UNITED STATES PATENT AND TRADEMARK OFFICE
`____________
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`____________
`CROWDSTRIKE, INC.
`Petitioner
`v.
`
`TAASERA
`Patent Owner
`____________
`
`Case No. IPR2024-00027
`Patent No. 7,673,137
` ____________
`
`DECLARATION OF DR. MARKUS JAKOBSSON, PH.D.
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 1
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`
`I.
`
`TABLE OF CONTENTS
`Introduction ....................................................................................................... 5
`A. Materials Reviewed ................................................................................... 5
`B. Background and Qualifications ................................................................. 7
`II. Legal Framework ............................................................................................ 15
`III. Opinion ............................................................................................................ 22
`A. Overview of the ’137 Patent .................................................................... 22
`B. Level of a Person Having Ordinary Skill in the Art ................................ 26
`C. Background of the Prior Art .................................................................... 28
`1. Overview of Operating Systems ...................................................... 28
`2. Computer Viruses and Malware in the Internet Era ................... 32
`3. Computer Monitoring Systems ....................................................... 35
`D. Claim Construction ................................................................................. 38
`E. Summary of the Prior Art References ..................................................... 39
`1. Dan ..................................................................................................... 39
`2. Lambert ............................................................................................. 49
`3. Schmid ............................................................................................... 59
`F. Ground 1: The Combination of Dan and Lambert Renders Claims 6, 8, 9,
`12, and 25 Obvious .................................................................................. 62
`1. Claim 6 ............................................................................................... 62
`6[Pre]. – A computer implemented method for implementing security for a
`(a)
`computing device comprising the steps of: ....................................................................... 62
`6(a) – interrupting the loading of a new program for operation with the computing
`(b)
`device; 65
`(c)
`6(b) – validating the new program; ....................................................................... 77
`(d)
`6(c) – if the new program is validated, permitting the new program to continue
`loading and to execute in connection with the computing device; ................................... 82
`6(d)(i) – if the new program is not validated, monitoring the new program while it
`(e)
`loads and executes in connection with the computing device, ......................................... 86
`6(d)(ii) – wherein the step of monitoring the new program while it executes is
`(f)
`performed at the operating system kernel of the computing device. ................................ 89
`2. Claim 8 - The method of claim 6, wherein the step of monitoring the
`new program comprises intercepting a signal from the computing
`device’s operating system. ................................................................. 92
`
`
`
`ii
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 2
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`3. Claim 9 - The method of claim 6, wherein the step of validating the
`new program comprises determining whether the new program
`corresponds with an approved program. ............................................ 92
`4. Claim 12 - The method of claim 6, wherein the step of monitoring the
`new program comprises controlling the files the new program
`attempts to access during execution of the new program. ................. 92
`5. Claim 25 ............................................................................................. 93
`25[Pre]. – A computer-implemented method for performing security for a
`(a)
`computer device during a pre-execution phrase comprising the steps of: ........................ 93
`25(a) – identifying an allowed program that is permitted to execute with the
`(b)
`computing device; ............................................................................................................. 94
`25(b) – receiving a signal that a new program is being loaded for execution with
`(c)
`the computing device; ....................................................................................................... 97
`(d)
`25(c) – suspending the loading of the new program; .......................................... 102
`(e)
`25(d) – comparing the new program to the allowed program; and ..................... 105
`(f)
`25(e) – determining whether the new program is valid; ..................................... 108
`(g)
`25(f) – if the new program is valid, permitting the new program to execute on the
`computing device; and .................................................................................................... 111
`25(g)(i) – if the new program is not valid, monitoring the new program while
`(h)
`allowing it to execute on the computing device, ............................................................. 112
`25(g)(ii) – wherein the step of monitoring the new program while allowing it to
`(i)
`execute is performed at the operating system kernel of the computing device. ............. 112
`G. Ground 2: The Combination of Dan, Lambert, and Schmid Renders
`Claims 1 and 2 Obvious ........................................................................ 112
`1. Claim 1 ............................................................................................. 112
`1[Pre]. – A system for managing security of a computing device comprising: .. 112
`(a)
`1(a) – a pre-execution module operable for receiving notice from the computing
`(b)
`device’s operating system that a new program is being loaded onto the computing device;
`
`112
`(c)
`1(b) – a validation module coupled to the pre-execution monitor operable for
`determining whether the program is valid; ..................................................................... 116
`1(c) – a detection module coupled to the pre-execution monitor operable for
`(d)
`intercepting a trigger from the computing device’s operating system; ........................... 119
`1(d) – and an execution module coupled to the detection module and operable for
`(e)
`monitoring, at the operating system kernel of the computing device, the program in
`response to the trigger intercepted by the detection module. .......................................... 126
`
`
`
`iii
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 3
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`2. Claim 2 - The system of claim 1, wherein the pre-execution module is
`further operable for suspending loading of the program onto the
`computing device. ............................................................................ 131
`IV. Conclusion .................................................................................................... 131
`
`
`
`
`
`
`iv
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 4
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`
`I, Dr. Markus Jakobsson, declare the following:
`
`I.
