`
`_____________________________
`
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`
`_____________________________
`
`CISCO SYSTEMS, INC.,
`
`Petitioner,
`
`- vs. –
`
`ORCKIT IP, LLC,
`
`Patent Owner.
`_________________________
`
`Case IPR2023-00554
`
`U.S. Patent No. 10,652,111
`
`_________________________
`
`REPLY DECLARATION OF SAMRAT BHATTACHARJEE, PH.D.
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 1 of 42
`
`
`
`
`
`TABLE OF CONTENTS
`
`
`I.
`Introduction ...................................................................................................... 1
`II. Materials Relied on in forming my opinions ................................................... 2
`III. Level of Ordinary Skill in the Art and Priority Date ....................................... 2
`IV. The ’111 Patent ................................................................................................ 3
`V.
`The Prior Art References ................................................................................. 3
` Lin ............................................................................................................. 3
` Shieh .......................................................................................................... 3
` Swenson .................................................................................................... 4
`VI. Claim Construction .......................................................................................... 4
`VII. The Prior Art Renders The Asserted Claims Obvious. ................................... 6
` The Combination of Lin and Swenson Renders Claim 1 Obvious. .......... 6
`1. Lin and Swenson Disclose or Render Obvious the Claimed
`Controller Under Either Patent Owner’s or Petitioner’s Proposed
`Constructions. ..................................................................................... 6
` The Combination of Shieh and Swenson Renders Claim 1 Obvious. ....28
` Claim 3 ....................................................................................................32
` Claims 4 and 5 .........................................................................................33
` Claim 6 ....................................................................................................33
` Claim 7 ....................................................................................................35
` Claim 16 ..................................................................................................37
` Claim 30 ..................................................................................................38
`
`
`
`i
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 2 of 42
`
`
`
`
`
`I, Samrat Bhattacharjee, Ph.D., hereby declare as follows:
`
`I.
`
`INTRODUCTION
`1.
`I have been retained on behalf of Cisco Systems, Inc. (“Cisco”) to
`
`provide my technical review, analysis, insights, and opinions concerning the validity
`
`of the claims of U.S. Patent No. 10,652,111 (EX1001; “the ’111 Patent”) entitled
`
`“Method and System for Deep Packet Inspection in Software Defined Network.”
`
`The patent is assigned to Orckit IP, LLC (“Orckit” or “Patent Owner”).
`
`2.
`
`I am the same Samrat Bhattacharjee who provided a declaration on
`
`February 21, 2023, in support of Cisco’s Petition for Inter Partes Review in this
`
`proceeding. See EX1004. I maintain the opinions that were set forth in that previous
`
`declaration. I provide this reply declaration to respond to certain opinions provided
`
`by Miguel Gomez in a declaration (the “Gomez Declaration”) submitted in support
`
`of the Patent Owner Response filed by Patent Owner. The Gomez Declaration is
`
`marked as Exhibit 2025 in this proceeding.
`
`3. My background and qualifications were set forth in Paragraphs 1-11 of
`
`my original declaration (EX1004) in this proceeding, as well as my curriculum vitae
`
`marked as Exhibit 1003, and I incorporate that information by reference in this reply
`
`declaration. In this reply declaration, I apply the same understanding of the
`
`governing law as set forth in Paragraphs 12-19 of my original declaration.
`
`1
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 3 of 42
`
`
`
`
`
`II. MATERIALS RELIED ON IN FORMING MY OPINIONS
`4.
`In forming my opinions in this reply declaration, I have relied on the
`
`’111 Patent’s claims, specification and prosecution history, on the prior art exhibits
`
`to the IPR Petition (Paper 1), any other materials cited in this reply declaration, and
`
`my own knowledge, experience and expertise, and the knowledge of a POSA in the
`
`relevant timeframe. I have also reviewed and relied upon the materials cited in my
`
`original declaration (EX1004), the materials cited in the Gomez Declaration, and the
`
`transcript of Mr. Gomez’s deposition. I have also reviewed the Decision Granting
`
`Institution of Inter Partes Review provided by the U.S. Patent and Trademark Office
`
`Patent Trial and Appeal Board (“PTAB”) in this proceeding. See Paper 8.
