`Case 4:18-cv-07229—YGR Document 114-2 Filed 10/01/20 Page 1 of 48
`
`EXHIBIT 1
`
`EXHIBIT 1
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 2 of 48
`Case 4:18-cv-07229—YGR Document 114-2 Filed 10/01/20 Page 2 of 48
`
`APPENDIX E
`
`
`
`
`APPENDIX E
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 3 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation
`is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`1a. All Contentions – “A system for protecting a computer…”:
`Qualys Accused Products, including Vulnerability Management, Threat Protection, Continuous
`Monitoring, Indication of Compromise, Container Security, Web App Firewall, Web App Scanning, and
`Compliance Monitoring provide computer security functionality that will protect against dynamically
`generated malicious content.
`
`1
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 4 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`2
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call
`including an input, and (ii) for
`invoking a second function
`with the input, only if a
`security computer indicates
`that such invocation is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`Qualys Accused Products include a content processor that processes downloaded web and email
`content that they receive to identify function calls that include an input that is suspicious or malicious,
`and therefore should be submitted to a security computer for emulation / scanning. The
`emulation/scanning technology can be deployed in different configurations and receives content to
`process. The content processors will identify the functions that are attempting to download potentially
`malicious files as an input to those functions or access URLs, and will send the files to be emulated
`/scanned in the security computer. The security computer will return a verdict on whether the file is
`safe to be transmitted to the end user according to the returned verdict and security policy. Further
`explanation of the first and second function and input is provided below.
`
`2
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 5 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`3
`
`1b. Contention 1 – Internet Gateway is the Content processor and the Qualys Cloud Platform and/or
`Virtual Scanner Appliances are the security computers
`The Internet Gateway is a processor of content received over a network that includes a call to a function. To
`determine whether the content is safe to invoke, it transmits the content to a security computer (Qualys
`Cloud Platform and/or Virtual Scanner Appliances) for inspection and awaits a determination whether
`invoking functions within that content is safe. The Qualys Cloud Platform and Virtual Scanner Appliances
`comprise Vulnerability Management, Threat Protection, Continuous Monitoring, Indication of Compromise,
`Container Security, Web App Firewall, Web App Scanning, and Compliance Monitoring. See analysis for
`Claim 1a. above.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`3
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 6 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`4
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation
`is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`1b. Contention 1a – Vulnerability Management is the security computer
`Vulnerability Management is a security computer since it scans content for vulnerabilities. The content
`is received from “your internal network”. A deep scan yields custom reports tracking the content’s
`vulnerabilities and indicating whether invoking the content is safe by generating remediation tickets
`whenever vulnerabilities are found.
`
`.
`
`4
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 7 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`5
`
`1b. Contention 1b – Threat Protection is the security computer
`Threat Protection is a security computer since it scans content over a network for vulnerabilities
`including zero day, public exploit, actively attacked, high lateral movement, easy exploit, high data
`loss, denial of service, no patch, malware and exploit kit. These real‐time threat indicators indicate
`whether invocation of an input is safe.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`5
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 8 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`6
`
`1b. Contention 1b – Threat Protection is the security computer (continued)
`Threat Protection provides a summary noting the total vulnerabilities by real‐time threat indicators
`(RTIs) to indicate whether an invocation of a second function in the content is safe.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`6
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 9 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`7
`
`1b. Contention 1c – Continuous Monitoring is the security computer
`Continuous Monitoring is a security computer since it scans content received over a network for
`vulnerabilities in order to mitigate vulnerabilities before they get exploited. By “calling up granular
`details” that indicate whether invocation of content functions are safe, the user can “make precise,
`informed decisions about appropriate actions to take.”
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`7
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 10 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`8
`
`1b. Contention 1d – Indication of Compromise is the security computer
`Indication of Compromise is the security computer since it scans content over a network in order
`to hunt for threats, identify suspicious process usage, and malware detection, particularly where
`the content includes a first input such as a Java process having network connections, cmd.exe
`parent process is Java, sychost.exe running outside C:/windows/system32 director, and processes
`running without an image.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with the
`input, only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with the
`input.
