Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 1 of 12
`
` 
`
` 
`
` 
`
` 
`
` 
`
` 
`
`Exhibit 4
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 2 of 12
`Case 4:18-cv-07229-YGR Docum11l1|111||||fllfllll111111|flfll| llflllflfillfllfllllllfilll
`
`USOO6965968B1
`
`(12) United States Patent
`(10) Patent N0.:
`US 6,965,968 B1
`
`Touboul
`(45) Date of Patent:
`Nov. 15, 2005
`
`(54) POLICY-BASED CACHING
`
`(75)
`
`Inventor:
`
`Shlomo Touboul, Kefar-Haim (IL)
`
`(73) Assignee: Finjan Software Ltd., Netanya (IL)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`v
`.
`a
`U'S‘C‘ 154(b) by 190 ddyb‘
`
`1
`(21) Appl' No" 111/3711le
`.
`.
`,
`(22)
`Filed‘
`Feb 27 2003
`
`Int. Cl.7 ............................................... G06F 12/00
`(51)
`(52) US. Cl.
`........................ 711/118; 711/114, 709/229
`58
`F'
`ld f S
`h
`711/114 118'
`(
`)
`1e
`0
`earc
`................................
`, 70:) 229,
`/
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`5,077,677 A
`5,359,659 A
`5,361,359 A
`5,485,409 A
`5,485,575 A
`5,572,643 A
`5,606,668 A
`5,623,600 A
`5,638,446 A
`5,692,047 A
`5,692,124 A
`5,720,033 A
`5,724,425 A
`5,740,248 A
`5,761,421 A
`5,765,205 A
`5,784,459 A
`5,796,952 A
`5,805,829 A
`5,832,208 A
`5,850,559 A
`5,859,966 A
`5,864,683 A
`5,892,904 A
`5,951,698 A
`
`12/1991 Murphy et al.
`10/1994 Rosenthal
`11/1994 Tajalll et al.
`1/1996 Gupta et al.
`1/1996 Chess et al.
`11/1996 Judson
`2/1997 Sliwed
`4/1997 Ji et al.
`6/1997 Rubin
`11/1997 McManis
`11/1997 Holden et al.
`2/1998 Deo
`3/1998 Chang et al.
`4/1998 Fieres et al.
`6/1998 van Hoff et al.
`6/1998 Breslau et al.
`7/1998 Devarakonda et al.
`8/1998 Davis et al.
`9/1998 Cohen et al.
`11/1998 Chen et al.
`12/1998 Angelo et al.
`1/1999 Hayman et al.
`1/1999 Boebert et al.
`4/1999 Atkinson et al.
`9/1999 Chen et al.
`
`9/1999 Walsh et al.
`5,956,481 A
`10/1999 Golan
`5,974,549 A
`11/1999 Apperson et al.
`5,978,484 A
`5,983,348 A * 11/1999 Ji
`............................... 713/200
`6,092,194 A
`7/2000 Touboul
`6,154,844 A
`11/2000 Touboul et al.
`
`123000 T011b9u1
`69167920 A
`3332;
`1211111111161‘11'
`2:13:22: 21
`T1111] 16 a .
`,
`»
`,
`8/2002 Arimilli et al.
`6,434,669 B1
`11/2002 Touboul
`6,480,962 B1
`2/2003 Devireddy et al.
`6,519,679 B2
`8/2004 McClain et al.
`............ 709/229
`6,772,214 B1 *
`OTHER PUBLICATIONS
`
`.
`.
`.
`“
`.
`.NOYel fpphcanons Of CFYPFOgraPhY 1“
`”PK omura’
`Digital Communications , IEEE Communications Maga-
`Zine, May, 1990; PP~ 2129
`Okamoto, E. et al., “ID-Based Authentication System For
`Computer Virus Detection”, IEEE/IEE Electronic Library
`online, Electronics Letters, vol. 26, Issue 15, ISSN 15, ISSN
`0013-5194, Jul. 19, 1990, Abstract and pp. 1169-1170.
`URL:http://iel.ihs.com:80/cgi-bin/ielicgi7se...
`2ehts%26VieWTemplate%3ddocview%5fb%2ehts.
