throbber
Page 1
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`BEFORE THE PATENT TRIAL AND APPEAL BOARD
`_________________________________________
`IRONSOURCE LTD.,
`Petitioner,
`vs. Case No. PGR2021-00096
`Patent No. 10,782,951
`DIGITAL TURBINE, INC.,
`Patent Owner.
`____________________________________________
`
`REMOTE EXPERT DEPOSITION OF
`ZHUOQING MORLEY MAO, Ph.D.
`Thursday, September 1, 2022
`
`Reported by: Robin LaFemina, RPR, CLR
`Job No. 5418204
`
`ironSource Exh. 1027
`ironSource Ltd. v. Digital Turbine Inc.
`PTAB PGR2021-00096
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`12
`
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`
`1 of 188
`
`

`

`Page 2
`
` September 1, 2022
` 3:03 p.m. Eastern Time
`
` REMOTE DEPOSITION of ZHUOQING
`MORLEY MAO, Ph.D., called as an Expert
`Witness herein, taken via Zoom on behalf of
`Petitioner ironSource, before Robin LaFemina,
`a Registered Professional Reporter,
`Certified LiveNote Reporter and Notary
`Public.
`
`1234567
`
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`2 of 188
`
`

`

`Page 3
`
`APPEARANCES:
`
`For Petitioner ironSource Ltd.:
`HUNTON ANDREWS KURTH LLP
`BY: PAUL ACKERMAN, ESQ. (Via Zoom)
`BY: GARY A. ABELEV, ESQ. (Via Zoom)
` 200 Park Avenue
` New York, New York 10166
` (212) 309-1000
` paul@acknowledgeip.com
` garyabelev@huntonak.com
`
`For Patent Owner Digital Turbine, Inc.:
`FENWICK & WEST
`BY: JENNIFER R. BUSH, ESQ. (Via Zoom)
` 555 California Street, 12th Floor
` San Francisco, California 94104
` (415) 875-2300
` jbush@fenwick.com
`
`12
`
`34
`
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`3 of 188
`
`

`

`Page 4
`
` Mao
`ZHUOQING MORLEY MAO, Ph.D.,
` having been first duly sworn, was
` examined and testified as follows:
`EXAMINATION BY
`MR. ACKERMAN:
` Q. Good afternoon, Dr. Mao. It's
`good to see you again. I know we had a
`deposition not too long ago, but just as a
`reminder, you know, the court reporter needs
`to record everything we say and knowing that
`we have Zoom lag with a virtual session, you
`know, please give me a moment to finish
`answering my questions -- asking my
`questions before you answer them, and I'll
`try to give you the same courtesy so that we
`only have one person talking at a time.
` Is that all right?
` A. Yes.
` Q. And if you don't understand a
`question that I ask, please ask for
`clarification. I'll be happy to try to ask
`a better question if that works for you.
` A. Of course.
` Q. And if you answer, I'm just
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`4 of 188
`
`

`

`Page 5
`
` Mao
`going to assume that you did understand the
`question. If later you have doubts and you
`want to clarify it, please let me know on
`the record.
` A. Okay.
` Q. And, most importantly, if at any
`time you need a break, just ask, we'll
`probably stop about every hour anyway, but
`if you need to take a break sooner, that
`will be fine. The only thing I'll ask is
`that if there's a question pending, that we
`answer that question first and maybe any
`small follow-up, but we'll get you a break
`as soon as practical.
` A. Yeah, I'm hoping to not finish
`too late.
` Q. Me, too.
` All right. So the first exhibit
`I'd like to look at has been previously
`marked as Exhibit 2013, and do you recognize
`Exhibit 2013 as your Supplemental Declaration
`in this proceeding?
` A. Yes, I do.
` Q. And do you have a copy of that
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`5 of 188
`
`

`

`Page 6
`
` Mao
`in front of you or should I share it on my
`screen?
` A. Yes, I have a copy.
` Q. Okay.
` Paragraph 3 in Section III
`indicates Documents and Materials Reviewed.
`Does that paragraph accurately reflect the
`material you reviewed in providing your
`opinions in the Supplemental Declaration?
` A. Yes.
` Q. Are there any additional
`documents that you reviewed that are not
`listed here that were important to forming
`your opinions?
` MS. BUSH: Objection. Form.
` A. I also reviewed -- let me see --
`this is the Preliminary Guidance Patent
`Owner's Motion to Amend.
` Q. Mm-hmm.
` A. But that is just some
`information that I was able to get access to
`from the counsel.
` Q. Okay.
` A. My opinions are formed based on,
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`6 of 188
`
`