`
`III. LEVEL OF ORDINARY SKILL IN THE ART AND PRIORITY
`DATE
`5.
`In this reply declaration, I apply the same definition of a person of
`
`ordinary skill in the art (“POSA”) as set forth in Paragraphs 48-49 of my original
`
`declaration. EX1004. Mr. Gomez does not dispute my definition of a POSA.
`
`EX2025, ¶¶23-25, 46-47; see Paper 22 at 16.
`
`6.
`
`In this reply declaration, I apply the same priority date for the ’111
`
`Patent of April 22, 2014, as was set forth in Paragraph 47 of my original declaration.
`
`EX1004. Mr. Gomez’s declaration asserts that the priority date for the ’111 Patent
`
`should be April 7, 2006. EX2025, ¶¶23. However, he acknowledged during his
`
`2
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 4 of 42
`
`
`
`
`
`deposition that this was a mistake in his declaration, and he agreed that the priority
`
`date to be applied should be April 22, 2014. EX1016 at 54:16-55:24.
`
`IV. THE ’111 PATENT
`7.
`In Paragraphs 36-39 of the Gomez Declaration, Mr. Gomez provides
`
`his description of the ’111 Patent. EX2025. Paragraphs 30-46 of my original
`
`declaration provide a description of the specification disclosure and claims of the
`
`’111 Patent, as well as the prosecution history for the patent application that resulted
`
`in the issuance of the ’111 Patent. EX1004.
`
`V. THE PRIOR ART REFERENCES
` Lin
`8.
`Paragraphs 50-56 of my original declaration provide my opinions on
`
`the disclosure of Lin. EX1004. Mr. Gomez provides his opinions on Lin in
`
`Paragraphs 41-43 of the Gomez Declaration. EX2025. I note that some of the
`
`citations in Paragraph 43 of the Gomez Declaration cite to the wrong sections of Lin.
`
`Mr. Gomez acknowledged the mistaken citations during his deposition. EX1016 at
`
`61:21-62:18. Further, Mr. Gomez cites to example embodiments in Lin (EX2025,
`
`¶¶42-43), and a POSA would have known that the disclosure of Lin is not limited
`
`just to what is disclosed in example embodiments. EX1016 at 61:17-20.
`
`
`9.
`
`Shieh
`Paragraphs 57-62 of my original declaration provide my opinions on
`
`the disclosure of Shieh. EX1004. Mr. Gomez provides his opinions on Shieh in
`
`3
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 5 of 42
`
`
`
`
`
`Paragraph 44 of the Gomez Declaration. EX2025. I note that Mr. Gomez cites to an
`
`example embodiment in Shieh, and a POSA would have known that the disclosure
`
`of Shieh is not limited just to what is disclosed in an example embodiment.
`
`
`Swenson
`10. Paragraphs 63-68 of my original declaration provide my opinions on
`
`the disclosure of Swenson. EX1004. Mr. Gomez provides his opinions on Swenson
`
`in Paragraph 45 of the Gomez Declaration. EX2025. I again note that Mr. Gomez
`
`cites to example embodiments in Swenson, and a POSA would have known that the
`
`disclosure of Swenson is not limited just to what is disclosed in example
`
`embodiments.
`
`VI. CLAIM CONSTRUCTION
`11. Paragraphs 69-73 of my original declaration provide my opinions on
`
`the construction of the terms “controller” and “instruction” in the claims of the ’111
`
`Patent. EX1004. In the Institution Decision, the PTAB determined that “no terms
`
`need to be construed at this time.” Paper 8 at 12. I maintain my opinion that
`
`“controller” and “instruction” should be construed for the reasons stated in my
`
`original declaration. EX1004, ¶¶69-73.
