 to begin carrying out the updating function.” (Col. 30 ll. 18—20.)
`
`Johnson ‘472 discloses “detect a close command for ...”
`
`Johnson ‘472 discloses performing the encryption process in response to a “close” command.
`Johnson refers to an updating and writing process, which would necessarily be performed when
`a user closes the file. For example, once one or more files 154-164 are decrypted in Johnson,
`control is transferred to a user device-PAS interaction (See Johnson, FIG. 7a, step 200).
`Accordingly, the user may operate an “application portion 145 of the provider—specific software
`141.” (See Johnson, col. 29, 11. 30-57).
`
`“Once all of the user device-PAS control functions desired by the user are performed under
`control of portion 1144, then control is preferably transferred back 202 to the UAS-EKE control
`portion 1142.” (Col. 29 11. 51-53.)
`
`“Referring again to FIG. 7a, once portion 1142 regains control from portion 1144, portion 1142
`
`BlackBerry Corporation Exhibit 1016, pg. 16
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`Thus, Johnson ‘472 discloses detecting a close command for a given document.
`
`OBVIOUS MODIFICATIONS
`
`In addition to the disclosure of updating and writing in Johnson ‘472, which occur when a
`document is closed, it would have been obvious to anyone skilled in the art that the process for
`decrypting a documents could and should be reversed when a user exits a sensitive document.
`Any encryption technique must allow for both the decryption and encryption of sensitive
`information to be effective. It would be common sense that a user of the decryption methods in
`Johnson would desire to also encrypt files in a similar manner when he exits and stores them.
`Indeed, Johnson ‘472 discloses the need to “re-encrypt” files that have be decrypted. (Col. 27,
`11.23-38, col. 28, 11.38-44.) Accordingly, to the extent Johnson ‘472 discloses decrypting
`documents upon opening, it would have been obvious to encrypt them upon closing in a similar
`fashion. See Claim 1, element [E].
`
`OBVIOUS MODIFICATIONS AND COMBINATIONS
`
`[E] in response to the close
`command use the first table to
`determine if the given document
`should be encrypted
`
`Johnson ‘472
`“Referring again to FIG. 7a, regardless of whether the recognition parameters are updated,
`processor 30 preferably carries out step 206 to update the file management parameters stored in
`table 370 of the RAM 40. The process of updating the file management parameters is shown in
`greater detail in FIG. 7f. Like the file management parameter establishment process, the
`updating process has two purposes. The first purpose is to establish a new operational key file
`name and a new file reference code for each of the managed files 154-164, 170. The second
`purpose is to encrypt each of the managed files using a new operational key code.” (Col. 31, ll.
`43-54.)
`
`See Claim 11, element [D]; see also Claim 1, element [F] (describing process for open
`
`BlackBerry Corporation Exhibit 1016, pg. 17
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`command).
`
`To the extent, Johnson ‘472 doesn’t disclose this, Johnson ‘472 in combination with CFS I
`renders obvious “in response to the close command...” as described below.
`
`CFS I discloses the use of file descriptors for files (which are part of the first table) to
`appropriately encrypt and decrypt as needed.
`
`CFS I
`
`“To avoid repeated open and close calls, cfsd also maintains a small cache of file descriptors for
`files on which there have been recent operations. Directory and symbolic link operations, such as
`readdir, readlink, and lookup are similarly translated into appropriate system calls and encrypted
`and decrypted as needed.” P. 14, col. 2, lSt full par.
`
`“For each encrypted file accessed through an attach point, cfsd generates a unique file handle
`that is used by the client NFS interface to refer to the file. For each attach point, the CFS daemon
`maintains a table of handles and their corresponding underlying encrypted names. When a read
`or write operation occurs, the handle is used as an index into this table to find the underlying file
`name.”
`
`be encrypted, then
`
`CFS Source Code
`
`Alternatively, Johnson ‘472 in combination with the CFS Source Code renders obvious “in
`response to the close command ...” as described in the CFS code claim chart.
`
`See claim 1 element F of the CFS Source Code claim chart.
`
`[F] if the given document should
`
`Johnson ‘472 determines Whether a document should be encrypted
`
`See claim 11, element [E].
`
`BlackBerry Corporation Exhibit 1016, pg. 18
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`CFS I
`
`To the extent, Johnson ‘472 doesn’t disclose this, Johnson ‘472 in combination with CFS I
`renders obvious “in response to the open command...” as described below.
`See claim 1, element [E] above.
`
`CFS Source Code
`
`Alternatively, Johnson ‘472 in combination with the CFS Source Code renders obvious “in
`response to the open command ...” as described below.
`See claim 1, element [E] above.
`
`[G] retrieve the key name
`associated with the name of the
`
`Johnson ‘472 discloses “retrieve the key name ...”
`
`given document from the first table During the updating and re-encryption process described by Johnson ‘472, the processor
`retrieves the key name associated with the selected file stored in table 370.
`
`operational key file name” (See Johnson, col. 32, 11. 43-60; FIG. 9a).
`
`[H] retrieve the encryption key
`value associated with the key name
`from a second table, the second
`table having at least one
`encryption key value and at least
`one key name respectively
`associated with a one of the
`encryption key values
`
`“Once the file is selected, processor 30 retrieves 334 from table 370 stored in RAM 40 the new
`operational key file name corresponding to the selected file” (See Johnson, col. 32, 11. 39-41).
`
`Johnson ‘472 discloses “retrieve the encryption key ...”
`
`After retrieving the key name from the first table, the processor of Johnson ‘472 will access the
`second table to obtain the key code (i.e., key value) corresponding to the key name.
`
`“Thereafter, processor 30 uses the retrieved operational key file name to access section 1160 of
`the RAM 40 to retrieve 336 therefrom the operational key code corresponding to the retrieved
`
`See also claim 1, element [1] above.
`
`BlackBerry Corporation Exhibit 1016, pg. 19
`
`

`

`The ‘358 Patent
`Claims/Elements
`
`Johnson Pat. 5,694,472
`
`[1] cause the given document to be
`encrypted.
`
`Johnson ‘472 discloses “cause the given ...”
`
`“Once that is performed, processor 30 retrieves from RAM 40 the unencrypted data 1254 (FIG.
`9b) corresponding to file 154. Recall that in steps 256 and 257 of FIG. 7b, the data in file 154
`and the rest of the managed files 156-164, 170 were decrypted and stored in RAM 40 as
`unencrypted data files 1254-1264, 1270, as shown in FIG. 9b. These unencrypted data files
`1254-1264, 1270 can now be used by processor 30 for encryption purposes.” Col 32, ll. 48-56.
`
`Johnson ‘472 anticipates claim 12 of the ‘358 patent as described below.
`
`See claim 4.
`
`
`
`12. The computer program product
`of claim 11, the program code
`further for causing the processor to
`encrypt the given document with a
`DES algorithm.
`
`13. A general purpose computer
`system comprising the computer
`program product of claim 11.
`
`14. The computer program product
`of claim 11, the program code
`further for causing the processor to
`obtain encryption key values from
`a portable data storage device.
`
`15. The computer program product
`of claim 11 wherein the second
`
`Johnson ‘472 anticipates claim 13 of the ‘358 patent as described below.
`
`See claim 8.
`
`Johnson ‘472 anticipates claim 14 of the ‘358 patent as described