`
`(Continued)
`
`Primary Examiner—Mano Padmanabhan
`Assistant Examiner—Duc T Doan
`
`(74) Attorney, Agent, or Firm—Eitan Law Group
`
`(57)
`
`ABSTRACT
`
`Apolicy-based cache manager, including a memory storing
`a cache of digital content, a plurality of policies, and a policy
`index to the cache contents,
`the policy indeX indicating
`allowable cache content for each of a plurality of policies, a
`content scanner for scanning a digital content received, to
`derive a corresponding content profile, and a content evalu-
`ator for determining Whether a given digital content
`is
`allowable relative to a given policy, based on the content
`profile. A method is also described and claimed.
`
`38 Claims, 2 Drawing Sheets
`
`
`
`
`mummmzm.1
`mm m 3mm
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`FINJAN-QUALYS 003936
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 3 of 12
`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 3 of 12
`
`US 6,965,968 B1
`
`Page 2
`
`OTHER PUBLICATIONS
`
`IBM AntiVirus User’s Guide Version 2.4, International
`Business Machines Corporation, Nov. 15, 1995, p. 6-7.
`Norvin Leach et al, “IE 3.0 Applets Will Earn Certification”,
`PC Week, vol. 13, No. 29, Jul. 22, 1996, 2 pages.
`“Finjan Software Releases SurfinBoard, Industry’s First
`JAVA Security Product For the World Wide Web”, Article
`published on the Internet by Finj an Software Ltd., Jul. 29,
`1996, 1 page.
`“Powerful PC Security for the New World of JavaTM and
`Downloadables, Surfin ShieldTM” Article published on the
`Internet by Finjan Software Ltd., 1996, 2 pages.
`Microsoft® Authenticode Technology, “Ensuring Account-
`ability and Authenticity for Software Components on the
`Internet”, Microsoft Corporation, Oct. 1996,
`including
`Abstract, Contents, Introduction and pp. 1-10.
`“Finjan Announces a Personal JavaTM Firewall For Web
`Browsers—the SurfinShieldTM 1.6 (formerly known as
`SurfinBoard)”,
`Press Release
`of
`Finjan Releases
`SurfinShield 1.6, Oct. 21, 1996, 2 pages.
`Company Profile “Finjan—Safe Surfing, The Java Security
`Solutions Provider” Article published on the Internet by
`Finjan Software Ltd., Oct. 31, 1996, 3 pages.
`“Finjan Announces Major Power Boost and New Features
`for SurfinShieldTM 2.0” Las Vegas Convention Center/
`Pavilion 5 P5551, Nov. 18, 1996, 3 pages.
`
`“Java Security: Issues & Solutions” Article published on the
`Internet by Finjan Software Ltd., 1996, 8 pages.
`“Products” Article published on the Internet, 7 pages.
`Mark LaDue, “Online Business Consultant: Java Security:
`Whose Business is It?” Article published on the Internet,
`Home Page Press, Inc. 1996, 4 pages.
`Ron Moritz, “Why We Shouldn’t Fear Java. ” Java Report,
`Feb., 1997, pp. 51-56.
`Web Page Article “Frequently Asked Questions About
`Authenticode”, Microsoft Corporation, last updated Feb. 17,
`1997, Printed Dec. 23, 1998. URL: http://wwwmicrosoft.
`com/workshop/security/authcode/signfaq.asp#9, pp. 1-13.
`Zhang, X.N.,
`“Secure Code Distribution”,
`lEEE/IEE
`Electronic Library online, Computer, vol. 30, Issue 6, Jun.,
`1997, pp.: 76-79.
`Khare, Rohit, “Microsoft Authenticode Analyzed”, Jul. 22,
`1996, 2 pages. URL: http://www.xent.com/FoRK-archive/
`summer96/0338.html.
`“Release Notes for the Microsoft ActiveX Development
`Kit”, Aug. 13, 1996, 11 pages. URL: http://activeX.adsp.or.
`jp/inetsdk/readme.txt.
`“Microsoft ActiveXSoftware Development Kit”, Aug. 12,
`1996, 6 pages. URL: http://activeX.adsp.or.jp/inetsdk/help/
`overview.htm.
