`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 1 of 36
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Control Number
`Patent No.
`Inventors
`Issued
`Title
`
`Confirmation No.:
`
`90/013,016
`7,647,633
`Edery etal.
`June 12, 2010
`MALICIOUS MOBILE CODE RUNTIME MONITORING
`SYSTEM AND METHODS
`
`9521
`
`TC/Art Unit
`Examiner:
`Attorney Dckt No.
`
`3992
`Adam L,. Basehoar
`FINREXM0005
`
`Mail Stop Ex Purte Reexam
`Central Reexamination Unit
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`RESPONSE TO NON-FINAL OFFICE ACTION
`
`Sir:
`
`In response to the pending non-final Office Action dated November 19, 2013 (response
`
`due February 19, 2014 with granted extension), please consider the following remarks regarding
`
`the above-captioned patent.
`
`Amendments to the Specification begin on Page 2.
`
`Amendments to the Claims begin on Page 3,
`
`Remarks begin on Page 12.
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 2 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 2 of 36
`
`AMENDMENT TO THE SPECIFICATION
`
`Kindly replace the first paragraph of the specification on page 2 with the following:
`
`This application is a continuation of and incorporates by reference patent application Ser.
`
`No.09/861,229, filed May 17, 2001 now U.S. Pat. No. 7,058,822, which claims benefit
`
`of reference provisional application Ser. No. 60/205,591 entitled “Computer Network
`
`Malicious Code Runtime Monitoring,” filed on May 17, 2000 by inventors Nimrod
`
`Itzhak Vered, et al, This application also incorporates by reference the provisional
`
`application Ser. No. 60/205,591. This application is also a Continuation-In-Part of and
`
`hereby incorporates by reference patent application Ser. No. 09/539,667, now U.S. Pat.
`
`No. 6,804,780, entitled “System and Method for Protecting a Computer and Network
`
`from Hostile Downloadables”filed on Mar. 30, 2000 by inventor Shlomo Touboul,
`which is a continuation of U.S. patent application Ser. No. 08/964.388, now U.S. Patent
`
`No. 6,092,194, entitled "System and Method for Protecting a Computer and a Network
`
`
`from Hostile Downloadables" filed on November6, 1997 by inventor Shlomo Touboul.
`
`This application is also a Continuation-In-Part of and hereby incorporates by reference
`
`patent application Ser. No. 90/551,302 nowU.S. Pat. No. 6,480,962, entitled “System
`
`and Method for Protecting a Client During Runtime From Hostile Downloadables”, filed
`on Apr. 2000 by inventor Shlomo Touboul, which is a continuation of U.S. application
`
`Ser. No. 08/790.097, now U.S. Patent No. 6.167.520 entitled "System and Method For
`Protecting a Client From Hostile Downloadables", filed January 29, 1997 by inventor
`
`Shlomo Touboul.
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 3 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 3 of 36
`
`AMENDMENTS TO THE CLAIMS
`
`|. (Original; Rejected) A computer processor-based method, comprising:
`
`receiving, by a computer, downloadable-information;
`
`determining, by the computer, whether the downloadable-information includes executable code;
`and
`
`based upon the determination, transmitting from the computer mobile protection codeto at least
`one information-destination of the downloadable-information, if the downloadable-information
`is determined to include executable code.
`
`2. (Original; Rejected) The method of claim 1, wherein the receiving includes monitoring
`received information of an information re-communicator.
`
`3. (Original; Rejected) The method of claim 2, wherein the information re-communicatoris 4
`network server.
`
`4. (Original; Rejected) The mcthod of claim 1, whercin the determining comprises analyzing
`the downloadable-information for an included type indicator indicating an executable file type.
`
`5. (Original; Rejected) The method of claim 1], wherein the determining comprises analyzing
`the downloadable-information for an included type detector indicating an archive file that
`contains at least one executable.
`
`6. (Original; Rejected) The method of claim 1, wherein the determining comprises analyzing
`the downloadable-information for an included file type indicator and an information pattern
`corresponding to one or more information patterns that tend to be included within executable
`code.