`
`12. Patent Owner states in the Patent Owner Response that “the Court in
`
`the District Court Case preliminarily construed the term ‘controller’ as ‘an entity that
`
`is capable of controlling deep packet inspection.’” Paper 22 at 16. Patent Owner also
`
`4
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 6 of 42
`
`
`
`
`
`“submits that ‘controller’ should be construed consistent with the preliminary
`
`construction in the District Court Case as ‘an entity that is capable of controlling
`
`deep packet inspection.’” Paper 22 at 17. The Gomez Declaration does not take a
`
`position on claim construction. See EX2025, ¶¶26-27, 48.
`
`13.
`
`It is my opinion that my proposed construction of controller (i.e., an
`
`entity configured to perform deep packet inspection on packets) is the correct
`
`construction because it more closely aligns with what is disclosed in the ’111 Patent.
`
`For example, the ’111 Patent explains that “the central controller 111 is configured
`
`to perform deep packet inspection on designated packets from designated flows
`
`or TCP sessions.” EX1001, Col. 4:5-7 (emphasis added); see also id., Col. 4:8-18,
`
`4:49-50. In addition, the ’111 Patent states that “the central controller 111 includes
`
`a DPI flow detection module 311, a DPI engine 312, and a memory 313, and a
`
`processing unit 314,” as shown below in Figure 3. EX1001, Col. 5:33-36; see id.,
`
`Cols. 5:40-59 (discussing DPI flow detection module 311 located within central
`
`controller 111 in Figure 3), 8:1-5, 9:67-10:1, Figure 6. Patent Owner’s proposed
`
`construction of “an entity that is capable of controlling deep packet inspection” is
`
`not as consistent with these disclosures from the ’111 Patent. Paper 22 at 17
`
`(emphasis added).
`
`14. However, regardless of whether the Board adopts my proposed claim
`
`constructions or Patent Owner’s proposed construction of “controller,” or provides
`
`5
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 7 of 42
`
`
`
`
`
`no claim constructions, my opinions on the unpatentability of Claims 1-9, 12-24 and
`
`27-31 of the ’111 Patent would remain the same.
`
`VII. THE PRIOR ART RENDERS THE ASSERTED CLAIMS OBVIOUS.
`15. Paragraphs 74-319 of my original declaration contain my opinions that
`
`the combinations of (1) Lin and Swenson or (2) Shieh and Swenson render Claims
`
`1-9, 12-24 and 27-31 of the ’111 Patent unpatentable as obvious. EX1004. I maintain
`
`those opinions, and, below, I provide my opinions in reply to the analysis of these
`
`patent claims in the Gomez Declaration.
`
` The Combination of Lin and Swenson Renders Claim 1 Obvious.
`1.
`Lin and Swenson Disclose or Render Obvious the Claimed
`Controller Under Either Patent Owner’s or Petitioner’s
`Proposed Constructions.
`16. Paragraphs 49-83 of the Gomez Declaration assert Mr. Gomez’s
`
`opinion that neither Lin nor Swenson disclose the controller recited in Claim 1.
`
`EX2025. I disagree for the reasons stated in my original declaration (EX1004) and
`
`throughout this reply declaration.
`
`17. Mr. Gomez provides his opinion that “In other words, Petitioner’s
`
`theory appears to be that either (i) a POSA would implement DPI as part of Lin’s
`
`controller, notwithstanding that Lin discloses a security service entity for DPI that is
`
`separate from the controller, or (ii) a POSA would have been motivated to combine
`
`Lin with Swenson, which Petitioner asserts discloses a controller that is capable of
`
`performing DPI.” EX2025, ¶50. This statement from Mr. Gomez does not address
`
`6
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 8 of 42
`
`
`
`
`
`the full scope of my opinions. As I explained in my original declaration, Lin
`
`discloses that its SDN switch (i.e., the network node) is under the control of a “SDN
`
`controller” that is external to the SDN switch, and the SDN controller “provides a
`
`logically centralized framework for controlling the behavior of the SDN computer
`
`network 600.” EX1005, Col. 4:8-31; Lin also discloses that “[t]he SDN controller
`
`610 and the SDN switch 620 are logically separate components.” Id., Col. 3:51-52;
`
`EX1004, ¶78. A POSA would have understood that “logically separate components”
`
`can be implemented in the same physical device.