`
`* cited by examiner
`
`FINJAN-QUALYS 003937
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 4 of 12
`Case 4:18-cv-07229—YGR Document 42-5 Filed 02/10/20 Page 4 of 12
`
`US. Patent
`
`Nov. 15, 2005
`
`Sheet 1 0f 2
`
`US 6,965,968 B1
`
`ONH
`
` WEBSERVER
` PROFILE
`EVALUATOR
`
` SCANNER
`
`
`CONTENT
`
`CONTENTCONTENT
` CONTENTFTLTER
`
`
`
`PROFTLE
`
`
`GETCONTENT
`PERMITTED?
`
`
` POLICY-BAEDCACHE
`INDEX
`‘7POLICYC
`
`
`CACHEMANAGER
`3")I‘
`
`
`
`'S‘TSWIWLTAI
`
`..nnnnnnI.ITITlT..llllllllllllllllllT
`
`
`PROXYSERVER
`
`
`
`
`'I'I'I'I'I'IHII'I‘:
`
`A'A'A'AVA'A'AvL'Avva'AI:1"
`AVAVAVAVAVAVAVAVAVAVA
`
`
`
`FIG.1
`
`FINJAN-QUALYS 003938
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 5 of 12
`Case 4:18-cv-07229—YGR Document 42-5 Filed 02/10/20 Page 5 of 12
`
`US. Patent
`
`Nov. 15, 2005
`
`Sheet 2 0f 2
`
`US 6,965,968 B1
`
`|‘———_ WEB CLIENT —‘t‘—— CACHE MANAGER ——’l‘¥ CONTENT FILTER —I1
`
`210
`205
`IS CONTENT #1
`
`
` USER A REQUESTS
`ALREADY AVAILABLE
`CONTENT #1
`
`IN CACHE?
`
`
`
`220
`REQUEST CONTENT #1
`REQUEST CONTENT #1
`FROM CONTENT FILTER
`FROM WEB SERVER
`
`
`
`
`
`S THERE AN ALLOWABILIT
`
`LINK FROM USER'S POLICY A
`RECEIVE CONTENT m
`225
`
`
`TO CONTENT #1?
`FROM WEB SERVER
`
`
`
` 230
`SET ALLOWABILITY POINTER
`
` MOVE CONTENT#1 TO CACHE
`FROM POLICY A TO CONTENT #1
`
`
`260
`
`
`
`
`USER RECEIVES
`REQUESTED
`CONTENT
`
`SEND CONTENT #1
`
`
`SCAN CONTENT #1 TO
`235
`
`FROM CACHE TO USER
`DETERMINE ITS PROFILE
`
`
`240
`S THERE A NONVALLOWAEILI
`‘
`COMPARE PROFILE WITH
`USER'S POLICY A
`LINK FROM USER'S POLICY A
`
`
`
`
`
`TO CONTENT #1?V
`
`
`SET NON ALLOWABILITY
`245
` IS CONTENT #1
`
`PERMITTED UNDER
`
`POINTER FROM POLICY A
`
`
`POLICY A?
`
`TO CONTENT #1
`
`
`
`
`260
`USER DOES NOT
`RECEIVE REQUESTED
`
`CONTENT
`
`
`
`DO NOT SEND CONTENT #1 TO
`
`USER
`
`
`
`
`
`
`
`ASK FILTER TO DETERMINE
`IF CONTENT #1 IS PERMITTED
`
`
`
`UNDER POLICY A?
`
`
`
`FIG,2
`
`FINJAN-QUALYS 003939
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 6 of 12
`Case 4:18-cv-07229—YGR Document 42-5 Filed 02/10/20 Page 6 of 12
`
`US 6,965,968 B1
`
`1
`POLICY-BASED CACHING
`
`FIELD OF THE INVENTION
`
`The present invention relates to cache management and
`content filtering.
