throbber
Page 1
`
` U N I T E D S T A T E S P A T E N T A N D T R A D E M A R K O F F I C E
`
` _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
`
` B E F O R E T H E P A T E N T T R I A L A N D A P P E A L B O A R D
`
` _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
`
` E M C C O R P O R A T I O N
`
` P e t i t i o n e r
`
` V .
`
` A C T I V I D E N T I T Y , I N C .
`
` P a t e n t O w n e r
`
` _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
`
` I P R 2 0 1 7 - 0 0 3 3 8
`
` P a t e n t 9 , 0 9 8 , 6 8 5
`
` D E P O S I T I O N O F B . C L I F F O R D N E U M A N , P h . D .
`
` S e p t e m b e r 2 8 , 2 0 1 7
`
` 8 : 5 6 a . m .
`
`1 2
`
`3
`
`4
`
`5
`
`6 7
`
`8
`
`9
`
`1 0
`
`1 1
`
`1 2
`
`1 3
`
`1 4
`
`1 5
`
`1 6
`
`1 7
`
`1 8
`
`1 9
`
`2 0
`
`2 1
`
`2 2
`
`2 3
`
` V e r i t e x t L e g a l S o l u t i o n s
`
`2 4
`
` M i d - A t l a n t i c R e g i o n
`
` 1 2 5 0 E y e S t r e e t N W - S u i t e 3 5 0
`
`2 5
`
` W a s h i n g t o n , D . C . 2 0 0 0 5
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`IV 2006
`IPR2017-00338
`
`

`

`Page 2
`
` DEPOSITION OF B. CLIFFORD NEUMAN,
`
` Ph.D., a witness called on behalf of the
`
` Patent Owner, pursuant to the provisions of
`
` the Patent and Trademark Office Rules of
`
` Civil Procedure, before Jill Shepherd,
`
` Registered Professional Reporter,
`
` MA-CSR #148608, NH-CSR #128, CA-CSR #13275,
`
` CLR, and Notary Public, in and for the
`
` Commonwealth of Massachusetts, at the
`
` offices of Wilmer Hale, 60 State Street,
`
` Boston, Massachusetts, on Thursday,
`
` September 28, 2017, commencing at 8:56 a.m.
`
`1 2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
` Veritext Legal Solutions
`
`24
`
` Mid-Atlantic Region
`
` 1250 Eye Street NW - Suite 350
`
`25
`
` Washington, D.C. 20005
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

` APPEARANCES:
`
`Page 3
`
` WILMER CUTLER PICKERING HALE AND DORR, LLP
`
` By: Arthur C.H. Shum, Esq.
`
` Cynthia Vreeland, Esq.
`
` 60 State Street
`
` Boston, MA 02109
`
` Tel: 617.526.6667
`
` E-mail: arthur.shum@wilmerhale.com
`
` On Behalf of the Petitioner.
`
` STERNE KESSLER GOLDSTEIN & FOX
`
` By: Lori Gordon, Esq.
`
` Lestin Kenton, Esq.
`
` 1100 New York Ave. NW, Suite 600
`
` Washington, DC 20005
`
` Tel: 202.772.8862
`
` E-mail: lgordon@skgf.com
`
` lkenton@skgf.com
`
` On Behalf of the Patent Owner and
`
` Third-Party Licensee.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`
`2 3 4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`

`

`Page 4
`
` A L S O P R E S E N T :
`
` T h o m a s B r o w n , C o u n s e l
`
` E M C
`
` H o p k i n t o n , M A
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`
`2
`
`3
`
`4
`
`5 6 7 8 9
`
`1 0
`
`1 1
`
`1 2
`
`1 3
`
`1 4
`
`1 5
`
`1 6
`
`1 7
`
`1 8
`
`1 9
`
`2 0
`
`2 1
`
`2 2
`
`2 3
`
`2 4
`
`2 5
`
`

`

`Page 5
`
` I N D E X
`
` WITNESS PAGE
`
` B. CLIFFORD NEUMAN, Ph.D.
`
` Examination by Ms. Gordon 6
`
` E X H I B I T S
`
` NO. DESCRIPTION PAGE
`
` (NO NEW EXHIBITS OFFERED)
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`1
`
`2
`
`3
`
`4
`
`5 6 7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 6
`
` P R O C E E D I N G S
`
` EXAMINATION BY MS. GORDON
`
` Q. Good morning, Dr. Neuman. Could you please
`
` state your full name for the record.
