· · · · · Going back to your declaration at paragraph 42, you say, "In fact, namespaces can have a flat structure forming a single collection of unique names."

· · · · · THE WITNESS:· I don't know how you can organize your data -- I mean, the point is that every file within the directory should be uniquely identified.· That's all.· It's simple, yeah.

· · ·Q.· ·So it provides some metadata field examples.· And then if you go to paragraph 142, one of the examples, is, quote:· "File ancestry information such as:· Copied from, moved from, created from, version of."

· · · · · THE WITNESS:· I don't know exactly the term they use, child or not.· But like -- like what paragraph 142 says, basically it tells you, hey, the ancestry information is such that this file is copied from which file.· Yeah.

· · · · · So my point is that putting all these things together, you would expect that the POSITA will understand that, yes, the user access the file, but then the placement into the appropriate Fortinet Ex. 2004, Page 74 of 212

I will be subject to the USPTO Rules of Professional Conduct set forth in 37 C.F.R. §§ 11.101 et seq.

Declaration of Andrew N. Klein i. Adobe Inc. v. RAH Color Technologies LLC Cases:

experience representing clients in cases involving patents or other intellectual property interests.

I regularly litigate patent cases in various forums including federal district courts across the United States.

Respectfully submitted, /Andrew N. Klein/ Andrew N. Klein Perkins Coie LLP 3150 Porter Drive Palo Alto, California 94304-1212 Netskope Exhibit 1024

Overall, Petitioner appears to completely ignore or overlook the fact that the Petition relies on multiple dissimilar policies to address the single “policy” recited by the independent claims.

In contrast, Herrmann teaches a gateway system that enforces the installation and use of approved anti-virus applications on client computers before they can access a network or other protected resources.

Overall, Petitioner once again appears to completely ignore or overlook the fact that the Petition relies on multiple dissimilar policies in Auradkar to address the single “policy” recited by the independent claims.

More specifically, Petitioner contends that a POSITA “would have been motivated to modify [Auradkar’s] technique by Chiueh’s mechanism that allowed searching individual document pages.” Id. 79; see also id. 97, 106 (more discussion of the same alleged combination).

Given these teachings, Petitioner does not explain how or why a POSITA would look to modify Auradkar’s platform to implement Auradkar’s complex techniques on Chambers’ simple “network access device” (i.e., the purported “gateway” device), which cannot even function properly without a separate “management server.” See Chambers, ¶¶24-28.

Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway, “UMAC: Fast and Secure Message Authentication.” Advances in Cryptology — CRYPTO ’99, Lecture Notes in Computer Science, Vol.

Black and P. Rogaway, “Enciphering Finite Sets of Arbitrary Size.” RSA Data Security Conference, Cryptographer’s Track (RSA-CT), Lecture Notes in Computer Science, Vol.

Black, P. Rogaway, and T. Shrimpton, “Encryption Scheme Security in the Presence of Key-Dependent Messages.” Selected Areas in Cryptography — SAC 2002, Lecture Notes in Computer Science, Vol.

Black and M. Cochran and T. Highland, “A Study of the MD5 Attacks: Insights and Improvements”, Fast Software Encryption — FSE 2006, Lecture Notes in Computer Science, Vol.

Black and P. Rogaway, “A Suggestion for Handling Arbitrary-Length Messages with the CBC MAC.” NIST Symmetric Key Block Cipher Modes of Operation Workshop—2000, 4 pages, Sep 2000.

FARSITE: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment Atul Adya, William J. Bolosky, Miguel Castro, Ronnie Chaiken, Gerald Cermak, John R. Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, Roger P. Wattenhofer Microsoft Research, Redmond, WA 98052 {adya, bolosky, mcastro, rchaiken, gcermak, johndo, howell, lorch, theimer}@microsoft.com; wattenhofer@inf.ethz.ch Abstract Farsite is a secure, scalable file system that logically functions as a centralized file server but is physically distributed among a set of untrusted computers.

Physically centralized servers are vulnerable to geographically localized faults, and their store of increasingly sensitive and valuable information makes them attractive, concentrated targets for subversion and data theft, in contrast to the inherent decentralization of desktop workstations.

We assume that a small but significant fraction of users will maliciously attempt to destroy or corrupt file data or metadata, a reasonable assumption for our target environment but an unreasonably optimistic one on the open Internet.

The two obvious ways of accomplishing this are unacceptable: Private-key-signing every committed update would be prohibitively expensive (roughly a disk seek time), and holding the user’s private key on the client through a crash would open a security hole.

It provides availability and reliability through replication; privacy and authentication through cryptography; integrity through Byzantine-fault-tolerance techniques; consistency through leases of variable granularity and duration; scalability through namespace delegation; and reasonable performance through client caching, hint- based pathname translation, and lazy update commit.

Onr evaluation on a real-world test-bed show that Dragonfrnit is able to work with several doud providers such as Google-Drive and Dropbm: simultmwously and is abfo to respond to search requests within a few seconds proving a reasonable performance overhead for practical usage.

Users are willing to pay for services which give them access to their data from any location, without requiring them to carry devices \Vith large amounts of memory.

In order to prevent further damage to US-based cloud operations, and to restore faith in the solutions available bet"e, and elsewhere, new technologies must be developed \Vhic:h provide better than end-to-end encryption.

Our objective in this study is to design and evaluate a practical and scalable framework for higb performance and security-aware electronic: search on large scale databases of customer records.

In this paper we describe algorithms and systems for securing cloud-based storage and providing search over these encrypted records enabling the use of remote untrusted c:loucl--servers wb ile reducing infonna1ion leakage.

limitations make the network potentially vulnerable to mali- cious code on a client machine that is connected to the

Inc. of San Jose, Calif., Check Point Software of Redwood ing the detailed method steps of the operations of the system

of the present invention in handling an exemplary request City, Calif., and Intel Corporation of Santa Clara, Calif.

and the virus definition (DAT) file version and publication date available on the client device.

integrity server commences the process of evaluating whetheror not the client device should be allowed to access

First, all Cidon, Shikfa, and Herrmann were all concerned with improving computer networking and security for accessing files stored in a remote storage location by client devices.

Cidon’s management server was “connected to consumer-based file repositories (e.g., Dropbox 13, Gmail 11, or others such as Evernote) through Application Interfaces (API) 101 and 103 or through web access, similar to the way that a browser interact[ed] with a web server, accessing stored files through interface[d] such as FTP, Secured FTP (SFTP) or WebDAV.” (Cidon, ¶100; see also Cidon, ¶99 (describing that its disclosed system supported cloud storage services such as “Dropbox, Box, Sugarsync or a web-based storage system such the one offered by Amazon S3 or EMC” and “Google Docs, Office 365, Evernote and even cloud-based email accounts such as Gmail.”).)

From these disclosures of Cidon, a POSITA would have found it obvious to have included the so-called mediation module in Cidon’s management server 100 to perform the aforementioned functionalities for serving as a “proxy” because the user device and various cloud platforms.

Incorporating the teachings of Chambers into Auradkar’s system would have allowed to automatically assign a policy based on, e.g., the user’s role in the organization or the device used by the user, would have resulted in consistent Netskope Exhibit 1002

As explained above, a POSITA would have found it obvious to use Chambers’ gateway device to perform the functions described in Auradkar, such as storing the searchable encryption file on one or more cloud platforms based on the

ing; secondly, the data owner encrypts a querying keyword capacity at the user’s terminal, incapability of providing

with the key, and sends the encrypted keywordto the storage stable or long time continuous access of data at the user’s

Generally, the KIS locator generation unit 104 maps searchersat different privacy levels are enabled to search and

ownerfirstly sets the file locator generation and decryption suitable privacy level in a secure manner.

item set locator is generated by encrypting the corresponding a data signal embodiedin a carrier wave over a transmission

[0027] FIG. 1 illustrates a flow diagram ofa userinterface In one aspect of the present invention, a point of an [0019]

[0069] Each ofthese link weights represents the degree of components: a system for image ranking based on the

methods(similar to a Thevenin circuit analysis technique) in object)}—for many images in the database there are a set of

find the rank of an image (the sum of the weights for that overall degree of association with the user selected object)

average of the link aperture points on each image for which click weight of w. It then returns, based on the number of

In par- ticular, we look at what forms of syntax and vocabularies publishers are using to mark up data inside HTML pages.

Publishers prefer this method due to the ease of implementation and maintenance: since most webpages are dynamically gener- ated, adding markup simply requires extending the template that produces the pages.

Ta- bles reftbl:topsites-rdfa and 3 and 4 show the top 10 sites as measured by the number of triples using RDFa, microdata, or hcard, respectively.

We also ob- serve a natural preference to mark up simple types of objects (e.g. breadcrumbs), though we did not formally investigate the relationship between the complexity of markup and its adoption.

There is significant future work to be done in order to evaluate the quality and practical usefulness of data embed- ded in HTML, with respect to some existing or novel tasks.

oocr Asayjoie Aseiqiryua MadlN 40}0819x9 JaepeojuMog OLoy vler Asaijeq eLey adi

application in a waythat provides publisher controlled selec- scend conventional container security models;

implementation of a trustworthy cloud services using the networks that add the cryptographic access wrapper to data

whereverit is stored across various data containers; digital escrow pattern to implementa secure extranet for an

region of control, obscured metadata formed from an analysis ofthe data and at least one other mathematical transformation

the file management server is executed while a applying a tion keys that maybestored at the user deviceto find at least

stored at the user deviceto find at least zero decryption keys the multiple encrypted file segments to the storage service.

ments; calculate a file segment signature for each of the store instructions forretrieving, by a user device, of multiple

store instructions for receiving a request, by a management device that may be arranged to retrieve multiple file segment

[0087] c. The ability to browse, create, load, copy, move and store folders and files in remote devicesthat are not

such as T1, T3, cable, Digital Subscriber Line (DSL), wire- interface for configuring access control rules and policies

(communicate with) one or more other network access FIG. 7 is a flow diagram illustrating a method for [0014] devices to reach the WANact as intermediate nodes of the

101 includes an access control policy (ACP) manager 113 to [0024] FIG.1is a block diagram illustrating a cloud man-

manage ACPs 114 and access control rules (ACRs) 115, aged network system according to one embodiment of the

of a media access control (MAC) address of the network ACPs and the ACRs from the management server over the client device.

Microsoft omputer Netskope Exhibit 1022 aT]elereTeeOMmALAAsede1Keil ) technologies, terms, and acronyms: * Easy to read, expertly illustrated— e Definitive coverage of hardware, software, the Internet, and more!

A con- trol code, ASCII character 21 (hexadecimal 15), transmut- ted to a sending station or computer by the receiving unit as a signal that transmitted information has arrived incor- rectly.

In every- day terms, a namespace is comparable to a telephone book, in which each nameis unique and resolves to the phone numberand address of a particular individual, business, or other entity.

An enhanced version of the Xmodem file transfer protocol that incorporates a 2-byte cyclical redundancy check (CRC) to detect transmission errors.

Designed to be a functional query languagethat is broadly applicable to a variety of XML data types derived from Quilt, XPath, and XQL.