`
`BACKGROUND OF THE INVENTION
`
`Conventional caching is used to avoid repeating the same
`computations or the same data transmission. Familiar Inter-
`net browsers cache web pages so that these pages do not
`have to be re-transmitted when a user returns to view the
`
`same page a second time. The advantage of caching is
`readily noticed, as the first time a user navigates to a web
`page, it typically takes a few seconds for his browser to
`render the page, yet when a user returns to the same web
`page, for example, by clicking on a “Back” button, the page
`is re-rendered immediately. This happens because the user’s
`Internet browser typically caches the web page after it is
`received from a web server, so that the second time around
`the page is already available on the user’s computer for
`rendering.
`Caching is also used by proxy servers, which are inter-
`mediaries between servers on the Internet and a local net—
`
`work of client computers. Proxy servers are often requested
`to deliver the same web pages to multiple client computers,
`and thus proxy caching makes it possible to deliver web
`pages quickly, the second time they are requested.
`Caching is also used by computational processors, to save
`intermediate results that would otherwise need to be com-
`
`puted repeatedly. For example, if a computational expres-
`sion repeatedly includes a term sin(_x), then such term can be
`cached so that it does not need to be calculated more than
`
`once. Many compilers are able to parse source code and
`determine efficient intermediate results to cache.
`
`Caching is also used in conjunction with content control,
`used to control what content is delivered to client computers.
`Content control
`typically operates by filtering incoming
`content according to a “policy” that includes one or more
`rules. For example, URL filtering is used to block “unde—
`sirable" web pages from being delivered. Often the deter-
`mination of what is undesirable is set by a user or by a
`computer system administrator. In this regard, a policy is the
`set of rules that determine what URLs to allow or not allow
`
`to pass through the filter, and typically only allowable URLs
`are cached.
`
`A shortcoming of conventional caching as used in con-
`junction with content control is the inability to support more
`than one policy. That is, once content gets through a first
`policy, it is cached, and then it is readily available to users
`governed by a second policy, even if the second policy
`would not have allowed the content to pass through the filter.
`Using conventional caching, workarounds include dis-
`abling the cache, which defeats the advantages of caching,
`or using multiple caches, one cache per distinct policy,
`which suffers from redundancy since the same content will
`typically be stored in multiple caches.
`
`SUMMARY OF THE INVENTION
`
`The present invention provides a method and system for
`enabling a single cache to serve as multiple caches. With
`respect
`to content control,
`the present invention enables
`management of a single cache so as to control content
`relative to a plurality of policies. Using the present inven—
`
`15
`
`25
`
`35
`
`4o
`
`45
`
`50
`
`55
`
`6O
`
`65
`
`2
`tion, a single cache appears transparently as multiple caches;
`e.g., a policyAcache, a policy B cache and a policy C cache.
`The present invention enhances conventional caching by
`including a policy—based index, which is a data structure
`indicating allowability of cached content relative to a plu-
`rality of policies. Using the policy-based index of the present
`invention, a cache manager can check whether cached
`content is allowable for a different user than the original user
`who requested it, and thus block cached content from being
`delivered to users for whom it is not allowed.
`
`The present invention has many diverse applications. In
`conjunction with content control systems, for example, the
`present invention is advantageous inter alia for URL filter-
`ing, e-mail anti-spam filtering, anti-virus protection and
`malicious mobile code protection systems. In conjunction
`with document management systems, the present invention
`is advantageous inter alia for document protection, version
`control and data encryption. In conjunction with file man-
`agement systems,
`the present
`invention is advantageous
`inter alia for file protection and file sharing. In conjunction
`with multimedia systems, the present invention is advanta—
`geous inter alia for cable and satellite broadcasting, video on
`demand, streaming audio and video, and access to still
`imagery.
`It may thus be appreciated that the present invention
`provides breakthrough technology for cache management.
`There is thus provided in accordance with a preferred
`embodiment of the present invention a policy-based cache
`manager, including a memory storing a cache of digital
`content, a plurality of policies, and a policy index to the
`cache contents, the policy index indicating allowable cache
`content for each of a plurality of policies, a content scanner
`for scanning a digital content received, to derive a corre-
`sponding content profile, and a content evaluator for deter-
`mining whether a given digital content is allowable relative
`to a given policy, based on the content profile.