`
`18. Further, as explained in my opening declaration, Lin discloses a
`
`security service 630 that performs DPI and that “[t]he security service 630 may be
`
`connected to the SDN switch 620 by a physical link (i.e., using a wire), a virtual link
`
`(i.e., in a virtualized environment), or by a software tunnel.” EX1005, Cols. 3:11-
`
`12, 5:51-58; EX1004, ¶79. It is my opinion that a POSA would have understood
`
`these disclosures in Lin to teach that the security service 630 can be implemented
`
`using the same hardware or software as the controller, and that the security service
`
`630 can be connected to the SDN switch 620 in the same way as the controller. As
`
`such, a POSA would have understood that one of the limited number of design
`
`options would have been to implement the security service as part of a controller
`
`configured to perform DPI analysis on packets, and a POSA would have had a
`
`7
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 9 of 42
`
`
`
`
`
`reasonable expectation that the controller would have been successful in performing
`
`DPI analysis.
`
`19. Further, as explained in my original declaration, it is my opinion that
`
`Swenson teaches the use of a controller configured to perform DPI. EX1004, ¶¶80-
`
`86. Swenson discloses
`
`that
`
`“the
`
`flow
`
`analyzer 312 of
`
`the network
`
`controller 140 performs a deep flow inspection to determine if the flow is worth
`
`bandwidth monitoring and/or user detection.” EX1007, ¶[0059]; see id., ¶[0060]
`
`(stating that the “controller 140 ingests the network flow for inspection”), Figures 1,
`
`4A-4B. It is my opinion that a POSA would have understood that a “flow” is a series
`
`of packets having a specific signature. Thus, a POSA would have known that the
`
`reference to “deep flow inspection” in Swenson refers to performing DPI on one or
`
`more packets in a flow. Further, it is my opinion that a POSA would have understood
`
`that Paragraph [0065]’s discussion of analysis of the “response payload” of a packet
`
`to be DPI by a DPI-capable controller. EX1007, ¶[0065]. These disclosures in
`
`Swenson demonstrate that it would have been well-known to a POSA as of the
`
`priority date for the ’111 Patent to implement a controller configured to perform DPI
`
`analysis in a system such as Lin. Id., ¶¶[0026], [0028]-[0029], [0046], [0059]-
`
`[0060], [0073], [0076]-[0077], [0084]-[0086], Figures 1 and 4A-4B.
`
`8
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 10 of 42
`
`
`
`
`
`a. Lin discloses or renders obvious a controller configured
`to perform or capable of controlling DPI.
`20. Paragraphs 52-55 of the Gomez Declaration state Mr. Gomez’s opinion
`
`that Lin “does not disclose a controller that is configured to perform or capable of
`
`controlling deep packet inspection. Lin teaches that DPI is performed by security
`
`service 630, not controller 610.” EX2025, ¶¶52-55. I disagree. As discussed above,
`
`while Lin discusses a separate security service 630, it is my opinion that a POSA
`
`would have understood that one of the limited number of design options would have
`
`been to implement the security service as part of a controller configured to perform
`
`DPI analysis on packets, and a POSA would have had a reasonable expectation that
`
`the controller would have been successful in performing DPI analysis. EX1005,
`
`Cols. 3:11-12, 3:51-58, 4:8-31, Figures 1, 6-8; EX1004, ¶¶78-79.