`
` A. Yes. It is Barry Clifford Neuman. I use B.
`
` Clifford Neuman, spelled C-L-I-F-F-O-R-D,
`
` N-E-U-M-A-N.
`
` Q. Thank you.
`
` And you understand that you are here
`
` today to testify regarding the testimony you
`
` submitted by declaration in the United
`
` States Patent and Trademark Office in the
`
` inter partes review of U.S. patent number
`
` 9,098,685?
`
` A. I do.
`
` Q. All right.
`
` And for purposes of today's
`
` deposition, is it okay if we refer to that
`
` patent as the '685 patent?
`
` A. Yes, it is.
`
` Q. All right. Thank you.
`
` Dr. Neuman, have you been deposed
`
` before?
`
` A. I have.
`
` Q. And how many times?
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 7
`
` A. Probably somewhere between about 15 and 20
`
` over the course of many years.
`
` Q. Okay.
`
` And were those related to litigations?
`
` A. Those were most -- well, some were related
`
` to IPRs, some to CBMs, some related to
`
` litigations in a patent cases. There was
`
` one in a contract case and then there was
`
` one having to do with an accident that I
`
` witnessed.
`
` Q. Okay.
`
` So you have been involved in IPR
`
` proceedings before?
`
` A. I have.
`
` Q. And you have been deposed in those
`
` proceedings?
`
` A. I have. In some of those proceedings.
`
` Q. In some of those.
`
` And have any of the proceedings that
`
` you mentioned in either the litigation or
`
` the IPRs happened in the last four years?
`
` A. Yes. Quite a number of those have.
`
` Q. All right.
`
` And do you have a CV that lists the
`
` litigation matters --
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 8
`
` A. My CV does not list those litigation
`
` matters. I do have a list elsewhere that I
`
` have provided in various cases.
`
` Q. Okay.
`
` And do you know if that list has been
`
` provided in this case?
`
` A. I do not recall offhand.
`
` Q. Okay.
`
` MS. GORDON: So Arthur, I don't
`
` think we have a list of his litigations --
`
` in this case, we don't have a list of his
`
` litigations, prior litigations, so if it
`
` would be possible to get a copy of that this
`
` morning, that would be great.
`
` MR. SHUM: Do you need it this
`
` morning or can it be after the deposition?
`
` MS. GORDON: If there's a way we
`
` could get it while the deposition would be
`
` open just in case there's some questions
`
` that we need to ask about.
`
` A. Well, I think that would only be possible if
`
` I were to go through my records, and that's
`
` not something that's going to be conducive
`
` timewise to this. I'm happy to do that
`
` after the deposition.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 9
`
` Q. Okay. All right. Thank you. I can talk to
`
` Mr. Shum at the break and figure out how
`
` best to proceed on this.
`
` So did any of the litigation matters
`
` that you referenced involve EMC as the
`
` petition or the party you represented?
`
` A. I believe, and I'm not certain, but I
`
` believe this is the only matter that
`
` involved EMC.
`
` Q. Okay.
`
` And in any of those matters, have you
`
` been adverse to Intellectual Ventures?
`
` A. I have had matters, I don't recall if they
`
` were IPRs or if they were more district
`
` court where Intellectual Ventures in one of
`
` its instances -- I know you've got the I,
`
` the II, the III there, I believe I have had
`
` matters where Intellectual Ventures in at
`
` least one of those many instances may have
`
` been a party.
`
` Q. All right.
`
` And do you recall if that was an --
`
` those were IPR matters?
`
` A. I do not recall offhand.
`
` Q. But that would be something that would be
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 10
`
` reflected in your listing of litigation
`
` matters?
`
` A. That would be something that would be
`
` reflected in a listing of the litigation
`
` matters that I can construct given the time
`
` to do that.
`
` Q. All right.
`
` And have you constructed that list of
`
` litigation matters for any of your prior
`
` cases?
`
` A. I have constructed recent lists of
`
` litigation matters, yes.
`
` Q. Okay.
`
` So you have a copy of that you
`
` recently constructed?
`
` A. I would be able to find that list that would
`
` at least indicate those within the past five
`
` years.
`
` Q. All right. Thank you.