`There is further provided in accordance with a preferred
`embodiment of the present invention a method for policy-
`based caching,
`including receiving a user request for a
`digital content, the user having associated therewith a policy
`from among a plurality of policies, determining based on a
`cache, whether the requested digital content
`is already
`available, determining based on a policy index of the cache
`contents, whether the requested digital content is allowable
`for the user, if the determining based on a cache indicates
`that the data content is already available in the cache, and
`determining based on a profile of the requested data content,
`whether the requested data content
`is allowable for the
`user’s policy, if the determining based on the policy index is
`non-conclusive.
`
`There is yet further provided in accordance with a pre-
`ferred embodiment of the present invention a computer-
`readable storage medium storing program code for causing
`a computer to perform the steps of receiving a user request
`for a digital content, the user having associated therewith a
`policy from among a plurality of policies, determining based
`on a cache, whether the requested digital content is already
`available, determining based on a policy index of the cache
`contents, whether the requested digital content is allowable
`for the user, if the determining based on a cache indicates
`that the data content is already available in the cache, and
`determining based on a profile of the requested data content,
`whether the requested data content
`is allowable for the
`user’s policy, if the determining based on the policy index is
`non—conclusive.
`
`FINJAN-QUALYS 003940
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 7 of 12
`Case 4:18-cv-07229—YGR Document 42-5 Filed 02/10/20 Page 7 of 12
`
`US 6,965,968 B1
`
`3
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The present invention will be more fully understood and
`appreciated from the following detailed description, taken in
`conjunction with the drawings in which:
`FIG. 1 is a simplified block diagram for a cache manager
`that provides policy-based caching, in accordance with a
`preferred embodiment of the present invention; and
`FIG. 2 is a simplified flowchart for use of a policy—based
`cache, in accordance with a preferred embodiment of the
`present invention.
`
`DETAILED DESCRIPTION OF A PREFERRED
`EMBODIMENT
`
`The present invention provides a novel cache manage-
`ment method and system, for enabling policy-based caching.
`Specifically,
`the cache manager of the present invention
`manages a single cache as if it were multiple caches, each
`cache corresponding to a different policy.
`Reference is now made to FIG. 1, which is a simplified
`block diagram for a cache manager that provides policy-
`based caching, in accordance with a preferred embodiment
`of the present invention. Shown in FIG. 1 is a web client 110,
`which typically requests web pages from the Internet, the
`web pages having links to static content, such as GIF and
`JPEG images, and to active content, such as Java applets and
`ActiveX controls. The web pages and the static and active
`content referenced therein are located on one or more web
`servers 120.
`
`For many networks, a proxy server 130 acts as an inter-
`mediary between web server 120 and web client 110. Use of
`a proxy server provides for efficiency in delivery, and for
`control over allowable content. An important component of
`proxy server 130 is a cache 140 of stored content, and a
`cache manager 150 for managing access to cache 140. Cache
`manager 150 stores content received from web servers 120
`within cache 140, so that such content is readily available for
`transmission when it is subsequently requested by web client
`110 or by another web client.
`Thus when proxy server 130 receives a request from web
`client 110 for content, it preferably first checks whether the
`requested content is already stored in cache 140, and, if so,
`transmits the content directly from cache 140, obviating the
`need to first request and receive the content from web server
`120.
`
`In accordance with a preferred embodiment of the present
`invention, proxy server 130 generally includes a content
`filter 160, used to block content from being transmitted to
`web client 110. Content filter 160 may be, for example, a
`URL filter used to block URL’s that have undesirable
`content, or spam. Content
`filter 160 may also be,
`for
`example, an anti-virus filter that blocks content known to
`contain a computer virus therewithin. Content filter 160 may
`also be a pro-active security filter, such as described in
`applicant’s US. Pat. Nos. 6,092,194, 6,154,844, 6,167,520
`and 6,480,962, the contents of which are hereby incorpo—
`rated by reference. Such a security filter scans incoming
`mobile code to determine a security profile therefor, the
`security profile indicating suspicious operations performed
`by the mobile code.