`

`Page 7
`
` Mao
`yeah, what I stated in my Supplemental
`Declaration.
` Q. So is it, among the documents
`that you reviewed listed here are Patent
`Owner's Reply in Support of the Contingent
`Motion to Amend; is that correct? That's
`listed on page 3 in that paragraph?
` A. Patent Owner's Contingent Motion
`to Amend. Yes, I reviewed that one.
` Q. And Patent Owner's Reply in
`Support of the Contingent Motion to Amend?
` A. That's correct.
` Q. And you also reviewed Patent
`Owner's Surreply?
` A. Yes.
` Q. Now, in paragraph 1, if I'm
`understanding your Declaration correctly,
`you're submitting this Declaration in
`connection with Patent Owner's Surreply and
`Reply to the Opposition to Patent Owner's
`Contingent Motion to Amend; is that correct?
` A. Yes, I believe that's correct.
` Q. And the two documents that
`you're submitting the Declaration in
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`7 of 188
`
`

`

`Page 8
`
` Mao
`connection with are also documents that you
`reviewed in forming your opinions; correct?
` MS. BUSH: Objection. Form.
` A. Can you rephrase that question?
`I didn't fully understand.
` Q. Sure.
` In paragraph 3, among the
`documents you reviewed were the Patent
`Owner's Surreply document; correct? We saw
`that in paragraph 3. And that's the same
`document that's referenced in paragraph 1 is
`the only thing I'm trying to establish here.
` A. In paragraph 1, exactly which
`sentence are you referring to? The
`surreply?
` Q. Your very first sentence that
`indicates you're submitting this Declaration
`in connection with Digital Turbine's
`Surreply and Reply to ironSource Opposition
`to Patent Owner's Contingent Motion to
`Amend.
` A. Mm-hmm. Yes. I'm seeing it now.
` Q. And both of those documents are
`referenced in Figure -- in paragraph 3 as
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`8 of 188
`
`

`

`Page 9
`
` Mao
`documents that you reviewed in forming your
`opinions; correct?
` MS. BUSH: Objection. Form.
` A. I'm actually not sure what
`exactly you are asking. What I state in the
`Supplemental Declaration is that I'm
`submitting this Declaration, yeah, in
`connection, right, to these documents, which
`is the Surreply and the Reply to the
`Opposition to Patent Owner's Contingent
`Motion to Amend.
` Q. And in forming your opinions,
`you actually reviewed those two documents;
`correct?
` MS. BUSH: Objection. Form.
` A. Yeah, I read those documents;
`correct.
` Q. I would like to jump ahead to
`paragraphs 14 and 15 of your Declaration
`where -- it's Section V, substitute claims
`are not obvious over Pasha in view of Wyatt
`and/or Farm, and I believe that's on page 7
`of Exhibit 2013.
` A. Mm-hmm.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`9 of 188
`
`

`

`Page 10
`
` Mao
` Q. Actually we'll go right to
`paragraph 15 on page 8.
` Am I correctly understanding
`that it is your position that a person of
`skill in the art would not combine Farm with
`Wyatt and Pasha given what your
`understanding is of the default use of HTTPS
`in Farm?
` MS. BUSH: Objection. Form.
` A. Given the default use? Can you
`clarify what you mean by that, the default
`use of HTTPS or HTTP? I'd like to ask you
`please rephrase the question, if possible.
` Q. Okay. Sure.
` And paragraph 15 is a very big
`paragraph.
` A. Mm-hmm.
` Q. So if we look later in paragraph
`15, you indicate that such communication is
`already conducted over secure communication
`channels using HTTPS, as it is a well-known
`best practice to use secure network
`protocols such as HTTPS to prevent man in
`the middle attacks using an end-to-end
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`10 of 188
`
`

`

`Page 11
`
` Mao
`secure network protocol. And then you
`continue to indicate that HTTPS is becoming
`the default network protocol for
`communication with web servers. So when I
`indicated that HTTPS was becoming the
`default protocol, I was using your language.
` A. Okay. Yes. That's right.
`That's what I wrote here.
` Q. So going back to my question, am
`I understanding your opinion correctly that
`a POSITA or person of ordinary skill in the
`art would not combine Farm with Wyatt and
`Pasha given that it is your understanding
`that there is a default use of HTTPS
`protocol in Farm?
` MS. BUSH: Objection. Form.
` A. There are many reasons why I do
`not believe these Wyatt, Farm and Pasha
`should be combined, which I stated in
`Section V. Whether -- with respect to HTTPS
`being the default protocol, that's -- that
`aspect of the reasoning is that because
`HTTPS is the default communication protocol
`between web servers and web clients.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`11 of 188
`
`

