Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 1 of 29
`
` 
`
` 
`
` 
`
` 
`
` 
`
` 
`
`Exhibit 1
`
`

`

`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 2 of 29
`case s7-ov-6se-wi DocumMTH
`
`US008677494B2
`
`a2) United States Patent
`US 8,677,494 B2
`(10) Patent No.:
`
` Ederyet al. (45) Date of Patent: *Mar. 18, 2014
`
`
`(54) MALICIOUS MOBILE CODE RUNTIME
`MONITORING SYSTEM AND METHODS
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`(75)
`
`Inventors: Yigal Mordechai Edery, Pardesia (IL);
`Nirmrod Itzhak Vered. Goosh
`co
`Tel-Mond (IL); David R. Kroll, San
`Jose, CA (US); Shlomo Touboul,
`Kefar-Haum (IL)
`(73) Assignee: Finjan, Inc., Wilmington, DE (US)
`.
`.
`.
`.
`.
`(*) Notice:
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`USS.C. 154(b) by 0 days.
`This patent is subject to a terminal dis-
`claimer.
`
`(21) Appl. No.: 13/290,708
`(22)
`Filed:
`Noy. 7, 2011
`
`(65)
`
`Prior Publication Data
`US 2012/0117651 Al
`May 10, 2012
`
`‘att
`Related U.S. Application Data
`(63) Continuation of application No. 12/471,942, filed on
`May 26, 2009, now Pat. No. 8,079,086, which is a
`.
`(Continued)
`
`(51)
`
`(2006.01)
`(2006.01)
`(2006.01)
`
`Int. Cl.
`HOAL 29/06
`GO6F 1130
`GO6F 15/16
`(52) U.S.CL
`USPC ciccccssssessscsesssvessceesssesesessneeses 726/24; 713/175
`(58) Field of Classification Search
`None
`See application file for complete search history.
`
`4,562,305 A
`5,077,677 A
`
`/
`12/1985 Gaffney, Jr.
`12/1991 Murphyet al.
`.
`(Continued)
`FOREIGN PATENT DOCUMENTS
`0636977
`7/1994
`1021276
`7/2000
`co.
`(Continued)
`OTHER PUBLICATIONS
`Zhong,et al., “Security in the Large: is Java’s Sandbox Scalable?,”
`Seventh IEEE Symposium on Reliable Distributed Systems, pp. 1-6,
`Oct. 1998.
`
`EP
`EP
`
`(Continued)
`Primary Examiner — Christopher Revak
`(74) Attorney, Agent, or Firm — Bey & Cotropia PLLC
`(57)
`ABSTRACT
`Protection systems and methodsprovide for protecting one or
`morepersonal computers (“PCs”) and/or other intermittently
`or persistently network accessible devices or processes from
`undesirable or otherwise malicious operations of Java TN
`applets, ActiveX™ controls, JavaScript™ scripts, Visual
`Basic scripts, add-ins, downloaded/uploaded programs or
`other “Downloadables” or “mobile code” in whole or part. A
`protection engine embodimentprovides for monitoring infor-
`mation received, determining whether received information
`doesoris likely to include executable code, and if so, causes
`mobile protection code (MPC)to be transferred to and ren-
`dered operable within a destination device of the received
`information. An MPC embodiment further provides, within a
`Downloadable-destination, for initiating the Downloadable,
`enabling malicious Downloadable operation attempts to be
`received by the MPC, and causing (predetermined) corre-
`sponding operations to be executed in response to the
`attempts.
`
`18 Claims, 10 Drawing Sheets
`
`919
`\
`
`Start
`
`
`Retrieve protection parameters and form
`mabile protection code according to the
`parameters
`
`1011
`ver
`
`Rettieve protection parameters and form
`protection policies accordingta the
`parameters
`
`1043
`per
`
`
`
`
`Couple the mobile protection code,
`pratection policies and received-
`information to form a protection agent(e.g.
`MPCfirst, policies second, and RI third)
`
`1015
`
`End
`
`FINJAN-JN 003821
`
`

`

`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 3 of 29
`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 3 of 29
`
`US 8,677,494 B2
`
`Page 2
`
`Related U.S. Application Data
`a
`_
`continuation of application No. 11/370,114, filed on
`Mar. 7, 2006, now Pat. No. 7,613,926, which is a con-
`tinuation of application No. 09/861,229, filed on May
`17, 2001, now Pat. No. 7,058,822, which is a continu-
`/,
`2001,
`-
`No. 7,058,822,
`ation-in-part of application No. 09/539,667, filed on
`Mar. 30, 2000, now Pat. No. 6,804,780, which is a con-
`tinuation ofapplication No. 08/964,388,filed on Nov.6,
`1997, now Pat. No. 6,092,194, said application No.
`:
`.
`:
`:
`.
`oe
`09/861,229 is a continuation-in-part of application No.
`09/551,302,filed on Apr. 18, 2000, now Pat. No. 6,480,
`962, and a continuation of application No. 08/790,097,
`filed on Jan. 29, 1997, now Pat. No.6,167,520.
`_
`-
`oo.
`(60) Provisional application No. 60/205,591, filed on May
`17, 2000, provisional application No. 60/030,639, filed
`on Nov. 8. 1996.
`
`(56)
`
`:
`References Cited
`U.S. PATENT DOCUMENTS
`5,263,147 A
`11/1993 Franciscoet al.
`.
`5.278.901 A
`1/1994. Shieh et al.
`5,311,591 A
`5/1994 Fischer
`:
`5,319,776 A
`6/1994 Hile et al.
`3,359,659 A
`10/1994 Rosenthal
`3361359 A
`11/1994 Tajalli et al.
`3,398,196 A
`3/1995 Chambers
`3,412,717 A
`3/1995. Fischer
`5,414,833 A
`5/1995 Hershey et al.
`5,440,723 A
`8/1995 Arnoldet al.
`5,452,442 A
`9/1995 Kephart
`5,483,649 A
`1/1996 Kuznetsovet al.
`3,485,409 A
`1/1996 Gupta et al.
`5,485,575 A
`1/1996 Chesset al.
`:
`5,524,238 A
`6/1996 Miller etal.
`5,572,643 A
`11/1996 Judson oon. 709/218
`5,579,509 A
`11/1996 Furtneyetal.
`5,606,668 A
`2/1997 Shwed
`2,621,889 A
`4/1997 Lermuzeauxet al.
`5,623,600 A
`4/1997 Ji etal.
`a ‘
`ade Nobin
`5675-711 ‘A
`10/1997 Kephart et al.
`5,692,047 A
`11/1997 McManis
`5,692,124 A
`11/1997 Holdenetal.
`5,696,822 A
`12/1997 Nachenberg
`5,720,033 A
`2/1998 Deo
`5,724,425 A
`3/1998 Changetal.
`5,740,248 A
`4/1998 Fieresetal.
`5,740,441 A
`4/1998 Yellin et al.
`5,761,421 A
`6/1998 Van Hoff etal.
`5,765,030 A
`6/1998 Nachenberget al.
`5,765,205 A
`6/1998 Breslau et al.
`5,784,459 A
`7/1998 Devarakondaetal.
`5,796,952 A
`8/1998 Davis et al.
`5,805,829 A
`9/1998 Cohen et al.
`oe ‘
`loiloos pe
`5,832,208 A
`LL/1998 Chen etal.
`5,832,274 A
`11/1998 Cutler et al.
`5,850,559 A
`12/1998 Angelo etal.
`5,854,916 A
`12/1998 Nachenberg
`5,859,966 A
`1/1999 Hayman etal.
`5,864,683 A
`1/1999 Boebert et al.
`5,867,651 A
`2/1999 Dan etal.
`5,878,258 A
`3/1999 Pizi et al.
`5,881,151 A
`3/1999 Yamamoto
`3884033 A
`3/1999 Duvallet al
`5,889,943 A
`3/1999 _Jietal.
`5,892,904 A
`4/1999 Atkinsonetal.
`5,951,698 A
`9/1999 Chenetal.
`5,956,481 A
`9/1999 Walsh et al.
`5,958,050 A
`9/1999 Griffin et al.
`
`
`
`9/1999 Chenetal.
`5,960,170 A
`10/1999 Williams
`5,963,742 A
`10/1999 Nachenberg
`5,964,889 A
`10/1999 Golan
`5,974,549 A
`11/1999 Appersonet al.
`5,978,484 A
`111999 It
`3.983,348 A
`11/1999 Freund
`5,987,611 A
`5/2000 McManis
`6,070,239 A
`7/2000 Grecsek
`6,088,801 A
`7/2000 Tso etal.
`6,088,803 A
`7/2000 Touboul
`6,092,194 A
`9/2000
`Touboul
`6,125,390 A
`11/2000 Toubouletal.
`6,154,844 A
`12/2000 Touboul
`6,167,520 A
`7/2001 Mueller et al.
`6,263,442 Bl
`1/2002 Beadleet al.
`6,339,829 B1
`2/2002 Muelleret al.
`6,351,816 Bl
`7/2002 Arimilli et al.
`6,425,058 Bl
`8/9002 Arimilli et al.
`6,434,668 Bl
`8/2002 Arimilli et al.
`6,434,669 Bl
`11/2002 Touboul
`6,480,962 Bl
`11/2002 Shanklin etal.
`6,487,666 Bl
`2/2003 Devireddyetal.
`6,519,679 B2
`5/2003.
`Shaioet al.
`6,571,338 BL
`7/2003 Rosset al.
`6,598,033 B2
`11/2003 Davisetal.
`6,643,696 B2
`5/2004 Br
`1.
`6,732,179 Bl
`‘
`Towneta
`“ong
`10/2004 Touboul
`6,804,780 Bl
`7/2005.
`Simonet al.
`6,917,953 B2
`'
`or
`6/2006 Edery et al.
`7,058,822 B2
`‘
`11/2006 Porrasetal.
`7,143,444 B2
`4/2007 Gryaznov etal.
`7,210,041 BL
`12/2007 Buchthal etal.
`7,308,648 B1
`3/2008 Grabarnik etal.
`7,343,604 B2
`8/2008 Touboul
`7,418,731 B2
`11/2009 Edery et al
`7'613.926 B2
`1/2010 Edery et al.
`7'647.633 B2
`“
`,
`,
`,
`12/2011 Ederyetal. 726/24
`8,079,086 BL*
`1/2003. Gupiaet al.
`2003/0014662 Al
`4/2003. Allison
`2003/0074190 Al
`,
`5/2003 Porraset al.
`2003/0101358 Al
`4/2004 Sanin
`2004/0073811 Al
`5/2004. Rubinsteinet al.
`5004/0088425 Al
`'
`:
`5
`3/2005 Liang ctal.
`2005/0050338 Al
`/
`5
`8/2005 Sanduet al.
`2005/0172338 Al
`2/2006 Bjarnestam et al.
`2006/0031207 Al
`3/2006 Duncan et al.
`2006/0048224 Al
`3/2008 Becker etal.
`2008/0066160 Al
`8/2010 Wassonet al.
`2010/0195909 Al
`FOREIGN PATENT DOCUMENTS
`
`x
`
`EP
`EP
`JP
`Wo
`Wo
`Wo
`WO
`WO
`
`1091276
`4/2001 ee GO6F 1/00
`1132796
`9/2001
`08-263447
`10/1996
`95/27249
`10/1995
`95/33237
`12/1995
`98/2 1683
`5/1998
`2004/063948
`7/2004
`WO 2004/063948
`T2004 ccc GO6F 17/30
`OTHER PUBLICATIONS
`Rubin,et al., “Mobile Code Security,”JEEEInternet, pp. 30-34, Dec.
`1998.
`Schmid, etal. “Protecting Data From Malicious Soflware,” Proceed-
`ing ofthe 18" Annual Computer Security Applications Conference,
`pp. 1-10, 2002.
`Corradi, et al., “A Flexible Access Control Service for Java Mobile
`Code.” IEEE,pp. 356-365, 2000.
`International Search Report for Application No. PCT/IB97/01626, 3
`May
`14. 1998
`iline
`dat
`Pp.» May
`(mailing date),
`International Search Report for Application No. PCT/IL05/00915, 4
`Pp., dated Mar. 3, 2006,
`cnrt
`as:
`Written Opinion for Application No. PCT/IL05/00915, 5 pp.. dated.
`Mar. 3, 2006 (mailing date).
`International Search Report for Application No. PCT/IB01/01138, 4
`pp., Sep. 20, 2002 (mailing date).
`
`FINJAN-JN 003822
`
`

`

`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 4 of 29
`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 4 of 29
`
`US 8,677,494 B2
`
`Page 3
`
`(56)
`
`References Cited
`OTHER PUBLICATIONS
`
`Microsoft Corporation, Web Page Article “Frequently Asked Ques-
`tions About Authenticode,”last updated Feb. 17, 1997, printed Dec.
`23,
`1998, URL:
` http:/Awww.microsoft.com/workshop/security/
`authcode/signfaq.asp#9, pp. 1-13.
`International Preliminary Examination Report for Application No.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`PCT/IBO1/01138, 2 pp., dated Dec. 19, 2002.
`Virus Detection,” IEEE/IEE Electronic Library online, Electronics
`Sitaker, Kragen, “Rapid Genetic Evolution of Regular Expressions”
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`[online], Zhe MialArchive, Apr. 24, 2004 (retrieved on Dec. 7, 2004),
`and pp. 1169-1170, URL: http://iel.ths.com:80/cgi-bin/iel_cgi?se...
`5 pp., Retrieved from the Internet: http://www.mail-archive.com/
`2ehts%26ViewTemplate%3 ddocview%5 fb%2ehts.
`kragen-lol@canonical.org/msg00097 .hunl.
`Omura, J. K., “Novel Applications of Cryptography in Digital Com-
`“Lexical Analysis: DFA Minimization & Wrap Up”[online], Fall,
`munications,” IEEE Communications Magazine, pp. 21-29, May
`1990.
`2004 [retrieved on Mar. 2, 2005], 8 pp., Retrieved from the Internet:
`http://www.owlnet.rice.edu/~comp4 | 2/Lectures/LO6LexWrapup4.
`Zhang, X. N., “Secure Code Distribution,” JEEEJEE Electronic
`pdf.
`Library online, Computer, vol. 30, Issue 6, pp. 76-79, Jun. 1997.
`“Minimization of DFA”[online], [retrieved on Dec. 7, 2004], 7 pp.,
`D. Grune,et al., “Parsing Techniques: A Practical Guide,” John Wiley
`Retrieved from the Internet: http://www.cs.odu.edu/~toida/nerzic/
`& Sons, Inc., New York, New York, USA,pp. 1-326, 2000.
`390teched/regular/fa/min-fa.html.
`Scott, ct al., “Abstracting Application-Lovel Web Sccurity,”ACM,pp.
`“Algorithm: NFS -> DFA”[online], Copyright 1999-2001 [retrieved
`396-407, 2002.
`on Dec. 7, 2004], 4 pp., Retrieved from the Internet: http://rw4.cs.
`ThunderByte Antivirus for Windows.
`InterScan VirusWall from Trend Micro.
`uni-sb.de/~ganimal/GANIFA/page16_e.htin.
`ViruSafe from Eliashim.
`“CS 3813: Introduction to Formal Languages and Automata—State
`Intel LANProtect from Intel.
`Minimization and Other Algorithmsfor Finite Automata,” 3 pp., May
`11, 2003, Retrieved from the Internet: http://www.cs.msstate.
`The Java Security Manager from Sun Microsystems.
`McAfee Web Shield.
`edu/~hansen/classes/38 13fall0 1/slides/O6Minimize.pdf.
`McAfee WebScan.
`Watson, Bruce W., “Constructing Minimal Acyclic Deterministic
`McAfee VirusScan.
`Finite Automata,” [retrieved on Mar. 20, 2005], 38 pp., Retrieved
`McAfee N etShield.
`from the Internet: http://www.win.tue.nl/~watson/2R870/down-
`Dr. Solomon’s Antivirus Toolkit for Windows95.
`loads/madfa__algs.pdf.
`Dr. Solomon’s Antivirus Toolkit for Windows NT.
`Chang, Chia-Hsiang, “From Regular Expressions to DFA’s Using
`Dr. Solomon’s WinGuard.
`Compressed NFA’s,” Oct. 1992, 112 pp., http://www.cs.nyu.edu/
`Dr. Solomon’s Virus Guard.
`web/Research/Theses/chang__chia-hsiang.pdf.
`Dr. Solomon’s VirusShield.
`“Products,” Articles published on the Internet, “Revolutionary Secu-
`Dr. Solomon’s Virex.
`rity for a New Computing Paradigm”regarding SurfinGate™,7 pp.
`Dr. Solomon’s “Merlin” Anti-Virus Engine.
`“Release Notes for the Microsoft ActiveX DevelopmentKit,” Aug.
`Dr. Solomon’sIMcAfee “Olympus” Anti-Virus Engine.
`13, 1996, activex.adsp.orjp/inetsdk/readme txt, pp. 1-10.
`ActiveX Web Tutorial.
`Doyle, et al., “Microsoft Press Computer Dictionary,” Microsoft
`Java FAQ (1995-1998).
`Press, 2d Edition, pp. 137-138, 1993.
`Norton AntiVirus TUfor Windows@95 User’s Guide. Published by
`Finjan Software Ltd., “Powerful PC Security for the New World of
`Symantec in 1995. (179 pages).
`Java™ and Downloadables, Surfin Shield™,” Article published on
`Jaeger,at al., “Building Systemsthat Flexibly Control Downloadable
`the Internet by Finjan Software Ltd., 2 pp. 1996.
`Executable Content,” ProceedinQs of the Sixth USENIX UNIX
`Finjan Sofrtware Ltd., “Finjan AnnouncesaPersonal Java™ Firewall
`Security Symposium, Jul. 1996. (19 paQes).
`for Web Browsers—the SurfinShield™ 1.6 (formerly known as
`Rasmusson, Andreas and Jansson, Sverker, “Personal SecurityAssis-
`SurfinBoard),” Press Release of Finjan Releases SurfinShield 1.6, 2
`tance for Secure Internet Commerce,” Sep. 16, 1996. (12 pages).
`pp., Oct. 21, 1996.
`Bharat et al. Migratory Applications Nov. 15, 1995. (10 oaoes).
`Dean, Drew,et al., “Java Security: From HotJava to Netscape and
`Finjan Software Ltd., “Finjan Announces Major Power Boost and
`Beyond,” 1996 IEEE Symposium on Security and Privacy, May6,
`NewFeatures for SurfinShield™ 2.0,’ Las Vegas Convention Center/
`1996. (11 pages).
`Pavillion 5 P5551, 3 pp., Nov. 18, 1996.
`Sterbenz, Andreas, An Evaluation ofthe Java Security Model,* IEEE,
`Finjan Software Ltd., “Finjan Software Releases SurfinBoard, Indus-
`Dec. 1996. f13pages).
`try’s First JAVA Security Product for the World Wide Web,”Article
`Fritzinger, J. Steven, et al., Java Security,» Sun Microsystems, Dec.
`published on the Internet by Finjan Software Ltd., 1 p., Jul. 29, 1996.
`1996 (7 paQes).
`Finjan Software Ltd., “Java Security: Issues & Solutions,” Article
`Bank Joseoh A.“Java Security,” Dec. 8, 1995. (14 paoes).
`published on the Internet by Finjan Software Ltd., 8 pp. 1996.
`Claunch, “Java Blocking,” http://groups.google.com/group/muc.
`Finjan Software Ltd., CompanyProfile, “Finjan—Safe Surfing, The
`lists.firewalls/msg/2a5ec02cO00a37071. Sep. 25, 1996. Accessed
`Java Security Solutions Provider,’ Article published on the Internet
`date: May 10, 2011. (2 paces).
`by Finjan Software Ltd., 3 pp., Oct. 31, 1996.
`Chappell, ‘Understanding ActiveX and OLE: A Guide for Develop-
`“IBM AntiVirus User’s Guide, Version 2.4,”, International Business
`ers and Managers (Strategic Technology), Sep. 1, 1996, Microsoft
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Press. (91 pages).
`Khare, R., “Microsoft Authenticode Analyzed” [online], Jul. 22,
`Crosbie,et al., “Active Defense ofa Computer System Using Autono-
`1996 [retrieved on Jun, 25, 2003], 2 pp., Retrieved from the Internet:
`mous Agents”. Feb. 15, 1995, (14 pages).
`http://www.xent.com/FoRK-archive/smmer96/0338 html.
`“Trend. Micro’s Virus Protection Added to Sun Microsystems Netra
`LaDue, M., Online Business Consullant: Java Securily: Whose Busi-
`Internet Servers,’Business Wire, Oct. 1, 1996, available at http://
`www.cs.indiana. edu/ ~kinzler/pubs/viruswall html.
`nessis It?, Article published on the Internet, Home PagePress, Inc.,
`4 pp., 1996.
`“Symantec Announces Norton Antivirus 2.0 for Windows NT,”
`Symantec Corporation pressrelease, Sep. 16, 1996, available at http:/
`Microsoft, “Microsoft ActiveX Software DevelopmentKit”[online],
`Iwww.symantec.comlabout/news/release/article.jsp?prid=
`Aug. 12, 1996 [retrieved on Jun. 25, 2003], pp. 1-6, Retrieved from
`19960916_O1.
`the Internet: activex.adsp.orjp/inetsdk/help/overview.htm.
`“Dark Avenger Mutation Engine No Threat to Protected PCs,”
`Microsoft® Authenticode Technology, “Ensuring Accountability
`McAfee,
`Inc. press elease, May 11, 1992, available at http://
`and Authenticity tor Software Components on the Internet,’
`securitydigest.org/virus/mirror/www.phreak.orgvirus1/1992/
`Microsoft Corporation, Oct. 1996,
`including Abstract, Contents,
`vinl05.191.
`Introduction, and pp. 1-10.
`
`FINJAN-JN 003823
`
`

`

`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 5 of 29
`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 5 of 29
`
`US 8,677,494 B2
`
`Page 4
`
`(56)
`
`References Cited
`OTHER PUBLICATIONS
`
`to Protected PCs,”
`“Dark Avenger Mutation Engine No Threat
`McAfee,
`Inc. press elease, May 11, 1992, available at http://
`securitydigest.org/virus/mirror/www.phreak.orgvirus 1/1992/
`vinl05.191.
`Gryaznov, D.O., “Scanners ofthe Year 2000: Heuristics,” Procced-
`ings ofthe Fifth International Virus Bulletin Conference, pp. 225-234
`(1995), available at http://vxheavens.comllib/adgOO.html.
`“Symantec Announces Norton Internet Email Gateway at Internet
`World—Booth #369 on Dec. 11, 12, and 13,” Symantec Corporation
`press release, Dec. 11, 1996, available at http:/ Iwww.symantec
`.comlabouUnews’telease/arlicle.jsp?prid= 1996121103.
`“Presenting Java,” by John Dec. (1995).
`“The Java Language Specification” by Gosling,et al. (1996).
`“The Java Programming Language,” by Ken Arnold and James Gos-
`ling (1996).
`“The Java Virtual Machine Specification,’ by Tim Lindholm and
`Frank Yellin (1997).
`“ComputerViruses and Artificial Intelligence,” by David Stang (Sep.
`1995).
`“Java Security and a Firewall Extension for Authenticity Control of
`Java Applets,” by Magnus Johansson (Jan. 29, 1997).
`“Static Analysis of Programs With Application to Malicious Code
`Detection,” by Raymond Lo (1992).
`File History for U.S. Patent No. 6,804,780.
`“Virus Detection Alternatives,” by Patrick Min (Jul. 1992).
`“Dynamic Detection and Classification of Computer Viruses Using
`General Behaviour Patterns,” by LeCharlier, et al. (Sep. 1995).
`The Giant Black Book of Computer Viruses by Mark Ludwig (1995).
`HotJava: The Security Story.
`The Java Filter.
`“A Java Filter,” by Balfanz,et al.
`“Improved JavaScript and Java Screening Function,” by Claunch
`(May4, 1996).
`“New Version of Java, JavaScript, ActiveX Screening,” by Claunch
`(Jul. 3, 1996).
`“A Toolkit and Methodsfor Internet Firewalls,” by Ranum,etal.
`“Identifying and Controlling Undesirable Program Behaviors,” by
`Maria King.
`“PACLI’s: An Access Control List Approach to Anti-Viral Security,”
`by Wichers,etal.
`Endrijonas, Janet, Rx PC The Anti-Virus Handbook. Published in the
`U.S. in 1993 by TAB Books,a division of McGraw-Hili, Inc. (201
`paQes).
`“Secure Code Distribution,” by X. Nick Zhang (Jun. 1997).
`IBMAntiVirus User’s Guide (Nov. 15, 1995).
`“Breadth of Runtime Environments and Security Make Java a Good
`Choice for the Internet” (1996).
`Omura, Jim K., “Novel Applications of Cryptography in Digital
`Communications,” IEEE Communications Magazine, pp. 21-29,
`May 1990.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Virus Detection,” IEEE/IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`and pp. 1169-1170, URL: http://iel.ihs.com:80/cgibinliel__cgi?se...
`2ehts%26ViewTemplate’o3ddocview%5fb%2ehts.
`IBMAntiVirus User’s Guide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995,
`Leach, Norvin, et al., “IE 3.0 Applets Will Earn Certification,’ PC
`Week, vol. 13, No. 29,2 pp., Jul. 22, 1996.
`“Finjan Software Releases SurfinBoard, Industry’s First JAVA Secu-
`rity product for the World Wide Web,” Article published on the
`Internet by Finjan Software Ltd., 1 p., Jul. 29, 1996.
`“Powerful PC Security for
`the New World of JAVATM and
`Downloadables, Surfin Shield™,” Article published on the Internet
`by Finjan Software Ltd., 2 pp. 1996.
`Microsoft® Authenticode Technology, “Ensuring Accountability
`and Authenticity tor Software Components on the Internet,’
`Microsoft Corporation, including Abstract, Contents, Introduction,
`and pp. 1-10, Oct. 1996.
`
`Finjan Announcesa Personal Java™ Firewall for Web Browsers—
`the SurfinShield™ 1.6 (formerly known as SurfinBoard), Press
`Release of Finjan Releases SurfinShield 1.6, 2 pp., Oct. 21, 1996.
`CompanyProfile, “Finjan-Safe Surfing. The Java Security Solutions
`Provider,” Article published on the Internet by Finjan Software Ltd.,
`3 pp., Oct. 31, 1996.
`“Finjan Announces Major Power Boost and New Features for
`SurfinShield™2.0,” Las Vegas Convention Center/Pavilion 5 P5551,
`3 pp., Nov, 18, 1996.
`“Java Security: Issues & Solutions,” Article published on the Internet
`by Finjan Software Ltd., 8 pp., 1996.
`“Products,” Article published on the Internet, 7 pp.
`Mark LaDue, “Online Business Consultant: Java Security: Whose
`BusinessIs It?,” Article published on the Internet, Home PagePress,
`Inc., 4 pp., 1996.
`“Frequently Asked Questions About
`Web
`Page Article,
`Authenticode,” Microsoft Corporation, last updated Feb. 17, 1997,
`printed Dec. 23, 2998, URL: http://www.microsoft.com/workshop/
`security/authcodee/signfaq.asp#9, pp. 1-13.
`Zhang, X.N., “Secure Code Distribution,’ IEEE/IEE Electronic
`Library online, Computervol. 30, Issue 6, pp. 76-79, Jun. 1997.
`Binstock, Andrew, “Multithreading, Hyper-Threading, Multipro-
`cessing: Now, What’s the Difference?,”httn:!hlv’\v\v-inteLcom!cd/
`ids!devdoQcr!asmo-na/enfl/20456.htm, Pacific Data Works, LLC,
`downloaded Jul. 7, 2008, 7 pp.
`VirexPC Version 2.0 or later from Microcom.
`AntiVirus Kit From | stAide Software.
`FluShot+ Series of Products by Ross Greenberg.
`Symantec Antivirus ofthe Mac version 3.0 orlater.
`“Synthesizing Fast Intrusion Prevention/Detection Systems From
`High-Level Specifications,” by Sekar, et al. (1999).
`Ast of Computer Virus Research and Defense b Peter Szor (Feb.
`2005).
`“Process Execution Controls as a Mechanism to Ensure Consis-
`tency,” by Eugen Bacic (1990).
`“Process Execution Controls: Revisited,” by Bacic (1990).
`“A Flexible Access Control Service for Java Mobile Code,” by Cor-
`radi, et al. (2000).
`“Java Security: Issues & Solutions” (1996).
`“Microsoft Authenticode analyzed,” by Rohit Khare (Jul. 22, 1996).
`“Java Security: Whose Business Is It?” by Mark LaDue (1996).
`Microsoft Authenticode Technology (Oct. 1996).
`“Mobile CodeSecurity,” by Rubin,etal.
`“Protecting Data From Malicious Software,” by Schmid,et al.
`“Security in the T .arge: Is Java’s Sandbox Scalable?” by Zhong,etal.
`(Apr. 1998).
`“A Domain and type Enforcement UNIX Prototype,” by Badger,etal.
`(Jun. 1995).
`“Heuristic Anti-Virus Technology,” by Frans Veldman.
`“Standards for Security in Open Systems,” by Warwick Ford (1989).
`“Secure File Transfer Over TCP/IP,” by Brown,et al. (Nov. 1992).
`“Standards in Commercial Security,” by Nick Pope.
`“X.400 Security Features,” by Tony Whyman.
`“Using CASE Tools to Improve the Security of Applications Sys-
`tems,” by Hosmer, et al. (1988).
`“Miro: Visual Specification of Security,’ by Heydon, ct al. (Oct.
`1990).
`“An Evaluation ofObject-Based ProgrammingwithVisual Basic,” by
`Dukovic, et al. (1995).
`“Visual Basic 5.0 Significantly Improved,” by W. Dennis Swift (Jun.
`1997).
`“Development of an Object Oriented Framework for Design and
`Implementation of Database Powered Distributed Web Applications
`With the DEMETERProject as a Real-Life Example.” by Goschka,
`et al. (1997).
`Detecting Unusual Program Behavior Using the Statistical Compo-
`nent ofthe Nextgeneration Intrusion Detection Expert System
`(NIDES), by Anderson,et al. (May 1995).
`“A Generic Virus Scanner in C++,” by Kumar,et al. (Sep. 17, 1992).
`“A Modelfor Detecting the Existence of Software Corruption in Real
`Time,” by Voas, et al. (1993).
`“Protection Against ‘lrojan Horses by Source Code Analysis,” by
`Saito, et al. (Mar. 1993).
`
`FINJAN-JN 003824
`
`

`

`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 6 of 29
`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 6 of 29
`
`US 8,677,494 B2
`
`Page 5
`
`
`
`
`
`OTHER PUBLICATIONS
`
`(56) URE:—http://iel.ihs.com:80/cgibin/ielReferences Cited and pp. 1169-1170,
`
`
`
`cgi?se .. .2ehts%26ViewTemplate%3ddocview%5fb%ehts.
`IBM AntiVirus User’s Ouide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`“Information Agents for Automated Browsing,” by Dharap,et al.
`Leach, Norvin, et al., “IE 3.0 Applets Will Earn Certification,” PC
`(1996).
`Week, vol. 13, No. 29, 2 pp., Jul. 22, 1996.
`“Static Analysis Virus Detection Tools for Unix Systems,” by
`Finjan Announces a Personal Java198 Firewall for Web Browsers—
`the SurfinShield™ 1.6 (fonnerly known as SurfinBoard), Press
`Kerchen, ot al. (1990).
`Release of Finjan Releases SurfinShield 1.6,2 pp., Oct. 21, 1996.
`“Managing Trust in an Information-Labcling System,” by Blaze, ct
`Web
`Page Article,
`“Frequently Asked Questions About
`al. (Nov. 4, 1996).
`Authenticode,” Microsoft Corporation, last updated Feb. 17, 1997,
`List of Secure Internet Programming Publications from www.cs.
`printed Dec. 23, 1998, URL: http://www.microsoft.com/workshop/
`printceton.edu.
`security/authcodee/signfaq.asp#9, pp. 1-13.
`“A Guide to the Selection of Anti-Virus Tools and Techniques,” by
`Binstock, Andrew, “Multithreading, Hyper-Threading, Multipro-
`Polk, et al. (Dec. 2, 1992).
`cessing: Now, What’s the Difference?,” http: //www.intel.com/cd/ids/
`“An Integrated Toolkit for Operating System Securily,” by Rabin,et
`developer/asmo-na/eng/20456.hum, Pacific DataWorks, LLC, down-
`al. (Aug. 1988).
`loaded Jul. 7, 2008,7 pp.
`“A Web Navigator With Applets in Caml,” by Francois Ronaix (May
`“Frequently Asked Questions About Authenticode,” Microsoft Cor-
`1996).
`poration, updated Feb. 17, 1997.
`“Intel Launches Virus Counterattack,” by Charles Bruno (Aug.
`“WWWProxyto Cut Off Java,” by Carl Claunch (Apr. 12, 1996).
`1992).
`“Combating Viruses Heuristically,” by Frans Veldman (Sep. 1993).
`Intel LANProtect Software User’s Guide (1992).
`“MCF: A Malicious CodeFilter,’ by Lo, et al. (May 4, 1994).
`“Parents Can Get PC Cruise Control.” by George Mannes(Jul. 1996).
`Anti-Virus Tools and Techniques for Computer Systems by Polk, et
`“A New Techniques for Detecting Polymorphic Computer Viruses,”
`al. (1995).
`by Carey Nachenberg (1995).
`“Heuristic
`Scanners: Artificial
`“Dynamic Detection and Classification of Computer Viruses Using
`General Behaviour Patterns,” by LeCharlier, et al. (Jul. 2, 1995),
`Zwienenberg (Sep. 1995).
`“Towards a Testbed for Malicious Code Detection,” by Lo, et al.
`Intel LANProtect, 30-Day Test Drive Version User’s Manual.
`(1991).
`Slade, Robert, “Guide to Computer Viruses: How to a void Them,
`“Blocking Java Appletsat the Firewall,” by Martin,et al.
`Howto Get Rid of Them, and How to Get Help” (Apr. 1996).
`Virus Detection and Elimination by Rune Skardhamar (1996).
`A Pathology of Computer Viruses by David Ferbranche (Nov. 1994).
`Computer Viruses and Anti-Virus Warfare by Jan Hruska (1992).
`Earl Boebert’s post to the greatcircle firewalls mailing list. Taken
`“Active Content Security,” by Brady,et al. (Dec. 13, 1999).
`from _http://www.greatcircle.com/lists/firewalls/archive/firewalls.
`“LowLevel Security in Java,” by Frank Yellin.
`199410 (Oct. 16, 1994).
`“Email With a Mind ofits Own: The Safe-Tcl Language for Enabled
`CSL Bulletin: Connecting to the Internet: Security Considerations.
`Taken from http://csrc.nist.gov/publications/nistbul/cs193-07 txt
`Mail,” by Nathaniel Borenstein.
`(Jul. 1993).
`“Mobile Agents: Are They a Good Idea?” by Chess, et al. (Dec. 21,
`1994).
`FAQ: Interscan ViruswalL Taken from http://\veb,archive.org/web/
`“Remote Evaluation,” by Stamos, et al. (Oct. 1990).
`1997060505033 1 /www..antivirus.com/faq/finterscanfaq.html
`(last
`“Active Message Processing: Messages as Messengers,” by John
`updated Aug. 8, 1996).
`Vittal (1981).
`Network Security and SunScreen SPF-100: Technical White Paper,
`“Programming Languagesfor Distributed Computing Systems,” by
`Sun Microsystems, 1995,
`Bal,et al. (Sep. 1989).
`“Why Do We Need Heuristics?” by Frans Veldman (Sep. 1995).
`“Scripts and Agents: The New Software High Ground,” by John
`“Leading Content Security Vendors Announce Support for Check
`Point Firewall—1.3.0; New Partners for Anti-Virus Protection, URT.
`Ousterhout (Oct. 20, 1995).
`“The HotJava Browser: A White Paper”.
`Screening and Java Security,” Business Wire, Oct. 7, 1996, available
`The JavaVirtual Machine Specification, Sun Microsystems (Aug. 21,
`at http://www.allbusiness.comltechnolo gyl computernetworks-
`1995).
`computer -networksecurity 172743 15-1 html#ixzzl gkbKf4e¢1.
`“Security of Web Browser Scripting Languages: Vulnerabilities,
`“McAfee Introduces Web shield; Industry’s First Secure Anti-Virus
`Attacks and Remedies,” by Anupam,et al. (Jan. 1998).
`Solution for Network Firewalls: Border Network Technologies and
`“ActiveX and Java: The Next Virus Carriers?”.
`Secure Computing to Enter into Web Shield OEM Agreements,”
`“Gateway Level Corporate Security for the New World of Java and
`Business Wire, May 14, 1996, available at http://findarticles.comlp/
`Downloadables” (1996).
`articles/mi_mOEINIis_1996_May_ 14/ai_182834561.
`“Practical Domain and Type Enforcement for UNIX,” by Badger,et
`“Trend Micro AnnouncesVirus and Security Protection for Microsoft
`al. (1995).
`Proxy Server; Also Blocks Java Applets, ActiveX,” Business Wire,
`“A Sense of Self for Unix Processes,” by Forrest, et al. (1996).
`
`Oct. at—http://www.thefreelibrary.29, 1996, available
`
`
`
`“Antivirus Scanner Analysis 1995,” by Marko Helenius (1995).
`comlTrend+Micro+announces+virus+and+security+protection+
`for+MicrosofL.-aOI88105 12.
`“State Transition Analysis: A Rulc-Based Intrusion Detection
`Approach,” by Ilgun,et al. (Mar. 1995).
`Tinjan’s Opposition to Websense’s Renewed Motion for Judgmentas
`“Automated. Detection of Vulnerabilities in Privileged. Programs by
`a Matter ofLaw, dated Dec. 21, 2012,filed in Finjan, Inc. v. Symantec
`Execution Monitoring,” byKo,et al. (1994).
`Corp., Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS).
`Declaration of Paul Batcher Re Websense,Inc.s. Proffer of Evidence
`“Execution Monitoring of Security-Critical Programsin Distributed
`Systems: A Specification-Based Approach,” by Ko,et al. (1997).
`Re Laches, dated.Dec. 19, 2012, filed in Finjan, Inc. v. Symantec
`“Classificalion and Detection of Computer Intrusions,” by Sandeep
`Corp., Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS)
`Kumar (Aug. 1995).
`(Redacted Dec. 26, 2012).
`ThunderBYTEAnti-Virus Utilities User Manual (1995).
`Opposition to Symantec’s Motion for JMOL, dated Dec. 17, 2012,
`Doyle, et al., “Microsoft Press Computer Dictionary,” Microsoft
`filed in Finjan, Inc. v. Symantec Corp., Sophos, Inc., and Websense,
`Press, 2nd Edition, pp. 137-138,1993.
`Inc., CA. No. 10-cv-593 (OMS) (Redacted Dec. 27, 2012).
`Schmitt, D.A., “.EXEfiles, OS-2 style,’ PC Tech Journal, vol. 6, No.
`Omura, Jim K., “Novel Applications of Crypotgraphy in Digital
`LL, p. 76(13), Nov. 1988.
`Communications,” IEEE Communications Magazine, pp. 21-29,
`May 1990.
`International Search Report for Application No. PCT/IB97/01626,
`dated May 14, 1999,2 pp.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Supplementary European Search Report for Application No. EP 97
`Virus Detection,” IEEEI IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`950351, dated Nov. 17, 2004.2 pp.
`
`Intelligence,”
`
`by Righard
`
`FINJAN-JN 003825
`
`

`

`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 7 of 29
`Case 3:17-cv-05659-WHA Document 110-2 Filed 06/15/18 Page 7 of 29
`
`US 8,677,494 B2
`
`Page 6
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`File History for Canadian Application No. 2,275,771, 84 pp.
`File History for European Application No. 97950351.3, 58 pp.
`File History for Japanese Application No. 10-522345,48 pp.
`Lemay, Laura,et al., “Approach ofJava Language, Applet, A WT and.
`Advanced Apparatus,” First Edition, 25 pp. (translated), Aug. 20,
`1996 (CS-NB-1999-00238-001).
`Order Construing the Terms of U.S. Patent Nos. 6,092,194;
`6,804,780; 7,058,822; 6,357,010; and 7,185,361,4 pp.. Dec. 11,
`2007.
`PlaintiffFinjan Software, Ltd. ’s Opening Claim Construction Brief,
`38 pp., Sep. 7, 2007.
`Defendant Secure Computing Corporation’s Opening Claim Con-
`struction Brief, 46 pp., Sep. 7, 2007.
`PlaintiffFinjan Software, Ltd.
`’s Answering Claim Construction
`Brief (Public Version), 45 pp., Sep. 28, 2007.
`Defendant Secure Computing Corporation’s Responsive Claim Con-
`struction Brief (Public Version), 37 pp., Sep. 28, 2007.
`Secure Computing Corporation’s Disclosure of Prior Art Pursuant to
`35 US.c. § 282, 6 pp., Feb. 1, 2008.
`Stang, David J,, “ComputerViruses and Artificial Intelligence,” Virus
`Bulletin Conference, pp. 235-257, Sep. 1995.
`Johannsen, Magnus, “Java Security and a Firewall Extension for
`Authenticity Control of Java Applets,” Thesis Proposal, Computer
`Science Department, University of Colorado at Colorado Springs, 5
`pp., Jan. 29, 1997.
`Joint Appendix ofIntrinsic and Extrinsic Evidence Regarding Claim
`Construction Briefing, vol. 1, Oct. 4, 2007.
`Joint Appendix offIntrinsic and Extrinsic Evidence Regarding Claim
`Construction Briefing, vol. 2, Oct. 4, 2007.
`Final Joint Claim Construction Chart, Aug. 24, 2007.
`Joint Post-Hearing Claim Construction Chart, Oct. 30, 2007.
`P