`Generally speaking, content filter 160 is a module that
`includes a content scanner 170 for scanning incoming con-
`tent, and a content evaluator 180 for determining whether or
`not the content is allowable, based on a policy. The policy
`may, for example, indicate which URL’s are to be blocked,
`or which computer viruses are known and should thus be
`
`15
`
`25
`
`35
`
`4o
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`blocked, or which suspicious operations are permitted. Typi-
`cally, content scanner 170 scans received content and deter-
`mines a profile therefor, so that content evaluator 180 can
`determine allowability of content by comparing the content
`profile to a policy. In general, content scanner 170 produces
`a content profile as output, from a digital content as input;
`and content evaluator 180 produces a Boolean yes/no result
`as output, from a profile and a policy as input.
`It may be appreciated by those skilled in the art that
`content evaluator may operate directly on a digital content as
`input, and not require use of a profile. This may happen in
`situations where the allowability of the content is readily
`determinable from the content itself.
`
`In accordance with a preferred embodiment of the present
`invention, different policies may apply to different users.
`Thus a policy Amay apply to a first group of users, a policy
`B may apply to a second group of users, and a policy C may
`apply to a third group of users. Conventional cache manag-
`ers cannot enforce more than one policy.
`Consider, for example, a given content that is allowable
`according to policy A but not allowable according to policy
`B, If a first user, governed by policy A, initially requests the
`content from web server 120, then content filter 160 would
`allow the content, and proxy server 130 would deliver it to
`the first user and cache it. If a second user, governed by
`policy B, subsequently requests the same content, then cache
`manager 150 would recognize that the content is already
`resident in cache 140 and send it to the second user, even
`though it is not allowable for him. The allowability test of
`content filter 160, based on policy B, would be by-passed,
`since the content would have previously passed the test,
`based on policy A, and was cached at that time.
`To accommodate multiple policies, in accordance with a
`preferred embodiment of the present invention, cache man-
`ager 150 is enhanced to include a policy-based cache index
`190. Policy-based cache index 190 is a data structure that
`indicates, for each policy, content within cache 140 that is
`allowable relative thereto. Preferably, as described herein-
`below, policy-based cache 190 also indicates, for each
`policy, content within cache 140 that
`is not allowable
`relative thereto.
`Policy-based cache index 190 is preferably implemented
`as two sets of pointers associated with each policy. The first
`set of pointers, referred to as “allowability pointers,” indi-
`cates content that is allowable relative to a given policy, and
`the second set of pointers, referred to as “non-allowability
`pointers,” indicates content that is not allowable relative to
`the given policy. Although it may be appreciated that one set
`of pointers should suflice, it is explained hereinbelow why
`two sets of seemingly opposite pointers is a preferable
`implementation. Shown in FIG. 1, for example, is a set of
`allowability pointers from policies A, B and C to cached
`contents nos. 1—12.
`
`Alternatively, instead of using pointers from each policy
`to the cache content, policy-based cache index 190 may be
`implemented by assigning a bit string to each cached con-
`tent, the bits indicating those policies relative to which such
`content is allowable. Similar to the two sets of pointers
`described above, rather that use two states; namely, —“0”
`for allowability and “1” for non-allowability, a preferred
`embodiment of the present
`invention uses three states;
`namely, “0” for allowability, “1” for non-allowability, and
`“2” for non-conclusiveness.
`
`Thus it may be appreciated that with each cached content
`is associated a string of numbers “0,” “1” or “2,” one number
`per policy. Those skilled in the art will appreciate that the
`information obtained from two sets of pointers from policies
`
`FINJAN-QUALYS 003941
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 8 of 12
`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 8 of 12
`
`US 6,965,968 B1
`
`5
`to cached content, is equivalent to the information obtained
`from strings of numbers “0,” “1” or “2,” one such number
`per policy. For example, if content #1 is allowable relative
`to policy A, not allowable relative to policy B and undeter-
`mined relative to policy C, then its associated bit string is
`012.
`
`Referring to FIG. 1, policy-based cache index 190 indi-
`cates that:
`content #2, 4, 6, 8 and 12 is allowable relative to policy
`A;
`content #1, 6, 9 and 12 is allowable relative to policy B;
`and
`
`content #3, 5, 6, 9 and 10 is allowable relative to policy
`C.
