Exhibit D: Claim Chart Comparing CFS Source Code and its Obvious Combination with the CFS I Article with
`Claims of the ‘358 Patent
`
`NOTE: Computer source code is typically comprised of multiple files that provide various functionality of the
`ultimate computer program. In addition to the source code, a source code distribution may provide release notes,
`other descriptions of the source code functionality and instructions to compile and install the computer software.
`The complete CFS Source Code for Version 1.3.3 with all files has been provided as Exhibit 1009. The citations I
`make in the following chart are in many cases to individual source code files and lines within those files.
`I have
`used the formatting convention, filename:lines, for my citations. Exhibit 1009 also includes the source code notes
`file which I cite with the indication “notesms”.
`
`The CFS Source Code alone anticipates almost all of the claims of the ‘358 patent. CFS I references are used even
`for those claims for additional clarification as both CFS Source Code and CFS I describe the same Cryptographic
`File System (CFS.)
`
`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`1. A process of decrypting
`documents comprising:
`
`CFS Source Code
`
`CFS source code anticipates and/or renders obvious claim 1 of the ‘358 Patent as described
`below.
`
`system level through a standard Unix file system interface to encrypted files. Users associate a
`
`CFS source code discloses a process of decrypting documents.
`
`Specifically, CFS source code refers to the encryption and decryption of “files.”
`
`“CFS pushes encryption services into the Unix(tm) file system. It supports secure storage at the
`
`BlackBerry Corporation Exhibit 1017, pg. 1
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`cryptographic key with the directories they wish to protect. Files in these directories (as well as
`their pathname components) are transparently encrypted and decrypted with the specified key
`without further user intervention; cleartext is never stored on a disk or sent to a remote file
`
`server.” (See notes.ms: 17-24).
`
`A “file” in CFS would be considered a “document” as used in the ‘358 patent because files on a
`computer are inherently a “structural unit of... data that can be stored, retrieved, and
`exchanged... as a separate unit” as the ‘358 patent requires. Computer files to a person of
`ordinary skill in the art at the priority date of the ‘358 patent were simply “a set of related records
`treated as a unit.” (See, e.g., [MB System/36 Environment Pogromming, First Edition
`(http://pic.dhe.ibm.com/infocenter/iseries/v6rlm0/topic/books_web/sc4l4730.pdf) at 1—2.)
`
`Furthermore, the ‘358 patent uses the terms “document” and “file” interchangeably. (See, e.g.,
`‘358 at 8:10-23.)
`
`Alternatively, to the extent that CFS source code doesn’t disclose this limitation, CFS source
`code in combination with CFS I renders obvious this limitation.
`
`CFS I
`
`CFS Source Code.
`
`“The Cryptographic File System (CFS) pushes encryption services into the file system itself.”
`Abstract.
`
`[A] providing plural documents
`having respective names
`
`CFS Source Code.
`CFS source code discloses “providing plural documents having respective names.”
`
`Specifically, CFS source code discloses providing multiple files/documents in directories. Each
`file in the directory has a name associated it. Furthermore, the file names are encrypted by the
`
`BlackBerry Corporation Exhibit 1017, pg. 2
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`“Filenames are similarly encrypted.” (See notes.ms:348)
`
`See also cfs_fileid structure at cfs.h:72-89, encryptname function at cfs_fh.c:l92-218, and
`nfsproc_create_2 function at cfs_nfs.c:444-544.
`
`Alternatively, to the extent that CFS source code doesn’t disclose this limitation, CFS source
`code in combination with CFS I renders obvious this limitation.
`
`CFS I.
`
`
`
`“For each encrypted file accessed through an attach point, cfsd generates a unique file handle that
`is used by the client NFS interface to refer to the file. For each attach point, the CFS daemon
`maintains a table of handles and their corresponding underlying encrypted names. P. 14, 2““1 col.,
`lSt full para.
`
`[B] providing a crypto server for
`causing documents to be
`decrypted
`
`CFS Source Code.
`
`CFS source code discloses “providing a crypto server for causing documents to be decrypted.”
`
`Specifically, CFS source code causes a processor to perform certain functions. The crypto server
`in CFS is a local network file system (NFS) server that provides a server daemon for encryption
`and decryption.
`
`“CFS runs entirely at user level, as a local NFS server running on the client machine's "loopback"
`interface. The system consists of... cfsd. .. (the CFS server daemon), and a small suite of tools. ..
`(cmkdir, cattach, cdetach,. .. and... ssh)... that create encrypted directories and manage keys as
`they are used” (See notes.ms:42-55).
`
`See also nfsproc_read_2 fimction at cfs_nfs.c:3 1 1-369; readblock fimction at cfs_fh.c:77-l l8;
`and dodecrypt function at cfs_fl1.c:3 10-330.
`
`BlackBerry Corporation Exhibit 1017, pg. 3
`
`