`
`INTRODUCTION
`
`1.
`
`I have been retained by counsel for Petitioner as a technical expert in
`
`the above-captioned case. Specifically, I have been asked to render certain opinions
`
`in regard to the IPR petition with respect to U.S. Patent No. 7,673,137 (the “’137
`
`Patent”). I understand that the Challenged Claims are claims 1, 2, 6, 8, 9, 12, and 25,
`
`and my opinions are limited to those claims. My compensation in this matter is not
`
`based on the substance of my opinions or the outcome of this matter. I have no
`
`financial interest in Petitioner.
`
`A. Materials Reviewed
`2.
`In reaching my opinions in this matter, I have reviewed the following
`
`materials:
`
`• Exhibit 1001 – U.S. Patent No. 7,673,137 (“’137 Patent”);
`
`• Exhibit 1002 – File History of U.S. Patent No. 7,673,137 (“’137 Patent
`File History”);
`
`• Exhibit 1005 – Asit Dan, Ajay Mohindra, Rajiv Ramaswami and Dinkar
`Sitaram, ChakraVyuja (CV): A Sandbox Operating System Environment
`for Controlled Execution of Alien Code, IBM Research Division (“Dan”);
`
`• Exhibit 1006 – U.S. Patent Publication No. 2002/0099952 to Lambert et
`al. (“Lambert”);
`
`• Exhibit 1007 – U.S. Patent No. 7,085,928 to Schmid et al. (“Schmid”);
`
`• Exhibit 1013 – Webster’s New World Dictionary of Computer Terms,
`Simon & Schuster, Inc. (5th ed., 1994) (“Dictionary”);
`
`
`
`5
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 5
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`• Exhibit 1014 – Intel Architecture Software Developer’s Manual Volume
`3: System Programming, Intel Corporation (1999) (“Intel System
`Programming Manual”);
`
`• Exhibit 1015 – David A. Solomon, The Windows NT Kernel Architecture,
`31 Computer 40-47 (October 1998) (“Solomon”);
`
`• Exhibit 1016 – Carol Neshevich, NT 5.0 becomes Windows 2000, 8 New
`World
`Canada
`6,
`https://www.proquest.com/openview/fa3551c04de4b0e4a14ccee74eb12f
`0f/1?pq-origsite=gscholar&cbl=43820
`(November
`20,
`1998)
`(“Neshevich”);
`
`• Exhibit 1017 – Microsoft Releases Windows 2000 to Manufacturing,
`Microsoft
`Corporation
`(December
`15,
`1999)
`https://news.microsoft.com/1999/12/15/microsoft-releases-windows-
`2000-to-manufacturing/ (“Microsoft Windows 2000 Press Release”);
`
`• Exhibit 1018 – Terrance Mitchem, Raymond Lu, Richard O’Brien, Kent
`Larson, Linux Kernel Loadable Wrappers, in Proceedings DARPA
`Information Survivability Conference and Exposition (IEEE, January
`2000) (“Mitchem”);
`
`• Exhibit 1019 – Microsoft Press Computer Dictionary, Microsoft
`Corporation (3rd ed., 1997) (“Microsoft Computer Dictionary”);
`
`• Exhibit 1020 – Gary Wiggins, Living with MalWare, Security Essentials
`version 1.2d, (SANS Institute, 2001) (“Wiggins”);
`
`• Exhibit 1021 – Saliman Manap, Rootkit: Attacker undercover tools.,
`Global
`Information Assurance Certification Paper,
`(10/21/2001)
`(“Manap”);
`
`• Exhibit 1022 – Massimo Bernaschi, Emanuele Gabrielli, Luigi V. Mancini,
`Operating System Enhancement to Prevent Misuse of System Calls, ACM
`CCS’00 (2000) (“Bernaschi”);
`
`• Exhibit 1023 – Pietro Iglio, TrustedBox: a Kernel-Level Integrity Checker,
`in Proceedings 15th Annual Computer Security Applications Conference
`(ACSAC’99) (IEEE, December 1999) (“Iglio”);
`
`
`
`6
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 6
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`• Exhibit 1024 – F. De Paoli, A. L. Dos Santos, R. A. Kemmerer,
`Vulnerability of “Secure” Web Browsers, In Proceedings of the National