`
`In accordance with a preferred embodiment of the present
`invention, when cache manager 150 checks to determine if
`content requested by a user is already available within cache
`140, it also checks whether the content is allowable relative
`to the user’s policy. If the requested content is available
`within cache 140 and if policy-based cache index 190
`indicates that the content is allowable, then the content is
`delivered from cache to the user. Similarly, if policy-based
`cache index 190 indicates that the content is not allowable,
`then the content is blocked. Otherwise, if policy-based cache
`index 190 is non-conclusive, as described hereinbelow, then
`cache manager 150 queries content filter 160 as to whether
`or not the cached content is allowable relative to the user’s
`policy. If allowable, the content is delivered from cache 140
`to the user; otherwise, it is blocked. In either case, policy-
`based cache index 190 is updated accordingly.
`Thus, referring to the scenario above, when the second
`user requests the content, even though the content is resident
`in cache, policy—based index 190 is non—conclusive regard—
`ing allowability of the content relative to policy B. When
`cache manager 150 subsequently queries content filter 160,
`it discovers that the content
`is not allowable relative to
`
`policy B, and the content is blocked from delivery to the
`second user.
`
`in accordance with a
`It may thus be appreciated that
`preferred embodiment of the present invention, two deter-
`minations are used to decide whether or not to transmit
`cached content to a user. First, a determination is made based
`on policy-based cache index 190. If such first determination
`indicates that the content is allowable for the user, then the
`content is delivered directly from cache to the user. If such
`first determination indicates that the content is not allowable
`for the user, then the content is blocked. Otherwise, if such
`first determination is non-conclusive, then a second deter-
`mination is made by content filter 160, by comparing a
`profile of the content to the user’s policy using content
`evaluator 180, as described hereinabove.
`The first determination above may be affirmative, nega-
`tive or non-conclusive. The possibility of non-conclusive-
`ness arises from the incompleteness of policy-based cache
`index 190. If policy-based cache index 190 were required to
`include all allowability links from policies A, B and C to
`allowable content relative thereto, then a conclusive deter—
`mination could always be made. That is, given a content in
`cache 140 and given a policy, policy-based cache index 190
`would conclusively determine whether or not
`the given
`content is allowable relative to the given policy, simply by
`checking whether or not an allowability pointer exists from
`the given policy to the given content in cache 140.
`However, in accordance with a preferred embodiment of
`the present invention, it is not necessary for policy-based
`cache index 190 to be complete. The present invention
`allows for policy—based cache index 190 to be updated
`
`15
`
`25
`
`35
`
`4o
`
`45
`
`50
`
`55
`
`6O
`
`65
`
`6
`dynamically as user requests for cached and non-cached
`content arrive. This is an important advantage, since other-
`wise it would require an exponential amount of computa-
`tions to calculate a complete policy-based index cache 190,
`which is typically unnecessary, as the size of the cache and
`the number of policies increase.
`Instead, policy-based index cache 190 is built up on-the-
`fly, as content filter 160 analyzes specific content relative to
`specific policies. For example, listed below is a typical
`sequence of stages through which policy-based cache index
`190 is successively built up, in accordance with a preferred
`embodiment of the present invention. Initially, policy-based
`cache index 190 is empty. The stages described below
`assume that policy-based cache index 190 is implemented as
`two sets of pointers, as described hereinabove. In this case,
`there are initially no pointers created; or alternatively all
`pointers are initially set to NULL. It may be appreciated that
`if policy-based index 190 is implemented alternatively using
`bit strings, as described hereinabove, then initially all bits
`strings are stuffed with 2’s, indicating that allowability of
`content is undetermined relative to any policy.
`1. A first user, governed by policy A, requests content #1.
`2. Cache manager 150 checks its cache 140 and indicates
`that content #1 is not resident therein.
`
`3. Content filter 160 requests content #1 from web server
`120.
`
`4. Content scanner 170 scans content #1 to derive a profile
`thereof, and content evaluator 180 compares the content
`#1 profile with policy A, thereby determining that content
`#1 is allowable relative to policy A.
`5. Cache manager 150 inserts content #1 in cache 140, and
`creates an allowability link from policy A to content #1
`within policy—based cache index 190. At
`this stage,
`policy-based cache index 190 has an entry indicating that
`content #1 is allowable relative to policy A.
`6. Proxy server 130 delivers content #1 to the first user.
`7. A second user, governed by policy B, requests content #1.
`8. Cache manager 150 checks its cache 140 and indicates
`that content #1 is resident therein.
`
`9. Cache manager 150 checks policy-based cache index 190
`regarding allowability of content #1 relative to policy B,
`and is non-conclusive.
`10. Cache manager 150 asks content filter 160 whether or
`not content #1 is allowable relative to policy B.
`11. Content evaluator 180 compares the content #1 profile
`with policy B, thereby determining that content #1 is not
`allowable relative to policy B.
`12. Cache manager 150 creates a non-allowability link from
`policy B to content #1 within policy-based cache index
`190. At this stage, policy—based cache index 190 has an
`entry indicating that content #1 is not allowable relative to
`policy B.
`13. Proxy server 130 does not deliver content #1 to the
`second user.
`
`14. Athird user, governed by policy A, requests content #1.
`15. Cache manager 150 checks policy-based cache index
`190 regarding allowability of content #1 relative to policy
`A, and concludes that content #1 is allowable relative to
`policy A. There is no need to consult with content filter
`160.
`
`16. Proxy server 130 delivers content #1 to the third user.
`17. Afourth user, governed by policy B, requests content #1.
`18. Cache manager 150 checks policy-based cache index
`190 regarding allowability of content #1 relative to policy
`B, and concludes that content #1 is not allowable relative
`to policy B. There is no need to consult with content filter
`160.
`
`FINJAN-QUALYS 003942
`
`

`

`Case 4:18-cv-07229-YGR Document 42-5 Filed 02/10/20 Page 9 of 12
`Case 4:18-cv-07229—YGR Document 42-5 Filed 02/10/20 Page 9 of 12
`
`US 6,965,968 B1
`
`7
`19. Proxy server 130 does not deliver content #1 to the
`fourth user.
`
`It may thus be appreciated that cache manager 150 makes
`cache 140 appear transparently as if it were multiple caches;
`e.g., a policyAcache, a policy B cache and a policy C cache.
`Yet through the use of policy-based cache index 190 the
`multiple caches are implemented as a single cache, and there
`is no redundancy is storage. That is, content appearing to
`belong to more than one policy cache is in fact stored only
`once.
`
`In a preferred embodiment of the present invention, cache
`manager 150 is optimized for performance by designating
`content within cache 140 that is allowable relative to all
`
`policies. Such content can be immediately delivered to web
`client 110, regardless of the user’s governing policy. The
`rationale for this optimization is that typically a large portion
`of content is “innocuous,” and known to be above suspicion.
`For example, when content filter 160 is a pro—active security
`filter, content such as GIF and JPEG images are always
`allowed to pass through. By designating such content as
`innocuous, cache manager 150 can eliminate a great deal of
`unnecessary processing and time delay.
`To implement the above enhancement, in accordance with
`a preferred embodiment of the present invention, content
`filter 160 generates a “strictest” policy corresponding to all
`of the individual user policies. For example, if the individual
`policies are URL filters for blocking undesirable content,
`then the strictest policy corresponds to filtering out all
`undesirable content. Similarly, if the individual policies are
`security policies for blocking mobile code that performs
`suspicious operations, then the strictest policy corresponds
`to blocking all suspicious operations. It is noted that the
`strictest policy may or may not coincide with one of the
`individual policies.
`Preferably, whenever content filter 160 receives content
`from web server 120, and uses content scanner 170 to derive
`a profile thereof, content evaluator 180 evaluates the content
`first with respect to the strictest policy. If the content is
`allowable relative to the strictest policy, then cache manager
`150 adds the content to cache 140 and designates it as being
`innocuous. Otherwise, if the content is not allowable relative
`to the strictest policy, then content evaluator 180 evaluates
`the content with respect to the specific policy governing the
`user requesting the content. The content is then preferably
`added to cache 140, and policy-based cache index 190 is
`updated to reflect
`the content’s allowability or non-al-
`lowability relative to the user’s policy.
`It may thus be appreciated that content manager 150
`communicates with content filter 160 in two modes, as
`illustr