`

`Page 12
`
` Mao
`Therefore, it's practically prevents man in
`the middle attacks, which is a topic that
`Wyatt attempts to address.
` Q. How does HTTPS, in your opinion,
`prevent man in the middle attacks?
` MS. BUSH: Objection. Form.
` A. Well, HTTPS, I'm just giving you
`the explanation of the definition of the
`protocol from someone who is -- has the
`understanding of the computer science basic
`knowledge, it is a protocol that uses secure
`sockets layer, which is what S stands for,
`so with the secure sockets layer protocol,
`what happens is that packets exchanged
`between the two end points are encrypted,
`and man in the middle attacks means that
`someone in the middle of the network
`attempts to compromise the connection. So
`because of the end-to-end encryption, it
`practically prevents man in the middle
`attacks.
` Q. In establishing a network
`session between a device and a network
`server with HTTPS, does the device receive
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`12 of 188
`
`

`

`Page 13
`
` Mao
`information on the server's certificate?
` MS. BUSH: Objection to form.
` A. So can you refer me to --
` Q. Yes.
` A. -- what you are talking about
`this? I think you are asking a question
`that I'm not sure is something that is
`directly related to what I wrote here in the
`Declaration.
` Q. Okay.
` Well, in your understanding of
`the use of the HTTPS protocol, when a device
`establishes communications with a server
`using that protocol, is the server's
`identity authenticated with a certificate?
` MS. BUSH: Objection. Form.
` A. Well, by definition, HTTPS uses
`certificates. That's part of the definition
`of the protocol.
` Q. So the user's device would
`contact the server and receive certificate
`information back and check to see if that
`certificate is valid before continuing
`communications?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`13 of 188
`
`

`

`Page 14
`
` Mao
` MS. BUSH: Objection. Form.
` A. What I stated before, I just
`want to repeat what I said, HTTPS uses
`certificates in order to establish
`authenticity of the server. Exactly how
`it's done, it depends on implementation.
` Q. But that authentication is a
`default in HTTPS?
` A. That's -- that's correct.
`Authentication using certificates is part of
`the HTTPS protocol.
` Q. So in your Declaration in
`paragraph 15, you state that Farm is on a
`subject of connecting data associated with
`mobile web browsing activities (of trusted
`applications that users willingly interact
`with) and the data associated with native
`mobile device application activities for the
`purpose of tracking user -- activities of
`users.
` You then continue and state that
`such communication is already conducted over
`secure communication channels using HTTPS as
`it is a well-known best practice to use
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`14 of 188
`
`

`

`Page 15
`
` Mao
`secure network protocols such as HTTPS to
`prevent man in the middle attacks using an
`end-to-end secure network protocol.
` There's no citation for that
`opinion of yours. What is your basis for
`that opinion?
` MS. BUSH: Objection. Form.
` A. So you actually just I guess
`recited what I wrote here, so which part are
`you talking about? It's just all the
`sentences you just recited?
` Q. Okay. Well, let's break it down.
` What is the basis --
` A. Okay.
` Q. What is the basis of your
`position that Farm's communications are
`based on trusted applications?
` A. Okay. So this is -- this is my
`interpretation as a person of ordinary skill
`in the art.
` Q. And what is the basis of your
`opinion that this form of communication
`would be conducted over secure communication
`channels using HTTPS?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`15 of 188
`
`

`

`Page 16
`
` Mao
` MS. BUSH: Objection. Form.
` A. So if you look at Farm -- let me
`see where I talk about Farm -- so Farm is
`about -- so the purpose of this
`communication that is describing Farm is to
`track user activities, so such information
`is clearly very sensitive, private
`information, I think anyone who -- any
`person of ordinary skill in the art would
`agree this tracking information is privacy
`sensitive, so given that a POSITA would use
`secure communication, and this is what I
`stated.
` Q. Is it your opinion that Farm's
`communications are exclusively conducted
`over the HTTPS protocol?
` MS. BUSH: Objection. Form.
` A. Can you clarify your question?
`When you say exclusive, what types of
`communication are you talking about besides
`the tracking activities?
` Q. Sure.
` Even with the tracking
`activities, would the tracking activities be
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`16 of 188
`
`