`Information Systems Security Conference (May 26, 1997) (“De Paoli”);
`
`• Exhibit 1025 – Bart Preneel, Cryptographic Hash Functions, 5 European
`Transactions on Telecommunications (1994) (“Preneel”);
`
`• Exhibit 1026 – karlrupp, Microprocessor Trend Data, GitHub,
`https://github.com/karlrupp/microprocessor-trend-data#readme (Feb 22,
`2022) (“Microprocessor Trend Data”); and
`
`• Exhibit 1027 –Why
`important?, STL Tech
`is Sandboxing
`https://stl.tech/blog/what-is-sandboxing-and-why-do-we-need-it/
`(October 14, 2022) (“STL Tech”).
`Background and Qualifications
`I have summarized in this section my educational background, career
`
`B.
`3.
`
`history, and other qualifications relevant to this matter. I have also included a current
`
`version of my curriculum vitae, which is attached as Appendix A.
`
`4.
`
`I received a Master of Science degree in Computer Engineering from
`
`the Lund Institute of Technology in Sweden in 1993, a Master of Science degree in
`
`Computer Science from the University of California at San Diego in 1994, and a
`
`Ph.D. in Computer Science from the University of California at San Diego in 1997,
`
`specializing in Cryptography. During and after my Ph.D. studies, I was also a
`
`researcher at the San Diego Supercomputer Center and General Atomics, where I
`
`did research on authentication, privacy, and security. Much of my work was on
`
`distributed protocols to enable security and privacy, and my Ph.D. thesis described
`
`a distributed electronic payment system.
`
`
`
`7
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 7
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`Since earning my doctorate degree over twenty-six years ago, I have
`
`5.
`
`been an employee, entrepreneur, and consultant in the computer systems, security,
`
`and the anti-fraud industry. I have worked extensively with technologies related to
`
`computer security, mobile security, phishing, malware detection, quantitative and
`
`qualitative fraud analysis, and disruptive security. I have worked as an engineer,
`
`researcher or technical advisor at a number of leading companies in the computer
`
`industry, including PayPal, Qualcomm, Bell Labs, and LifeLock. I have also taught
`
`and performed research at several prestigious universities, including New York
`
`University (NYU) and Indiana University (IU). Further, I have been materially
`
`involved in designing, developing, testing, and assessing technologies for computer
`
`and network security, digital rights management, trust establishment, randomness,
`
`cryptography, socio-technical fraud, malware detection, detection of malicious
`
`emails, user interfaces, authentication, and fraud detection for over twenty years.
`
`6.
`
`From 1997 to 2001, I was a Member of Technical Staff at Bell Labs,
`
`where I did research on authentication, privacy, multi-party computation, contract
`
`exchange, digital commerce including crypto payments, and fraud detection and
`
`prevention. An example publication of mine from this time period includes “Secure
`
`distributed computation in cryptographic applications” (U.S. Patent No. 6,950,937,
`
`2001 priority date.) At the end of my tenure at Bell Labs, I had started to research
`
`
`
`8
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 8
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`identity theft years before the banking industry became aware of the existence of
`
`phishing attacks.
`
`7.
`
`From 2001 to 2004, I was a Principal Research Scientist at RSA Labs,
`
`where I worked on predicting future fraud scenarios in commerce and authentication
`
`and developed solutions to those problems. Much of my work related to the
`
`development of anti-fraud mechanisms, addressing authentication abuse and identity
`
`theft. During that time, I predicted the rise of what later became known as phishing.
`
`I also laid the groundwork for what I termed “proof of work,” and described how
`
`this could be applied in the context of distributed computations such as mining of
`
`crypto payments; this work later came to influence the development of BitCoin. I
`
`was also an Adjunct Associate Professor in the Computer Science department at
`
`New York University from 2002 to 2004, where I taught cryptographic protocols,
`
`with an emphasis on authentication.
`
`8.
`
`From 2004 to 2016, I held a faculty position at Indiana University at
`
`Bloomington, first as an Associate Professor of Computer Science, Associate
`
`Professor of Informatics, Associate Professor of Cognitive Science, and Associate
`
`Director of the Center for Applied Cybersecurity Research (CACR) from 2004 to
`
`2008; and then as an Adjunct Associate Professor from 2008 to 2016. I was the most
`
`senior security researcher at Indiana University, where I built a research group
`
`focused on online fraud and countermeasures, resulting in over 50 publications and
`
`
`
`9
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 9
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`two books. One of these books, “Crimeware: Understanding New Attacks and
`
`Defenses” (Wiley, 2008), described malware-based attacks, online abuse in general,
`
`and countermeasures to attacks and abuses of these types.
`
`9. While a professor at Indiana University, I was also employed by Xerox
`
`PARC, PayPal, and Qualcomm to provide thought leadership to their security
`
`groups. I was a Principal Scientist at Xerox PARC from 2008 to 2010, a Director
`
`and Principal Scientist of Consumer Security at PayPal from 2010 to 2013, a Senior
`
`Director at Qualcomm from 2013 to 2015, Chief Scientist at Agari from 2016 to
`
`2018, and Chief of Security and Data Analytics at Amber Solutions from 2018 to
`
`2020.
`
`10.
`
`I was hired by Qualcomm as they acquired a startup I founded,
`
`FatSkunk. FatSkunk had developed algorithms for retroactive detection of malware,
`
`with applications to low-power platforms such as mobile devices. Example
`
`publications include “Retroactive Detection of Malware With Applications to
`
`Mobile Platforms” by Markus Jakobsson and Karl-Anders Johansson, “Practical and
`
`Secure Software-Based Attestation” by Markus Jakobsson and Karl-Anders
`
`Johansson, and U.S. Patent 8,370,935, titled “Auditing a Device”. My work at
`
`Qualcomm related to authentication of users and detection of malware, and the
`
`integration of the FatSkunk technology in Qualcomm products.
`
`
`
`10
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 10
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`11. Agari is a cybersecurity company that develops and commercializes
`
`technology to protect enterprises, their partners and customers from advanced email
`
`phishing attacks. At Agari, my research studied and addressed trends in online fraud,
`
`especially as related to email, including problems such as Business Email
`
`Compromise, Ransomware, and other abuses based on social engineering and
`
`identity deception. My work primarily involved identifying trends in fraud and
`
`computing before
`
`they affected
`
`the market, and developing and
`
`testing
`
`countermeasures, including technological countermeasures, user interaction and
`
`education. Example publications include “Detecting computer security risk based on
`
`previously observed communications” (U.S. Patent No. 10,715,543 B2, 2016
`
`priority date) and “Using message context to evaluate security of requested data”
`
`(U.S. Patent No. 10,805,314 B2, 2017 priority date).
`
`12.
`
`In 2020, after leaving Agari, I was the Chief of Security and Data
`
`Analytics at Amber Solutions, an IoT startup in the San Francisco Bay Area. Amber
`
`Solutions is a cybersecurity company that develops home and office automation
`
`technologies. At Amber Solutions, my research addressed privacy, user interfaces
`
`and authentication techniques in the context of ubiquitous and wearable computing.