`
`8
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 11 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`9
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. Contention 1d – Indication of Compromise is the security computer (continued)
`Indication of Compromise provides a summary noting the indicators of whether particular
`content is vulnerable to malware attacks that therefore indicate whether an invocation of a
`second function in the content is safe.
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with the
`input, only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with the
`input.
`
`9
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 12 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`10
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. Contention 1e – Container Security is the security computer
`Container Security is a security computer that scans content received over a network because it
`“searches for images in your environment” and runs containers for “threat identification, impact
`assessment and remediation prioritizing.”
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`10
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 13 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`11
`
`1b. Contention 1e – Container Security is the security computer (continued)
`Container Security provides a summary report noting vulnerabilities trend, confirmed
`vulnerabilities, and potential vulnerabilities that indicate whether an invocation of a second
`function in the content is safe.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`11
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 14 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`12
`
`1b. Contention 1f – Web Application Firewall is the security computer
`Web Application Firewall is the security computer since it is a web app security approach that uses
`adaptive policies to determine whether a given content is safe. If it is not safe, it may “block a wide
`range of attacks such as Cross‐Site Scripting (XSS), SQL injection, Remote Command Execution, XXE
`and more with native protection,” which prevents invoking a second function.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with the
`input, only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`12
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 15 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`13
`
`1b. Contention 1g – Web Application Scanning is the security computer
`Web Application Scanning is the security computer of content received over a network since
`it is a cloud‐based service that tests web applications to identify vulnerabilities in content that
`include a call to a function, including cross‐site scripting (XSS) and SQL injection. Qualys WAS
`indicates whether invocation of functions in content is safe, such as through sending alerts to
`website owners to help prevent blacklisting and brand reputation damage.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`13
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 16 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`14
`
`1b. Contention 1h – Compliance Monitoring is the security computer
`Compliance Monitoring (or Qualys PC) is a security computer of content received over a network
`since it performs internal network scans with physical and virtual Qualys Scanner Appliances to
`monitor internal hosts, network devices, databases, and other assets for content that includes a
`call to a function. Qualys PC indicates if invocation of content functions is safe through real‐time
`compliance assessment using Qualys Cloud Agents.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`14
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 17 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`15
`
`1c. Contention 2 – Vulnerability Management is the content processor
`Vulnerability Management processes content received over a network that includes a call to a function. To
`determine whether the content is safe to invoke, it transmits the content to a security computer for inspection
`and awaits a determination whether invoking functions within that content is safe.
`
`Contention 2a – Qualys Cloud Agents are the security computers
`Vulnerability Management transmits the input to Qualys Cloud Agents to scan for vulnerabilities.
`“Vulnerabilities are found faster” and the capturing of vulnerabilities is an indicator that invocation is not safe.
`
`Contention 2b – Continuous Monitoring is the security computer
`Vulnerability Management transmits the input to Continuous Monitoring to be “proactively alerted about
`potential threats so problems can be tackled.” The alerts are indicators about whether invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`15
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 18 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`16
`
`1c. Contention 3 – Threat Protection is the content processor
`Threat Protection processes content received over a network that includes a call to a function. To determine
`whether the content is safe to invoke, it transmits the content to a security computer for inspection and awaits
`a determination whether invoking functions within that content is safe.
`
`Contention 3a – Qualys Asset Inventory is the security computer
`Threat Protection transmits the input to Qualys Asset Inventory. The cataloging of IT assets allows a flagging of
`at‐risk assets provides an indicator of whether an invocation is safe.
`
`Contention 3b – Vulnerability Management is the security computer
`Threat Protection transmits the input to Vulnerability Management for “vulnerability detection” and the
`capturing of vulnerabilities is an indicator that invocation is not safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`16
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 19 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`17
`
`1c. Contention 4 – Indication of Compromise in combination with Cloud Agent is the content processor
`Indication of Compromise (IOC) in combination with Cloud Agent processes content received over a network
`that includes a call to a function by capturing “endpoint activity on files, processes, mutant handles (mutex),
`registries, and network connections.” To determine whether the content is safe to invoke, it transmits the
`content to a security computer for inspection and awaits a determination whether invoking functions within
`that content is safe.
`
`Contention 4a – Qualys Cloud Platform is the security computer
`IOCtransmits the input to Qualys Cloud Platform for “storage, processing, and query.” The “specific event
`details” captured form an indicator whether an invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`17
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 20 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`18
`
`1c. Contention 5 – Container Security is the content processor
`Container Security processes content received over a network that includes a call to a function. To determine
`whether the content is safe to invoke, it transmits the content to a security computer for inspection and awaits a
`determination whether invoking functions within that content is safe.
`
`Contention 5a – CI/CD Tools are the security computer
`Container Security transmits the input to CI/CD Tools such as Jenkins and Bamboo for vulnerability analysis for
`images and containers and vulnerability analysis for registries, which indicate whether an invocation is safe.
`
`Contention 5b – Image Registry is the security computer
`Container Security transmits the input to Image Registry for vulnerability analysis for images and containers and
`vulnerability analysis for registries, which indicate whether an invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`18
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 21 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`19
`
`1c. Contention 6 – Web App Firewall is the content processor
`Web App Firewall processes content received over a network that includes a call to a function. To determine whether the
`content is safe to invoke, it transmits the content to a security computer for inspection and awaits a determination
`whether invoking functions within that content is safe.
`
`Contention 6a – Qualys Cloud Platform is the security computer
`Web App Firewall transmits continuous communicates with the Qualys Cloud Platform. As noted in Claim 1a and
`Contentions 1b‐1h of Claim 1b, Qualys Cloud Platform products are security computers.
`
`Contention 6b – Web App Scanning is the security computer
`Web App Firewall transmits the input to Web App Scanning. “From a single console, use WAS to detect vulnerabilities.”
`The detection of vulnerabilities is an indicator that invocation is not safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`19
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 22 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`20
`
`1c. Contention 7 – Web App Scanning is the content processor
`Web App Firewall processes content received over a network that includes a call to a function. To determine whether the
`content is safe to invoke, it transmits the content to a security computer for inspection and awaits a determination
`whether invoking functions within that content is safe.
`
`Contention 7a – Web App Firewall is the security computer
`Web App Scanning transmits the input to Web App Firewall. “From a single console, you can…rapidly protect them from
`attack with WAF.” The blocking of attacks is an indicator that invocation is not safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`20
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 23 of 48
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`21
`
`1c. Contention 8 – Compliance Monitoring is the content processor
`Vulnerability Management processes content received over a network that includes a call to a function. To
`determine whether the content is safe to invoke, it transmits the content to a security computer for inspection
`and awaits a determination whether invoking functions within that content is safe.
`
`Contention 8a – Qualys Cloud Platform is the security computer
`Compliance Monitoring transmits the input to Qualys Cloud Platform for analysis and correlation. As noted in
`Claim 1a and Contentions 1b‐1h of Claim 1b, Qualys Cloud Platform products are security computers.
`
`Contention 8b – Qualys Scanner Appliances are security computers
`Compliance Monitoring transmits the input to Qualys Scanner Applicances to launch scans and for analysis and
`correlation. The analysis yields indicators of whether an invocation is safe. As noted in Claim 1a and Contentions
`1b‐1h of Claim 1b, Qualys Cloud Platform products are security computers.
`
`Contention 8c – Cloud Agents are the security computer
`Compliance Monitoring transmits the input to Cloud Agents to launch scans and for analysis and correlation.
`The analysis yields indicators of whether an invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`21
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 114-2 Filed 10/01/20 Page 24 of 48
`
`22
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`1a. A system for protecting a
`computer from dynamically
`generated malicious
`content, comprising:
`
`1b. a content processor (i)
`for processing content
`received over a network, the
`content including a call to a
`first function, and the call
`including an input, and (ii)
`for invoking a second
`function with the input, only
`if a security computer
`indicates that such
`invocation is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving
`an indicator from the
`security computer whether
`it is safe to invoke the
`second function with the
`input.
`
`1b. All Contentions – First and Second Function and Input
`Qualys Accused Products process content received over a network. The content includes a call to a first function, where the
`call to a first function can be a number of different function calls written in HTTP (H