Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 1 of 25
`
`
`
`
`
`
`
`
`
`
`
`
`
`Exhibit 9
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Exhibit 9
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 2 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 2 of 25
`
`Attorney’s Docket No.: FIN0008—DIV1
`
`PATENT
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Examiner: Ponnoreay Pich
`
`) )
`
`In Re Patent Application of:
`
`David Gruzman
`Yuval Ben-Itzhak
`
`)
`) Art Unit:
`)
`
`2435
`
`) )
`
`) )
`
`Application No: 12/814,584
`
`Filed:
`
`June 14, 2010
`
`SYSTEM AND METHOD FOR )
`INSPECTING DYNAMICALLY )
`GENERATED EXECUTABLE
`)
`CODE
`
`) )
`
`For:
`
`Mail Stop AMENDMENT
`Commissioner for Patents
`P. O. Box 1450
`
`Alexandria, VA 22313—1450
`
`AMENDMENT AND RESPONSE TO OFFICE ACTION
`
`UNDER 37 C.F.R. 1.111
`
`Sir:
`
`In response to the Office Action dated June 28, 2011,
`
`applicants respectfully request that the above-identified application be
`
`amended as follows.
`
`Atty. Docket No. FIN0008-DIV1
`
`-1-
`
`FINJAN-QUALYS 004932
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 3 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 3 of 25
`
`IN THE SPECIFICATION:
`
`Please amend paragraph [0003] of the original specification as
`
`follows:
`
`[0003]
`
`Originally computer viruses were transmitted as executable code
`
`inserted into files. As each new viruses m was discovered, a signature
`
`of the virus was collected by anti-virus companies and used from then on
`
`to detect the virus and protect computers against it. Users began
`
`routinely scanning their file systems using anti—virus software, which
`
`regularly updated its signature database as each new virus was
`
`discovered.
`
`Please amend paragraph [0008] of the original specification as
`
`follows:
`
`[0008]
`
`Assignee’s US Patent No. 6,092,194 entitled SYSTEM AND
`
`METHOD FOR PROTECTING A COMPUTER AND A NETWORK FROM
`
`HOSTILE DOWNLOADABLES, the contents of which are hereby
`
`incorporated by reference, describes gateway level behavioral analysis.
`
`Such behavioral analysis scans and parses content received at a gateway
`
`and generates a security profile for the content. A security profile is a
`
`general list or delineation of suspicious, or potentially malicious,
`
`operations that executable content may perform. The derived security
`
`profile is then compared with a security policy for the computer being
`
`protected, to determine whether or not the content’s security profile
`
`violates the computer’s security policy. A security policy is a general set
`
`of simple or complex rules, that may be applied logically in series or in
`
`parallel, which determine whether or not a specific operation is permitted
`
`Atty. Docket No. FIN0008-DIV1
`
`-2-
`
`FINJAN-QUALYS 004933
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 4 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 4 of 25
`
`or forbidden to be performed by the content on the computer being
`
`protected. Security policies are generally configurable, and set by an
`
`administrator of the computer that [[are]] i_s being protected.
`
`Please amend paragraph [0044] of the original specification as
`
`follows:
`
`[0044]
`
`The following definitions are employed throughout the
`
`specification and claims.
`
`SECURITY PGUGF POLICY — a set of one or more rules that determine
`
`whether or not a requested operation is permitted. A security policy may
`
`be explicitly configurable by a computer system administrator, or may be
`
`implicitly determined by application defaults.
`
`SECURITY PROFILE — information describing one or more suspicious
`
`operations performed by executable software.
`
`Please amend paragraph [0052] of the original specification as
`
`follows:
`
`[0052]
`
`Reference is now made to FIG. 2, which is a simplified block
`
`diagram of a system for protecting a computer from dynamically
`
`generated malicious executable code, in accordance with a preferred
`
`embodiment of the present invention. Three major components of the
`
`system are a gateway computer 205, a client computer 210, and a
`
`security computer 215. Gateway computer [[220]] E receives
`
`content from a network, such as the Internet, over a communication
`
`channel 220. Such content may be in the form of HTML pages, XML
`
`documents, Java applets and other such web content that is generally
`
`rendered by a web browser. Client computer 210 communicates with
`
`gateway computer 205 over a communication channel 225, and
`
`Atty. Docket No. FIN0008-DIV1
`
`-3-
`
`FINJAN-QUALYS 004934
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 5 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 5 of 25
`
`communicates with security computer 215 over a communication channel
`
`230. Gateway computer 205 receives data at gateway receiver 235,
`
`and transmits data at gateway transmitter 240. Similarly, client
`
`computer 210 receives data at client receiver 245, and transmits data at
`
`client transmitter 250; and security computer 215 receives data at
`
`security receiver 260 and transmits data at security transmitter 265.