`

`Page 17
`
` Mao
`exclusively communicated using the HTTPS
`protocol?
` A. As a POSITA, I interpret --
`well, with Farm, I interpret that such
`information described in Farm related to
`tracking activities of users is considered
`sensitive information. This is something,
`it's very clear, it's private information
`related to user, it's behavior on the
`network, on the internet, so, therefore, as
`a POSITA, I concluded that it is -- Farm
`discusses tracking activities, therefore, it
`needs to be protected in some way, and in
`order to protect such communication on the
`web, on the internet today, HTTPS is
`becoming the default network protocol for
`communication with web servers, and you can
`look at the reference I cite here dated
`January 1998.
` Q. Okay. We'll get to that in a
`moment.
` All right.
` Are you aware of anything in the
`actual disclosure of Farm that limits its
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`17 of 188
`
`

`

`Page 18
`
` Mao
`communications to the HTTPS protocol?
` MS. BUSH: Objection. Form.
` A. I think I'm just going to repeat
`what I said. Because Farm is using -- is
`talking about tracking activities of users,
`so a person of ordinary skill in the art
`will interpret as this communication is for
`sensitive information, and because the
`citation I included here, communication over
`the web for sensitive information data
`exchange is the best common -- well-known
`best practice to use secure network
`protocols such as HTTPS.
` Q. We will get into your 1998 draft
`in a moment, but are you aware of any
`disclosure at all in Farm referencing the
`use of HTTPS protocol?
` MS. BUSH: Objection. Form.
` A. You can search in Farm to see if
`it refers to HTTPS. This is something you
`can check.
` Q. I did, but I'm not the witness,
`so I was wondering if you did that same
`check?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`18 of 188
`
`

`

`Page 19
`
` Mao
` MS. BUSH: Objection. Form.
` A. Well, I just said when I read
`Farm, the interpretation is such that it
`needs to use HTTPS. It's not relevant
`whether it explicitly says it uses HTTPS or
`not.
` Q. Would it surprise you if Farm
`had multiple citations to the use of HTTP
`protocol, but not a single counsel reference
`to the HTTPS protocol?
` MS. BUSH: Objection. Form.
` A. It does not surprise me because
`it is something I also read in Farm.
`However, HTTPS is a -- is a form of --
`basically if you look at the two terms, HTTP
`and HTTPS, the difference is that there is
`an S. S is just additional configuration of
`HTTP protocol, and by default, today, all
`these HTTP servers enables the secure option
`of the protocol, that is the well-known
`common practice which is stated here in the
`application.
` Q. Okay.
` You are stating that that's the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`19 of 188
`
`

`

`Page 20
`
` Mao
`default today, that you have the option, so
`if you have the option, then communications
`could proceed either by HTTP or HTTPS; is
`that correct?
` MS. BUSH: Objection. Form.
` A. I think you are misinterpreting
`my -- the term option. I think the option
`is not a choice, it is a configuration
`option. It is enabled by default for the
`best common practice. So anyone who
`understands that this is sensitive
`information, then that is communicated over
`the network, will enable H -- will use HTTP,
`will have is enabled in the HTTP protocol.
` Q. Now, it is your opinion and
`you've stated repeatedly that HTTPS is the
`default protocol today. What evidence are
`you relying on that HTTPS was a default
`protocol in 2018 at the filing date of
`Farm -- I'm sorry -- at the filing date of
`the '951 patent?
` MS. BUSH: Objection. Form.
` A. Could you repeat your question?
`I -- I think I lost --
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`20 of 188
`
`

`

`Page 21
`
` Mao
` Q. Sure.
` A. -- track of what you were asking.
` Q. What is the basis of your
`opinion that in 2018 as of the filing date
`of the '951 patent, HTTPS was the default
`protocol for network communications?
` MS. BUSH: Objection. Form.
` A. Well, I think I believe I
`already answered this question earlier.
`Basically HTTPS is becoming the default
`network communication protocol with web
`servers which I include a citation here.
` Q. Okay.
` So the citation that you're
`referring to is that parenthetical, the
`datatracker.ietf.org document dated January
`1998?
` A. That's correct.
` Q. And am I correct that that's not
`an exhibit you actually provided, that's
`just a citation; correct?
` MS. BUSH: Objection. Form.
` Q. Well, regardless, my
`understanding of that document is that is a
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`21 of 188
`
`