`
`My work often related to security in constrained computing environments, as
`
`exemplified in “Configuration and management of smart nodes with limited user
`
`interfaces” (U.S. Patent No. 10,887,447).
`
`
`
`11
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 11
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`I left Amber Solutions to take the role of Chief Scientist at ByteDance
`
`13.
`
`in 2019, where I guided the security research both for ByteDance and TikTok until
`
`I left to co-found Artema Labs, where I am the Chief Scientist. My work at
`
`ByteDance involved identifying new threats, developing new solutions, and guiding
`
`research in areas relating to cryptography and Internet security.
`
`14.
`
`I am also the Chief Technology Officer at ZapFraud, a cybersecurity
`
`company that develops techniques to detect deceptive emails, such as Business
`
`Email Compromise (“BEC”) emails. At ZapFraud, my research studies and
`
`addresses computer abuse, including social engineering, malware and privacy
`
`intrusions, and has also involved studying security aspects related to cloud
`
`computing. My work primarily involves identifying risks, developing protocols and
`
`user experiences, and evaluating the security of proposed approaches.
`
`15.
`
`I also work as an independent security researcher and consultant in the
`
`fields of computer/mobile security, fraud detection/prevention, digital rights
`
`management, malware, phishing, crimeware, mobile malware, and cryptographic
`
`protocols. In addition, I am a visiting research fellow of the Anti-Phishing Working
`
`Group, an international consortium focused on unifying the global response to
`
`cybercrime in the public and private sectors.
`
`16.
`
`I have also served on the advisory board of several companies,
`
`including Metaforic, a company that developed technology for watermarking
`
`
`
`12
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 12
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`software and provided security software with a built-in framework that resists
`
`attacks from malware, bots, hackers and other attempts. Metaforic was acquired by
`
`Inside Secure in 2014.
`
`17.
`
`I have founded or co-founded several successful computer security
`
`companies. In 2005, I co-founded RavenWhite Security, a provider of authentication
`
`solutions, and I am currently its Chief Technical Officer. RavenWhite owns
`
`intellectual property related to authentication, such as “Performing authentication”
`
`(U.S. Patent No. 10,079,823 2007 priority date). In 2007 I co-founded Extricatus,
`
`one of the first companies to address consumer security education. In 2009 I founded
`
`FatSkunk, a provider of mobile malware detection software; I served as Chief
`
`Technical Officer of FatSkunk from 2009 to 2013, when FatSkunk was acquired by
`
`Qualcomm, and I became a Qualcomm employee. FatSkunk developed anti-virus
`
`technology. In 2013 I founded ZapFraud—the same company described above,
`
`where I currently serve as Chief Technical Officer. In 2014 I co-founded
`
`RightQuestion, a security consulting company.
`
`18.
`
`I have additionally served as a member of the fraud advisory board at
`
`LifeLock (an identity theft protection company); a member of the technical advisory
`
`board at CellFony (a mobile security company); a member of the technical advisory
`
`board at PopGiro (a user reputation company); a member of the technical advisory
`
`board at MobiSocial dba Omlet (a social networking company); and a member of
`
`
`
`13
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 13
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`the technical advisory board at Stealth Security (an anti-fraud company). I have
`
`provided anti-fraud consulting to KommuneData (a Danish government entity), J.P.
`
`Morgan Chase, PayPal, Boku, and Western Union.
`
`19.
`
`I have authored seven books and over 100 peer-reviewed publications
`
`and have been a named inventor on over 200 patents and patent applications. A large
`
`number of these relate to Internet security, authentication, malware, spoofing and
`
`related topics.
`
`20. Examples of textbooks I have authored or co-authored on the topic of
`
`Internet security include:
`
`• “Crimeware: Understanding New Attacks and Defenses” (Symantec Press,
`2008)
`
`• “Phishing and Countermeasures: Understanding the Increasing Problem of
`Electronic Identity Theft” (Wiley, 2006);
`
`• “The Death of the Internet” (Wiley, 2012);
`
`• “Understanding Social Engineering Based Scams” (Springer 2016);
`
`• “Towards Trustworthy Elections: New Directions in Electronic Voting”
`(Springer, 2010).
`21. Books translated to Chinese and Korean have separate titles and years
`
`of release.
`
`22.
`
`I have authored numerous publications regarding Internet security,
`
`including Internet security and malware detection. Relevant examples include:
`
`
`
`14
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 14
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`• Tamper-Evident Digital Signatures: Protecting Certification Authorities
`
`Against Malware Jong Youl Choi, Philippe Golle, and Markus Jakobsson;
`
`• “Remote Harm-Diagnostics”, (PDF) Privacy-preserving history mining for
`
`web browsers (researchgate.net);
`
`• “Server-Side Detection of Malware Infection”, NSPW Proceedings on New
`
`Security Paradigms Workshop (2009).
`
`23. An exemplary relevant patent publication includes U.S. Patent No.
`
`8,578,174. This patent was assigned to Palo Alto Research Center Incorporated
`
`arising out of my employment.
`
`24. My opinions are based on my years of education, research, and
`
`experience, as well as my study of relevant materials. In forming my opinions, I have
`
`also considered the materials identified in this declaration and in the Petition.
`
`25.
`
`In sum, I have extensive experience both as a developer and a
`
`researcher relating to computer security.
`
`II. LEGAL FRAMEWORK
`
`26.
`
`I am a technical expert and do not offer any legal opinions. However,
`
`counsel has informed me as to certain legal principles regarding patentability and
`
`related matters under United States patent law, which I have applied in performing
`
`my analysis and arriving at my technical opinions in this matter.
`
`
`
`15
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 15
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`I have been informed that claim terms are to be given the meaning they
`
`27.
`
`would have to a person having ordinary skill in the art at the time of the invention,
`
`taking into consideration the patent, its file history, and, secondarily, any applicable
`
`extrinsic evidence (e.g., dictionary definitions).
`
`28.
`
`I have also been informed that the implicit or inherent disclosures of a
`
`prior art reference may anticipate the claimed invention. Specifically, if a person
`
`having ordinary skill in the art at the time of the invention would have known that
`
`the claimed subject matter is necessarily present in a prior art reference, then the
`
`prior art reference may “anticipate” the claim. Therefore, a claim is “anticipated” by
`
`the prior art if each and every limitation of the claim is found, either expressly or
`
`inherently, in a single item of prior art.
`
`29.
`
`I have also been informed that a person cannot obtain a patent on an
`
`invention if the differences between the invention and the prior art are such that the
`
`subject matter as a whole would have been obvious at the time the invention was
`
`made to a person having ordinary skill in the art. I have been informed that a
`
`conclusion of obviousness may be founded upon more than a single item of prior art.
`
`I have been further informed that obviousness is determined by evaluating the
`
`following factors: (1) the scope and content of the prior art, (2) the differences
`
`between the prior art and the claim at issue, (3) the level of ordinary skill in the
`
`pertinent art, and (4) secondary considerations of non-obviousness. In addition, the
`
`
`
`16
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 16
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`obviousness inquiry should not be done in hindsight. Instead, the obviousness
`
`inquiry should be done through the eyes of a person having ordinary skill in the
`
`relevant art at the time the patent was filed.
`
`30.
`
`In considering whether certain prior art renders a particular patent claim
`
`obvious, counsel has informed me that I can consider the scope and content of the
`
`prior art, including the fact that one of skill in the art would regularly look to the
`
`disclosures in patents, trade publications, journal articles, industry standards,
`
`product literature and documentation, texts describing competitive technologies,
`
`requests for comment published by standard setting organizations, and materials
`
`from industry conferences, as examples. I have been informed that for a prior art
`
`reference to be proper for use in an obviousness analysis, the reference must be
`
`“analogous art” to the claimed invention. I have been informed that a reference is
`
`analogous art to the claimed invention if: (1) the reference is from the same field of
`
`endeavor as the claimed invention (even if it addresses a different problem); or (2)
`
`the reference is reasonably pertinent to the problem faced by the inventor (even if it
`
`is not in the same field of endeavor as the claimed invention). In order for a reference
`
`to be “reasonably pertinent” to the problem, it must logically have commended itself
`
`to an inventor's attention in considering his problem. In determining whether a
`
`reference is reasonably pertinent, one should consider the problem faced by the
`
`inventor, as reflected either explicitly or implicitly, in the specification. I believe that
`
`
`
`17
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 17
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`all of the references that my opinions in this IPR are based upon are well within the
`
`range of references a person having ordinary skill in the art would consult to address
`
`the type of problems described in the Challenged Claims.
`
`31.
`
`I have been informed that, in order to establish that a claimed invention
`
`was obvious based on a combination of prior art elements, a clear articulation of the
`
`reason(s) why a claimed invention would have been obvious must be provided.
`
`Specifically, I am informed that a combination of multiple items of prior art renders
`
`a patent claim obvious when there was an apparent reason for one of ordinary skill
`
`in the art, at the time of the invention, to combine the prior art, which can include,
`
`but is not limited to, any of the following rationales: (A) combining prior art methods
`
`according to known methods to yield predictable results; (B) substituting one known
`
`element for another to obtain predictable results; (C) using a known technique to
`
`improve a similar device in the same way; (D) applying a known technique to a
`
`known device ready for improvement to yield predictable results; (E) trying a finite
`
`number of identified, predictable potential solutions, with a reasonable expectation
`
`of success; (F) identifying that known work in one field of endeavor may prompt
`
`variations of it for use in either the same field or a different one based on design
`
`incentives or other market forces if the variations are predictable to one of ordinary
`
`skill in the art; or (G) identifying an explicit teaching, suggestion, or motivation in
`
`
`
`18
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 18
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`the prior art that would have led one of ordinary skill to modify the prior art reference
`
`or to combine the prior art references to arrive at the claimed invention.
`
`32.
`
`I am informed that the existence of an explicit teaching, suggestion, or
`
`motivation to combine known elements of the prior art is a sufficient, but not a
`
`necessary, condition to a finding of obviousness. This so-called “teaching
`
`suggestion-motivation” test is not the exclusive test and is not to be applied rigidly
`
`in an obviousness analysis. In determining whether the subject matter of a patent
`
`claim is obvious, neither the particular motivation nor the avowed purpose of the
`
`patentee controls. Instead, the important consideration is the objective reach of the
`
`claim. In other words, if the claim extends to what is obvious, then the claim is
`
`invalid. I am further informed that the obviousness analysis often necessitates
`
`consideration of the interrelated teachings of multiple patents, the effects of demands
`
`known to the technological community or present in the marketplace, and the
`
`background knowledge possessed by a person having ordinary skill in the art. All of
`
`these issues may be considered to determine whether there was an apparent reason
`
`to combine the known elements in the fashion claimed by the patent.
`
`33.
`
`I also am informed that in conducting an obviousness analysis, a precise
`
`teaching directed to the specific subject matter of the challenged claim need not be
`
`sought out because it is appropriate to take account of the inferences and creative
`
`steps that a person of ordinary skill in the art would employ. The prior art considered
`
`
`
`19
`
`IPR2024-00027
`CrowdStrike Exhibit 1003 Page 19
`
`

`

`IPR2024-00027
`U.S. Patent 7,673,137
`can be directed to any need or problem known in the field of endeavor at the time of
`
`invention and can provide a reason for combining the elements of the prior art in the
`
`manner claimed. In other words, the prior art need not be directed towards solving
`
`the same specific problem as the problem addressed by the patent. Further, the
`
`individual prior art references themselves need not all be directed towards solving
`
`the same problem. I am informed that common sense is important and should be
`
`considered. Common sense teaches that familiar items may have obvious uses
`
`beyond their primary purposes.
`
`34.
`
`I also am informed that the fact that a particular combination of prior
`
`art elements was “obvious to try” may indicate that the combination was obvious
`
`even if no one attempted the combination. If the combination was ob