Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 1 of 29
`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 1 of 29
`
`
`
`
`
`EXHIBIT 6
`EXHIBIT 6
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 2 of 29
`cove roses. os.FAAOT
`
`US008677494B2
`
`a2) United States Patent
`US 8,677,494 B2
`(0) Patent No.:
`*Mar. 18, 2014
`(45) Date of Patent:
`Ederyetal.
`
`(54)
`
`(75)
`
`MALICIOUS MOBILE CODE RUNTIME
`MONITORING SYSTEM AND METHODS
`
`(56)
`
`Inventors: Yigal Mordechai Edery, Pardesia (IL);
`Nirmrod Itzhak Vered, Goosh
`Tel-Mond (IL); David R. Kroll, San
`Jose, CA (US); Shlomo Touboul,
`Kefar-Haim (IL)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,562,305 A
`5,077,677 A
`
`12/1985 Gaffney, Jr.
`12/1991 Murphyetal.
`
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`(73)
`
`Assignee: Finjan, Inc., Wilmington, DE (US)
`
`EP
`EP
`
`0636977
`1021276
`
`T1994
`7/2000
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`This patent is subject to a terminal dis-
`claimer.
`
`(21)
`
`Appl. No.: 13/290,708
`
`(22)
`
`Filed:
`
`Nov. 7, 2011
`
`(65)
`
`Prior Publication Data
`
`US 2012/0117651 Al
`
`May10, 2012
`
`Related U.S. Application Data
`
`(63)
`
`Continuation of application No. 12/471,942, filed on
`May 26, 2009, now Pat. No. 8,079,086, which is a
`
`(Continued)
`
`(51)
`
`Int. Cl.
`
`(2006.01)
`(2006.01)
`(2006.01)
`
`HOAL 29/06
`G06F 1130
`G06F 15/16
`U.S. Cl.
`USPC coececccccccccccecestesssececeseeeseessees 726/24; 713/175
`Field of Classification Search
`None
`
`(52)
`
`(58)
`
`(Continued)
`OTHER PUBLICATIONS
`
`Zhong,et al., “Security in the Large: is Java’s Sandbox Scalable?,”
`Seventh IEEE Symposium on Reliable Distributed Systems, pp. 1-6,
`Oct. 1998.
`
`(Continued)
`
`Primary Examiner — Christopher Revak
`(74) Attorney, Agent, or Firm — Bey & Cotropia PLLC
`
`ABSTRACT
`(57)
`Protection systems and methodsprovide for protecting one or
`more personal computers (“PCs”) and/or other intermittently
`or persistently network accessible devices or processes from
`undesirable or otherwise malicious operations of Java TN
`applets, ActiveX™ controls, JavaScript™ scripts, Visual
`Basic scripts, add-ins, downloaded/uploaded programs or
`other “Downloadables”or “mobile code”in wholeor part. A
`protection engine embodimentprovides for monitoring infor-
`mation received, determining whether received information
`doesoris likely to include executable code, and if so, causes
`mobile protection code (MPC) to be transferred to and ren-
`dered operable within a destination device of the received
`information. An MPC embodimentfurther provides, within a
`Downloadable-destination, for initiating the Downloadable,
`enabling malicious Downloadable operation attempts to be
`received by the MPC, and causing (predetermined) corre-
`sponding operations to be executed in response to the
`attempts.
`
`See application file for complete search history.
`
`18 Claims, 10 Drawing Sheets
`
`919
`\
`
`Start
`
`
`Retrieve protection parameters and form
`mabile protection code according to the
`parameters
`
`1011
`ver
`
`Retrieve pratection parameters and form
`protection policies according to the
`parameters
`
`1013
`er
`
`
`er
`
`Couple the mobile protection code,
`protection policies and received-
`infarmation to form a protection agent {é.g.
`MPCfirst, policies secand, and Ri third)
`
`1045
`
`End
`
`

`

`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 3 of 29
`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 3 of 29
`
`US 8,677,494 B2
`
`Page 2
`
`Related U.S. Application Data
`a
`—_
`continuation of application No. 11/370,114, filed on
`Mar. 7, 2006, now Pat. No. 7,613,926, which is a con-
`tinuation of application No. 09/861,229, filed on May
`17, 2001, now Pat. No. 7,058,822, which is a continu-
`i,
`2001,
`»
`No. 7,050,022,
`ation-in-part of application No. 09/539,667, filed on
`Mar. 30, 2000, now Pat. No. 6,804,780, which is a con-
`tinuation ofapplication No. 08/964,388,filed on Nov.6,
`1997, now Pat. No. 6,092,194, said application No.
`:
`;
`,
`:
`oe
`09/861,229 is a continuation-in-part of application No.
`09/551,302,filed on Apr. 18, 2000, now Pat. No. 6,480,
`962, and a continuation of application No. 08/790,097,
`filed on Jan. 29, 1997, now Pat. No. 6,167,520.
`.
`oe
`(60) Provisional application No. 60/205,591, filed on May
`17, 2000, provisional application No. 60/030,639, filed
`on Nov. 8, 1996.
`
`(56)
`
`9/1999 Chen etal.
`5,960,170 A
`10/1999 Williams
`5,963,742 A
`10/1999 Nachenberg
`5,964,889 A
`10/1999 Golan
`5,974,549 A
`11/1999 Appersonet al.
`5,978,484 A
`tL/lo00
`a Oerett A
`11/1999 Freund
`5,987,611 A
`5/2000 McManis
`6,070,239 A
`7/2000 Grecsek
`6,088,801 A
`7/2000 Tsoet al.
`6,088,803 A
`7/2000 ‘Touboul
`6,092,194 A
`9/2000 Touboul
`6,125,390 A
`11/2000 Toubouletal.
`6,154,844 A
`12/2000 Touboul
`6,167,520 A
`7/2001 Muelleretal.
`6,263,442 Bl
`1/2002 Beadleet al.
`6,339,829 Bl
`2/2002 Muelleret al.
`6,351,816 Bl
`7/2002 Arimilli et al.
`6,425,058 Bl
`8/2002 Arimilli et al.
`6,434,668 Bl
`8/2002 Arimilli etal.
`6,434,669 Bl
`11/2002 Touboul
`6,480,962 Bl
`11/2002 Shanklin etal.
`6,487,666 Bl
`2/2003 Devireddyet al.
`6,519,679 B2
`:
`5/2003 Shaioet al.
`6,571,338 BL
`References Cited
`7/2003 Rosset al.
`6,598,033 B2
`11/2003 Davisetal.
`6,643,696 B2
`U.S. PATENT DOCUMENTS
`5/2004 Brown etal.
`6,732,179 BL
`5,263,147 A
`11/1993 Franciscoet al.
`10/2004 Touboul
`6,804,780 Bl
`:
`7/2005 Simonetal.
`6,917,953 B2
`3.278.901 A
`1/1994 Shieh et al.
`,
`,
`5,311,591 A
`5/1994 Fischer
`6/2006 Edery et al.
`7,058,822 B2
`:
`5,319,776 A
`6/1994 Hile et al.
`7,143,444 B2=11/2006 Porraset al.
`5,359,659 A
`10/1994 Rosenthal
`7,210,041 Bl
`4/2007. Gryaznovetal.
`5,361,359 A
`11/1994 Tajalli et al.
`,
`,
`7,308,648 Bl
`12/2007 Buchthalet al.
`5,398,196 A
`3/1995 Chambers
`7,343,604 B2
`3/2008 Grabarniketal.
`5,412,717 A
`5/1995. Fischer
`7,418,731 B2
`8/2008 Touboul
`5,4 14,833 A
`5/1995 Hershey et al.
`7'613.926 B2
`11/2009 Edery et al
`,
`5,452,442 A
`9/1995 Kephart
`,
`,
`12/2011 Edery et al. ow. 726/24
`8,079,086 Bl
`‘1/2003 Guptaet al.
`5,483,649 A
`1/1996 Kuznetsovet al.
`2003/0014662 Al
`4/2003 Allison
`2003/0074190 Al
`:
`5,485,409 A
`1/1996 Gupta et al.
`5,485,575 A
`1/1996 Chesset al.
`5/2003 Porrasetal.
`:
`2003/0101358 Al
`4/2004 Sanin
`5,524,238 A
`6/1996 Miller et al.
`2004/0073811 Al
`5/2004 Rubinstein etal.
`5,572,643 A
`L1/1996 Judson «sss 709/218
`2004/0088425 Al
`:
`5,579,509 A
`11/1996 Furtneyetal.
`3/2005 Liangetal.
`2005/0050338 Al
`5,606,668 A
`2/1997 Shwed
`8/2005 Sanduetal.
`2005/0172338 Al
`2/2006 Bjarnestam et al.
`5,621,889 A
`4/1997 Lermuzeaux etal.
`2006/0031207 Al
`3/2006 Duncan et al.
`5,623,600 A
`4/1997 Set al.
`2006/0048224 Al
`3/2008 Beckeret al.
`eee446 ‘
`tlooy Tobin
`2008/0066160 Al
`8/2010 Wassonetal.
`5.675.711 ‘A
`10/1997 Kephart et al.
`2010/0195909 Al
`5,692,047 A
`11/1997 McManis
`5,692,124 A
`11/1997 Holdenet al.
`FOREIGN PATENT DOCUMENTS
`5,696,822 A
`12/1997 Nachenberg
`5,720,033 A
`2/1998 Deo
`5,724,425 A
`3/1998 Changetal.
`5,740,248 A
`4/1998 Fiereset al.
`5,740,441 A
`4/1998 Yellin etal.
`5,761,421 A
`6/1998 Van Hoff etal.
`5,765,030 A
`6/1998 Nachenbergetal.
`5,765,205 A
`6/1998 Breslauetal.
`5,784,459 A
`7/1998 Devarakondaet al.
`5,796,952 A
`8/1998 Daviset al.
`5,805,829 A
`9/1998 Cohen et al.
`pear ‘
`lo/loos baeitaal.
`5,832,208 A
`11/1998 Chen et al.
`5,832,274 A
`11/1998 Cutler et al.
`5,850,559 A
`12/1998 Angelo et al.
`5,854,916 A
`12/1998 Nachenberg
`5,859,966 A
`1/1999 Hayman etal.
`5,864,683 A
`1/1999 Boebert et al.
`oer‘ A
`909 pancat
`5.881.151 A
`3/1999 Yamamoto
`5.884.033 A
`3/1999 Duvall et al
`5,889,943 A
`3/1999 Jietal.
`5,892,904 A
`4/1999 Atkinsonetal.
`5,951,698 A
`9/1999 Chenet al.
`5,956,481 A
`9/1999 Walsh etal.
`5,958,050 A
`9/1999 Griffin etal.
`
`x
`
`EP
`EP
`JP
`WO
`WO
`WO
`WO
`WO
`
`1091276
`4/2001 ee GO6F 1/00
`1132796
`9/2001
`08-263447
`10/1996
`95/27249
`10/1995
`95/33237
`12/1995
`98/2 1683
`5/1998
`2004/063948
`7/2004
`WO 2004/063948
`T2004 cece GO6F 17/30
`OTHER PUBLICATIONS
`Rubin,et al., “Mobile Code Security,”JEEEInternet, pp. 30-34, Dec.
`1998.
`Schmid,et al. “Protecting Data From Malicious Software,” Proceed-
`ing ofthe 18" Annual Computer Security Applications Conference,
`pp. 1-10, 2002.
`Corradi, et al., “A Flexible Access Control Service for Java Mobile
`Code,” IEEE,pp. 356-365, 2000.
`International Search Report forApplication No. PCT/IB97/01626,3
`pp., May 14, 1998(mailing date).
`International Search Report for Application No. PCT/IL05/00915, 4
`pp., dated Mar. 3, 2006.
`Written Opinion for Application No. PCT/IL05/00915, 5 pp., dated
`Mar. 3, 2006 (mailing date).
`International Search Report for Application No. PCT/IB01/01138, 4
`pp., Sep. 20, 2002 (mailing date).
`
`

`

`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 4 of 29
`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 4 of 29
`
`US 8,677,494 B2
`Page 3
`
`(56)
`
`References Cited
`OTHER PUBLICATIONS
`
`International Preliminary Examination Report for Application No.
`PCT/IB01/01138, 2 pp., dated Dec. 19, 2002.
`Sitaker, Kragen, “Rapid Genetic Evolution of Regular Expressions”
`[online], The MialArchive, Apr. 24, 2004 (retrieved on Dec. 7, 2004),
`5 pp., Retrieved from the Internet: http://www.mail-archive.com/
`kragen-tol@canonical.org/msg00097 html.
`“Lexical Analysis: DFA Minimization & Wrap Up”[online], Fall,
`2004 [retrieved on Mar. 2, 2005], 8 pp., Retrieved. from the Internet:
`http://www.owlnet.rice.edu/~comp4 | 2/Lectures/L06LexWrapup4.
`pdf.
`“Minimization of DFA”[online], [retrieved on Dec. 7, 2004], 7 pp.,
`Retrieved. from the Internet: http://www.cs.odu.edu/~toida/nerzic/
`390teched/regular/fa/min-fa.html.
`“Algorithm: NFS -> DFA”[online], Copyright 1999-2001 [retrieved
`on Dec. 7, 2004], 4 pp., Retrieved from the Internet: http://rw4.cs.
`uni-sb.de/~ganimal/GANIFA/page16__e-htm.
`“CS 3813: Introduction to Formal Languages and Automata—State
`Minimization and Other Algorithmsfor Finite Automata,” 3 pp., May
`11, 2003, Retrieved from the Internet: http://www.cs.msstate.
`edu/~hansen/classes/38 1 3fall0 1/slides/06Minimize.pdf.
`Watson, Bruce W., “Constructing Minimal Acyclic Deterministic
`Finite Automata,” [retrieved on Mar. 20, 2005], 38 pp., Retrieved.
`from the Internet: http://www.win.tue.nl/~watson/2R870/down-
`loads/madfa_algs.pdf.
`Chang, Chia-Hsiang, “From Regular Expressions to DFA’s Using
`Compressed NFA’s,” Oct. 1992, 112 pp., http://www.cs.nyu.edu/
`web/Research/Theses/chang__chia-hsiang.pdf.
`“Products,” Articles published on the Internet,“Revolutionary Secu-
`rity for a New Computing Paradigm”regarding SurfinGate™, 7 pp.
`“Release Notes for the Microsoft ActiveX Development Kit,’ Aug.
`13, 1996, activex.adsp.or.jp/inetsdk/readme.txt, pp. 1-10.
`Doyle, et al., “Microsoft Press Computer Dictionary,” Microsoft
`Press, 2d Edition, pp. 137-138, 1993.
`Finjan Software Ltd., “Powerful PC Security for the New World of
`Java™ and Downloadables, Surfin Shield™,” Article published on
`the Internet by Finjan Software Ltd., 2 pp. 1996.
`Finjan Sofrtware Ltd., “Finjan Announcesa Personal Java™Firewall
`for Web Browsers—the SurfinShield™ 1.6 (formerly known as
`SurfinBoard),” Press Release of Finjan Releases SurfinShield 1.6, 2
`pp., Oct. 21, 1996.
`Finjan Software Ltd., “Finjan Announces Major Power Boost and
`NewFeatures for SurfinShield™2.0,” Las Vegas Convention Center/
`Pavillion 5 P5551, 3 pp., Nov. 18, 1996.
`Finjan Software Ltd., “Finjan Software Releases SurfinBoard, Indus-
`try’s First JAVA Security Product for the World Wide Web,” Article
`published on the Internet by Finjan Software Ltd., 1 p., Jul. 29, 1996.
`Finjan Software Ltd., “Java Security: Issues & Solutions,” Article
`published on the Internet by Finjan Software Ltd., 8 pp. 1996.
`Finjan Software Ltd., CompanyProfile, “Finjan—Safe Surfing, The
`Java Security Solutions Provider,” Article published on the Internet
`by Finjan Software Ltd., 3 pp., Oct. 31, 1996.
`“IBM AntiVirus User’s Guide, Version 2.4,”, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Khare, R., “Microsoft Authenticode Analyzed” [online], Jul. 22,
`1996 [retrieved on Jun. 25, 2003], 2 pp., Retrieved from the Internet:
`http://www.xent.com/FoRK-archive/smmer96/0338 html.
`LaDue, M., Online Business Consultant: Java Security: Whose Busi-
`nessis It?, Article published on the Internet, Home PagePress,Inc.,
`4 pp., 1996.
`Microsoft, “Microsoft ActiveX Software DevelopmentKit” [online],
`Aug. 12, 1996 [retrieved on Jun. 25, 2003], pp. 1-6, Retrieved from
`the Internet: activex.adsp.or.jp/inetsdk/help/overview.htm.
`Microsoft® Authenticode Technology, “Ensuring Accountability
`and Authenticity for Software Components on the Internet,”
`Microsoft Corporation, Oct. 1996,
`including Abstract, Contents,
`Introduction, and pp. 1-10.
`
`Microsoft Corporation, Web Page Article “Frequently Asked Ques-
`tions About Authenticode,” last updated Feb. 17, 1997, printed Dec.
`23,
`1998, URL:
` http://www.microsoft.com/workshop/security/
`authcode/signfaq.asp#9, pp. 1-13.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Virus Detection,” JEEEEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`and pp. 1169-1170, URL: http://iel.ihs.com:80/cgi-bin/iel__cgi?se...
`2ehts%26ViewTemplate%3ddocview%5 fb%2ehts.
`Omura, J. K., “Novel Applications of Cryptography in Digital Com-
`munications,” JEEE Communications Magazine, pp. 21-29, May
`1990.
`Zhang, X. N., “Secure Code Distribution,” JEEEJEE Electronic
`Library online, Computer, vol. 30, Issue 6, pp. 76-79, Jun. 1997.
`D. Grune,et al., “Parsing Techniques: A Practical Guide,” John Wiley
`& Sons, Inc., New York, New York, USA,pp. 1-326, 2000.
`Scott, et al., “Abstracting Application-Level Web Security,” ACM,pp.
`396-407, 2002.
`ThunderByte Antivirus for Windows.
`InterScan VirusWall from Trend Micro.
`ViruSafe from Eliashim.
`Intel LANProtect from Intel.
`The Java Security Manager from Sun Microsystems.
`McAfee WebShield.
`McAfee WebScan.
`McAfee VirusScan.
`McAfee N etShield.
`Dr. Solomon’s Antivirus Toolkit for Windows 95.
`Dr. Solomon’s Antivirus Toolkit for Windows NT.
`Dr. Solomon’s WinGuard.
`Dr. Solomon’s Virus Guard.
`Dr. Solomon’s VirusShield.
`Dr. Solomon’s Virex.
`Dr. Solomon’s “Merlin” Anti-Virus Engine.
`Dr. Solomon’sIMcAfee “Olympus” Anti-Virus Engine.
`ActiveX Web Tutorial.
`Java FAQ (1995-1998).
`Norton AntiVirus TUfor Windows@95 User’s Guide. Published. by
`Symantec in 1995. (179 pages).
`Jaeger,at al., “Building Systemsthat Flexibly Control Downloadable
`Executable Content,’ ProceedinQs of the Sixth USENIX UNIX
`Security Symposium, Jul. 1996. (19 paQes).
`Rasmusson, Andreas and Jansson, Sverker, “Personal Security Assis-
`tance for Secure Internet Commerce,” Sep. 16, 1996. (12 pages).
`Bharat et al. Migratory Applications* Nov. 15, 1995. (10 oaoes).
`Dean, Drew,et al., “Java Security: From HotJava to Netscape and.
`Beyond,” 1996 IEEE Symposium on Security and Privacy, May 6,
`1996. (11 pages).
`Sterbenz, Andreas, An Evaluation ofthe Java Security Model,* IEEE,
`Dec. 1996. f13pages).
`Fritzinger, J. Steven, et al., Java Security,» Sun Microsystems, Dec.
`1996 (7 paQes).
`Bank Joseoh A.“Java Security,” Dec. 8, 1995. (14 paoes).
`Claunch, “Java Blocking,” http://groups.google.com/group/muc.
`lists.firewalls/msg/2a5ec02e00a37071. Sep. 25, 1996. Accessed.
`date: May 10, 2011. (2 paces).
`Chappell, ‘Understanding ActiveX and OLE: A Guide for Develop-
`ers and Managers (Strategic Technology), Sep. 1, 1996, Microsoft
`Press. (91 pages).
`Crosbie,et al., “Active Defense ofa Computer System Using Autono-
`mousAgents”. Feb. 15, 1995. (14 pages).
`“Trend Micro’s Virus Protection Added to Sun Microsystems Netra
`Internet Servers,’Business Wire, Oct. 1, 1996, available at http://
`www.cs.indiana. edu/ ~kinzler/pubs/viruswall html.
`“Symantec Announces Norton Antivirus 2.0 for Windows NT,”
`Symantec Corporation press release, Sep. 16, 1996, available at http:/
`Iwww.symantec.comlabout/news/release/article.jsp?prid=
`19960916_01.
`“Dark Avenger Mutation Engine No Threat to Protected PCs,”
`McAfee,
`Inc. press elease, May 11, 1992, available at http://
`securitydigest.org/virus/mirror/www.phreak.orgvirus1/1992/
`vinl05.191.
`
`

`

`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 5 of 29
`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 5 of 29
`
`US 8,677,494 B2
`
`Page 4
`
`(56)
`
`References Cited
`OTHER PUBLICATIONS
`
`“Dark Avenger Mutation Engine No Threat to Protected PCs,”
`McAfee,
`Inc. press elease, May 11, 1992, available at http://
`securitydigest.org/virus/mirror/www.phreak.orgvirus1/1992/
`vinl05.191.
`Gryaznov, D.O., “Scanners ofthe Year 2000: Heuristics,” Proceed-
`ingsofthe Fifth International Virus Bulletin Conference, pp. 225-234
`(1995), available at http://vxheavens.comllib/adgOO.html.
`“Symantec Announces Norton Internet Email Gateway at Internet
`World—Booth # 369 on Dec. 11, 12, and 13,” Symantec Corporation
`press release, Dec. 11, 1996, available at http:/ Iwww.symantec
`.comlabout/news/release/article.jsp?prid= 19961211_03.
`“Presenting Java,” by John Dec. (1995).
`“The Java Language Specification” by Gosling,et al. (1996).
`“The Java Programming Language,” by Ken Arnold and James Gos-
`ling (1996).
`“The Java Virtual Machine Specification,” by Tim Lindholm and
`Frank Yellin (1997).
`“ComputerViruses andArtificial Intelligence,” by David Stang (Sep.
`1995).
`“Java Security and a Firewall Extension for Authenticity Control of
`Java Applets,” by Magnus Johansson (Jan. 29, 1997).
`“Static Analysis of Programs With Application to Malicious Code
`Detection,’ by Raymond Lo (1992).
`File History for U.S. Patent No. 6,804,780.
`“Virus Detection Alternatives,” by Patrick Min (Jul. 1992).
`“Dynamic Detection and Classification of Computer Viruses Using
`General Behaviour Patterns,” by LeCharlier, et al. (Sep. 1995).
`The Giant Black Book of Computer Viruses by Mark Ludwig (1995).
`HotJava: The Security Story.
`The Java Filter.
`“A JavaFilter,” by Balfanz,et al.
`“Improved. JavaScript and Java Screening Function,” by Claunch
`(May 4, 1996).
`“New Version of Java, JavaScript, ActiveX Screening,” by Claunch
`(Jul. 3, 1996).
`“A Toolkit and Methods for Internet Firewalls,” by Ranum,et al.
`“Identifying and Controlling Undesirable Program Behaviors,” by
`Maria King.
`“PACLI’s: An Access Control List Approach to Anti-Viral Security,”
`by Wichers,et al.
`Endrijonas, Janet, Rx PC The Anti-Virus Handbook. Publishedin the
`U.S. in 1993 by TAB Books, a division of MeGraw-Hili, Inc. (201
`paQes).
`“Secure Code Distribution,” by X. Nick Zhang (Jun. 1997).
`IBM AntiVirus User’s Guide (Nov. 15, 1995).
`“Breadth of Runtime Environments and Security Make Java a Good
`Choice for the Internet” (1996).
`Omura, Jim K., “Novel Applications of Cryptography in Digital
`Communications,” IEEE Communications Magazine, pp. 21-29,
`May 1990.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Virus Detection,” IEEE/IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`and pp. 1169-1170, URL: http://iel.ihs.com:80/cgibinliel__cgi?se...
`2ehts%26ViewTemplate%o3ddocview%5 fb%2ehts.
`IBM AntiVirus User’s Guide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Leach, Norvin, et al., “IE 3.0 Applets Will Earn Certification,’ PC
`Week, vol. 13, No. 29,2 pp., Jul. 22, 1996.
`“Finjan Software Releases SurfinBoard, Industry’s First JAVA Secu-
`rity product for the World Wide Web,” Article published on the
`Internet by Finjan Software Ltd., 1 p., Jul. 29, 1996.
`“Powerful PC Security for
`the New World of JAVATM and
`Downloadables, Surfin Shield™,’ Article published on the Internet
`by Finjan Software Ltd., 2 pp. 1996.
`Microsoft® Authenticode Technology, “Ensuring Accountability
`and Authenticity for Software Components on the Internet,”
`Microsoft Corporation, including Abstract, Contents, Introduction,
`and pp. 1-10, Oct. 1996.
`
`Finjan Announcesa Personal Java™ Firewall for Web Browsers—
`the SurfinShield™ 1.6 (formerly known as SurfinBoard), Press
`Release of Finjan Releases SurfinShield 1.6, 2 pp., Oct. 21, 1996.
`CompanyProfile, “Finjan-Safe Surfing. The Java Security Solutions
`Provider,” Article published on the Internet by Finjan Software Ltd.,
`3 pp., Oct. 31, 1996.
`“Finjan Announces Major Power Boost and New Features for
`SurfinShield™2.0,” Las Vegas Convention Center/Pavilion 5 P5551,
`3 pp., Nov. 18, 1996.
`“Java Security: Issues & Solutions,” Article published onthe Internet
`by Finjan Software Ltd., 8 pp., 1996.
`“Products,” Article published on the Internet, 7 pp.
`Mark LaDue, “Online Business Consultant: Java Security: Whose
`BusinessIs It?,” Article published on the Internet, Home Page Press,
`Inc., 4 pp., 1996.
`“Frequently Asked Questions About
`Web
`Page Article,
`Authenticode,” Microsoft Corporation, last updated Feb. 17, 1997,
`printed Dec. 23, 2998, URL: http://www.microsoft.com/workshop/
`security/authcodee/signfaq.asp#9, pp. 1-13.
`Zhang, X.N., “Secure Code Distribution,’ IEEE/TEE Electronic
`Library online, Computervol. 30, Issue 6, pp. 76-79, Jun. 1997.
`Binstock, Andrew, “Multithreading, Hyper-Threading, Multipro-
`cessing: Now, What’s the Difference?,”httn:!hlv’\v\v-inteLcom!cd/
`ids!devdoQcr!asmo-na/enfl/20456.htm, Pacific Data Works, LLC,
`downloaded Jul. 7, 2008, 7 pp.
`VirexPC Version 2.0 or later from Microcom.
`AntiVirus Kit From | stAide Software.
`FluShot+ Series of Products by Ross Greenberg.
`Symantec Antivirus ofthe Mac version 3.0 orlater.
`“Synthesizing Fast Intrusion Prevention/Detection Systems From
`High-Level Specifications,” by Sekar, et al. (1999).
`Art of Computer Virus Research and Defense b Peter Szor (Feb.
`2005).
`“Process Execution Controls as a Mechanism to Ensure Consis-
`tency,” by Eugen Bacic (1990).
`“Process Execution Controls: Revisited,” by Bacic (1990).
`“A Flexible Access Control Service for Java Mobile Code,” by Cor-
`radi, et al. (2000).
`“Java Security: Issues & Solutions” (1996).
`“Microsoft Authenticode analyzed,” by Rohit Khare (Jul. 22, 1996).
`“Java Security: Whose BusinessIs It?” by Mark LaDue (1996).
`Microsoft Authenticode Technology (Oct. 1996).
`“Mobile Code Security,” by Rubin,etal.
`“Protecting Data From Malicious Software,” by Schmid,et al.
`“Security in the Large: Is Java’s Sandbox Scalable?” by Zhong,etal.
`(Apr. 1998).
`“A Domain and type Enforcement UNIX Prototype,” by Badger,etal.
`(Jun. 1995).
`“Heuristic Anti-Virus Technology,” by Frans Veldman.
`“Standards for Security in Open Systems,” by Warwick Ford (1989).
`“Secure File Transfer Over TCP/IP,” by Brown,et al. (Nov. 1992).
`“Standards in Commercial Security,” by Nick Pope.
`“X.400 Security Features,” by Tony Whyman.
`“Using CASE Tools to Improve the Security of Applications Sys-
`tems,” by Hosmer,et al. (1988).
`“Miro: Visual Specification of Security,’ by Heydon, et al. (Oct.
`1990).
`“An Evaluation ofObject-Based Programming with Visual Basic,” by
`Dukovic, et al. (1995).
`“Visual Basic 5.0 Significantly Improved,” by W. Dennis Swift (Jun.
`1997).
`“Development of an Object Oriented Framework for Design and.
`Implementation of Database Powered Distributed Web Applications
`With the DEMETERProject as a Real-Life Example,” by Goschka,
`et al. (1997).
`Detecting Unusual Program Behavior Usingthe Statistical Compo-
`nent ofthe Nextgeneration Intrusion Detection Expert System
`(NIDES), by Anderson,et al. (May 1995).
`“A Generic Virus Scanner in C++,” by Kumar,et al. (Sep. 17, 1992).
`“A Modelfor Detecting the Existence of Software Corruption in Real
`Time,” by Voas,et al. (1993).
`“Protection Against Trojan Horses by Source Code Analysis,” by
`Saito, et al. (Mar. 1993).
`
`

`

`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 6 of 29
`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 6 of 29
`
`US 8,677,494 B2
`
`Page 5
`
`
`
`
`
`OTHER PUBLICATIONS
`
`Intelligence,’
`
`by Righard
`
`(56) URL:_http://iel.ths.com:80/cgibin/ielReferences Cited and pp. 1169-1170,
`
`
`
`cgi?se .. .2ehts%26ViewTemplate%3 ddocview%5fb%ehts.
`IBM AntiVirus User’s Ouide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`“Information Agents for Automated Browsing,” by Dharap, etal.
`Leach, Norvin, et al., “IE 3.0 Applets Will Earn Certification,’ PC
`(1996).
`Week,vol. 13, No. 29, 2 pp., Jul. 22, 1996.
`“Static Analysis Virus Detection Tools for Unix Systems,” by
`Finjan Announcesa Personal Javal98 Firewall for Web Browsers—
`the SurfinShield™ 1.6 (fonnerly known as SurfinBoard), Press
`Kerchen,et al. (1990).
`Release of Finjan Releases SurfinShield 1.6,2 pp., Oct. 21, 1996.
`“Managing Trust in an Information-Labeling System,” by Blaze,et
`Web
`Page Article,
`“Frequently Asked Questions About
`al. (Nov.4, 1996).
`Authenticode,” Microsoft Corporation, last updated Feb. 17, 1997,
`List of Secure Internet Programming Publications from www.cs.
`printed Dec. 23, 1998, URL: http://www.microsoft.com/workshop/
`printceton.edu.
`security/authcodee/signfaq.asp#9, pp. 1-13.
`“A Guide to the Selection of Anti-Virus Tools and Techniques,” by
`Binstock, Andrew, “Multithreading, Hyper-Threading, Multipro-
`Polk, et al. (Dec. 2, 1992).
`cessing: Now, What’s the Difference?,” http://www.intel .com/cd/ids/
`“An Integrated Toolkit for Operating System Security,” by Rabin,et
`developer/asmo-na/eng/20456.htm, Pacific Data Works, LLC, down-
`al. (Aug. 1988).
`loaded Jul. 7, 2008,7 pp.
`“A Web Navigator With Applets in Caml,” by Francois Ronaix (May
`“Frequently Asked Questions About Authenticode,” Microsoft Cor-
`1996).
`poration, updated Feb. 17, 1997.
`“Intel Launches Virus Counterattack,” by Charles Bruno (Aug.
`“WWWProxyto Cut Off Java,” by Carl Claunch (Apr. 12, 1996).
`1992).
`“Combating Viruses Heuristically,” by Frans Veldman (Sep. 1993).
`Intel LANProtect Software User’s Guide (1992).
`“MCF: A Malicious CodeFilter,” by Lo, et al. (May 4, 1994).
`“Parents Can Get PC Cruise Control,” by George Mannes (Jul. 1996).
`Anti-Virus Tools and Techniques for Computer Systems by Polk,et
`“A New Techniques for Detecting Polymorphic Computer Viruses,”
`al. (1995).
`by Carey Nachenberg (1995).
`“Heuristic
`Scanners: Artificial
`“Dynamic Detection and Classification of Computer Viruses Using
`General Behaviour Patterns,” by LeCharlier, et al. (Jul. 2, 1995).
`Zwienenberg (Sep. 1995).
`“Towards a Testbed for Malicious Code Detection,” by Lo,
`etal.
`Intel LANProtect, 30-Day Test Drive Version User’s Manual.
`(1991).
`Slade, Robert, “Guide to Computer Viruses: How to a void Them,
`“Blocking Java Applets at the Firewall,’ by Martin,et al.
`How to Get Rid of Them, and How to Get Help” (Apr. 1996).
`Virus Detection and Elimination by Rune Skardhamar (1996).
`A Pathology of Computer Viruses by David Ferbranche (Nov. 1994).
`Computer Viruses and Anti-Virus Warfare by Jan Hruska (1992).
`Earl Boebert’s post to the greatcircle firewalls mailing list. Taken
`“Active Content Security,” by Brady, et al. (Dec. 13, 1999).
`from _http://www.greatcircle.com/lists/firewalls/archive/firewalls.
`“Low Level Security in Java,” by Frank Yellin.
`199410 (Oct. 16, 1994).
`“Email With a Mindofits Own: The Safe-Tcl Language for Enabled.
`CSL Bulletin: Connecting to the Internet: Security Considerations.
`Mail,” by Nathaniel Borenstein.
`Taken from http://csre.nist.gov/publications/nistbul/cs 193-07 txt
`“Mobile Agents: Are They a Good Idea?” by Chess,et al. (Dec. 21,
`(Jul. 1993).
`1994).
`FAQ: Interscan ViruswalL Taken from http://\veb,archive.org/web/
`“Remote Evaluation,” by Stamos, et al. (Oct. 1990).
`1997060505033 1/www..antivirus.com/faq/finterscanfaq.html
`(last
`“Active Message Processing: Messages as Messengers,” by John
`updated Aug. 8, 1996).
`Vittal (1981).
`Network Security and SunScreen SPF-100: Technical White Paper,
`“Programming Languages for Distributed Computing Systems,” by
`Sun Microsystems, 1995.
`Bal,et al. (Sep. 1989).
`“Why Do We Need Heuristics?” by Frans Veldman (Sep. 1995).
`“Scripts and Agents: The New Software High Ground,” by John
`“Leading Content Security Vendors Announce Support for Check
`Point Firewall—1.3.0; New Partners for Anti-Virus Protection, URL
`Ousterhout (Oct. 20, 1995).
`“The HotJava Browser: A White Paper”.
`Screening and Java Security,” Business Wire, Oct. 7, 1996, available
`The JavaVirtual Machine Specification, Sun Microsystems (Aug. 21,
`at http://www.allbusiness.comltechnolo gyl computernetworks-
`1995).
`computer -networksecurity 172743 15-1 html#ixzzl gkbKf4g1.
`“Security of Web Browser Scripting Languages: Vulnerabilities,
`“McAfee Introduces Web shield; Industry’s First Secure Anti-Virus
`Attacks and Remedies,” by Anupam,et al. (Jan. 1998).
`Solution for Network Firewalls: Border Network Technologies and.
`“ActiveX and Java: The Next Virus Carriers?”.
`Secure Computing to Enter into Web Shield OEM Agreements,”
`“Gateway Level Corporate Security for the New World of Java and.
`Business Wire, May 14, 1996, available at http://findarticles.comlp/
`Downloadables” (1996).
`articles/mi_mOEINIis__1996_May_ 14/ai_182834561.
`“Practical Domain and Type Enforcement for UNIX,” by Badger,et
`“Trend Micro AnnouncesVirus and Security Protection for Microsoft
`al. (1995).
`Proxy Server; Also Blocks Java Applets, ActiveX,” Business Wire,
`“A Sense of Self for Unix Processes,” by Forrest, et al. (1996).
`
`Oct. at—http://www.thefreelibrary.29, 1996, available
`
`
`
`“Antivirus Scanner Analysis 1995,” by Marko Helenius (1995).
`comlTrend+Micro+announces+virus+and+security+protection+
`fort+MicrosofL.-aOI8$ 10512.
`“State Transition Analysis: A Rule-Based Intrusion Detection
`Approach,” by Ilgun, et al. (Mar. 1995).
`Finjan’s Opposition to Websense’s Renewed Motion for Judgmentas
`“Automated Detection of Vulnerabilities in Privileged Programs by
`a Matter ofLaw, dated Dec. 21, 2012, filed in Finjan, Inc. v. Symantec
`Execution Monitoring,” by Ko, et al. (1994).
`Corp., Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS).
`Declaration of Paul Batcher Re Websense,Inc.s. Proffer of Evidence
`“Execution Monitoring of Security-Critical Programsin Distributed.
`Systems: A Specification-Based Approach,” by Ko, et al. (1997).
`Re Laches, dated.Dec. 19, 2012, filed in Finjan, Inc. v. Symantec
`“Classification and Detection of Computer Intrusions,” by Sandeep
`Corp., Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS)
`Kumar (Aug. 1995).
`(Redacted Dec. 26, 2012).
`ThunderBYTEAnti-Virus Utilities User Manual (1995).
`Opposition to Symantec’s Motion for JMOL,dated Dec. 17, 2012,
`Doyle, et al., “Microsoft Press Computer Dictionary,’ Microsoft
`filed in Finjan, Inc. v. Symantec Corp., Sophos, Inc., and Websense,
`Press, 2nd Edition, pp. 137-138,1993.
`Inc., CA. No. 10-cv-593 (OMS) (Redacted. Dec. 27, 2012).
`Schmitt, D.A., “.EXEfiles, OS-2 style’ PC Tech Journal, vol. 6, No.
`Omura, Jim K., “Novel Applications of Crypotgraphy in Digital
`11, p. 76(13), Nov. 1988.
`Communications,” IEEE Communications Magazine, pp. 21-29,
`May 1990.
`International Search Report for Application No. PCT/IB97/01626,
`dated May 14, 1999,2 pp.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Supplementary European Search Report for Application No. EP 97
`Virus Detection,’ IEEEI IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`950351, dated Nov. 17, 2004,2 pp.
`
`

`

`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 7 of 29
`Case 3:17-cv-05659-WHA Document 1-6 Filed 09/29/17 Page 7 of 29
`
`US 8,677,494 B2
`
`Page 6
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`File History for Canadian Application No. 2,275,771, 84 pp.
`File History for European Application No. 97950351.3, 58 pp.
`File History for Japanese Application No. 10-522345,48 pp.
`Lemay, Laura,et al., “Approach ofJava Language, Applet, A WT and
`Advanced Apparatus,” First Edition, 25 pp. (translated), Aug. 20,
`1996 (CS-NB-1999-00238-001).
`Order Construing the Terms of U.S. Patent Nos. 6,092,194;
`6,804,780; 7,058,822; 6,357,010; and 7,185,361,4 pp., Dec. 11,
`2007.
`PlaintiffFinjan Software, Ltd. ’s Opening Claim Construction Brief,
`38 pp., Sep. 7, 2007.
`Defendant Secure Computing Corporation’s Opening Claim Con-
`struction Brief, 46 pp., Sep. 7, 2007.
`PlaintiffFinjan Software, Ltd.
`’s Answering Claim Construction
`Brief (Public Version), 45 pp., Sep. 28, 2007.
`Defendant Secure Computing Corporation’s Responsive Claim Con-
`struction Brief (Public Version), 37 pp., Sep. 28, 2007.
`Secure Computing Corporation’s Disclosure of Prior Art Pursuant to
`35 US.c. § 282, 6 pp., Feb. 1, 2008.
`Stang, David J., “ComputerViruses andArtificial Intelligence,” Virus
`Bulletin Conference, pp. 235-257, Sep. 1995.
`Johannsen, Magnus, “Java Security and a Firewall Extension for
`Authenticity Control of Java Applets,” Thesis Proposal, Computer
`Science Department, University of Colorado at Colorado Springs, 5
`pp., Jan. 29, 1997.
`Joint Appendix offIntrinsic and Extrinsic Evidence Regarding Claim
`Construction Briefing, vol. 1, Oct. 4, 2007.
`Joint Appendix offIntrinsic and Extrinsic Evidence Regarding Claim
`Construction Briefing, vol. 2, Oct. 4, 2007.
`Final Joint Claim Construction Chart, Aug. 24, 2007.
`Joint Post-Hearing Claim Construction Chart, Oct. 30, 2007.
`Plaintiffs Trial Brief (Public Version), Jan. 14, 2008.
`Marcionek, David, “A Complete ActiveX Web Control Tutorial,”
`Available
`at
`http://www.codeproject.com/KB/COM/
`CompleteActiveX