`
` So it seems like you've had a good set
`
` of experiences with depositions so I won't
`
` drill down into all the rules of a
`
` deposition; but at a high level, I do like
`
` to take breaks every 60 to 90 minutes. If
`
` there's a point during this deposition where
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 11
`
` you feel like you need a break, just let
`
` your attorney know, and we'll finish any
`
` questions that are pending and take a break
`
` at the convenience of the testimony.
`
` And, Dr. Neuman, is there any reason
`
` you cannot give truthful and complete
`
` testimony here today?
`
` A. No, there's not.
`
` Q. Dr. Neuman, when were you first contracted
`
` to work as an expert on this specific inter
`
` partes review matter?
`
` A. As to first contact, I don't recall
`
` specifically. As to when I began work on
`
` this matter, I believe to the best of my
`
` recollection that that was in the October
`
` time frame of 2016.
`
` Q. So October of last year, about a year ago?
`
` A. Yeah, about a year ago.
`
` Q. All right.
`
` And do you recall who first contacted
`
` you to work on this IPR matter?
`
` A. I don't recall specifically. I believe it
`
` was one of the attorneys, one of the
`
` attorneys working on the matter.
`
` Q. Was it an attorney from Wilmer Hale that
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 12
`
` contacted you?
`
` A. I believe that it was.
`
` Q. Okay.
`
` And was it an attorney you had worked
`
` on before in any of the other litigation
`
` matters?
`
` MR. SHUM: Objection.
`
` A. I do not recall it being an attorney that I
`
` worked on specifically. Worked on -- worked
`
` with specifically in a previous matter.
`
` Q. Okay.
`
` And are you retained by EMC to work on
`
` this matter?
`
` A. There's a lot of confusion due to recent
`
` mergers, so whether it is EMC or Dell, that
`
` entity is who I'm retained by.
`
` Q. Okay.
`
` And is that reflected in the agreement
`
` that you signed, which entity you are
`
` working for?
`
` A. One of those is reflected in the agreement
`
` that I signed. In the meantime, there have
`
` been various changes and things that have
`
` changed procedures, though not necessarily
`
` the original agreement.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` Q. When you say "changed procedures," is that
`
`Page 13
`
` who you are being paid by?
`
` A. How I submit my bills.
`
` Q. How you submit your bills.
`
` So who do you submit your bills to
`
` currently?
`
` A. I currently submit my bills, and this is
`
` still a point of confusion, but I believe to
`
` Dell.
`
` Q. To Dell. All right.
`
` And is that who you've always
`
` submitted your invoices to?
`
` A. As I indicated already, there was a lot of
`
` confusion, and I think at one point invoices
`
` were supposed to be submitted to EMC. There
`
` were changes in their billing systems, and
`
` at one interim point I submitted my bills
`
` through Wilmer Hale.
`
` Q. I see.
`
` And -- but today you submit them to
`
` Dell?
`
` A. Today I believe I am supposed to submit them
`
` to Dell, and the last one I submitted was to
`
` Dell.
`
` Q. Okay. All right. Thank you.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 14
`
` So for other -- other than for
`
` purposes of this inter partes review
`
` proceeding, have you been retained as an
`
` expert to consult on the validity of the
`
` '685 patent?
`
` A. Sorry, can you repeat that?
`
` Q. Yes.
`
` So other than for purposes of this
`
` inter partes review proceeding, have you
`
` been retained as an expert to consult on the
`
` validity of the '685 patent?
`
` A. Other than this particular matter before the
`
` PTO?
`
` Q. Yes.
`
` A. I have not been retained to consult on the
`
` validity. But to clarify, I don't recall
`
` the specific terms in the retention letters,
`
` so it may have been generic. But I have not
`
` been asked to provide opinions for other
`
` things in this proceedings with respect to
`
` this '685.
`
` Q. Understood.
`
` To this point you have only been asked
`
` to opine on the validity of the '685 patent
`
` relative to this proceeding?
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 15
`
` A. And validity or invalidity, but, yes, only
`
` with respect to these proceedings.
`
` Q. Thank you.
`
` So Dr. Neuman, I'm going to hand you a
`
` number of documents that we will likely be
`
` referring to throughout the course of this
`
` deposition so you would have them in front
`
` of you in case you want to refer to them.
`
` So the first I'm going to hand you has
`
` been marked as Exhibit 1002 to this
`
` proceeding. And it's the Declaration of B.
`
` Clifford Neuman, Ph.D., regarding to U.S.
`
` patent number 9,098,685.
`
` Dr. Neuman, do you recognize this
`
` document?
`
` A. I do recognize this document.
`
` Q. All right.
`
` Would you like to take a few minutes
`
` to flip through it?
`
` A. (Witness reviewing document.)
`
` Okay. I have quickly scanned through
`
` this and this appears to be the document
`
` that I did submit.
`
` Q. Thank you.
`
` Did you review this document in
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 16
`
` preparation for today's deposition?
`
` A. I did.
`
` Q. And can you turn to page 81 in your
`
` declaration.
`
` A. I'm on page 81.
`
` Q. And is that your signature on page 81?
`
` A. That is my signature on page 81.
`
` Q. And you signed this on December 7, 2016?
`
` A. I signed that on December 7, 2016.
`
` Q. All right.
`
` And did you sign electronically or by
`
` ink?
`
` A. I signed the final page by ink, which I then
`
` scanned and returned to the attorneys.
`
` Q. Right. Thank you.
`
` So I'm going to hand you a second
`
` document, which has been labeled
`
` Exhibit 1001 to this proceeding, and this is
`
` U.S. patent number 9,098,685, Hamid.
`
` Dr. Neuman, do you recognize this
`
` document?
`
` A. I do recognize this document.
`
` Q. And did you review this document in
`
` preparation for today's deposition?
`
` A. I did review this document in preparation
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 17
`
` for today's deposition.
`
` Q. Next I'm handing you what's been marked as
`
` Exhibit 1011 to this proceeding. And this
`
` is U.S. patent number 6,691,232 to Wood,
`
` et al.
`
` And Dr. Neuman, do you recognize this
`
` document?
`
` A. I do recognize this document.
`
` Q. And did you review this document in
`
` preparation for today's deposition?
`
` A. Yes. I did review this document in
`
` preparation for today's deposition.
`
` Q. And the final document I'm handing you has
`
` been marked as Exhibit 1005. And this is a
`
` document titled "Access Control Framework
`
` for Distributed Applications" by Clifford
`
` Neuman and Tatyana Ryutov.
`
` A. Ryutov.
`
` Q. And Dr. Neuman, are you one of the listed
`
` authors of this document?
`
` A. I am one of the listed authors of this
`
` document.
`
` Q. And do you recognize the document that I
`
` just handed you that has been marked as
`
` Exhibit 1005 as the document you drafted?
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 18
`
` A. I do recognize this as the document that I
`
` drafted in that time frame.
`
` Q. All right. Thank you.
`
` And did you review this document in
`
` preparation for today's deposition?
`
` A. I did review this document in preparation
`
` for today's deposition.
`
` Q. Thank you.
`
` So before we get into your declaration
`
` and the references in front of you, I'd like
`
` to talk a little bit about terminology in
`
` the security field.
`
` Dr. Neuman, how long have you been
`
` working in computer security?
`
` A. I've been working in computer security since
`
` roughly about 1984.
`
` Q. Okay.
`
` So that's about 35 years almost, 33,
`
` 34 years?
`
` A. About 33 years.
`
` Q. All right.
`
` And do you currently teach a class in
`
` computer security?
`
` A. I do currently teach several classes in
`
` computer security.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 19
`
` Q. And what university are you employed by?
`
` A. By the University of Southern California.
`
` Q. And what are the classes you currently teach
`
` in computer security?
`
` A. Well, this semester two classes that I'm
`
` teaching in CSCI 530, Computer Security
`
` Systems and Informatics; 523, Information
`
` Assurance, both of which are related to
`
` computer security.
`
` Q. Thank you.
`
` And based on your experience in
`
` computer security, what is your
`
` understanding of the term "authorization"?
`
` A. When I use the term "authorization" I am
`
` referring to the process of -- and this is
`
` in the general terms as opposed to how it's
`
` used in the patent, but I use
`
` "authorization" to describe the process of
`
` determining whether access is allowed to a
`
` particular object or resource. It can also
`
` be used in the affirmative sense of granting
`
` authorization, but usually when we're
`
` talking about it, we're talking about making
`
` the determination.
`
` Q. And you use the term "object or resource."
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
` What do you mean in this context by
`
`Page 20
`
` "object or resource"?
`
` A. When we --
`
` MR. SHUM: Objection.
`
` Q. Let me break that down.
`
` What did you mean by the term "object"
`
` in the context of your definition of
`
` "authorization"?