`

`CFS I.
`
`Fig. 2 shows a “CFS Daemon” With a “NFS Svr. Interface” and “Encryption/Decryption Engine”
`
`[C] providing a first table having
`the names of encrypted
`documents
`
`CFS Source Code.
`CFS source code discloses “providing a first table having the names of encrypted documents.”
`
`The ‘358 Patent
`
`CFS Source Code & CFS I
`
`Claims/Elements
`
`Alternatively, to the extent that CFS source code doesn’t disclose this limitation, CFS source
`code in combination with CFS I renders obvious this limitation.
`
`representing a row in the file hash table. (See, e.g., cfs.h:72-89)
`
`Specifically, CFS Source Code discloses a file hash table comprising of s_f i leid structs that
`stores data relating to a file. The file hash table is a first table as used in the‘358 patent. A struct
`is a basic data structure that stores one or more variables. A struct can be used, for example, to
`implement a table. Each variable of the struct corresponds to a column in the table. As an
`example, if i l e i d element of the c f s_f i l e i d struct corresponds to a column comprising a
`file identifier for a file. CFS may maintain a of s_f i leid struct for one or more files, each
`
`BlackBerry Corporation Exhibit 1017, pg. 4
`
`

`

`typedef struct cfs_fileid { /* hash table entry */
`int fileid; /* inode */
`int key;
`/* key id, for future use */
`char vect[9];
`/* pertubation vector */
`char vectname[1024]:
`/* name of symlink w/ pert vect */
`
`/* dir only; for shortlinks. */
`int 1ink_count;
`int linkid;
`/* short links only */
`#endif
`
`struct cfs_fileid *next;
`struct instance *ins;
`} cfs_fileid;
`
`/* this is redundnat, but helps */
`
`/* the name should be changed to a list of names, and we should make
`sure we have the right one open.
`Lookup (not link) adds names,
`remove and rmdir delete names. */
`struct fdcache *fd;
`/* fd, if already open, or NULL (reg files only)*/
`int parent;
`/* dir only; —1 for instance root
`(send back self]*/
`#ifdef SHORTLINKS
`
`CFS I
`
`Furthermore, the file hash table includes names of the encrypted files. One column in the file
`hash table, name, corresponds to the filename and path to the file. (See, e.g., cfs.h:77.) Another
`column in the file hash table, f ileid, represents a unique identifier for the file. (See, e.g.,
`
`cfs.h:73.) Both name and fileid represent the name of encrypted documents as used by the
`‘35 8 patent. An entry in the file hash table is created for each encrypted file.
`
`The following is a mapping of the claim terms to the names given to those terms in the CFS
`source code:
`
`first table
`
`hash table of of s file id structs
`
`names of enc pted documents
`
`int fileid, char *name
`
`BlackBerry Corporation Exhibit 1017, pg. 5
`
`

`

`The ‘358 Patent
`
`CFS Source Code & CFS I
`
`Claims/Elements
`
`“Files are stored in encrypted form and with encrypted path names in the associated standard
`directories, ....” P. 11, col. 2, § 2.2, 3rd para.
`
`89 and cfs.h: 146-161).
`
`Specifically, the file hash table also includes a column ins, which is a pointer to the instance
`struct associated with a file. The instance struct includes cf 3 key key, i.e., an
`encryption/decryption key. Thus, for each encrypted file in the file hash table, there exists a key
`name (ins) associated With the decryption key value for the encrypted file.
`(See, e.g.,cfs.h:72-
`
`“For each encrypted file accessed through an attach point, cfsd generates a unique file handle that
`is used by the client NFS interface to refer to the file. For each attach point, the CFS daemon
`maintains a table of handles and their corresponding underlying encrypted names.” p. 14, 2“d col.,
`lSt full para. (emphasis added)
`
`CFS Source Code.
`CFS source code discloses “for each of the names of encrypted documents in the first table, a key
`name associated with a decryption key value for the encrypted document.”
`
`[D] for each of the names of
`encrypted documents in the first
`table, a key name associated with
`a decryption key value for the
`encrypted document
`
`BlackBerry Corporation Exhibit 1017, pg. 6
`
`

`

`typedef—{ /* hash table entry */
`
`/* key id, for future use */
`int key;
`char vect[9];
`/* pertubation vector */
`char vectnamel1024];
`/* name of symlink w/ pert vect */
`
`/* the name should be changed to a list of names, and we should make
`sure we have the right one open.
`Lookup (not link) adds names,
`remove and rmdir delete names. */
`struct fdcache *fd;
`/* fd, if already open, or NULL (reg files only)*/
`int parent;
`/* dir only; —1 for instance root
`(send back self)*/
`#ifdef SHORTLINKS
`
`/* dir only; for shortlinks. */
`int 1ink_count;
`int linkid;
`/* short links only */
`#endif
`struct cfs_fileid *next;
`struct instance *ins;
`} cfs_fileid;
`
`/* this is redundnat, but helps */
`
`} instance;
`
`u_char checkl8];/* we just encrypt the date and copy it here */
`int uid;
`/* authorized uid */
`/* we need a better credential mechanism */
`/* same as its position in instances[] */
`/* use perturbation vectors */
`/* invisability */
`(0 is infinite) */
`/* absolute timeout
`/* idle timer (0 is infinite) */
`/* last access time (for use by idle timer) */
`/* to be killed */
`
`typedef struct instance {
`
`char pathINFS_MAXPATHLEN+1];
`char namelNFS_MAXNAMLEN+l];
`
`/* path to get to files w/r/t root */
`/* name of the attach point */
`
`int id;
`int highsec;
`int anon;
`int timeout;
`int idle;
`int access;
`int dead;
`
`BlackBerry Corporation Exhibit 1017, pg. 7
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`The following is a mapping of the claim terms to the names given to those terms in the CFS
`source code:
`
`decryption key value
`
`c f 3 key key
`
`Alternatively, to the extent that CFS source code doesn’t disclose this limitation, CFS source
`code in combination with CFS I renders obvious this limitation.
`
`CFS I.
`
`“Each directory is protected by set of cryptographic keys. These keys can be supplied by user
`entry via the keyboard or, if hardware is available, through removable "smart cards" connected to
`the client computer. When entered from the keyboard, keys take the form of arbitrary-length
`"passphrases" [key name] which are used to generate the set of internal cryptographic keys [key
`value] used by CFS's encryption routines.” P. 11, 2nd col., last para.
`
`
`
`CFS Source Code.
`[E] detecting an open command
`for a given document issuing from CFS Source Code discloses “detecting an open command ...”
`a user of an application program
`using a user input device
`
`Specifically, CFS (cfsd) detects the file system operations such as open command and close
`command for a given file.
`
`“CFS is implemented as a server, called cfsd, for the Sun Network File System (NFS) protocol
`plus extensions for associating keys with directories. cfsd monitors the local host virtual network
`interface for remote procedure calls requests from the local machine. Once the local machine
`invokes an NFS “mount” on the localhost interface for the CFS mount point (/crypt), cfsd handles
`file system operations for the mounted file system as if it were a remote file server.” (See
`
`BlackBerry Corporation Exhibit 1017, pg. 8
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`notes.ms2121-129.)
`
`During the installation process, CFS registers the function responsible for reading and decrypting
`a file, nfsproc_read_2, with the network file system (NFS) service. Thus, when NFS detects that
`a file is to be read, the registered CFS read function will be executed (See README.linux:49)1.
`
`It is inherent that
`The commands are issued from a user of an application such as echo and cat2.
`the commands are issued using a user input device such as a keyboard. As an example, cat
`command opens the file, reads the contents, closes the file and displays the content of the file on
`the terminal. It may use NFSPROC_LOOKUP, NFSPROC_READ to locate the file, open and
`read the contents of the file.
`
`See, also, README.linux:42-54, nfsproto.x at 298-354, rpcgenout.shar.
`
`Alternatively, to the extent that CFS source code doesn’t disclose this limitation, CFS source
`code in combination with CFS I renders obvious this limitation.
`
`
`
`CFS I.
`
`“When a read or write operation occurs, the handle is used as an index into this table to find the
`underlying file name. cfsd uses regular Unix system calls to read and write the file contents,
`which are encrypted before writing and decrypted after reading, as appropriate. To avoid repeated
`open and close calls, cfsd also maintains a small cache of file descriptors for files on which there
`have been recent operations. Directory and symbolic link operations, such as readdir, readlink,
`and lookup are similarly translated into appropriate system calls and encrypted and decrypted as
`needed.” p. 14, 2nd col., lSt full para. (emphasis added)
`
`[F] in response to the open
`
`CFS Source Code.
`
`1 It is inherent that the file has to be opened to be read.
`
`BlackBerry Corporation Exhibit 1017, pg. 9
`
`

`

`The ‘358 Patent
`
`CFS Source Code & CFS I
`
`Claims/Elements
`
`command, the crypto server using
`the first table to determine if the
`
`given document should be
`decrypted
`
`CFS Source Code discloses “in response to the open command, ...”
`
`When the CFS Source Code calls nf sproc_read_2 function, which is responsible for reading
`and decrypting a file3, CFS attempts to retrieve the corresponding entry, of s_f i leid* h,
`from the file hash table. Specifically, when nf sproc_read_2 is called from the NFS service
`to read a file, the corresponding file handle, ap—>f h, is included as a parameter.
`
`the NFS file system (so that the file is opened without decryption).
`
`The file handle for the file is passed to the geth function (See cfs_fi1.c:396-428) in order to
`
`retrieve the file hash table entry corresponding to the file to be read. The geth function in turn
`
`calls the f indh function (See cfs_fh.c:367-392), which searches through the file hash table until
`
`it finds a file hash table entry with a f i leid that matches the id of the file to be read (See
`
`cfs_fl1.c:384). The matching file hash table entry is assigned to variable h (See cfs_fl1.c:388). If
`
`no matching entry is found, then the NULL value is assigned to h (See cfs_fl1.c:39l). Thus, a file
`that needs decryption will be identified in the file hash table, whereas a file that does not need
`encryption will be assigned a NULL value and control transferred back to the program calling on
`
`BlackBerry Corporation Exhibit 1017, pg. 10
`
`

`

`—<ap.rm
`readargs *ap;
`SR rp;
`
`static readres ret;
`static char buffer[8192];
`int fd;
`int uid;
`int len;
`
`cfskey *kew;
`int ht;
`
`cfs_fileid *h;
`
`311
`312
`313
`314
`315
`316
`317
`318
`319
`320
`321
`322
`323
`324
`325
`326
`327
`
`328 readres *
`
`
`static cfs_fileid *
`findh(id,ins
`#ifdef SHORTLINKS
`.linkid)
`int linkid:
`#else /* SHORTLINKS */
`)
`#endif /* SHORTLINKS */
`int id:
`int ins;
`
`#ifdef DEBUG
`
`printf("read:\n");
`#endif
`
`if ((ht=htype 1| =geth _i )) !=H_REG)
`
`{
`
`BlackBerry Corporation Exhibit 1017, pg. 11
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`378
`379
`380
`
`381
`
`383
`384
`385
`386
`387
`388
`389
`
`39o
`391
`
`uiint bucket;
`cfs_fileid *f;
`
`bucket=hash(id);
`
`{
`while (f!=NULL)
`if (f->fileid == id)
`#ifdef SHORTLINKS
`if (f->linkid == linkid)
`#endif /* SHORTLINKS */
`return f;
`f=f->next;
`
`/* note recast */
`
`}
`return NULL;
`
`
`
`392
`
`}
`
`[See, also, cfs_fl1.c at 395 — 428.]
`
`The determination of whether to decrypt a document is made by determining if an entry
`corresponding to the document exists in the file hash table. If a corresponding entry in the file
`hash table, the document is decrypted.
`
`Alternatively, to the extent that CFS source code doesn’t disclose this limitation, CFS source
`code in combination with CFS I renders obvious this limitation.
`
`CFS I.
`
`“. . .0de uses regular Unix system calls to read and write the file contents, which are encrypted
`before writing and decrypted after reading, as appropriate.” p. l4, 2““1 col., lSt full para. (emphasis
`added)
`
`[G] if the given document should
`be decrypted, then
`
`CFS Source Code discloses “if the given document should be decrypted.”
`
`BlackBerry Corporation Exhibit 1017, pg. 12
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`Specifically, if an entry corresponding to the file to be read exists in the file hash table, the
`nfsproc_read_2 function proceeds (See cfs_nfs.c:3l 1-331).
`
`if ((ht=htype (h=geth(—i )) !=H_REG)
`ret.status=herr(ht)7
`return &ret;
`
`{
`
`}
`
`205 #definem (&((f)—>ins—>key))
`
`Specifically, if an entry for the file to be read does not exist in the file hash table, the ht ype
`
`function (See cfs_fl1.c:43 1-440) Will not return H_REG. This causes nf sproc_read_2
`function to return control to the calling function. (See cfs_nfs.c:330). However, if the geth
`
`function (See cfs_fl1.c:396-428) successfully retrieves a file ID table entry for the file, the ht ype
`function Will return H_RE G. Accordingly, execution of the function nf sproc_read_2
`proceeds. (See cfs_nfs.c:328).
`
`CFS Source Code discloses “retrieving the key name ...”
`
`Specifically, CFS Source Code retrieves the instance pointer, h—>ins, (i.e., the key name) from
`the associated file hash table entry. The file hash table entry is identified using the name of the
`document (i.e., int fi leid). (See cfs_nfs.c:328—33l and 347; and cfs.h:205).
`
`[H] retrieving the key name
`associated with the name of the
`
`given document from the first
`table
`
`cfi-I.3.3/cfi_nfi.c:346-34 7:
`346
`/* do the read */
`347
`key=keyof(h);
`
`cfi-1.3.3/Cfi.h:205:
`
`BlackBerry Corporation Exhibit 1017, pg. 13
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`Also in cfi-1.3.3/cfi.h:
`72
`typedef—{ /* hash table entry */
`vs
`
`74
`75
`76
`77
`78
`79
`80
`81
`82
`83
`
`84
`85
`86
`
`for future use */
`/* key id,
`int key;
`char vect[9];
`/* pertubation vector */
`Char vectnamel1024];
`/* name of symlink w/ pert vect */
`Char *name;
`/* encr oted oath, w/r/t cfs root */
`/* the name should be changed to a list of names, and we should make
`sure we have the right one open.
`Lookup (not
`link) adds names,
`remove and rmdir delete names. */
`struct fdcache *fd;
`/* fd,
`if already open, or NULL (reg files only)*/
`int parent;
`/* dir only; —1 for instance root
`(send back self)*/
`#ifdef SHORTLINKS
`
`/* dir only; for shortlinks. */
`int linkicount;
`int linkid;
`/* short
`links only */
`#endif
`
`87
`88
`
`struct cfs_fileid *next;
`struct instance *ins;
`} cfsifileid;
`
`/* this is redundnat, but helps */
`
`
`
`See, also, cfs.h: 72-89.
`
`[I] retrieving the decryption key
`value associated with the key
`name from a second table, the
`second table having at least one
`decryption key value
`
`CFS Source Code discloses “retrieving the decryption key ...”
`
`Specifically, CFS Source Code discloses a second table implemented as an array of instance
`structs (i.e., an “instances table”). An array is a basic data structure that can be used, for
`example, to implement a table. Each element of the instance struct corresponds to a column.
`As an example, key element of the instance struct corresponds to a column Whole name is
`key. Rows of the instances table can be accessed using the array indices. For example, to access
`the second row of the instances table, index 1 is used4.
`
`BlackBerry Corporation Exhibit 1017, pg. 14
`
`

`

`cfisJ‘h.c: 66:
`66
`instance *instancesININSTANCES];
`
`Once the instance pointer (i.e., the key name) for the file is determined, the instance pointer is
`used to determine the key value associated with the file from the instances table. (See, e.g.,
`cfs_nfs.c:347, cfs.h:205, and cfs_fh.c:66) The instance pointer points to the decryption key
`value, h—>ins—>key.
`
`cfis-I . 3.3/cfi9_nfs.c:34 7:
`346
`/* do the read */
`347
`key=keyof(h);
`
`cfis-I.3.3/cfi9.h:205:
`205 #definem (&((f)—>—))
`
`Also in afih:
`146
`typedef struct instance {
`147
`cfs_fileid *file[HMASK+1];
`148
`char path[NFS_MAXPATHLEN+1];
`149
`char name[NFS_MAXNAMLEN+1];
`
`/* path to get to files w/r/t root */
`/* name of the attach point */
`
`
`
`u_char check[8];/* we just encrypt the date and copy it here */
`int uid;
`/* authorized uid */
`/* we need a better credential mechanism */
`/* same as its position in instances[] */
`/* use perturbation vectors */
`/* invisability */
`(O is infinite) */
`/* absolute timeout
`/* idle timer
`(0 is infinite) */
`/* last access time (for use by idle timer) */
`/* to be killed */
`
`151
`152
`153
`154
`155
`156
`157
`158
`159
`160
`161
`
`int id;
`int highsec;
`int anon;
`int timeout;
`int idle;
`int access;
`int dead;
`} instance;
`
`BlackBerry Corporation Exhibit 1017, pg. 15
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`The following is a mapping of the claim terms to the names given to those terms in the CFS
`Source Code:
`
`second table
`
`instance
`
`*instances[NINSTANCES]
`
`[J] causing the given document to
`be decrypted.
`
`CFS Source Code discloses “causing the given document to be decrypted.”
`
`Specifically, after the CFS Source Code retrieves the decryption key, it calls readblock
`
`function, which reads the encrypted data from the file. The readblock function calls the
`
`dodecrypt function which decrypts the data.
`
`347
`348
`349
`350
`
`351
`352
`353
`
`key=keyof(h);
`{
`if (key==NULL)
`ret.status=cfserrno;
`break;
`
`}
`if ((len readblock(buffer,fd,ap—>offset,ap—>count,
`key,vectof(h)))<0){
`
`
`
`2. The process of decrypting
`documents of claim 1 further
`
`CFS Source Code in combination with Chan ‘018 renders claim 2 of ‘358 obvious as described
`below.
`
`comprising providing an
`electronic document management
`system comprising a SQL
`database, a SQL database server
`and a SQL database client,
`
`CFS Source Code anticipates claim 1 as described above. To the extent CFS explicitly does not
`disclose a SQL database, a SQL database server and a SQL database client, Chan ‘018 discloses
`these elements.
`
`BlackBerry Corporation Exhibit 1017, pg. 16
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`wherein the electronic document
`
`management system performs the
`detecting step.
`
`Chan ‘018 discloses an electronic document management system comprising a SQL database
`management system (DBMS). This includes SQL database, SQL database server and SQL
`database clients.
`
`
`
`“The information server includes a database management system (DBMS) with an interface
`procedure for receiving and responding to SQL statements from client computers.
`The
`database access procedure includes embedded encrypted SQL statements, representing a
`predefined subset of a predefined full set of SQL statements ....” Abstract (emphasis added).
`“The present invention relates generally to systems and methods for enabling remote client
`computers to access data in a database server using standard SQL-level statements ....” (Col. 1,
`ll. 4-6 (emphasis added».
`
`Since the database resides on the SQL electronic document management system, commands to
`open the documents residing on the SQL database would be detected by the SQL electronic
`document management system.
`
`CFS Source Code
`
`The CFS Source Code discloses a hash file table that includes an indicator of Whether a file
`
`should be encrypted by the absence or presence of an entry for the file in the file hash table. As
`explained in claim 1, element [F], if the entry is present in the hash file table, the file needs to be
`decrypted. If the entry is not present, the file does not need decryption. Since a database is a
`well—known method for storing tables, it would be an obvious design choice to store the file hash
`table in a database (See claim 1, element [F]).
`
`Rackman ’646
`
`Alternatively, to the extent CFS source code doesn’t disclose claim 3, CFS source code in
`combination with Rackman ‘646 renders obvious claim 3 as described below.
`
`Furthermore, Rackman ‘646 discloses a database in a document production system. The database
`stores images of documents For example, in the system of Rackman, “Field 2 consists of two
`
`3. The process of decrypting
`documents of claim 1 further
`
`comprising
`providing a database, the database
`including an indicator of whether
`the documents should be
`
`decrypted if the indicator in the
`database does not indicate that the
`
`given document is to be
`decrypted, determining that the
`document should not be
`
`decrypted.
`
`BlackBerry Corporation Exhibit 1017, pg. 17
`
`

`

`The ‘358 Patent
`
`CFS Source Code & CFS I
`
`Claims/Elements
`
`It would be obvious for one of skill in the art to combine the flags in the database of Rackman
`with CFS to provide “a database. . .including an indicator of whether documents should be
`decrypted,” as recited in claim 3.
`
`bits, a redaction-exists flag, and a this-is-it flag. The former flag is a 1 if the document is being
`produced to opposing counsel in redacted form. As discussed above, what is actually produced is
`an image pair--an encrypted unredacted image, and an unencrypted redacted image. (Even the
`latter image may have been encrypted with a confidentiality encryption key, and the former
`image may have been doubly encrypted if it is confidential.) The second flag identifies a
`particular image as one of these two forms. If the this-is-it flag is a 1, then the associated image is
`in redacted form; if the flag is a 0, then the associated image is not redacted (although it will be
`encrypted). If the redaction-exists flag is a 0, then there is only one associated (unredacted)
`image, and the value of the this-is-it flag is irrelevant” (See Rackman, col. 6, 11. 14—29).
`
`security with good performance on a modern workstation” (See notes.ms:24-26)
`
`4. The process of decrypting
`documents of claim 1 further
`
`comprising decrypting the given
`document with a DES algorithm.
`
`CFS Source Code anticipates claim 4 of the ‘358 patent as described below.
`
`CFS Source Code discloses “the process of decrypting ...”
`
`Specifically, the CFS Source Code discloses performing decryption with DES algorithms.
`
`“CFS employs a novel combination of DES stream and codebook cipher modes to provide high
`
`BlackBerry Corporation Exhibit 1017, pg. 18
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`/* granularity of DES encryption */
`#define CFSBLOCK 8
`/* writing is a bit tricky — if not
`8 byte boundry,
`read in prev & next
`8 byte boundry first, make the change in place, and write back the whole
`thing *J
`
`i—‘toNNNN
`
`single DES *J
`BDES *X
`key hybrid IDEA in/ai *f
`key hybrid BLOWFISH (nia) */
`key hybrid SKIPJACK (PCMCIA)
`key hybrid MacGuffin *f
`/* 1 key hybrid SAFER~SK128 *X
`f* 3 key hybrid BDES *f
`
`(nfai */
`
`card.
`
`STD_DES 0
`THREE—DES 1
`#define IDEA 2
`#define BLOWFISH 3
`
`#define SKIPJACK 4
`#define MCG 5
`#define SAFERfiSKlES 6
`#define TRUE_THREE_DES 7
`
`5. The process of decrypting
`documents of claim 1 wherein the
`
`The CFS Source Code anticipates and/or renders obvious claim 5 of the ‘358 patent as described
`below.
`
`second table is stored in a smart
`
`The CFS Source Code teaches the use of smart cards. Smartcards are portable data storage
`devices.
`
`“The smartcard version of the command is similar in operation, but also requires a CFS smartcard
`be present in the smartcard reader.” (cattach.1:25-26)
`
`“The smartcard version of \chmkdir\fP initializes a key smartcard and requires that a blank
`smartcard be inserted into the smartcard reader.” (ckdir.1:13-15)
`
`It would be obvious for one of ordinary skill in the art at the time to store the second table in a
`smart card.
`
`To the extent that the CFS Source Code does not disclose the use of smart card for storing the
`second table, CFS Source Code in combination with CFS 1 references renders claim 9 of the ‘358
`
`BlackBerry Corporation Exhibit 1017, pg. 19
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`patent obvious.
`
`fl
`CFS I discloses that the keys (i.e., the key values) and hence the second table could be stored in a
`smart card.
`
`“In particular, keys could be contained in or managed by "smart cards" that would remain in the
`physical possession of authorized users” (CFS 1, pg. 11, 2“d col., 2“d par.).
`
`
`
`Specifically, CFS Source Code is a computer program which can be installed on computers with
`SunOS 4.1.2 and BSD/3 86 operating system.
`“CFS was developed under SunOS 4.1.2 and BSD/ 386 (BSDI).” (See Notes.ms:l70.)
`“The system is designed to be installed on individual single- user workstations.” (See
`Notes.ms:182-183.)
`
`6. A computer program product
`comprising a computer usable
`medium having computer
`readable program code embodied
`therein for decrypting documents,
`the program code for causing a
`processor to
`
`CFS Source Code anticipates claim 6 of the ‘358 patent as described below.
`
`CFS Source Code discloses “a computer program product ...”
`
`It is inherent that such computers include a computer usable medium such as a hard drive or a
`floppy drive.
`“. . .cleartext is never stored on a disk ...” (Notes.msz23)
`
`When installed, the CFS Source Code resides on the hard disk (or the floppy drive.) When
`running, the software program resides on the memory of the computer and causes the processor
`of the computer execute instructions that are part of the CFS Source Code.
`
`See also, claim 1, preamble & element [B].
`
`BlackBerry Corporation Exhibit 1017, pg. 20
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`See claim 1, preamble, element [A] & element [B].
`
`See claim 1, element [C].
`
`See claim 1, element [D].
`
`[A] cause plural documents to be
`decrypted, the documents having
`respective names
`
`[B] record in a first table
`the names of the encrypted
`documents
`
`[C] for each of the names of
`encrypted documents in the first
`table, a key name associated With
`a decryption key value for the
`encrypted document
`
`[D] detect an open command for a
`given document issuing from a
`user of an application program
`using a user input device
`
`[E] in response to the open
`command use the first table to
`
`determine if the given document
`should be decrypted
`
`
`
`See claim 1, element [E].
`
`See claim 1, element [F].
`
`[F] if the given document should
`be decrypted, then
`
`See claim 1, element [G].
`
`[G] retrieve the key name
`associated with the name of the
`
`given document from the first
`
`See claim 1, element [H].
`
`BlackBerry Corporation Exhibit 1017, pg. 21
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`——
`
`[H]]retrieve the decryption key
`value associated with the key
`name from a second table, the
`second table having at least one
`decryption key value
`
`See claim 1, element [1].
`
`[1] cause the given document to be
`decrypted.
`
`See claim 1, element [J].
`
`
`
`7. The computer program product
`of claim 6, the program code
`further for causing the processor
`to decrypt the given document
`with a DES algorithm.
`
`8. A general purpose computer
`system comprising the computer
`program product of claim 6.
`
`CFS Source Code anticipates claim 7 of the ‘358 patent as described below.
`
`See claim 4.
`
`CFS Source Code anticipates claim 8 of the ‘358 patent as described below.
`
`CFS expressly discloses that the system is operated on a general purpose computer system.
`SunOS is an operating system that would be run on general purpose computers.
`
`“CFS as distributed runs under SunOS and, with a little coaxing, several other BSD-derived
`systems including BSD/386” (See notes.ms:3 1-32).
`
`See also, claim 6 at Preamble.
`
`9. The computer program product
`of claim 6, the program code
`further for causing the processor
`
`The CFS Source Code anticipates and/or renders obvious claim 9 of the ‘358 patent as described
`below.
`
`BlackBerry Corporation Exhibit 1017, pg. 22
`
`

`

`The ‘358 Patent
`
`Claims/Elements
`
`CFS Source Code & CFS I
`
`to obtain decryption key values
`from a portable data storage
`device.
`
`The CFS Source Code teaches the use of smart cards. Smartcards are portable data storage
`devices.
`
`“The smartcard version of the command is similar in operation, but also requires a CFS smartcard
`be present in the smartcard reader.” (cattach. 1 225-26)
`
`“The smartcard version of \chmkdir\fP initializes a key smartcard and requires that a blank
`smartcard be inserted into the smartcard reader.” (ckdir. l : 13-15)
`
`It would be obviou