`
`Please amend paragraph [0053] of the original specification as
`
`follows:
`
`[0053]
`
`It will be appreciated by those skilled in the art that the network
`
`topology of FIG. 2 is shown as a simple topology, for purposes of clarity
`
`of exposition. However, the present invention applies to general
`
`architectures including a plurality of client computers 210 that are
`
`seFV-iees serviced by one or more gateway computers 205, and by one or
`
`more security computers 215. Similarly, communication channels 220,
`
`225 and 230 may each be multiple channels using standard
`
`communication protocols such as TCP/IP.
`
`Please amend paragraph [0058] of the original specification as
`
`follows:
`
`[0058]
`
`Preferably, when call (2) is made, the substitute function sends
`
`the input to security computer 215 for inspection. Preferably, content
`
`modifier 265 also inserts program code for the substitute function into
`
`the content, or a link to the substitute function. Such a substitute
`
`function may be of the following general form shown in TABLE I.
`
`TABLE I: Generic substitute function
`
`
`Function Substitute_:function (input)
`{
`
`Atty. Docket No. FIN0008-DIV1
`
`-4-
`
`FINJAN-QUALYS 004935
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 6 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 6 of 25
`
`
`
`inspection_result = Call_security_computer_to_inspect(
`
`
`
`input, "D_o‘_ciient_computer);
`
`(inspection_resul:)
`
`Original_function(input)
`
`i:
`
` eLse
`
`//do nothing
`
`Preferably, the above function ca//_security_computer_to_inspect()
`
`passes the input intended for the original function to security computer
`
`215 for inspection by inspector 275.
`
`In addition, an [[1D]] Q of client
`
`computer 210 is also passed to security computer 215. When—seeu—rity
`
`I—Bs—Ee—eletemee—wheFe—Ee—Feturn—its—Fesuks— For example, the ID may
`
`correspond to a network address of client computer 210. When security
`
`computer 215 services many such client computers 210 at once, it uses
`
`the IDs to determine where to return each of its many results.
`
`Please amend paragraph [0062] of the original specification as
`
`follows:
`
`[0062]
`
`Content processor 270 processes the modified content
`
`generated by content modifier 265. Content processor may be a web
`
`browser running on client computer 210. When content processor
`
`invokes the substitute function call (2), the input is passed to security
`
`computer 215 for inspection. Processing of the modified content is then
`
`suspended until security computer 215 returns its inspection results to
`
`client computer 210. Upon receiving the inspection results, client
`
`computer 210 resumes processing the modified content.
`
`If
`
`inspection_result is true, then client computer 210 invokes the original
`
`function call (1); otherwise, [[the]] client computer 210 does not invoke
`
`the original function call (1).
`
`Auy.DocketNo.FIN0008-DIV1
`
`-5-
`
`FINJAN-QUALYS 004936
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 7 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 7 of 25
`
`Please amend paragraph [0065] of the original specification as
`
`follows:
`
`[0065]
`
`After determining a security profile for the input, inspector 275
`
`preferably retrieves information about permission settings for client
`
`computer 210, referred to as client computer’s “security policy”. Such
`
`permission settings are—generalH—seHay—an—adfinistrateeef—efient
`
`eem-pu-EeF-Z-LGra-nel determine which commands are permitted to be
`
`performed by content processor 270 while processing content, and which
`
`commands are not permitted. Security policies are also described in
`
`assignee’s US Patent No. 6,092,194. Security policies are flexible, and
`
`are generally set by an administrator of client computer 210. Preferably,
`
`security computer 215 has accesses to a database 280 of security profile
`
`information for a plurality of client computers. Database 280 may reside
`
`on security computer 215, or on a different computer.
`
`Please amend paragraph [0066] of the original specification as
`
`follows:
`
`[0066]
`
`By comparing the input’s security pel-iey 1m to client
`
`computer 210’s security pref-He My, input inspector 275 determines
`
`whether it is safe for client computer 210 to make the function call (1).
`
`Security computer 215 sends back to client computer 210 an indicator,
`
`inspection_resu/t, of the inspector’s determination. Comparison of a
`
`security pel-iey 1m to a security prefile My is also described in
`
`assignee’s US Patent No. 6,092,194. Security policies may include simple
`
`or complex logical tests for making a determination of whether or not an
`
`input is safe.
`
`Atty. Docket No. FIN0008-DIV1
`
`-6-
`
`FINJAN-QUALYS 004937
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 8 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 8 of 25
`
`Please amend paragraph [0071] of the original specification as
`
`follows:
`
`[0071]
`
`To this end, input inspector 275 preferably passes inputs it
`
`receives to input modifier 285, prior to scanning the input.
`
`Input
`
`modifier preferably operates similar to content modifier 265, and replaces
`
`function calls detected in the input with corresponding substitute function
`
`calls. Referring to the example above, when client computer 210 invokes
`
`the outer call to Document. write() in (5), the input [[ext]] M string
`
`“<hl>Document . write (
`
`
`
`“<hl><SCR::PT>SOme JavaScript</SCR:PT></h1>")</h1>"
`
`(6)
`
`is passed to security computer 215.
`
`Input modifier 285 detects the
`
`inner function call to Document. write() and replaces it with a
`
`corresponding substitute function call of the form (2).
`
`Input inspector
`
`275 then inspects the modified input. At this stage, if the input to the
`
`inner call to Document. writeO has not yet been dynamically generated,
`
`input inspector fl may not detect the presence of the JavaScript, and
`
`thus may not set inspection_resu/t to false if the JavaScript is malicious.
`
`However, security computer 215 returns the modified input to client
`
`computer 210. As such, when content processor 270 resumes
`
`processing, it adds the modified input into the HTML page. This
`
`guarantees that when content processor 270 begins to process the
`
`modified input, it will again invoke the substitute function for
`
`Document. write(), which in turn passes the input of the inner
`
`Document. write() call of (5) to security computer 215 for inspection.
`
`This time around input inspector 275 is able to detect the presence of the
`
`JavaScript, and can analyze it accordingly.
`
`Atty. Docket No. FIN0008-DIV1
`
`-7-
`
`FINJAN-QUALYS 004938
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 9 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 9 of 25
`
`Please amend paragraph [0076] of the original specification as
`
`follows:
`
`[0076]
`
`It may be appreciated that substitute functions as in TABLE I
`
`may also pass the name of the original function to the security computer.
`
`That is, the call to Cal/_security_computer_to_inspect() may also 1% a
`
`variable, say name_of_function, so that input inspector 275 can
`
`determine whether it is safe to invoke the specific original function with
`
`the input.
`
`In this way, input inspector 275 can distinguish between
`
`different functions with the same input.
`
`Please amend paragraph [0078] of the original specification as
`
`follows:
`
`[0078]
`
`At step 304, the gateway computer receives content from a
`
`network, the content on its way for delivery to the client computer. Such
`
`content may be in the form of an HTML web page, an XML document, a
`
`Java applet, an EXE file, JavaScript, VBScript, an ActiveX Control, or any
`
`such data container that can be rendered by a client web browser. At
`
`step 308, the gateway computer scans the content it received, for the
`
`presence of function calls. At step 312, the gateway computer branches,
`
`depending on whether or not function calls were detected at step 308.
`
`If
`
`function calls were detected, then at step [[318]] m the gateway
`
`computer replaces original function calls with substitute function calls
`
`within the content, thereby modifying the content.
`
`If function calls were
`
`not detected, then the gateway computer skips step [[318]] m. At
`
`step 320, the gateway computer sends the content, which may have
`
`been modified at step [[318]] 316, to the client computer.
`
`Atty. Docket No. FIN0008-DIV1
`
`-8-
`
`FINJAN-QUALYS 004939
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 10 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 10 of 25
`
`Please amend paragraph [0079] of the original specification as
`
`follows:
`
`[0079]
`
`At step 324 the client computer receives the content, as
`
`modified by the gateway computer. At step 328 the client computer
`
`begins to continuously process the modified content; i.e., the client
`
`computer runs an application, such as a web browser or a Java virtual
`
`machine, that processes the modified content. At step 332, whieh while
`
`processing the modified content, the client computer encounters a call
`
`(2) to a substitute function, such as the substitute function listed in
`
`TABLE I. Client computer then transmits the input to the substitute
`
`function and an identity of the client computer, to the security computer
`
`for inspection, at step 336. The identity of the client computer serves to
`
`inform the security computer where to return its inspection result. Since
`
`one security computer typically services many client computers, passing
`
`client computer identities is a way to direct the security computer where
`
`to send back its results. At this point, client computer suspends
`
`processing the modified content pending receipt of the inspection results
`
`from the security computer. As mentioned hereinabove, the client
`
`computer may also send the name of the original function to the security
`
`computer, for consideration in the inspection analysis.
`
`Please amend paragraph [0083] of the original specification as
`
`follows:
`
`[0083]
`
`At step 364 the security computer compares the security profile
`
`of the input under inspection with the security prefile my of the client
`
`computer, to determine if it is permissible for the client computer to
`
`invoke an original function with the input. Such determination may
`
`involve one or more simple or complex logical tests, structured in series
`
`Atty. Docket No. FIN0008-DIV1
`
`-9-
`
`FINJAN-QUALYS 004940
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 11 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 11 of 25
`
`or in parallel, or both, as described in assignee’s US Patent No.
`
`6,092,194.
`
`Please amend paragraph [0084] of the original specification as
`
`follows:
`
`[0084]
`
`At step 368 the security computer branches depending on the
`
`result of the comparison step 364.
`
`If the comparison step determines
`
`that the input is safe; i.e., that the input’s security profile does not violate
`
`the client computer’s security policy, then at step 372 the security
`
`computer sets an indicator of inspection results to true. Otherwise, at
`
`step 376 the security computer sets the indicator to false. At step 380
`
`the security computer returns the indicator to the client computer.
`
`In
`
`addition, if the security computer modified the input [[as]] a_t step 352,
`
`then it also returns the modified input to the client computer.
`
`Please amend paragraph [0088] of the original specification as
`
`follows:
`
`[0088]
`
`Two major components of the system, gateway computer 405
`
`and client computer 410 eemmunieatien communicate back and forth
`
`over communication channel 425. Gateway computer 405 includes a
`
`gateway receiver 435 and a gateway transmitter 440; and client
`
`computer 410 includes a client receiver 445 and a client transmitter
`
`450. Although FIG. 4 includes only one client computer, this is solely for
`
`the purpose of clarity of exposition, and it is anticipated that gateway
`
`computer 405 serves many client computers 410.
`
`Please amend paragraph [0089] of the original specification as
`
`follows:
`
`Atty. Docket No. FIN0008-DIV1
`
`-10-
`
`FINJAN-QUALYS 004941
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 12 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 12 of 25
`
`[0089]
`
`Gateway computer 405 receives content, such as web content,
`
`from a network, over eemmu—n-ieatiens communication channel 420.
`
`Client computer 410 includes a content processor 470, such as a web
`
`browser, which processes content received from the network.
`
`Atty. Docket No. FIN0008-DIV1
`
`-11-
`
`FINJAN-QUALYS 004942
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 13 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 13 of 25
`
`IN THE CLAIMS:
`
`Please substitute the following claims for the pending
`
`claims with the same number:
`
`1. (original)
`
`A system for protecting a computer from dynamically
`
`generated malicious content, comprising:
`
`a content processor (i) for processing content received over a
`
`network, the content including a call to a first function, and the call
`
`including an input, and (ii) for invoking a second function with the input,
`
`only if a security computer indicates that such invocation is safe;
`
`a transmitter for transmitting the input to the security computer
`
`for inspection, when the first function is invoked; and
`
`a receiver for receiving an indicator from the security computer
`
`whether it is safe to invoke the second function with the input.
`
`2. (currently amended)
`
`The system of claim 1 wherein said
`
`content processor (i) suspends processing of the content after said
`
`transmitter transmits the input to the security computer, and (ii) resumes
`
`processing of the med-if-ieel content after said receiver receives the
`
`indicator from the security computer.
`
`3. (currently amended)
`
`A non-transitory computer-readable
`
`storage medium storing program code for causing a computing device to:
`
`process content received over a network, the content including a
`
`call to a first function, and the call including an input;
`
`transmit the input for inspection, when the first function is
`
`invoked, and suspend processing of the content;
`
`Atty. Docket No. FIN0008-DIV1
`
`-12-
`
`FINJAN-QUALYS 004943
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 14 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 14 of 25
`
`receive an indicator of whether it is safe to invoke a second
`
`function with the input; and
`
`resume processing of the content after receiving the indicator,
`
`and invoke the second function with the input only if the indicator
`
`indicates that such invocation is safe.
`
`Atty. Docket No. FIN0008-DIV1
`
`-13-
`
`FINJAN-QUALYS 004944
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 15 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 15 of 25
`
`Please add the following new claims.
`
`4. (new)
`
`The system of claim 1 wherein the input is
`
`dynamically generated by said content processor prior to being
`
`transmitted by said transmitter.
`
`5. (new)
`
`The storage medium of claim 3 wherein the program
`
`code causes the computer device to dynamically generate the input prior
`
`to transmitting the input for inspection.
`
`6. (new)
`
`A system for protecting a computer from dynamically
`
`generated malicious content, comprising:
`
`a content processor (i) for processing content received over a
`
`network, the content including a call to a first function, and the first
`
`function including an input variable, and (ii) for calling a second function
`
`with a modified input variable;
`
`a transmitter for transmitting the input variable to a security
`
`computer for inspection, when the first function is called; and
`
`a receiver for receiving the modified input variable from the
`
`security computer.
`
`7. (new)
`
`The system of claim 6 wherein said content
`
`processor (i) suspends processing of the content after said transmitter
`
`transmits the input variable to the security computer, and (ii) resumes
`
`processing of the content after said receiver receives the modified input
`
`variable from the security computer.
`
`Atty. Docket No. FIN0008-DIV1
`
`-14-
`
`FINJAN-QUALYS 004945
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 16 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 16 of 25
`
`8. (new)
`
`The system of claim 6 wherein the input variable is
`
`dynamically generated by said content processor prior to being
`
`transmitted by said transmitter.
`
`9. (new)
`
`The system of claim 6 wherein the input variable
`
`includes a call to an additional function, and wherein the modified input
`
`variable includes a call to a modified additional function instead of the call
`
`to the additional function.
`
`10. (new)
`
`A non-transitory computer-readable storage medium
`
`storing program code for causing a computing device to:
`
`process content received over a network, the content including a
`
`call to a first function, and the first function including an input variable;
`
`transmit the input variable for inspection, when the first function
`
`is called, and suspend processing of the content;
`
`receive a modified input variable; and
`
`resume processing of the content after receiving the modified
`
`input variable, and calling a second function with the modified input
`
`variable.
`
`11. (new)
`
`The storage medium of claim 10 wherein the
`
`program code causes the computer device to dynamically generate the
`
`input variable prior to transmitting the input variable for inspection.
`
`12. (new)
`
`The storage medium of claim 10 wherein the input
`
`variable includes a call to an additional function, and wherein the
`
`Atty. Docket No. FIN0008-DIV1
`
`-15-
`
`FINJAN-QUALYS 004946
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 17 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 17 of 25
`
`modified input variable includes a call to a modified additional function
`
`instead of the call to the additional function.
`
`Atty. Docket No. FIN0008-DIV1
`
`-16-
`
`FINJAN-QUALYS 004947
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 18 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 18 of 25
`
`REMARKS
`
`Applicants’ representative has carefully studied the
`
`outstanding Office Action. The present amendment is intended to place
`
`the application in condition for allowance and is believed to overcome all
`
`of the objections and rejections made by the Examiner. Favorable
`
`reconsideration and allowance of the application are respectfully
`
`requested.
`
`Applicants have amended claims 2 and 3, and have
`
`added new claims 4 - 12. No new matter has been introduced, and
`
`support for the new and amended claims is provided below. Claims 1 —
`
`12 are presented for examination. Additionally, amendments to the
`
`specification have been made to add reference numerals from the figures,
`
`correct typographical errors and remove repetitive statements. The
`
`undersigned does not believe that new matter has been introduced by
`
`these amendments.
`
`Claim Rejections — 35 U.S.C. §112
`
`On page 2 of the Office Action, the Examiner has
`
`rejected claim 2 under 35 U.S.C. §112, second paragraph, as being
`
`indefinite. Applicants have amended this claim accordingly.
`
`Claim Rejections — 35 U.S.C. §101
`
`On pages 2 and 3 of the Office Action, the Examiner has
`
`rejected claim 3 under 35 U.S.C. §101 as being directed to non—statutory
`
`matter. Applicants have amended this claim to recite a “non-transitory
`
`computer-readable storage medium”.
`
`Atty. Docket No. FIN0008-DIV1
`
`-17-
`
`FINJAN-QUALYS 004948
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 19 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 19 of 25
`
`Claim Rejections — 35 U.S. C. §102
`
`On pages 3 and 4 of the Office Action, the Examiner has
`
`rejected claims 1 - 3 under 35 U.S.C. §102(b) as being anticipated by
`
`Albrecht, U.S. Publication No. 2001/0005889 (“Albrecht”).
`
`Brief Discussion of Prior Art
`
`Albrecht describes scanning of electronic files for
`
`computer viruses, whereby a first node that receives an electronic file
`
`conducts a dialogue with a second node that has a virus scanner. The
`
`second node identifies portions of the electronic file that the first node
`
`should transmit to the second node for scanning, and obviates the need
`
`for the first node to transmit the entire file.
`
`(Albrecht/ paragraphs [0005]
`
`— [0013]; Abstract; FIGS. 3 and 4)
`
`Response to Examiner’s Arguments
`
`The rejections of claims 1 — 3 on pages 3 and 4 of the
`
`Office will now be dealt with specifically.
`
`Claims 1, 2 and 4
`
`As to independent system claim 1, Applicants
`
`respectfully submit that the features in claim 1 of
`
`“a content processor (i) for processing content received
`
`over a network, the content including a call to a first function, and the
`
`call including an input, and (ii) for invoking a second function with
`
`the input, only if a security computer indicates that such invocation is
`
`safe”,
`
`Atty. Docket No. FIN0008-DIV1
`
`-18-
`
`FINJAN-QUALYS 004949
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 20 of 25
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 20 of 25
`
`“a transmitter for transmitting the input to the security
`
`computer for inspection, when the first function is invoked”, and
`
`“a receiver for receiving an indicator from the security
`
`computer whether it is safe to invoke the second function with the
`
`input”
`
`are neither shown nor suggested in Albrecht.
`
`In rejecting claim 1 on page 3 of the Office Action, the
`
`Examiner has cited Albrecht, paragraphs [0047] — [0049] as disclosing all
`
`of the above features. Applicants respectfully submit that none of the
`
`emphasized features are shown or suggested in Albrecht, as evidenced by
`
`the following arguments. MPEP 2143.03 states that
`
`"All words in a claim must be considered in judging the
`patentability of that claim against the prior art." In re Wilson, 424 F.2d
`1382, 1385, 165 USPQ 494, 496 (CPA 1970).
`
`I.
`
`Albrecht does not show or suggest the claimed
`
`invocation of a first function.
`
`Indeed, invocation of the electronic files, as interpreted
`
`in the framework of Albrecht, is performed at clients 2 of FIG. 1, whereas
`
`paragraphs [0047] — [0049] of Albrecht relate to protected systems 4 and
`
`virus scanning server 7 of FIG. 1. Neither of these latter computers
`
`actually invokes the electronic files.
`
`In distinction, the claimed content processor invokes
`
`the first function.
`
`II.
`
`Albrecht does not show or suggest the claimed
`
`transmitting an input of a first function to a security
`
`computer.
`
`Atty. Docket No. FIN0008-DIV1
`
`-19-
`
`FINJAN-QUALYS 004950
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 21 of 25
`Case 4:18-cv-07229—YGR Document 42-10 Filed 02/10/20 Page 21 of 25
`
`The portions of the electronic file which are transmitted
`
`are described by Albrecht as “a header portion of an electronic file or ofa
`
`block of data pointed to by a jump instruction located in the header”
`
`(Albrecht/ paragraphs [0012]).
`
`In distinction, the claimed transmitter transmits the
`
`input in a call to a first function.
`
`Because claims 2 and 4 depend from claim 1 and
`
`include additional features, Applicants respectfully submit that claims 2
`
`and 4 are not anticipated or rendered obvious by Albrecht.
`
`Accordingly claims 1, 2 and 4 are deemed to be
`
`allowable.
`
`Claims 3 and 5
`
`As to amended independent claim 3 for a computer—
`
`readable storage medium, Applicants respectfully submit that the feature
`
`in claim 3 of
`
`“storing program code for causing a computing device to:
`
`process content received over a network, the content including a call to
`
`a first function, and the call including an input; transmit the input
`
`for inspection, when the first function is invoked, and suspend
`
`processing of the content; receive an indicator of whether it is safe to
`
`invoke a second function with the input ...”,
`
`is neither shown nor suggested in Albrecht.
`
`Because claim 5 depends from claim 3 and includes
`
`additional features, Applicants respectfully submit that claim 5 is not
`
`anticipated or rendered obvious by Albrecht.
`
`Accordingly claims 3 and 5 are deemed to be allowable.
`
`Atty. Docket No. FIN0008-DIV1
`
`-20-
`
`FINJAN-QUALYS 004951
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 22 of 25
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 22 of 25
`
`Claims 6 — 9
`
`As to new independent system claim 6, Applicants
`
`respectfully submit that the features in claim 6 of
`
`“a content processor (i) for processing content received over a
`
`network,
`
`the content including a call to a first function, and the first
`
`function including an input variable, and (ii)
`
`for calling a second
`
`function with a modified input variable”,
`
`“a transmitter for transmitting the input variable to a security
`
`computer for inspection, when the first function is called”, and
`
`“a receiver for receiving the modified input variable from the
`
`security computer”
`
`are neither shown nor suggested in Albrecht.
`
`Because claims 7 — 9 depend from claim 6 and include
`
`additional features, Applicants respectfully submit that claims 7 - 9 are
`
`not anticipated or rendered obvious by Albrecht.
`
`Accordingly claims 6 - 9 are deemed to be allowable.
`
`Claims 10 — 12
`
`As to amended independent claim 10 for a computer—
`
`readable storage medium, Applicants respectfully submit that the feature
`
`in claim 10 of
`
`“program code for causing a computing device to:
`
`process content received over a network, the content including a call to a
`
`first function, and the first function including an input variable;
`
`transmit the input variable for inspection, when the first function is
`
`called, and suspend processing of the content; receive a modified input
`
`variable; and resume processing of the content after receiving the
`
`Atty. Docket No. FIN0008-DIV1
`
`-21-
`
`FINJAN-QUALYS 004952
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 23 of 25
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 23 of 25
`
`modified input variable, and calling a second function with the
`
`modified input variable”
`
`Because claims 11 and 12 depend from claim 10 and
`
`include additional features, Applicants respectfully submit that claims 11
`
`and 12 are not anticipated or rendered obvious by Albrecht.
`
`Accordingly claims 10 - 12 are deemed to be allowable.
`
`Support for New and Amended Claims in Original Specification
`
`New dependent claim 4 includes the feature that the
`
`input is dynamically generated by the content processor prior to being
`
`transmitted by the transmitter. This feature is supported in the original
`
`specification at least by paragraphs [0025], [0058], [0062] and [0091],
`
`and by FIGS. 2 and 4.
`
`New dependent claim 5 includes the feature that the
`
`program code causes the computing device to dynamically generate the
`
`input prior to transmitting the input for inspection. This feature is
`
`supported in the original specification at least by paragraphs [0025],
`
`[0079] and [0093], and by FIGS. 3 and 5.
`
`New independent claim 6 includes the feature that the
`
`content processor invokes a second function with a modified input
`
`variable, which is received by the receiver from the security computer.
`
`This feature is supported in the original specification at least by
`
`paragraphs [0060], [0063] and [0071], and by input modifier 285 of FIG.
`
`2.
`
`New dependent claim 7 includes the features that the
`
`content processor suspends processing of the content after the
`
`transmitter transmits the input variable to the security computer, and
`
`resumes processing of the content after the receiver receives the
`
`Atty. Docket No. FIN0008-DIV1
`
`-22-
`
`FINJAN-QUALYS 004953
`
`
`
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 24 of 25
`Case 4:18-cv-07229-YGR Document 42-10 Filed 02/10/20 Page 24 of 25
`
`modified input variable from the security computer. These features are
`
`supported in the original specification at
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