`
`21. Mr. Gomez argues that “[t]he mere fact that the security service may
`
`share certain common technical characteristics with the controller (i.e., its
`
`connection to the network switch and the hardware in which these two separate
`
`entities are implemented) cannot in and of itself suggest to a POSA that the function
`
`carried out by the security service should also be performed by the controller or that
`
`the controller should be configured to perform that function (i.e., deep packet
`
`inspection). ” EX2025, ¶54. First, Mr. Gomez does not challenge my opinion that
`
`the security service 630 has the same physical connections to the SDN switch in Lin
`
`as the SDN controller. EX1005, Cols. 3:11-12, 5:51-58; EX1004, ¶79. Second, I
`
`9
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 11 of 42
`
`
`
`
`
`disagree with Mr. Lin’s opinion because, taken as a whole, the disclosure of Lin
`
`demonstrates that the security service 630 could have been implemented as part of
`
`the controller or as a separate component from the controller. EX1005, Cols. 3:11-
`
`12, 3:51-58, 4:8-31, Figures 1, 6-8; EX1004, ¶¶78-79. There are limited design
`
`options as to where the security service would be implemented, and a POSA would
`
`have found it obvious that one of those limited design options was to implement the
`
`security service as part of the controller. I note that the ’111 Patent does not give any
`
`specific technical mechanisms for implementing DPI in its controller. Mr. Gomez
`
`seemingly, and without explicating reasons, places a higher burden on the prior art,
`
`especially in light of the allegedly inventive aspects or disclosures in the ’111 Patent.
`
`22. Mr. Gomez asserts that “Lin explicitly separates network security
`
`services (including DPI) from the controller (or the network administrators
`
`responsible for configuring the controller), stating: ‘[n]etwork security vendors
`
`provide network security services, such as firewall or deep packet inspection (DPI)’
`
`(Ex. 1005, 3:11-12).” EX2025, ¶55. I disagree with this narrow reading of Lin.
`
`Certainly, there are network security vendors that can provide network security
`
`services as part of a separate module from the controller. However, even with the
`
`existence of such network security services, a POSA still would have understood
`
`that a separate design option would have been to implement the security service as
`
`part of the controller. A packet has to be routed (or mirrored) to the security service
`
`10
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 12 of 42
`
`
`
`
`
`for inspection, and this could just as easily have been done with the security service
`
`being part of the controller as the security service being a stand-alone module.
`
`23. Mr. Gomez provides his opinion that the background of the ’111 Patent
`
`teaches away from implementing the security service as part of the controller
`
`because the ’111 Patent discusses “drawbacks” of prior art implementing the
`
`“straightforward approach of routing all traffic from network nodes to the central
`
`controller.” EX2025, ¶55. Mr. Gomez notes that the ’111 Patent identifies “increased
`
`end-to-end traffic delays between the client and the server; overflowing the
`
`controller capability to perform other networking functions; and a single point of
`
`failure for the re-routed traffic.” Id., citing EX1001, 2:1-5. Thus, Mr. Gomez argues
`
`that “it was known in the art before the ’111 [P]atent that performing DPI at the
`
`controller presented material challenges and disadvantages.” Id. I disagree. The prior
`
`art discussed in the background section of the ’111 Patent involved systems in which
`
`“all traffic” was routed from network nodes to the central controller. EX1001, 2:1-
`
`5. That is not the case with Lin. In Lin, only specific packets meeting certain criteria
`
`are routed to the security device 630, such as routing HTTP packets to the security
`
`device. See, e.g., EX1005, Cols. 5:16-24, 5:26-36, 6:1-12, 6:40-54, 7:24-8:18, Table
`
`1. When only certain packets are routed to the security device, as opposed to all
`
`packets, then Mr. Gomez’s concerns about the prior art “drawbacks” are not
`
`11
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 13 of 42
`
`
`
`
`
`applicable because there is not as much traffic sent to the controller to cause end-to-
`
`end traffic delays or an overflow of the controller’s capabilities.
`
`24. Further, the existence of a separate security service would be just as
`
`likely to cause a “single point of failure for the re-routed traffic” as a security service
`
`that is part of a controller. This would not be a reason to avoid implementing the
`
`security service as part of the controller. Indeed, there is no logical reason not to
`
`combine them, and Mr. Gomez does not provide any.
