· · · · · Going back to your declaration at paragraph 42, you say, "In fact, namespaces can have a flat structure forming a single collection of unique names."

· · · · · THE WITNESS:· I don't know how you can organize your data -- I mean, the point is that every file within the directory should be uniquely identified.· That's all.· It's simple, yeah.

· · ·Q.· ·So it provides some metadata field examples.· And then if you go to paragraph 142, one of the examples, is, quote:· "File ancestry information such as:· Copied from, moved from, created from, version of."

· · · · · THE WITNESS:· I don't know exactly the term they use, child or not.· But like -- like what paragraph 142 says, basically it tells you, hey, the ancestry information is such that this file is copied from which file.· Yeah.

· · · · · So my point is that putting all these things together, you would expect that the POSITA will understand that, yes, the user access the file, but then the placement into the appropriate Fortinet Ex. 2004, Page 74 of 212

I will be subject to the USPTO Rules of Professional Conduct set forth in 37 C.F.R. §§ 11.101 et seq.

Declaration of Andrew N. Klein i. Adobe Inc. v. RAH Color Technologies LLC Cases:

experience representing clients in cases involving patents or other intellectual property interests.

I regularly litigate patent cases in various forums including federal district courts across the United States.

Respectfully submitted, /Andrew N. Klein/ Andrew N. Klein Perkins Coie LLP 3150 Porter Drive Palo Alto, California 94304-1212 Netskope Exhibit 1024

Overall, Petitioner appears to completely ignore or overlook the fact that the Petition relies on multiple dissimilar policies to address the single “policy” recited by the independent claims.

In contrast, Herrmann teaches a gateway system that enforces the installation and use of approved anti-virus applications on client computers before they can access a network or other protected resources.

Overall, Petitioner once again appears to completely ignore or overlook the fact that the Petition relies on multiple dissimilar policies in Auradkar to address the single “policy” recited by the independent claims.

More specifically, Petitioner contends that a POSITA “would have been motivated to modify [Auradkar’s] technique by Chiueh’s mechanism that allowed searching individual document pages.” Id. 79; see also id. 97, 106 (more discussion of the same alleged combination).

Given these teachings, Petitioner does not explain how or why a POSITA would look to modify Auradkar’s platform to implement Auradkar’s complex techniques on Chambers’ simple “network access device” (i.e., the purported “gateway” device), which cannot even function properly without a separate “management server.” See Chambers, ¶¶24-28.

Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway, “UMAC: Fast and Secure Message Authentication.” Advances in Cryptology — CRYPTO ’99, Lecture Notes in Computer Science, Vol.

Black and P. Rogaway, “Enciphering Finite Sets of Arbitrary Size.” RSA Data Security Conference, Cryptographer’s Track (RSA-CT), Lecture Notes in Computer Science, Vol.

Black, P. Rogaway, and T. Shrimpton, “Encryption Scheme Security in the Presence of Key-Dependent Messages.” Selected Areas in Cryptography — SAC 2002, Lecture Notes in Computer Science, Vol.

Black and M. Cochran and T. Highland, “A Study of the MD5 Attacks: Insights and Improvements”, Fast Software Encryption — FSE 2006, Lecture Notes in Computer Science, Vol.

Black and P. Rogaway, “A Suggestion for Handling Arbitrary-Length Messages with the CBC MAC.” NIST Symmetric Key Block Cipher Modes of Operation Workshop—2000, 4 pages, Sep 2000.

FARSITE: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment Atul Adya, William J. Bolosky, Miguel Castro, Ronnie Chaiken, Gerald Cermak, John R. Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, Roger P. Wattenhofer Microsoft Research, Redmond, WA 98052 {adya, bolosky, mcastro, rchaiken, gcermak, johndo, howell, lorch, theimer}@microsoft.com; wattenhofer@inf.ethz.ch Abstract Farsite is a secure, scalable file system that logically functions as a centralized file server but is physically distributed among a set of untrusted computers.

Physically centralized servers are vulnerable to geographically localized faults, and their store of increasingly sensitive and valuable information makes them attractive, concentrated targets for subversion and data theft, in contrast to the inherent decentralization of desktop workstations.

We assume that a small but significant fraction of users will maliciously attempt to destroy or corrupt file data or metadata, a reasonable assumption for our target environment but an unreasonably optimistic one on the open Internet.

The two obvious ways of accomplishing this are unacceptable: Private-key-signing every committed update would be prohibitively expensive (roughly a disk seek time), and holding the user’s private key on the client through a crash would open a security hole.

It provides availability and reliability through replication; privacy and authentication through cryptography; integrity through Byzantine-fault-tolerance techniques; consistency through leases of variable granularity and duration; scalability through namespace delegation; and reasonable performance through client caching, hint- based pathname translation, and lazy update commit.

Onr evaluation on a real-world test-bed show that Dragonfrnit is able to work with several doud providers such as Google-Drive and Dropbm: simultmwously and is abfo to respond to search requests within a few seconds proving a reasonable performance overhead for practical usage.

Users are willing to pay for services which give them access to their data from any location, without requiring them to carry devices \Vith large amounts of memory.

In order to prevent further damage to US-based cloud operations, and to restore faith in the solutions available bet"e, and elsewhere, new technologies must be developed \Vhic:h provide better than end-to-end encryption.

Our objective in this study is to design and evaluate a practical and scalable framework for higb performance and security-aware electronic: search on large scale databases of customer records.

In this paper we describe algorithms and systems for securing cloud-based storage and providing search over these encrypted records enabling the use of remote untrusted c:loucl--servers wb ile reducing infonna1ion leakage.

limitations make the network potentially vulnerable to mali- cious code on a client machine that is connected to the

Inc. of San Jose, Calif., Check Point Software of Redwood ing the detailed method steps of the operations of the system

of the present invention in handling an exemplary request City, Calif., and Intel Corporation of Santa Clara, Calif.

and the virus definition (DAT) file version and publication date available on the client device.

integrity server commences the process of evaluating whetheror not the client device should be allowed to access

First, all Cidon, Shikfa, and Herrmann were all concerned with improving computer networking and security for accessing files stored in a remote storage location by client devices.

Cidon’s management server was “connected to consumer-based file repositories (e.g., Dropbox 13, Gmail 11, or others such as Evernote) through Application Interfaces (API) 101 and 103 or through web access, similar to the way that a browser interact[ed] with a web server, accessing stored files through interface[d] such as FTP, Secured FTP (SFTP) or WebDAV.” (Cidon, ¶100; see also Cidon, ¶99 (describing that its disclosed system supported cloud storage services such as “Dropbox, Box, Sugarsync or a web-based storage system such the one offered by Amazon S3 or EMC” and “Google Docs, Office 365, Evernote and even cloud-based email accounts such as Gmail.”).)

From these disclosures of Cidon, a POSITA would have found it obvious to have included the so-called mediation module in Cidon’s management server 100 to perform the aforementioned functionalities for serving as a “proxy” because the user device and various cloud platforms.

Incorporating the teachings of Chambers into Auradkar’s system would have allowed to automatically assign a policy based on, e.g., the user’s role in the organization or the device used by the user, would have resulted in consistent Netskope Exhibit 1002

As explained above, a POSITA would have found it obvious to use Chambers’ gateway device to perform the functions described in Auradkar, such as storing the searchable encryption file on one or more cloud platforms based on the