`
`7. (Original; Rejected) The method of claim 1, further comprising receiving, by the computer,
`one or more executable code characteristics of executable code that is capable of being executed
`by the information-destination, and wherein the determining is conducted in accordance with the
`executable code characteristics.
`
`8. (Original; Not Rejected) A computer proccssor-based system for computersecurity, the
`system comprising
`
`bh
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 4 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 4 of 36
`
`an information monitor for receiving downloadable-information by a computer;
`
`a content inspection cnginc communicatively coupled to the information monitor for
`determining, by the computer, whether the downloadable-information includes executable code;
`and
`
`a protection agent engine communicatively coupled to the content inspection engine for causing
`mobile protection code (“MPC’’) to be communicated by the computerto at least one
`information-destination of the downloadable-information, if the downloadable-information is
`determined to include executable code.
`
`9. (Original; Not Rejected) The system of claim 8, wherein the information monitor intercepts
`received information received by an information re-communicator.
`
`10. (Original; Not Rejected) The system of claim 9, wherein the information re-communicator
`is a network server.
`
`11. (Original; Not Rejected) The system of claim 8, wherein the content inspection engine
`comprisesa file type detector for determining whether the downloadable-information includes a
`file type indicatorindicating an executable file type.
`
`12. (Original; Not Rejected) The system of claim 8, wherein the content inspection engine
`comprises a parser for parsing the downloadable-information and a content analyzer
`communicatively coupled to the parser for determining whcthcr onc or more downloadable-
`information elements of the downloadable-information correspond with executable code
`elements.
`
`13. (Original; Not Rejected) A processor-based system for computer security, the system
`comprising:
`
`means for receiving downloadable-information;
`
`means for determining whether the downloadable-information includes executable code; and
`
`means for causing mobile protection code to be communicatedto at least one information-
`destination of the downloadable-information, if the downloadable-information is determined to
`include executable code.
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 5 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 5 of 36
`
`14. (Original; Not Rejected) A computer program product, comprising a computer usable
`medium having a computer readable program code therein, the computer readable program code
`adapted to be executed for computer security, the method comprising:
`
`providing a system, wherein the system comprises distinct software modules, and wherein the
`distinct software modules comprise an information re-communicator and a mobile code
`executor;
`
`receiving, at the information re-communicator, downloadable-information including executable
`code; and
`
`causing mobile protection code to be executed by the mobile code executor at a downloadable-
`information destination such that one or more operations ofthe executable codeat the
`destination, if attempted, will be processed by the mobile protection code.
`
`15. (Original; Not Rejected) The method of claim 14, wherein the mobile code executoris a
`Java Virtual Machine.
`
`16. (Original; Not Rejected) The method of claim 14, wherein the mobile code executoris the
`operating system, running native code executables.
`
`17. (Original; Not Rejected) The method of claim 14, wherein the mobile code executor is a
`subsystem ofthe operating system.
`
`18. (Original; Not Rejected) The method of claim 14, wherein the mobile code executoris a
`scripting host,
`
`19. (Original; Not Rejected) The method of claim 14, wherein the re-communicatoris at least
`one of a firewall and a network server.
`
`(). (Original; Not Rejected) The method claim 14. wherein executing the mobile protection code
`at the destination causes downloadable interfaces to resourcesat the destination to be modified
`suchthat at least one attempted operation of the executable code is diverted to the mobile
`protection code.
`
`21. (Original; Not Rejected) A processor-based system for computer security, the system
`comprising:
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 6 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 6 of 36
`
`receiving means for receiving, at an information re-communicator of a computer, downloadable-
`information, including executable code; and
`
`mobile code means communicatively coupled to the receiving meansfor causing, by the
`computer, mobile protection code to be executed by a mobile code executor at a downloadable-
`information destination such that one or more operations of the executable code at the
`destination, if attempted, will be processed by the mobile protection code.
`
`22. (Original; Not Rejected) The system ofclaim 21, wherein the mobile code executoris a
`Java Virtual Machine.
`
`23, (Original; Not Rejected) The system of claim 21, wherein the mobile code executor is an
`Operating system, running native code executables.
`
`24. (Original; Not Rejected) The system of claim 21, wherein the mobile code executoris a
`subsystem of the windowsoperating system.
`
`25. (Original; Not Rejected) The system of claim 21, wherein the mobile code executor1s a
`scripting host.
`
`26. (Original; Not Rejected) The system of claim 21, wherein the re-communicatoris at least
`one of a firewall and a network server,
`
`27. (Original; Not Rejected) The system of claim 21, wherein executing the mobile protection
`codeat the destination causes downloadable interfaces to resourcesat the destination to be
`modified such that at least one attempted operation of the executable code is diverted to the
`mobile protection code.
`
`28. (Original; Rejected) A processor-based method, comprising:
`
`receiving a sandboxed package that includes mobile protection code (“MPC”) and a
`Downloadable and one or more protection policies at a computer at a Downloadable-destination;
`
`causing, by the MPC on the computer, one or more operations attempted by the Downloadable to
`be received by the MPC;
`
`receiving, by the MPC on the computer, an attempted operation of the Downloadable; and
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 7 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 7 of 36
`
`initiating, by the MPC on the computer, a protection policy corresponding to the attempted
`operation.
`
`29. (Original; Rejected) The method of claim 28, wherein the sandboxed package 1s configured
`such that the MPCis executed first, the Downloadable is executed by the MPC and the
`protection policies are accessible to the MPC.
`
`30. (Original; Rejected) The method of claim 28, wherein the causing comprises modifying, by
`the MPC,interfaces of a corresponding downloadable to resources at the destination.
`
`31. (Original; Rejected) The method of claim 30, wherein the modifying is accomplished by
`initiating a loading of the Downloadable, thereby causing a mobile code executor to provide and
`initialize the interfaces, modifying one or more interface elements to divert corresponding
`attempted Downloadable operations to the MPC,andinitiating execution of the Downloadable.
`
`32. (Original; Rejected) The method of claim 30, wherein the interfaces comprise an import
`address table (“LAT”) of a native code executable downloadable.
`
`33. (Original; Rejected) The method of claim 30, wherein modifying the interfaces installs a
`filter-driver between the downloadable and the resources.
`
`34. (Original; Not Rejected) A processor-based system for computer security, the system
`comprising:
`
`a mobile code executor on a computerfor initiating received mobile code; and
`
`a sandboxcd package capable of being rceccived andinitiated by the mobile code cxccutor on the
`computer, the sandboxed package including a Downloadable and mobile protection code
`(“MPC”) for causing one or more Downloadable operations to be intercepted by the computer
`and for processing the intercepted operations by the computer, if the Downloadable attempts to
`initiate the operations.
`
`35. (Original; Not Rejected) The system of claim 34, wherein the MPCcomprises:
`
`an MPCinstaller for causing MPC elementsto beinstalled;
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 8 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 8 of 36
`
`a Downloadable installer communicatively coupled to the MPCinstallerforinstalling the
`Downloadable;
`
`a resource access diverter communicatively coupled to the MPC installer for causing the
`Downloadable operations to be intercepted:
`
`a resource access analyzer communicatively coupled to the MPCinstaller for receiving an
`intercepted Downloadable operation and determining a protection policy corresponding to the
`intercepted Downloadable operation; and
`
`a policy enforcer communicatively coupled to the resource access analyzer for processing the
`intercepted Downloadable operation.
`
`36. (Original; Not Rejected) The system of claim 35, wherein the resource access diverter
`modifies one or more clements of an interface usable by the Downloadable to effectuate the
`Downloadable operations.
`
`37. (Original; Not Rejected) The system of claim 35, wherein the mobile code-executoris a
`Java Virtual Machine.
`
`38. (Original; Not Rejected) The system ofclaim 35, wherein the mobile code executoris an
`opcrating system, running native code cxecutables.
`
`39. (Original; Not Rejected) The system of claim 35, wherein the mobile code executoris a
`subsystem of the operating system.
`
`40. (Original; Not Rejected) The system of claim 35, wherein the mobile code executoris a
`scripting host.
`
`41. (Original; Not Rejected) A processor-based system for computer security, the system
`comprising:
`
`receiving means for receiving a sandboxed packagethat includes mobile protection code
`(“MPC”) and a Downloadable and one or more protection policies at a Downloadable-
`destination;
`
`monitoring means for causing, by the MPC, one or more operations attempted by the
`Downloadable to be received by the MPC;
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 9 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 9 of 36
`
`second receiving means receiving, by the MPC, an attempted operation of the Downloadable;
`and
`
`initiating meansforinitiating, by the MPC,a protection policy corresponding to the attempted
`operation.
`
`42. (NEW) A computer processor-based method, comprising:
`
`receiving, by a computer, multiple instances of downloadable-information, wherein at least one
`of the multiple instances of downloadable-information includes non-executable information, at
`least one of the multiple instances of downloadable-information includes executable information
`and at least one of the multiple instances of downloadable-information includes a combination of
`non-executable and executable code portions;
`
`determining, by the computer, whether each of the multiple instances of downloadable-
`information includes executable code: and
`
`based upon the determination, transmitting from the computer mobile protection codeto at least
`one information-destination of cach instance of downloadable-information that is determined to
`include executable information and each instance of downloadable information that is
`determined to include a combination of non-executable and executable code portions.
`
`
`43.(NEW) A computer processor-based method, comprising:
`
`receiving, by a server, multiple instances of downloadable-information, whercin at least one of
`the multiple instances of downloadable-information includes non-executable information,at least
`one of the multiple instances of downloadable-information includes executable information and
`
`at least one of the multiple instances of downloadable-information includes a combination of
`
`non-executable and executable code portions;
`
`
`detecting, a code detector associated with the server, whether cach of the multiple instances of by
`
`downloadable-information includes executable code; and
`
`if executable codeis detected. transmitting from the server mobile protection codeto at least one
`information-destination of each instance of downloadable-information that is determined to
`include executable information and cach instance of downloadable information that is
`determined to include a combination of non-executable and executable code portions.
`
`44, (NEW) A computer processor-bascd method, comprising:
`
`receiving, by a computer, downloadable-information:
`
`determining, by the computer, whether the downloadable-information includes executable code;
`and
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 10 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 10 of 36
`
`
`based upon the determination, transmitting from the computer mobile protection code and the
`downloadable-information to at least one information-destination of the downloadable-
`
`information, if the downloadable-information is determined to include executable code and
`
`transmitting the downloadable-information without the mobile protection code if the
`downloadable-information is determined not to include executable code.
`
`
`45. (NEW) A computer processor-based method, comprisiny:
`
`receiving, by a server, downloadable-information:
`
`detecting, by a code detector associated with the server, whether the downloadable-information
`
`includes executable code; and
`
`
`if executable code is detected. transmitting from the server mobile protection code and the
`
`downloadable-information to at least one information-destination of the downloadable-
`information.
`
`
`46. (NEW) A computerprocessor-based method, comprising:
`
`receiving, by a computer,downloadable-information;
`
`determining, by a. code detector associated with the computer, whether any portion of the
`
`downloadable-information is executable code; and
`
`
`if executable code is detected, transmitting from the computer mobile protection code and the
`
`downloadable-information to at least one information-destination of the downloadable-
`information.
`
`
`47. (NEW) A computer processor-based method, comprising:
`
`receiving, by 4 computer, downloadable-information;
`
`determining, by a content inspection engine associated with the computer, whether the
`
`downloadable-information includes executable code, wherein determining whether the
`
`downloadable-information includes executable code includes analyzing downloadable-
`
`information for operations to be executed on a computer: and
`
`based _uponthe determination, transmitting from the computer mobile protection code to at least
`
`one information-destination of the downloadable-information, ifthe downloadable-information
`
`is determined to include executable code.
`
`
`48%. (NEW) A computer processor-based system for computer security, the system comprising:
`
`an information monitor for receiving downloadable-information by a computer:
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 11 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 11 of 36
`
`a content inspection engine communicatively coupled to the information monitor for
`
`determining, the computer, whether ihe downloadable-information includes executable code, by
`
`
`wherein determining if downloadable information includes executable code includes analyzing
`the downloadable information for operations to be executed on a computer; and
`
`a protection agent engine communicatively coupled to the content inspection engine for causing
`
`mobile protection code ("MPC") to be communicated by the computerto at least one
`
`information-destination of the downloadable-intormation, if the downloadable-informationis
`determined to include executable code.
`
`
`49. (NEW) The computer processor-based system ofclaim 48, wherein the content ofthe
`
`downloadable informationis analyzed for one or more of binary information and a pattern
`
`indicative of executable code.
`
`
`50. (NEW) A computer processor-based system for computer security, the system comprising:
`a Server for receiving downloadable-information:
`
`a code detector associated with the server for detecting whether the downloadable-information
`
`includes executable code; and
`
`if executable codeis detected. transmitting from the server mobile protection code and the
`
`downloadable-information to at least one information-destination of the downloadable-
`information.
`
`
`31. (NEW) A computer processor-based system, comprising:
`
`a computer for receiving downloadable-information,
`a code detector associated with the computer for determining whether any portion of the
`
`
`downloadable-information is executable code; and
`
`if executable codeis detected. transmitting from the computer mobile protection code and the
`
`downloadable-information to at least one information-destination of the downloadable-
`
`information.
`
`
`52. (NEW) A computerprocessor-based system, comprising:
`
`a computer for recciving downloadable-information:
`
`a content inspection engine associated with the computer for determining whether the
`
`downloadable-information includes executable code, wherein determining whether the
`
`downloadable-information includes executable code includes analyzingthe downloadable-
`
`information for operations to be executed on a computer: and
`
`10
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 12 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 12 of 36
`
`
`based upon the determination, transmitting from the computer mobile protection codeto at least
`one information-deslination of the downloadable-information, if the downloadable-information
`is determined to include executable code.
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 13 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 13 of 36
`
`I,
`
`OVERVIEW
`
`REMARKS
`
`This Recxamination concernsthree prior art references, two of which arecited in the
`
`specification of U.S. Patent No. 7,647,633 (“the ‘633 Patent) and were considered during a
`
`thorough examination by Examiner Christopher Revak. Requester’s allegation of a substantial
`
`new question of patentability improperly presents the same question about the same previously
`
`considered priorart and, as such, should be rejected.
`
`One important aspect of the claimed invention is that it includes a step of determining
`
`whether the downloadable-information includes executable code.
`
`‘The prior art does not
`
`determine whether anything is executable. Ji, which is one of the references cited and
`
`distinguished in the specification of the “633 Patent, simply discloses a scanning system thatis
`
`only configured to scan known applets for potential maliciousness and does not determine
`
`whether a Downloadable contains executable code,
`
`In fact, Ji specifically teaches that it does not
`
`scan non-applets. Liu is concerned with protecting a remote sever, not aclient, and replacing
`
`Java class namesso that its remote server can generate webpages with modified content. Like i,
`
`Liu docs not determine whether a Downloadable includes exccutable code.
`
`Additionally, the prior art does not disclose receiving a sandboxed package. Ji discloses
`
`receiving a JARarchive file. A JAR archivefile is a compressed file containing other files, like
`
`a zip file, and is not a sandboxed package. The secondary reference Golan, also cited and
`
`distinguished inthe specification of the “633 Patent, fails to address Ji’s sandboxed package
`
`deficiency as Golan’s security monitor exists within a monitored web browser on a client
`
`computer and is never transmitted nor received. Moreover, a combination of Ji and Golan would
`
`yield inoperable results because the monitoring package of Ji would not function with the
`
`security monitorthat exists within Golan’s monitored web browser.
`
`For these and further reasons discussed below,this ex parte reexamination proceedingis
`
`now in condition for confirming the patentability of all of the original claims of the “633 Patent.
`
`I.
`
`STATUS
`
`A,
`
`Status of Specification
`
`The amendmentsto the specification are submitted in conjunction with Patent Owner’s
`
`Petition to Accept Unintentionally Delayed Priority Claims pursuant to 37 C.F.R. § 1.78.
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 14 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 14 of 36
`
`B.
`
`Status of the Claims
`
`The patent under reexamination, U.S. Patent No. 7,647,633 (“the ‘633 Patent”), was
`
`granted on January 12, 2010, with forty-one claims. Third-party requester (“Requester”) sought
`
`reexamination of claims 1-7 and 28-33 of the ‘633 patent. The Decision Granting Ex Parte
`
`Reexamination mailed November 19, 2013, found that a substantial new question of patentability
`
`had been raised with respect to claims 1-7 and 28-33. The Non-Final Office Action mailed
`
`November19, 2013, rejects claims 1-7 and 28-33 based on the groundslisted below. Claims &-
`
`27 and 34-41 are not subject to reexamination.
`
`Claims 42-52 are newly presented in this response. Claims 42-47 are method claims
`
`generally in the form of claim 1, claim 48 is a system claim generally in the form of claim 8 and
`
`claims 49-52 are system claims for implementing the methodsof claims 45-47. Support for the
`
`alternative and/or additional elements therein can be found in at least the following portions of
`
`the specification of the ‘633 Patent: Figures 3, 4 and 5; Column 9:10-16; Column 9:54-56;
`
`Column 12:8-12; and Column 16:19-23. As requested by the Examiners, the Patent Owner has
`
`attempted to limit the number of new claims presented, weighing the fact that the reexamination
`
`proccdures generally limit the Patent Owner’s opportunity to amend to this single instance.
`
`C.
`
`Interview Summary
`
`The undersigned wishes to thank Examiner Basehoar, Examiner Proctor and Supervisor
`
`Kosowski for extending the courtesy of an interview to the Dawn-Marie Bey, Declarant Dr.
`
`Medvidovic, Declarant Phil Hartstein and other representatives of the patent owner on February
`
`4, 2014. During the interview,all groundsof rejection listed in Section III were discussed,
`
`including each cited reference. In particular, there was substantial discussion around the fact that
`
`all of the references fail to disclose at least determining whether the received downloadable-
`
`information includes executable code. Additionally, Finjan representatives pointed out that Ji is
`
`addressed and differentiated from the claimed invention in the backgroundsection of the ‘633
`
`Patent and that claims of parent Patent No. 7,058,822, including the determining element, were
`
`held to be valid (and infringed) over Ji by the U.S. District Court of Delaware (affirmed by the
`
`Federal Circuit), Finally, the Finjan representatives highlighted the evidence of secondary
`
`considerations including licensing, commercial success, copying, and industry praise.
`
`[3
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 15 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 15 of 36
`
`Ill.
`
`GROUNDS OF REJECTION
`
`The USPTO madethe following groundsofrejection:
`
`Ground |:
`
`US Patent No. 5,983,348 (“Jr’) allegedly anticipates claims 1-3 and 28-33
`
`under 35 U.S.C. 102(e).
`
`Ground 2:
`
`Ji allegedly anticipates claims 4-7 under 35 U.S.C. 102(b),
`
`Ground 3:
`
`US Patent No. 6,058,482 (“Liu”) allegedly anticipates claims 1-3 under 35
`
`U.S.C. 102(e).
`
`Ground 4:
`
`Liu allegedly anticipates claims 4 and 7 under 35 U.S.C. 102(b).
`
`Ground 5:
`
`Ji in view of US Patent No, 5,974,549 (“Golan”) allegedly renders claims
`
`28-33 obvious under 35 U.S.C. 103(a).
`
`TV.
`
`SUMMARY OF THE CLAIMED INVENTION
`
`The claimed invention exists on aninformation recommunicator to protect network
`
`devices against security problemsoriginating from network servers providing malicious content.
`
`Once important aspect of the claimed invention is determining whether the downloadable-
`
`informationit receives includes executable code.
`
`Ideally, all executable code should be clearly
`
`marked as executable code. However, the patent identifies the growing problem where code may
`
`misidentify itself or may be obfuscated in a way to hide executable code within downloadable
`
`information. 633 Patent, 9:10-18 (where downloadable informationis “a combination of non-
`
`executable and one or more executable code portions (e.g. so-called Trojan horses that include a
`
`hostile Downloadable within a friendly one. combined, compressed or otherwise encodedfiles,
`
`etc.) [which] will likely remain undetected bya firewall or other more conventional protection
`
`systems.”). By determining whether the downloadable-information it receives includes
`
`executable code, the claimed invention protects against executable codethat is not clearly
`
`identified or otherwise obfuscated.
`
`Independent claim | of the 633 Patent requires three steps that are not disclosed or
`
`suggested by the cited references: (1) “Receiving, by a computer, downloadable-information;”
`
`(2) “Determining, by the computer, whether the downloadablc-information includes executable
`
`code;” and (3) “Based uponthe determination, transmitting from the computer mobile protection
`
`14
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 16 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 16 of 36
`
`code to at least one information-destination of the downloadable-information, if the
`
`downloadable-information is determined to include executable code.”
`
`Independent claim 2% of the *633 Patent requires four steps that are not disclosed or
`
`suggested by the cited references: (1) receiving a sandboxed package that includes mobile
`
`protection code (“MPC”) and a Downloadable and one or moreprotection policies at a computer
`
`at a Downloadable-destination; (2) causing, by the MPC on the computer, one or more
`
`operations attempted by the Downloadable to be received by the MPC;(3) receiving, by the
`
`MPCon the computer, an attempted operation of the Downloadable; and (4) initiating, by the
`
`MPCon the computer, a protection policy corresponding to the attempted operation.
`
`A.
`
`Claim 1: Determining, by the computer, whether the downloadable-
`information includes executable code
`
`The claimed invention requires determining, by the computer, whether the downloadable-
`
`information includes executable code. This determination provides an active step ofutilizing the
`
`downloadable-information received in the previous step to determine whether it includes
`
`executable code. As described in the patent, there are instances when code may misidentify
`
`itself, the code may obfuscate itself by some means,or the code may be imbedded in some
`
`unexpected place. “633 Patent, 9:10-18. Accordingly, the claimed invention describes how such
`
`obfuscated executable code can be identified by inflating compressed files (“633 Patent, 15:21-
`
`33) and parsing binary information and executable code patterns to detect executable code.
`
`(‘633 Patent, 16:16-35),
`
`B,
`
`Claim 1; Based upon the determination, transmitting from the computer
`mobile protection code to at least one information-destination of the
`downloadable-information, if the downloadable-information is determined to
`include executable code.
`
`The claimed invention also requires “based upon the determination, transmitting from the
`
`computer mobile protection code to at least one information-destination of the downloadable-
`
`information, if the downloadable-information is determined to include executable code.” As
`
`recited in the claim language, this step is required to be based on the previous determination that
`
`the downloadable-information includes executable code. By transmitting mobile protection code
`
`“based on the determination,” the claimed invention allowsfor protection against executable
`
`code that are not well recognized within downloadable information.
`
`
`
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 17 of 36
`Case 3:17-cv-05659-WHA Document 182-11 Filed 08/20/18 Page 17 of 36
`
`G.
`
`Claim 28: Receiving a sandboxed packagethat includes mobile protection
`code (“MPC”) and a Downloadable and one or more protection policies at a
`computer at a Downloadable-destination,
`
`Independent