`
`25. Mr. Gomez also asserts that “a POSA at the time of invention would
`
`[have understood] that security services were not normally combined with a
`
`controller because the security service requires security resources not normally
`
`found in a controller or that would be prohibitively expensive to implement as part
`
`of the controller.” EX2025, ¶55. Mr. Gomez cites no support for these statements,
`
`and I disagree with them. For example, Mr. Gomez does not explain what are the
`
`“security resources not normally found in a controller.” At his deposition, Mr.
`
`Gomez speculated that there can be “management and dataflow issues” with
`
`implementing security functions in the controller, but that is not more specific than
`
`his declaration. EX1016 at 33:20-37:19. I disagree with Mr. Gomez’s argument
`
`because the security service would require “security resources” or overcoming
`
`“management and dataflow issues” wherever it is implemented. These would be no
`
`different if the security service was implemented in the controller or elsewhere.
`
`12
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 14 of 42
`
`
`
`
`
`Indeed, Swenson implemented its deep flow inspection as part of its flow analyzer
`
`in its controller without any mention of “security resources” or “management and
`
`dataflow issues.” EX1007, ¶¶[0026], [0028]-[0029], [0039], [0059], [0060], [0065].
`
`Swenson discloses an embodiment of its controller in Figure 3 and explains that the
`
`controller would include “[c]onventional components” such as “security functions.”
`
`EX1007, ¶[0039]. Further, the ’111 Patent disclosed that its “DPI engine 312” was
`
`implemented in “the central controller 111” to inspect packets without any mention
`
`of additional “security resources” or “management and dataflow issues” that would
`
`have made it difficult to achieve this task. See, e.g., EX1001, 5:33-49.
`
`26.
`
`In addition, it is my opinion that Mr. Gomez has not shown why it
`
`would be “prohibitively expensive to implement [the security service] as part of the
`
`controller.” EX2025, ¶55. Mr. Gomez cites no support for this assertion, and he does
`
`not explain why it would be cheaper to have two separate components (a separate
`
`controller and security service) than to implement them as one. I do not think it
`
`would be prohibitively expensive to have the security service as part of the
`
`controller. Swenson did not mention that it was “prohibitively expensive” to
`
`implement deep flow inspection as part of its controller. EX1007, ¶¶[0026], [0028]-
`
`[0029], [0059], [0060], [0065]. Indeed, Swenson states that security functions would
`
`be one of the conventional components on the controller. Id., ¶¶[0039], Figure 3.
`
`Further, the ’111 Patent does not say it was “prohibitively expensive” to implement
`
`13
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 15 of 42
`
`
`
`
`
`DPI engine 312 in central controller 111. See, e.g., EX1001, 5:33-49. Neither the
`
`claims nor the specification of the ’111 Patent say anything about how to prevent the
`
`alleged prohibitive costs of implementing the security device in the controller. Mr.
`
`Gomez is again seemingly imposing a higher burden of disclosure on the prior art
`
`requiring more of the prior art, especially in light of the allegedly inventive aspects
`
`or disclosures in the ’111 Patent.
`
`27. Moreover, a POSA still would have known that it was only one of a
`
`limited number of design options to implement the security service as part of the
`
`controller, even if the process was expensive or required extra “security resources”
`
`or “management resources.” Thus, for the reasons explained throughout this reply
`
`declaration and in my original declaration (EX1004), I disagree with Mr. Gomez’s
`
`conclusion that “Lin alone does not give a POSA any reason to implement the
`
`security service as part of the controller, nor a reasonable expectation of success in
`
`doing so.” EX2025, ¶55.
`
`b. Swenson also discloses or renders obvious a controller
`configured to perform or capable of controlling DPI.
`28. Paragraphs 56-69 of the Gomez Declaration state Mr. Gomez’s opinion
`
`that Swenson does not disclose or render obvious a controller that is configured to
`
`perform or capable of controlling deep packet inspection. EX2025, ¶¶56-69. I
`
`disagree. Mr. Gomez provides his opinion that “A POSA would understand that Lin
`
`discloses deep packet inspection (DPI) performed at a dedicated security service,
`
`14
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 16 of 42
`
`
`
`
`
`whereas Swenson discloses deep flow inspection (DFI) performed in the flow
`
`analyzer of a network controller. Thus, Lin and Swenson disclose different
`
`techniques, which a POSA would understand from the use of different terms of art
`
`in the two references.” EX2025, ¶57; see id., ¶58 (arguing “that deep flow inspection
`
`is not the same as deep packet inspection” (emphasis in original)). As I explained in
`
`my original declaration, it is my opinion that a POSA would have understood that a
`
`“flow” is a series of packets having a specific signature. EX1004, ¶¶80-86. Thus, a
`
`POSA would have known that the reference to “deep flow inspection” in Swenson
`
`refers to performing DPI on one or more packets in a flow. Further, it is my opinion
`
`that a POSA would have understood that Paragraph [0065]’s discussion of analysis
`
`of the “response payload” of a packet to be DPI by a DPI-capable controller.
`
`EX1007, ¶[0065]; see id., ¶¶[0026], [0028]-[0029], [0046], [0059]-[0060], [0073],
`
`[0076]-[0077], [0084]-[0086], Figures 1 and 4A-4B.
`
`29.
`
`I agree with Mr. Gomez that DPI was a “well-known technique used
`
`for computer network packet filtering” that was “used in enterprise security to detect
`
`various attacks” as of the priority date for the ’111 Patent. EX2025, ¶58. However,
`
`I disagree with Mr. Gomez’s assertion that DPI “presents certain unique challenges”
`
`because it “requires significant processing power and may struggle with high-
`
`bandwidth networks or encrypted traffic.” EX2025, ¶59. First, these are not
`
`requirements of the claims of the ’111 Patent, and the discussion of DPI in the
`
`15
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 17 of 42
`
`
`
`
`
`specification of the ’111 Patent does not mention requirements of “significant
`
`processing power” or struggles with “high-bandwidth networks or encrypted
`
`traffic.” Second, Mr. Gomez provides no support for his assertion. DPI processing
`
`was well-known as of the priority date of the ’111 Patent, and there was nothing that
`
`would have prevented a POSA from using it. EX1005, ¶[0021]; EX1006, Col. 3:11-
`
`24; EX1001, Col. 1:20-29. Further, Mr. Gomez speculates that “DPI tools may have
`
`limited visibility into the overall traffic patterns of networks in which less traffic
`
`flows through core switches (e.g., in modern distributed network environments).”
`
`EX2025, ¶59. Again, Mr. Gomez cites no support for this assertion, it is not recited
`
`in the specification or claims of the ’111 Patent, and I do not see a reason why a
`
`POSA would have been discouraged from using DPI on this basis.
`
`30. With respect to DFI, Mr. Gomez asserts that it is “focused on the flow
`
`of data within the network rather than the inspection of individual packets.” EX2025,
`
`¶60. I disagree. The DFI performed in Swenson is inspection of the payload of
`
`individual packets and thus would constitute DPI, in addition to any other flow-
`
`related analysis disclosed in Swenson. EX1007, ¶¶[0059]-[0060], [0065]. As
`
`previously explained, a “flow” is a series of packets having a specific signature.
`
`EX1004, ¶¶80-86. Paragraph [0065] of Swenson discloses analysis of the “response
`
`payload” of a packet. A POSA would have understood the analysis of the “response
`
`payload” to be DPI by a DPI-capable controller. EX1007, ¶[0065]; see id., ¶¶[0026],
`
`16
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 18 of 42
`
`
`
`
`
`[0028]-[0029], [0046], [0059]-[0060], [0073], [0076]-[0077], [0084]-[0086],
`
`Figures 1 and 4A-4B. Moreover, even if the analysis involves reviewing the response
`
`payload of multiple packets, a POSA still would have considered this to be DPI
`
`because Swenson is explicitly disclosing the analysis of the payload of individual
`
`packets in a flow.
`
`31. Mr. Gomez notes that “[f]low data typically includes information about
`
`the IP addresses, ports and protocol types involved in a communication session.”
`
`EX2025, ¶61. But that is not what is disclosed in Swenson, which discusses
`
`analyzing the “response payload” of HTTP packets (i.e., performing DPI). EX1007,
`
`¶[0065]; see id., ¶¶[0059]-[0060]. Further, Mr. Gomez states that “DFI can be used
`
`for purposes like traffic analysis, network performance monitoring, and the detection
`
`of unusual or suspicious behavior patterns in network traffic.” EX2025, ¶61. The
`
`same is true for DPI. See EX1005, ¶[0021]; EX1006, Cols. 3:11-24, 5:16-25;
`
`EX1001, Col. 1:20-29. For these reasons, I disagree with Mr. Gomez’s unsupported
`
`assertion that DPI and DFI “entail material differences, and that deep packet
`
`inspection entails unique technical capabilities and challenges that distinguish it
`
`from deep flow inspection.” EX2025, ¶62.
`
`32. Mr. Gomez asserts that the DFI in Swenson is “a materially different
`
`technique” than DPI because “Swenson’s disclosures of a system [are] geared
`
`toward bandwidth and user experience optimization through the use of statistic
`
`17
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 19 of 42
`
`
`
`
`
`information relating to flows, not the inspection of packet contents.” EX2025, ¶63.
`
`I disagree that this shows DFI and DPI to be materially different. Swenson discloses
`
`the monitoring of network traffic by redirecting certain traffic flows that meet
`
`specific criteria (such as HTTP packets) to a central controller for inspection and a
`
`determination on how to act on that network traffic. A POSA would have understood
`
`that this teaching is equally applicable to redirecting certain packets that meet
`
`specific criteria to a central controller for DPI. A POSA’s understanding of this
`
`technique is not changed by the reason for inspecting the traffic, whether it is to
`
`monitor malicious activity, bandwidth usage or user experience optimization.
`
`33. Further, as explained in Paragraph 83 of my original declaration, a
`
`POSA would have understood that Swenson, like Lin, could involve analyzing
`
`packets for a security function, such as using bandwidth monitoring as a security
`
`application to detect Denial of Service (“DOS”) attacks that occupy significant
`
`bandwidth in a network. EX1007, ¶¶[0059]-[0060]; see id., ¶[0039] (explaining that
`
`the controller can incorporate “security functions”); EX1004, ¶83. As such, Swenson
`
`is performing DPI (id., ¶[0065]), and Swenson discloses using its technology for a
`
`security function (id., ¶¶[0039], [0059]-[0060]. For these reasons, I do not agree with
`
`Mr. Gomez’s statements that “DPI would have little use for the purposes of
`
`Swenson’s traffic analysis due to the higher overhead it would impose upon the
`
`Swenson system as a whole” or that a POSA would not combine the teachings of
`
`18
`
`Exhibit 1015
`Cisco v. Orckit - IPR2023-00554
`Page 20 of 42
`
`
`
`
`
`Lin and Swenson. EX2025, ¶¶64-65. Further, I disagree with Mr. Gomez’s statement
`
`that “[n]othing in the Petition satisfactorily addresses the distinctions between deep
`
`packet inspection and deep flow inspection.” Id., ¶66.
`
`34. Mr. Gomez also provides his opinion that “Swenson’s disclosure of the
`
`controller analyzing a message does not require analyzing the message payload.”
`
`EX2025, ¶¶67-68. Mr. Gomez acknowledges my analysis of the portion of Swenson
`
`that discusses inspection of “[a] HTTP GET request header and a portion of the
`
`[HTTP] response payload.” EX1004, ¶81, discussing EX1007, ¶[0065]. However,
`
`Mr. Gomez asserts that “[t]he reference to a HTTP request and response ‘header’
`
`and ‘payload’ are thus not references to th