`
` A. "Object" would be -- well, when we think of
`
` policies, which are applied in the
`
` authorization process, you have a subject
`
` and an object. The subject is the entity
`
` that is performing an action; the object is
`
` the entity on which the action would be
`
` performed if authorization is provided. In
`
` other words, authorization is determining
`
` whether access is to be granted to whatever
`
` resource, and that's what I mean by
`
` "object."
`
` Q. All right. Thank you.
`
` And in the context of your definition
`
` of "authorization," what did you mean by the
`
` term "resource"?
`
` A. Again, "resource" and "object" in the case
`
` of "authorization" are more or less
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 21
`
` interchangeable. It is what is to be
`
` accessed and -- well, using language terms
`
` "subject"/"object," it is what the request
`
` to act upon something is, that something is
`
` the object, that something is the resource.
`
` Q. All right. Thank you.
`
` So "resource" and "object" are
`
` interchangeable in that answer?
`
` A. In that particular answer "resource" and
`
` "object" are interchangeable.
`
` Q. All right. Thank you.
`
` And what is your understanding of an
`
` authorization method?
`
` A. So, again, in the general terms as opposed
`
` to how it's used in the context of these
`
` particular proceedings, when we think about
`
` an authorization method, it would be the
`
` method of determining whether such access is
`
` to be granted.
`
` Q. And what is used in an authorization method
`
` to determine whether access is to be
`
` granted?
`
` A. There are a lot of different factors that
`
` could be used to determine that. So the
`
` authorization method could include
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 22
`
` consulting various conditions. It could
`
` include determining among those conditions
`
` things like identity, so if you have an
`
` identity based authorization method, it
`
` could encompass the steps of authentication
`
` to determine what that identity is so that
`
` that identity could be compared against a
`
` list of authorized users. An authorization
`
` method could be separate from identity where
`
` it might be based simply on time of day,
`
` might be based on, if you look common
`
` mandatory access controls, things like
`
` security levels, it could be based on
`
` payment. So there are many different
`
` methods that could be used for
`
` authorization.
`
` Q. All right. Thank you.
`
` And you used the term "authentication"
`
` in your answer.
`
` What is "authentication"?
`
` A. Again, in the general context in terms of
`
` art, "authentication" is, if you are talking
`
` about one form of authentication called
`
` entity authentication, are the steps by
`
` which one would verify the identity of a
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 23
`
` principal or a subject.
`
` Q. Okay. All right.
`
` And you used the term "principal."
`
` What do you mean by "principal"?
`
` A. So "principal" is another term that is
`
` commonly used in the security literature to
`
` describe a subject. It is an entity with an
`
` identity or with rights that acts upon other
`
` objects.
`
` Q. I see.
`
` So when I go to my computer and submit
`
` a print job, am I principal?
`
` A. So when you go to your computer and request
`
` to submit a print job, you would be a
`
` principal. Additionally, the program that
`
` you are running that is submitting that
`
` print job would be running with certain
`
` rights that are derived from you so we would
`
` consider that process or that program in the
`
` instance in which it is running to also be a
`
` principal.
`
` Q. And when you refer to authentication in the
`
` sense of entity based authentication, does
`
` that involve authenticating the application
`
` as well as the user behind the application?
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 24
`
` A. Well, usually within a computer system the
`
` only thing that is really performing the
`
` actions is the software process.
`
` Q. Okay.
`
` A. And usually what we end up doing is
`
` authenticating that process as having an
`
` identity that we usually associate with an
`
` individual. So as far as the computer is
`
` concerned, it doesn't really know who's
`
` sitting on the keyboard, but you've logged
`
` in, which has provided, in essence, your
`
` identity to the process that you are running
`
` and it is that identity associated with the
`
` process that is being authenticated.
`
` Q. And what are common techniques for
`
` authenticating an entity, the identity of an
`
` entity?
`
` A. Well, you know, as we teach in my classes,
`
` there are sort of three categories. There
`
` is something you know, which can be things
`
` like passwords, can be things like knowledge
`
` of an encryption key, other kinds of things
`
` that you might know.
`
` A second category would be something
`
` that you have. For example, possession of a
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 25
`
` smart card, possession of a special token, a
`
` piece of hardware which would be used in
`
` conjunction with the process; so that would
`
` be a second form or second factor, as we
`
` call it.