`

`Page 22
`
` Mao
`draft document introducing a discussion of
`the HTTP protocol using TLS. Would that be
`accurate?
` A. That's right.
` Q. And the HTTP protocol with TLS
`as it got adopted later is commonly now
`referred to as HTTPS; correct?
` MS. BUSH: Objection. Form.
` A. That's correct.
` Q. Now, this 1998 draft, is there
`anything in this document that you could
`point to that would say that in 2018, HTTPS
`has become a default standard for
`communicating with network servers?
` MS. BUSH: Objection. Form.
` A. Well, I formed my opinion as a
`person of ordinary skill in the art about
`this is becoming a -- HTTPS is becoming the
`default network communication protocol with
`web servers, and the citation I included
`here shows the drafts of the IETF protocol
`specification of HTTP over TLS, yeah, which
`is a newer version of SSL, earlier I
`mentioned SSL, basically TLS is a newer
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`22 of 188
`
`

`

`Page 23
`
` Mao
`version of SSL protocol, so -- and this
`draft is 1998. Right? So essentially this
`has already been established as a protocol
`that is expected to be the secure version of
`network communication for communicating with
`the web servers.
` Q. I don't --
` A. And it's 1998, so, therefore, it
`is -- we know there are newer versions of
`this specification as well.
` Q. But you don't cite to any
`evidence to support your opinion that in
`2018, HTTPS had gained enough adoption to be
`considered a default protocol; correct?
` MS. BUSH: Objection. Form.
` A. Anyone who is -- has -- is
`ordinary skill in the art would accept this
`as a fact because it is a -- if you look
`at -- so let me ask you a question, counsel.
`You visit your banking website? What is the
`protocol that that banking website uses? I
`can answer for you. It is HTTPS. No
`surprise there because it's sensitive
`information is exchanged when you do online
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`23 of 188
`
`

`

`Page 24
`
` Mao
`banking transactions. So it is just a
`default, it is an accepted fact.
` Q. As of 2018, did HTTPS completely
`replace the HTTP protocol?
` MS. BUSH: Objection. Form.
` A. This is not a question that's --
`that's -- the question you just asked is not
`relevant. Whether it's completely replaced
`or not is not the question that we -- it's
`not of concern because there are always
`compromised host on internet who does bad
`things. However, someone who's -- who is
`ordinary skill in the art would understand,
`this is sensitive information just like
`anyone who sets up an online banking website
`would understand they have to use HTTPS, and
`this precedes the filing date of the '951
`patent in question here.
` Q. So in the '951 patent, is it
`your opinion that all communications are
`also conducted using the HTTPS protocol?
` MS. BUSH: Objection. Form.
` A. Again, you are asking a very
`misleading question. You just asked all
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`24 of 188
`
`

`

`Page 25
`
` Mao
`communications. Right? What I said here is
`communication relates to sensitive
`information in that particular context. The
`sensitive information we're talking about
`here in Farm relates to user tracking
`information, which is clearly sensitive.
`I'm not saying all communication. I'm
`saying communication with sensitive data
`exchange with web servers.
` Q. So presumably the inventors in
`Farm would be presumed to be skilled in the
`art of their own invention; correct?
` MS. BUSH: Objection. Form.
` A. I believe you're asking a very
`rhetorical question. Someone who writes the
`patents would be obviously knowledgeable
`about the material that they're writing
`patent on.
` Q. And if the inventors of Farm did
`not suggest the use of the HTTPS protocol,
`why would a person of ordinary skill in the
`art other than those inventors believe that
`that's what they intended?
` MS. BUSH: Objection. Form.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`25 of 188
`
`

`

`Page 26
`
` Mao
` A. The inventors of Farm wrote HTTP
`even though it didn't say HTTPS, but HTTPS
`is basically the default configuration for
`HTTP for exchanging sensitive information.
` Q. Do you believe that the
`communications in Pasha are limited to the
`HTTPS protocol?
` MS. BUSH: Objection. Form.
` A. Can you refer me to where in my
`Supplemental Declaration this question is
`based on? I don't really know this is
`something I wrote about in my Supplemental
`Declaration.
` Q. In paragraph 16 of your
`Declaration, you indicate that the
`application installation system of Pasha by
`design involves interaction with a trusted
`server, e.g., Google Play store server,
`Apple's App Store with well-known
`certificates which are pre-installed with a
`mobile operating system without requiring
`users to install any new CAs.
` In this statement, are you
`assuming that communications in Pasha are
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`26 of 188
`
`

`

`Page 27
`
` Mao
`taking place using the HTTPS protocol as
`well?
` MS. BUSH: Objection to form.
` A. Well, as I stated here, this is
`about application installation, which is
`described in Pasha, so in order to install
`application as I wrote here, it involves
`communication with a trusted server because
`otherwise user using an untrusted server
`could potentially download malware, which is
`very undesirable, so, therefore, it involves
`communicating with a trusted server as
`stated here.
` Q. Or using other methods to
`establish trust; correct?
` MS. BUSH: Objection to form.
` A. Sorry, I'm not sure I understood
`your question. You said other methods?
`What other methods are you referring to?
` Q. Let me ask a different question,
`slightly different question.
` In the '951 patent, is the
`downloading of software conducted over a
`secure network using the HTTPS protocol?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`27 of 188
`
`

`

`Page 28
`
` Mao
` MS. BUSH: Objection. Form.
` A. Downloading of the software, are
`you referring to Pasha?
` Q. No. I'm referring to the '951
`patent.
` A. Okay. Can you repeat the
`question? In '951, what's the question
`again?
` Q. Would the network communications
`involved in downloading and installing
`software in the '951 patent also require
`trusted servers?
` MS. BUSH: Objection. Form.
` A. Well, in the '951 patent, the
`goal is to download applications without
`interrupting user's interaction with, that's
`one of the goals, interaction with the
`current application user's interfacing with,
`so generally speaking, downloading
`application requires interaction with a
`trusted server. So by definition, trusted
`servers will use HTTPS in order to prevent
`man in the middle attacks.
` Q. So, in your opinion, the
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`28 of 188
`
`

`

`Page 29
`
` Mao
`communications used in the 951 patent would
`take place with a trusted server using
`HTTPS, which would preclude a man in the
`middle attack; is that correct?
` MS. BUSH: Objection. Form.
` A. What I said was the part of the
`communication involving downloading the
`application to allow it to be installed on
`the mobile device in '951 is about --
`involves talking to a trusted server, so
`that trusted server uses HTTPS, so that
`particular communication is using HTTPS to
`prevent security problems such as man in the
`middle attacks.
` Q. So assuming that HTTPS is used
`and the network connection in the '951
`patent is inherently secure, why is it
`required in the '951 patent to use SSL
`pinning to authenticate the link prior to
`communicating with that server?
` MS. BUSH: Objection. Form.
` A. Could you repeat the question?
`I'm -- I don't -- didn't fully understood
`the -- understand the question.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`29 of 188
`
`

`

`Page 30
`
` Mao
` Q. Sure.
` You've testified that in your
`opinion the communications involved in
`downloading software with the '951 patent
`would take place with a trusted server using
`HTTPS protocol, which would already preclude
`the vulnerability for man in the middle
`attacks; correct?
` A. Yes. HTTPS would help prevent
`man in the middle attacks.
` Q. And despite that, the '951
`patent suggests using SSL pinning to also
`prevent man in the middle attacks; correct?
` MS. BUSH: Objection. Form.
` A. I recall it did mention
`certificate pinning. Let me go to that.
` (Witness reviewing document.)
` A. Well, it says browser
`authentication denoted SSL Pinning prevents
`man in the middle attacks for server calls.
`So yes, that's what it says. It uses SSL
`pinning to prevent man in the middle attacks.
` Q. And it suggests using this even
`with the HTTPS protocol; correct?
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`30 of 188
`
`

`

`Page 31
`
` Mao
` MS. BUSH: Objection. Form.
` A. It just suggests using SSL
`pinning. That's what it says. Whether
`it's -- it is also a -- it also says
`actually the server is configured using
`HTTPS and also the server has SSL installed
`on it, so yes, that's right. It discusses
`using HTTPS as well as SSL pinning according
`to what's written here in the patent.
` Q. And what this is describing, and
`this is in column 14, lines 53 to 63, is
`that, as you noted, the server is configured
`to use HTTPS protocol and has an SSL
`certificate installed on it, then the
`installation client has a record of the
`server's digital certificate --
` A. Sorry to interrupt. Which
`patent are you reading right now?
` Q. I'm reading the '951 patent.
` A. Okay. Okay.
` Q. The installation client, which
`is part of the '951 patent, has a record of
`the server's digital certificate, and on
`every call to the server, the installation
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`212-267-6868
`
`Veritext Legal Solutions
`www.veritext.com
`
`516-608-2400
`
`
`31 of 188
`
`

`

`Page 32
`
` Mao
`client first validates that the server's
`certificate matches the one that exists on
`the installation client and only on success
`continues the communication; correct?
` MS. BUSH: Objection. Form.
` A. Well, you're just reading what's
`in the patent. I'm not sure whether yo

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket