`
`Page 1
`
`·2· · · · ·BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`·3· ·----------------------------------------------------
`· · · · · · · · · · · · ·APPLE INC.,
`·4
`· · · · · · · · · · · · ·Petitioner,
`·5
`· · · · · · · · · · · · · · ·vs.
`·6
`· · · · · · · · · · · · RFCYBER CORP.,
`·7
`· · · · · · · · · · · · Patent Owner.
`·8
`· · · · · · Inter Partes Review No. IPR2022-01256
`·9· · · · · · · · U.S. Patent No. 11,018,724
`
`10· ·----------------------------------------------------
`
`11· · · · · · · · · · · ·APPLE INC.,
`
`12· · · · · · · · · · · ·Petitioner,
`
`13· · · · · · · · · · · · · ·vs.
`
`14· · · · · · · · · · · RFCYBER CORP.,
`
`15· · · · · · · · · · · Patent Owner.
`
`16· · · · · Inter Partes Review No. IPR2022-01239
`· · · · · · · · · U.S. Patent No. 10,600,046
`17· ----------------------------------------------------
`
`18
`
`19· · · · · · · VIDEOCONFERENCE DEPOSITION OF
`· · · · · · · · · ·ALFRED C. WEAVER, PH.D.
`20
`· · · · · · · TAKEN ON BEHALF OF THE PETITIONER
`21
`· · · · · · · · · · · · AUGUST 7, 2023
`22
`
`23
`
`24· · (Starting time of the deposition:· 8:58 a.m. CST.)
`
`25
`
`IPR2022-01239
`Apple EX1029 Page 1
`
`
`
`·1· · · · · · · · · · · · I N D E X
`
`Page 2
`
`·2· QUESTIONS BY:· · · · · · · · · · · · · · · · ·PAGE
`
`·3· ·MR. HART· · · · · · · · · · · · · · · · · · · · 5
`
`·4
`
`·5· · · · · · · · · · ·E X H I B I T S
`
`·6
`
`·7· EXHIBIT· · · · · · · · · · · · · · · · · · · ·PAGE
`
`·8· ·Exhibit 2002· ·.............................· ·19
`
`·9· ·Exhibit 1001· ·.............................· ·26
`
`10· ·Exhibit 2001· ·.............................· ·37
`
`11· ·Exhibit 1004· ·.............................· ·38
`
`12
`
`13· (The exhibits were retained by Mr. Hart.)
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`IPR2022-01239
`Apple EX1029 Page 2
`
`
`
`Page 3
`
`·1· VIDEOCONFERENCE DEPOSITION OF ALFRED C. WEAVER,
`
`·2· PH.D., produced, sworn and examined on August 7,
`
`·3· 2023, between the hours of eight o'clock in the
`
`·4· forenoon and twelve o'clock noon of that day, with
`
`·5· all attendees via Zoom conference, with the Witness
`
`·6· physically located in Charlottesville, Virginia,
`
`·7· before William L. DeVries, a Certified Court
`
`·8· Reporter (MO) (AR) (KS), Certified Shorthand
`
`·9· Reporter (IL) (IA), licensed in [TN], Registered
`
`10· Diplomate Reporter, and a Certified Realtime
`
`11· Reporter, in certain causes now pending in the
`
`12· United States Patent and Trademark Office, Before
`
`13· the Patent Trial and Appeal Board, between APPLE
`
`14· INC., Petitioner, vs. RFCYBER CORP., Patent Owner;
`
`15· on behalf of the Petitioner.
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`IPR2022-01239
`Apple EX1029 Page 3
`
`
`
`·1· · · · · · · · · A P P E A R A N C E S
`
`Page 4
`
`·2· · · ·(All appearances via Zoom videoconference.)
`
`·3
`
`·4· · · · For the Petitioner:
`
`·5· · · · · · Mr. Paul R. Hart
`· · · · · · · Erise IP, P.A.
`·6· · · · · · 5299 DTC Boulevard, Suite 1340
`· · · · · · · Greenwood Village, Colorado 80111
`·7· · · · · · (913) 777-5600
`· · · · · · · paul.hart@eriseip.com
`·8
`· · · · · · · Mr. Hunter Horton
`·9· · · · · · Erise IP, P.A.
`· · · · · · · 7015 College Boulevard, Suite 700
`10· · · · · · Overland Park, Kansas 66211
`· · · · · · · (913) 777-5600
`11· · · · · · hunter.horton@eriseIP.com
`
`12
`· · · · · For the Patent Owner:
`13
`· · · · · · · Mr. Richard M. Cowell
`14· · · · · · Fabricant LLP
`· · · · · · · 411 Theodore Fremd Avenue
`15· · · · · · Suite 206 South
`· · · · · · · Rye, New York 10580
`16· · · · · · (212) 257-5797
`· · · · · · · rcowell@fabricantllp.com
`17
`
`18· · · · Also Present:
`
`19· · · · · · Mr. Ryan Gray, Exhibit Technician
`· · · · · · · Lexitas Legal
`20
`
`21· Court Reporter:
`· · William L. DeVries, RDR/CRR
`22· Licensed and Certified in:
`· · IL, MO, AR, IA, KS, TN
`23· Lexitas Legal
`· · 711 North Eleventh Street
`24· St. Louis, Missouri 63101
`· · (314) 644-2191
`25· 1-800-280-3376
`
`IPR2022-01239
`Apple EX1029 Page 4
`
`
`
`·1· · · · · · · ·IT IS HEREBY STIPULATED AND AGREED by
`
`Page 5
`
`·2· and between counsel for the Petitioner and counsel
`
`·3· for the Patent Owner that this deposition may be
`
`·4· taken in shorthand by William L. DeVries, RDR/CRR, a
`
`·5· Certified Court Reporter and Certified Shorthand
`
`·6· Reporter, and afterwards transcribed into
`
`·7· typewriting; and the signature of the witness is
`
`·8· expressly reserved.
`
`·9· · · · · · · · · *· · *· · *· · *· · *
`
`10· · · · · · · · ·ALFRED C. WEAVER, PH.D.,
`
`11· of lawful age, produced, sworn and examined on
`
`12· behalf of the Petitioner, deposes and says:
`
`13· · (Starting time of the deposition:· 8:58 a.m. CST.)
`
`14· · · · · · · ·COURT REPORTER:· Do you swear or affirm
`
`15· that the testimony you are about to give in this
`
`16· proceeding will be the truth, the whole truth, and
`
`17· nothing but the truth?
`
`18· · · · · · · ·THE WITNESS:· I do.
`
`19· · · · · · · · · · · ·EXAMINATION
`
`20· QUESTIONS BY MR. HART:
`
`21· · · · · Q.· ·All right.· Welcome this morning,
`
`22· Dr. Weaver.· Can you, just to get us started, state
`
`23· your full name for the record?
`
`24· · · · · A.· ·Yes.· Good morning, Mr. Hart.· I'm
`
`25· Alfred Charles Weaver.
`
`IPR2022-01239
`Apple EX1029 Page 5
`
`
`
`·1· · · · · Q.· ·Thanks very much.· And I understand
`
`Page 6
`
`·2· you've been deposed before; is that correct?
`
`·3· · · · · A.· ·Yes, sir.
`
`·4· · · · · Q.· ·Approximately how many times have you
`
`·5· had your testimony taken?
`
`·6· · · · · A.· ·I can count at least 18 times.
`
`·7· · · · · Q.· ·Okay.· I'll keep the ground rules
`
`·8· short.· I think the number one rule today is to make
`
`·9· sure we create a clear record that the court
`
`10· reporter can capture.· To that end, only one of us
`
`11· can speak at a time.· I will do my best to not speak
`
`12· over you.· If at any point I start asking a
`
`13· follow-up question before you have finished your
`
`14· answer to the prior question, can you please stop me
`
`15· and let me know?
`
`16· · · · · A.· ·Will do.
`
`17· · · · · Q.· ·Okay.· Very good.· It's also my job to
`
`18· ask good, clear questions today.· If at any point I
`
`19· ask a question that you do not understand in part or
`
`20· in full, please let me know and I will attempt to
`
`21· rephrase it in a clearer manner.· Is that also
`
`22· understood?
`
`23· · · · · A.· ·Yes, understood.
`
`24· · · · · Q.· ·Okay.· Is there any reason, medical or
`
`25· otherwise, that you might not be able to provide
`
`IPR2022-01239
`Apple EX1029 Page 6
`
`
`
`·1· full and truthful testimony today?
`
`·2· · · · · A.· ·No.
`
`Page 7
`
`·3· · · · · Q.· ·All right.· Very good.· I'd like to
`
`·4· begin today by discussing your experience relevant
`
`·5· to the issues in this case.· The definition the
`
`·6· petitioner has proffered for a person of ordinary
`
`·7· skill in the art is someone who would have had at
`
`·8· least a bachelor's degree in computer engineering,
`
`·9· computer science, electrical engineering, or a
`
`10· related field with at least one year of experience
`
`11· in the field of mobile payment technology.
`
`12· Additional pertinent education might substitute for
`
`13· the requisite experience and vice versa.
`
`14· · · · · · · ·At a high level, can you help me
`
`15· understand where you have gained your experience
`
`16· with mobile payment technology that qualifies you to
`
`17· opine on the issues in this case?
`
`18· · · · · A.· ·Sure.· I have been teaching the
`
`19· department of computer science at the University of
`
`20· Virginia since 1977, and I have been teaching
`
`21· electronic commerce since 1995.· Over that period of
`
`22· time from 1995 to 2020 I have revised at least
`
`23· annually my electronic commerce course and its
`
`24· content.
`
`25· · · · · · · ·I have personally studied electronic
`
`IPR2022-01239
`Apple EX1029 Page 7
`
`
`
`·1· commerce and payment systems and computer security
`
`Page 8
`
`·2· as pertinent to payment systems.· I have
`
`·3· incorporated into my course five 75-minute lectures
`
`·4· on payment systems, how they operate, using Apple
`
`·5· Pay as an example, and getting into the crucial
`
`·6· elements such as the security element portion of
`
`·7· Apple Pay.
`
`·8· · · · · · · ·In my own personal life outside of the
`
`·9· university I've created five companies, and one of
`
`10· those -- the most successful of those was a company
`
`11· called Reliacast that was used to provide reliable
`
`12· and secure video streaming services to companies.
`
`13· · · · · · · ·The intended target for that product
`
`14· was streaming multimedia.· And finally, in the year
`
`15· 2006, I and my partners were able to sell that
`
`16· company to Comcast.· As part of all of that, we
`
`17· studied and implemented payment systems.
`
`18· · · · · · · ·In my course I created as a course
`
`19· project the challenge for student teams of three to
`
`20· decide on a product or service that they could sell,
`
`21· and then to, from scratch, create a website that
`
`22· would support that -- that effort.· And incorporated
`
`23· in that course project would be the creation of
`
`24· electronic catalogues and inventory management and
`
`25· payment systems.· So that's where I gained my
`
`IPR2022-01239
`Apple EX1029 Page 8
`
`
`
`·1· experience.
`
`Page 9
`
`·2· · · · · Q.· ·Let's -- let's start with your
`
`·3· electronic commerce teaching, your coursework and
`
`·4· your electronic commerce work as a professor.· What
`
`·5· is electronic commerce?
`
`·6· · · · · A.· ·You are frozen.· Okay.· You're back.
`
`·7· · · · · Q.· ·Okay.· Can you hear -- I guess it
`
`·8· doesn't matter if you can see me, but can you hear
`
`·9· me okay?
`
`10· · · · · A.· ·I can.
`
`11· · · · · Q.· ·All right.· Very good.· My question was
`
`12· just what is electronic commerce as it pertains to
`
`13· your role as a professor?
`
`14· · · · · A.· ·Electronic commerce is the development
`
`15· of web applications that can support the selling of
`
`16· products or services.
`
`17· · · · · Q.· ·Do you cover smart cards in your
`
`18· electronic commerce courses?
`
`19· · · · · A.· ·Yes.
`
`20· · · · · Q.· ·Okay.· What level of detail -- at what
`
`21· level of detail do you teach smart card technology
`
`22· in your electronic commerce courses?
`
`23· · · · · A.· ·I go down to the level of the framework
`
`24· of the computer and most essentially the creation
`
`25· and management of the secure element on the smart
`
`IPR2022-01239
`Apple EX1029 Page 9
`
`
`
`·1· card like Apple Pay, and I discuss in some detail
`
`Page 10
`
`·2· each of the elements that one would find within the
`
`·3· secure elements.· So a secure operating system,
`
`·4· secure memory, secure applications, cryptography,
`
`·5· communications, and related topics.
`
`·6· · · · · Q.· ·Now, before I got into this I probably
`
`·7· should have framed this conversation a little more
`
`·8· precisely.· The petitioner has proposed a March 4,
`
`·9· 2012 priority date for the '724 proceeding.· That's
`
`10· IPR2022-01256 involving the '724 patent.· So if I
`
`11· re-ask that last question because I believe you keep
`
`12· referencing Apple Pay, I believe Apple Pay postdates
`
`13· that 2012 priority date.· Prior to March 4, 2012,
`
`14· did you cover smart cards in your electronic
`
`15· commerce courses?
`
`16· · · · · · · ·MR. COWELL:· Objection to form.
`
`17· · · · · A.· ·No, that was a more recent addition.
`
`18· · · · · Q.· ·(By Mr. Hart)· At what point in time
`
`19· did you begin covering smart card technology in your
`
`20· electronic commerce courses?
`
`21· · · · · A.· ·I don't have a date in mind, but it
`
`22· would be shortly after the introduction of Apple Pay
`
`23· technology.
`
`24· · · · · Q.· ·All right.· Have you ever covered the
`
`25· subject matter of downloading payment applications
`
`IPR2022-01239
`Apple EX1029 Page 10
`
`
`
`·1· to a smart card-equipped mobile device in your
`
`Page 11
`
`·2· electronic commerce courses?
`
`·3· · · · · A.· ·Yes.
`
`·4· · · · · Q.· ·Okay.· And would any of that subject
`
`·5· matter have been introduced in your courses prior to
`
`·6· March 4, 2012?
`
`·7· · · · · · · ·MR. COWELL:· Objection to form.
`
`·8· · · · · A.· ·I don't think so.· That -- that was
`
`·9· more recently added.
`
`10· · · · · Q.· ·(By Mr. Hart)· When you added smart
`
`11· card technology to your electronic commerce courses,
`
`12· did you cover any technology that existed prior to
`
`13· March 4, 2012?
`
`14· · · · · · · ·MR. COWELL:· Objection to form.
`
`15· · · · · Q.· ·(By Mr. Hart)· Or -- or was all the
`
`16· subject matter pertinent to smart cards as of Apple
`
`17· Pay and after?
`
`18· · · · · · · ·MR. COWELL:· Objection to form.
`
`19· · · · · A.· ·The addition of smart card technology
`
`20· to my electronic commerce course would have been
`
`21· alluded to as that technology evolved, but in terms
`
`22· of my ability to drill down into the operational
`
`23· details of the secure element and its associated
`
`24· hardware and software, those details were coincident
`
`25· with the introduction of Apple Pay.
`
`IPR2022-01239
`Apple EX1029 Page 11
`
`
`
`·1· · · · · Q.· ·(By Mr. Hart)· In your electronic
`
`·2· commerce courses or otherwise in your role as a
`
`·3· professor, have you ever familiarized yourself with
`
`·4· memory management in a smart card-equipped mobile
`
`Page 12
`
`·5· device?
`
`·6· · · · · A.· ·Yes.
`
`·7· · · · · Q.· ·Okay.· Have you familiarized yourself
`
`·8· with that subject matter as of or before March 2012?
`
`·9· · · · · · · ·MR. COWELL:· Objection to form.
`
`10· · · · · A.· ·Yes.
`
`11· · · · · Q.· ·(By Mr. Hart)· What was your experience
`
`12· with memory management in a smart card-equipped
`
`13· mobile device as of March 2012?
`
`14· · · · · A.· ·The memory management that is
`
`15· exemplified by a smart card is similar to that in a
`
`16· modern operating system, but then buttressed by the
`
`17· addition of communications protocols, security
`
`18· protocols, all of which were -- are associated with
`
`19· memory management with authentication, with
`
`20· authorization.
`
`21· · · · · · · ·So the -- the topics of memory
`
`22· management in a smart card are similar to those of a
`
`23· normal operating system.· As I said, they are then
`
`24· enhanced by the addition of authentication
`
`25· authorization and security protocols, and all of
`
`IPR2022-01239
`Apple EX1029 Page 12
`
`
`
`·1· those topics individually were known well prior to
`
`Page 13
`
`·2· 2012 and were taught in my course and in other
`
`·3· courses that I taught, such as operating systems.
`
`·4· · · · · Q.· ·And if I -- if I want to know about
`
`·5· your specific experience with the state of the art
`
`·6· as of March 2012 as it pertains to memory management
`
`·7· in a smart card-equipped mobile device, what could
`
`·8· you point me to in your background?
`
`·9· · · · · · · ·MR. COWELL:· Objection to form.
`
`10· · · · · A.· ·I would -- I would direct you to
`
`11· classic textbooks such as Tanenbaum's original
`
`12· textbook on operating systems and the organization
`
`13· and operation of computers.· I have on the bookshelf
`
`14· behind me the textbook by Stevens on communications
`
`15· protocols, which includes protocols that are used in
`
`16· smart cards.· So that information was known and
`
`17· taught by me prior to 2012.
`
`18· · · · · Q.· ·(By Mr. Hart)· And just to be clear,
`
`19· the subject matter you're talking about was taught
`
`20· by you prior to 2012, but not in the specific
`
`21· context of smart cards.· That smart card-specific
`
`22· context was added to your coursework later in time;
`
`23· is that right?
`
`24· · · · · A.· ·The references to let's say Apple Pay
`
`25· as an example of a smart card was added after 2012.
`
`IPR2022-01239
`Apple EX1029 Page 13
`
`
`
`·1· The discussion of operating systems, memory
`
`·2· management, communications protocols, security
`
`·3· apparatus, security protocols, authentication,
`
`Page 14
`
`·4· authorization, all of that was taught by me prior to
`
`·5· 2012.
`
`·6· · · · · Q.· ·And to be specific, your reference to
`
`·7· operating systems, memory management, communication
`
`·8· protocols, security apparatus, security protocols,
`
`·9· authentication, and authorization prior to 2012, was
`
`10· any of that specific to smart cards?· Did you
`
`11· address those subject matters as they pertained to
`
`12· smart cards prior to 2012?
`
`13· · · · · · · ·MR. COWELL:· Objection to form.
`
`14· · · · · A.· ·Yes.· Because many of those techniques
`
`15· that I just enumerated are the same ones that a
`
`16· smart card uses.
`
`17· · · · · Q.· ·(By Mr. Hart)· Would you have used the
`
`18· phrase smart card in your coursework prior to 2012?
`
`19· · · · · · · ·MR. COWELL:· Objection to form.
`
`20· · · · · A.· ·Well, I don't have -- I can't cite a
`
`21· particular date.· Certainly I did discuss smart
`
`22· cards as they were introduced into the marketplace.
`
`23· · · · · Q.· ·(By Mr. Hart)· Now, you've referenced a
`
`24· lot of foundational technology used in mobile
`
`25· commerce and electronic commerce from your earlier
`
`IPR2022-01239
`Apple EX1029 Page 14
`
`
`
`Page 15
`·1· coursework.· I'd like to talk specifically about the
`
`·2· global platform standard.· Are you familiar with the
`
`·3· global platform standard?
`
`·4· · · · · A.· ·Yes.
`
`·5· · · · · Q.· ·Have you ever taught the global
`
`·6· platform standard in your coursework?
`
`·7· · · · · A.· ·I have referenced it at a high level.
`
`·8· · · · · Q.· ·What time frame would you have
`
`·9· referenced the global platform standard at a high
`
`10· level?
`
`11· · · · · A.· ·It would have been after 2012.
`
`12· · · · · Q.· ·Have you ever personally worked with
`
`13· the global platform standard in any context?
`
`14· · · · · A.· ·No, not me personally.
`
`15· · · · · Q.· ·Have you ever personally worked on
`
`16· smart cards?
`
`17· · · · · A.· ·I have -- I have taught the subject as
`
`18· I explained, and that company Reliacast was
`
`19· developing soft -- payment software that would have
`
`20· included smart card payments as well as traditional
`
`21· credit cards, debit cards, and payment applications
`
`22· such as PayPal.
`
`23· · · · · Q.· ·If we narrow my question to payment
`
`24· applications on a secure element on a mobile device,
`
`25· do you have any exposure to that technology prior to
`
`IPR2022-01239
`Apple EX1029 Page 15
`
`
`
`·1· introducing the Apple Pay subject matter in your
`
`Page 16
`
`·2· coursework?
`
`·3· · · · · · · ·MR. COWELL:· Objection to form.
`
`·4· · · · · A.· ·I would have exposure from the computer
`
`·5· science journals and conference proceedings which I
`
`·6· read regularly throughout my career.
`
`·7· · · · · Q.· ·(By Mr. Hart)· Prior to adding Apple
`
`·8· Pay to your coursework, did you ever teach on the
`
`·9· subject matter of payment applications running on a
`
`10· secure element on a mobile device?
`
`11· · · · · · · ·MR. COWELL:· Objection to form.
`
`12· · · · · A.· ·I taught the fundamentals that are used
`
`13· in that environment, but I was not using Apple Pay
`
`14· as an example before 2012.
`
`15· · · · · Q.· ·(By Mr. Hart)· And did you ever present
`
`16· those fundamentals specifically in the context of
`
`17· mobile payment?
`
`18· · · · · A.· ·Yes.
`
`19· · · · · Q.· ·Okay.· And what were the -- what was
`
`20· the specific mobile payment context that you
`
`21· introduced those fundamentals prior to the Apple Pay
`
`22· introduction into your coursework?
`
`23· · · · · A.· ·The context would have been payments
`
`24· with credit cards or debit cards or payment
`
`25· applications like PayPal in which protection of
`
`IPR2022-01239
`Apple EX1029 Page 16
`
`
`
`·1· consumer information, sensitive financial
`
`Page 17
`
`·2· information would have been required in -- in any
`
`·3· web-based payment system.
`
`·4· · · · · Q.· ·In my original question leading to that
`
`·5· answer was specific to mobile payment technology on
`
`·6· a secure element on a mobile device and did not
`
`·7· encompass more broadly web-based secure financial
`
`·8· transactions.
`
`·9· · · · · · · ·So just to ask again, if we limit the
`
`10· question to payment applications on a secure element
`
`11· on a mobile device, the subject matter of the '724
`
`12· patent, did you ever specifically address that type
`
`13· of technology as a professor prior to the
`
`14· introduction of Apple Pay into your coursework?
`
`15· · · · · · · ·MR. COWELL:· Objection to form.
`
`16· · · · · A.· ·No.
`
`17· · · · · Q.· ·(By Mr. Hart)· And outside of your role
`
`18· as a professor in your role as a professional, as an
`
`19· engineer, as a start-up founder, have you ever
`
`20· worked with payment applications running on a secure
`
`21· element on a mobile device?
`
`22· · · · · · · ·MR. COWELL:· Objection to form.
`
`23· · · · · A.· ·My programming team would have done
`
`24· that, and I would have -- and I supervised that, but
`
`25· I was not a coder at that point in time.
`
`IPR2022-01239
`Apple EX1029 Page 17
`
`
`
`·1· · · · · Q.· ·(By Mr. Hart)· In what time frame is
`
`Page 18
`
`·2· the project you're alluding to in that answer?· You
`
`·3· are moving again now, Dr. Weaver.
`
`·4· · · · · A.· ·Once again, you cut out, so let's --
`
`·5· · · · · Q.· ·That was not an intentional dramatic
`
`·6· pause.· All right.· Let's see.· So -- so you -- I'll
`
`·7· just go back with my realtime here.
`
`·8· · · · · · · ·You explained that your programming
`
`·9· team would have done that and you would have
`
`10· supervised their work, but you were not a coder at
`
`11· that point in time.· My follow-up question is what
`
`12· time frame were you alluding to in that answer?
`
`13· · · · · A.· ·That would be between the years 2000 to
`
`14· about 2015.
`
`15· · · · · Q.· ·And what was the project?
`
`16· · · · · A.· ·It was developing payment systems for
`
`17· streaming multimedia.
`
`18· · · · · Q.· ·And what types of payment applications
`
`19· running on a mobile device were you guys working
`
`20· on -- I'm sorry.· Let me take a step back.
`
`21· · · · · · · ·Was this what ultimately became
`
`22· Reliacast that was sold to Comcast?
`
`23· · · · · A.· ·That's correct.
`
`24· · · · · Q.· ·Okay.· What payment applications
`
`25· running on a mobile device were you all working on
`
`IPR2022-01239
`Apple EX1029 Page 18
`
`
`
`·1· related to Reliacast?
`
`Page 19
`
`·2· · · · · A.· ·That would be credit cards, debit
`
`·3· cards, PayPal accessed from a mobile device.
`
`·4· · · · · Q.· ·And what was the secure element that
`
`·5· those applications ran on?
`
`·6· · · · · · · ·MR. COWELL:· Objection to form.
`
`·7· · · · · A.· ·They did not operate within a secure
`
`·8· element.· Instead, as I was explaining before, we
`
`·9· were using the same or similar data protection
`
`10· protocols in our work that are nowadays used within
`
`11· secure elements.
`
`12· · · · · Q.· ·(By Mr. Hart)· Do you know whether the
`
`13· Reliacast work ever relied upon the global platform
`
`14· standard?
`
`15· · · · · A.· ·It did not.
`
`16· · · · · Q.· ·Okay.· All right.· I would like to move
`
`17· on to some of the substance of your opinions in the
`
`18· '724 proceeding, and just to keep a somewhat clear
`
`19· record here, this is going to be in IPR2022-01256.
`
`20· Ryan, can I have you pull up Exhibit 2002 in the
`
`21· '724 patent proceeding?
`
`22· · · · · · · ·Dr. Weaver, we should all be able to
`
`23· look at the same screen here.· Can you see the cover
`
`24· page in your declaration from the '724 proceeding,
`
`25· Dr. Weaver?
`
`IPR2022-01239
`Apple EX1029 Page 19
`
`
`
`·1· · · · · A.· ·Yes, I can.
`
`Page 20
`
`·2· · · · · Q.· ·All right.· Very good.· Ryan, can you
`
`·3· scroll down to paragraph 62 in this document? I
`
`·4· believe that's going to be on page 20 -- there you
`
`·5· go.· Very good.· All right.· Dr. Weaver -- actually,
`
`·6· sorry, Ryan.· I was just -- can you take the excerpt
`
`·7· down?· Thank you.
`
`·8· · · · · · · ·The title of this section is (quote as
`
`·9· read):
`
`10· · · · · · · ·A POSITA would not be motivated to
`
`11· · · · · · · ·combine Buhot and GPC with Zhu's smart
`
`12· · · · · · · ·card manager because the Zhu smart card
`
`13· · · · · · · ·manager would defeat Buhot and GPC's
`
`14· · · · · · · ·elaborate security measures.
`
`15· · · · · · · ·Do you see that?
`
`16· · · · · A.· ·Yes.
`
`17· · · · · Q.· ·All right.· Now, paragraph 62 through
`
`18· 67, you walk through some of the specific teachings
`
`19· and testimony from petitioner's expert, and then I
`
`20· believe for the first time on -- in paragraph 68 you
`
`21· lay out your opinion as to why a POSITA would not be
`
`22· motivated to combine Zhu's smart card manager with
`
`23· the Buhot/GPC system.
`
`24· · · · · · · ·Can I have you just to yourself review
`
`25· paragraph 68 in this declaration so I can ask some
`
`IPR2022-01239
`Apple EX1029 Page 20
`
`
`
`·1· follow-up questions?· Can you let me know when
`
`Page 21
`
`·2· you're ready?
`
`·3· · · · · A.· ·Sure.· I've read paragraph 68.
`
`·4· · · · · Q.· ·All right.· Very good.· Is it a fair
`
`·5· characterization of this argument that you believe
`
`·6· the proposed combination requires storing payment
`
`·7· applications in general memory of the mobile
`
`·8· device and --
`
`·9· · · · · · · ·MR. COWELL:· Objection to form.
`
`10· · · · · Q.· ·(By Mr. Hart)· -- and that this general
`
`11· memory provides insufficient security?
`
`12· · · · · · · ·MR. COWELL:· Objection to form.
`
`13· Dr. Weaver, if you need to review other parts of
`
`14· your declaration, please feel free to do that.
`
`15· · · · · · · ·THE WITNESS:· Thanks.
`
`16· · · · · A.· ·My answer is yes to your question.
`
`17· Zhu's smart card manager manages memory by looking
`
`18· at the amount of free memory available when loading
`
`19· a new application, and if that amount of free memory
`
`20· is insufficient Zhu unloads an existing application
`
`21· and places it in the general memory of the mobile
`
`22· device and then loads the new application into the
`
`23· resulting freed-up memory.· And that exposes the
`
`24· application to security risks such as alteration or
`
`25· copying or deletion.
`
`IPR2022-01239
`Apple EX1029 Page 21
`
`
`
`·1· · · · · Q.· ·(By Mr. Hart)· And your opinion
`
`Page 22
`
`·2· specifically is that the application that was placed
`
`·3· in general memory is subject to those security
`
`·4· risks, correct?
`
`·5· · · · · A.· ·Yes, that's true.
`
`·6· · · · · Q.· ·Does Zhu describe any security
`
`·7· associated with payment applications stored in the
`
`·8· mobile device's general memory?
`
`·9· · · · · · · ·MR. COWELL:· Objection to form.
`
`10· · · · · A.· ·Zhu suggests two methods.· One would be
`
`11· encrypting the application that's being removed and
`
`12· stored in general memory.· And the second would be
`
`13· requiring a successful authentication using a
`
`14· digital certificate when attempting to reload a
`
`15· stored application.· And in my opinion, neither of
`
`16· those techniques provide the type of security that
`
`17· Buhot and GPC would implement in their systems.
`
`18· · · · · Q.· ·(By Mr. Hart)· If we focus on
`
`19· encryption for the time being, how high does the
`
`20· security need to be -- actually, let's strike --
`
`21· strike the limiting to encryption.· Let me just ask
`
`22· this follow-up question.
`
`23· · · · · · · ·How high does the security need to be
`
`24· in the Buhot/Zhu combination to protect those
`
`25· payment applications when they're stored on the
`
`IPR2022-01239
`Apple EX1029 Page 22
`
`
`
`Page 23
`
`·1· mobile device's general memory?
`
`·2· · · · · A.· ·Very high.
`
`·3· · · · · Q.· ·Is encryption -- does encryption ever
`
`·4· provide a sufficiently high security to permit
`
`·5· storing payment applications on a mobile device's
`
`·6· general memory?
`
`·7· · · · · · · ·MR. COWELL:· Objection to form.
`
`·8· · · · · A.· ·No.
`
`·9· · · · · Q.· ·(By Mr. Hart)· In paragraph 69 of your
`
`10· declaration, which is up on the screen here, you
`
`11· state that (quote as read):
`
`12· · · · · · · ·Encrypting the application while
`
`13· · · · · · · ·storing it outside of the secure
`
`14· · · · · · · ·element still exposes it to copying to
`
`15· · · · · · · ·another system, where decryption can
`
`16· · · · · · · ·proceed.
`
`17· · · · · · · ·Can decryption occur outside of the
`
`18· mobile device without the encryption keys?
`
`19· · · · · · · ·MR. COWELL:· Objection, form.
`
`20· · · · · A.· ·Yes, given substantial computing power
`
`21· outside of the mobile device.
`
`22· · · · · Q.· ·(By Mr. Hart)· And what would that
`
`23· substantial computing power need to do in order to
`
`24· decrypt an encrypted application without the
`
`25· encryption keys?
`
`IPR2022-01239
`Apple EX1029 Page 23
`
`
`
`·1· · · · · · · ·MR. COWELL:· Objection to form.
`
`Page 24
`
`·2· · · · · A.· ·The difficulty depends upon the type of
`
`·3· encryption used.· So as examples in my course, I
`
`·4· taught how an encrypted program can be decrypted
`
`·5· without the encryption keys using brute force
`
`·6· techniques, basically trying all combinations of the
`
`·7· bit patterns that make up an encryption key.· That
`
`·8· was for symmetric encryption.
`
`·9· · · · · · · ·For asymmetric encryption there are
`
`10· different techniques that I taught about how to
`
`11· approach -- how to succeed in decrypting without
`
`12· advanced knowledge of the encryption keys.· And
`
`13· there are textbooks explaining how to -- how to do
`
`14· those operations.
`
`15· · · · · Q.· ·(By Mr. Hart)· Are there any encryption
`
`16· schemes that are not susceptible to cracking or
`
`17· defeating?
`
`18· · · · · · · ·MR. COWELL:· Objection to form.
`
`19· · · · · A.· ·It's possible that the National
`
`20· Security Agency has such encryption schemes, but no
`
`21· one in the general public, including me, would know
`
`22· the answer to that question.· But even the most
`
`23· advanced encryption schemes that I have seen, like
`
`24· elliptic curve encryption, can all eventually be
`
`25· hacked through some combination of schemes to do --
`
`IPR2022-01239
`Apple EX1029 Page 24
`
`
`
`Page 25
`·1· to achieve decryption.· It takes computing power and
`
`·2· time, but they can all be eventually decrypted.
`
`·3· · · · · Q.· ·(By Mr. Hart)· Okay.· I believe that
`
`·4· last answer was referring to the current state of
`
`·5· the art, but is it also true that as of 2012 there
`
`·6· were no perfect uncrackable encryption schemes --
`
`·7· · · · · A.· ·Yes.
`
`·8· · · · · Q.· ·-- publicly known?
`
`·9· · · · · A.· ·Yes.
`
`10· · · · · Q.· ·The next sentence in paragraph 69 of
`
`11· your declaration states (quote as read):
`
`12· · · · · · · ·Encrypting the application would also
`
`13· · · · · · · ·necessitate the generation, storage,
`
`14· · · · · · · ·management, and distribution of new
`
`15· · · · · · · ·encryption keys, all of which is a
`
`16· · · · · · · ·notoriously difficult problem for
`
`17· · · · · · · ·security systems.
`
`18· · · · · · · ·Do you see that?
`
`19· · · · · A.· ·I do.
`
`20· · · · · Q.· ·Is that description true of all
`
`21· encryption systems as of 2012?
`
`22· · · · · · · ·MR. COWELL:· Objection to form.
`
`23· · · · · A.· ·Yes.
`
`24· · · · · Q.· ·(By Mr. Hart)· Is the encryption scheme
`
`25· described in Zhu different from other encryption
`
`IPR2022-01239
`Apple EX1029 Page 25
`
`
`
`·1· techniques as of 2012 that might be used to secure
`
`Page 26
`
`·2· smart card systems?
`
`·3· · · · · · · ·MR. COWELL:· Objection to form.
`
`·4· · · · · A.· ·I don't remember Zhu identifying a
`
`·5· particular encryption scheme.· Could you point me to
`
`·6· a reference within Zhu?
`
`·7· · · · · Q.· ·(By Mr. Hart)· Well, I'm simply trying
`
`·8· to get to the -- I'm happy to pull up Zhu, but I'm
`
`·9· really trying to get to the kind of foundation of
`
`10· your opinion here, and I can ask it in a slightly
`
`11· different way.· Is it something specific about Zhu's
`
`12· encryption that leads you to conclude it would be
`
`13· insufficient in this context or is it encryption
`
`14· more generally that leads you to conclude it would
`
`15· have provided inadequate security in the proposed
`
`16· combination of Buhot and Zhu?
`
`17· · · · · · · ·MR. COWELL:· Objection to form.
`
`18· · · · · A.· ·It's the latter that Zhu simply says
`
`19· that the application can be encrypted, and I don't
`
`20· remember any additional detail as to methodology,
`
`21· but my opinion is more general, that encryption
`
`22· schemes known in the 2012 time frame were all
`
`23· breakable with computing power and time.
`
`24· · · · · Q.· ·(By Mr. Hart)· Ryan, can I have you
`
`25· pull up Exhibit 1001 from this same proceeding?
`
`IPR2022-01239
`Apple EX1029 Page 26
`
`
`
`Page 27
`·1· That is the '724 patent.· Can I have you scroll down
`
`·2· to column 10, please?· Just to make it a little
`
`·3· easier to use on the shared display, can I have you
`
`·4· zoom in on kind of the upper third of column 10?
`
`·5· Very good.· Thank you.· I apologize.· I had my
`
`·6· citation incorrect in my notes.· Can I have you go
`
`·7· to column 7 where the concept in column 10 is
`
`·8· introduced?· Towards the bottom.· Let's do the
`
`·9· bottom third on the screen.· Thank you.
`
`10· · · · · · · ·Dr. Weaver, in column 7, lines 55 to
`
`11· 60, the '724 patent describes a TMSM providing a,
`
`12· quote (quote as read):
`
`13· · · · · · · ·Mechanism to make baseband storage as
`
`14· · · · · · · ·an extension for storing the
`
`15· · · · · · · ·software-based or logical smart cards
`
`16· · · · · · · ·e.g. in lieu of multiple physical
`
`17· · · · · · · ·Mifare cards swapped out from the
`
`18· · · · · · · ·emulator 122 to the TMSM 106, partly
`
`19· · · · · · · ·for solving the issue of limited memory
`
`20· ·