`
` And the third approach is -- well, at
`
` least as I describe it -- is something about
`
` you, which is what is commonly referred to
`
` as biometrics. Could be a fingerprint scan
`
` or IRS scan, a retina scan. You know, if
`
` you look at some movies, it could be how you
`
` walk, how you type, other sorts of things.
`
` Q. So you would consider those to be
`
` authentication methods?
`
` A. We consider those to be basis -- to form
`
` bases upon which authentication could be
`
` performed.
`
` Q. Okay.
`
` A. And I think it would be fair to describe
`
` those as methods, yes.
`
` Q. Okay.
`
` And what is your understanding of the
`
` term "access control" in computer security?
`
` A. So "access control" is often used in the
`
` same context as "authorization" now. In my
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 26
`
` earlier discussion I said "authorization"
`
` could be a couple of different things, but
`
` typically what we're talking about is a
`
` process of determining whether access to an
`
` object is allowed. And that aspect of
`
` "authorization" is also very often
`
` interchangeably referred to as "access
`
` control."
`
` Q. I see.
`
` So oftentimes "access control" is
`
` assumed in the terminology "authorization"?
`
` A. Oftentimes "access control" is assumed in
`
` certainly one of those meanings of
`
` "authorization."
`
` Q. All right.
`
` And what is your understanding of a
`
` "security policy"?
`
` A. A "security policy" is a set that contains
`
` rules that are used to determine whether
`
` access is to be granted.
`
` Q. And is a "security policy" associated with
`
` what you referred to as a "target"?
`
` A. I don't think I used the word "target."
`
` Q. Okay. Sorry.
`
` A. Please repeat.
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 27
`
` Q. Yes. Sorry.
`
` Is a security policy associated with
`
` an object?
`
` A. A security policy may be associated with an
`
` object. You can have a security policy that
`
` is associated with multiple objects. So a
`
` policy certainly can be associated with an
`
` object. You can have security policies also
`
` that are general statements that apply, in
`
` essence, across the board to all objects.
`
` Q. And how are policies enforced?
`
` A. So when one is talking about the policies
`
` that are enforced by authorization methods,
`
` for example, those policies are first read,
`
` and then, if necessary, conditions are
`
` evaluated to determine whether the result of
`
` applying those policies is to grant or to
`
` deny access. The particular authorization
`
` methods that are called for within the
`
` particular policy are evaluated according to
`
` the particular method that is described.
`
` Q. All right.
`
` So you said within the particular
`
` policy there can be authorization methods.
`
` Is that what your answer --
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 28
`
` A. So my answer talked about authorization
`
` methods. And just to clarify, we're talking
`
` in the general terms here, rather than the
`
` term "authorization" as it exists in this
`
` patent. I need to just reassess if we were
`
` talking about that.
`
` Q. Right. No. I understand. I'm asking you
`
` about your general understanding of the
`
` plain and ordinary meanings of these terms.
`
` So in a policy, what types of
`
` authorization methods would you have
`
` specified?
`
` A. If one was talking about what we call
`
` "mandatory access controls," sometimes
`
` referred to as "multilevel security," you
`
` can have a clearance that is associated with
`
` a subject or user, and you can have a
`
` classification that is associated with an
`
` object, and you look to see whether the
`
` clearance -- the technical term we use is
`
` "dominates," but basically is greater than
`
` or equal to what the classification of the
`
` object is.
`
` Another example would be in an
`
` identity-based authorization method, you
`
`Veritext Legal Solutions
`215-241-1000 ~ 610-434-8588 ~ 302-571-0510 ~ 202-803-8830
`
`

`

`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Page 29
`
` would look to determine what the identity of
`
` the subject is, and you would compare that
`
` against an access control list that
`
` described and listed those subjects that are
`
` authorized to access a particular object,
`
` and you make the assessment based on that.
`
` If you look at other kinds of
`
` conditions that can exist within
`
` authorization methods, you might have a
`
` condition that is indicative of time of day,
`
` could be indicative of a kind of connection,
`
` could be indicative of a location or other
`
` kinds of things. So you've got a lot of
`
` different methods that can be used, a lot of
`
` different things that can be consulted in
`
` making such an access control decision.
`
` Q. I see.
`
` And those would be part of a policy
`
` that was defined?
`
` MR. SHUM: Objection.
`
` A. The policy that was defined would indicate
`
` what conditions need to be met.
`
` Q. Right.
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket