Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 1 of 128
`Case 4:18-cv-07229—YGR Document 44-8 Filed 02/28/20 Page 1 of 128
`
`EXHIBIT G
`
`EXHIBIT G
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 2 of 128
`Case 4:18-cv-07229—YGR Document 44-8 Filed 02/28/20 Page 2 of 128
`
`APPENDIX C
`
`
`
`
`APPENDIX C
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 3 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`1
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising: 
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`Each of the Accused Products include a computer gateway for an intranet of computers because they include
`gateway scanners and appliances that protect computers. The gateway scanners and appliances analyze
`information to protect internal computers from vulnerabilities.
`
`1
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 4 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`Claim 1
`
`2
`
`1a. A computer gateway for an 
`intranet of computers, comprising: 
`
`The scanners work with the Accused Products, the combination of which can also serve as a gateway for an
`intranet of computers.
`
`Contentions 1-3 for element 1b. relate to where the scanner is located. Each Contention then identifies multiple
`modules that satisfy the scanner element. For a further discussion of the Accused Products’ functionality for
`scanning incoming files and deriving security profiles with lists of computer commands, see the discussion of
`element 10c. for U.S. Pat. No. 8,677,494.
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`2
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 5 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`3
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising: 
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 – The Accused Products, executed on Scanner Appliances, include a scanner for
`scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein
`each of the security profiles comprises a list of computer commands that a corresponding one of the
`incoming files is programmed to perform.
`
`Each of the Accused Products can be executed on a respective scanner appliance, as shown below.
`
`3
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 6 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`4
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Malware Detection (MD) technology (either alone or in combination
`with WAS, WAF, Secure Seal, IOC, CM, TP, VM, CA, and/or PC technology) include a scanner for scanning
`incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the
`security profiles comprises a list of computer commands that a corresponding one of the incoming files is
`programmed to perform.
`
`The security profiles derived from the scanner for MD include a list of computer commands associated with the incoming file
`which may perform malicious activities. As shown above and below, the list of computer commands detected by the scanner for
`MD performs “disabling security controls, anti-forensic operations, file access, processes, services, etc.,” JavaScript-based
`attacks, iframes, document.write with obfuscation, rogue processes being started, programs being installed and started, and
`files being written to a disk.
`
`Computer 
`commands
`
`https://www.youtube.com/watch?v=_H5vngwVuNg
`
`marekforinfodaymdspresentation20120606‐120607075424‐phpapp01.pdf
`
`4
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 7 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`5
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Web Application Scanning (WAS) technology (either alone or in
`combination with MD, WAF, Secure Seal, IOC, CM, TP, VM, CA, and/or PC technology) includes a scanner
`for scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein
`each of the security profiles comprises a list of computer commands that a corresponding one of the
`incoming files is programmed to perform.
`
`The scanner for Web Application Scanning derives security profiles for received files by performing a variety of static and
`dynamic analyses to detect commands including suspicious commands that may be attempted by the file. The security profiles
`derived from the scanner for WAS include a list of computer commands that may be attempted by the file. As shown above and
`below, the scanner for WAS can detect “new infections” and “zero-day malware that eludes anti-virus and anti-spyware”
`software by using “advanced behavioral analysis.”
`
`Scanner for WAS 
`derives security 
`profile
`
`Qualys Web Application Scanning (WAS) _ Qualys, Inc..pdf
`5
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 8 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`6
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued)– Web Application Scanning (WAS) technology (either alone or in
`combination with MD, WAF, Secure Seal, IOC, CM, TP, VM, CA, and/or PC technology) includes a scanner
`for scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein
`each of the security profiles comprises a list of computer commands that a corresponding one of the
`incoming files is programmed to perform (continued).
`
`The scanner for Web Application Scanning derives security profiles for received files by performing a variety of
`static and dynamic analyses to detect commands that the file is programmed to perform. The security profiles
`derived from the scanner for WAS include a list of computer commands associated with the file. As shown below,
`the list of suspicious commands that are detected by the scanner for WAS cause malware infections and “Zero
`Day Risk.”
`
`Scanner  for 
`WAS derives 
`security profile
`
`Static
`+
`Dynamic
`
`msk‐qualysguardroadmapforh2‐2013‐201420130917‐130924091408‐phpapp02.pdf
`
`6
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 9 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`7
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Web Application Firewall (WAF) technology (either alone or in
`combination with MD, WAS, Secure Seal, IOC, CM, TP, VM, CA, and/or PC technology) includes a scanner
`for scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein
`each of the security profiles comprises a list of computer commands that a corresponding one of the
`incoming files is programmed to perform.
`
`The scanner for Web Application Firewall (WAF) derives security profiles for received files by detecting “Realtime
`Security Events” and suspicious computer commands that a file can perform. The security profiles derived from the
`scanner for WAF include a list of computer commands, which include suspicious computer commands that cause
`malware infections and “zero-day” attacks.
`
`Scanner for 
`WAF derives 
`security profile 
`
`WAF
`
`https://docplayer.net/1990870‐Web‐application‐firewall.html
`7
`
`Qualys Web Application Firewall (WAF) _ Qualys, Inc..pdf
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 10 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`8
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Secure Seal technology (either alone or in combination with MD, WAS,
`WAF, IOC, CM, TP, VM, CA, and/or PC technology) includes a scanner for scanning incoming files from the
`Internet and deriving security profiles for the incoming files, wherein each of the security profiles
`comprises a list of computer commands that a corresponding one of the incoming files is programmed to
`perform.
`
`The scanner for Secure Seal derives security profiles for files by scanning websites for malware. Websites are
`scanned for “malicious software the website could unintentionally infect users with” and other suspicious commands
`that the file is programmed to perform.
`
`Secure Seal 
`derives 
`security profile
`
`Qualys SECURE Seal _ Qualys, Inc..pdf
`
`8
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 11 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`9
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Indication of Compromise technology (either alone or in combination
`with MD, WAS, WAF, Secure Seal, CM, TP, VM, CA, and/or PC technology) includes a scanner for scanning
`incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the
`security profiles comprises a list of computer commands that a corresponding one of the incoming files is
`programmed to perform.
`
`The scanner for Indication of Compromise derives security profiles for files performing malware analysis on files
`from the Internet. The security profile provides details, including a list of computer commands that the file is
`programmed to perform.
`
`Security profile
`
`Security profile 
`with a list of 
`computer 
`command the 
`incoming file is 
`programmed 
`to perform
`
`https://vimeo.com/289582255
`
`9
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 12 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`10
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Vulnerability Management (VM) technology (either alone or in
`combination with MD, WAS, WAF, Secure Seal, IOC, CM, TP, CA, and/or PC technology) includes a scanner
`for scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein
`each of the security profiles comprises a list of computer commands that a corresponding one of the
`incoming files is programmed to perform.
`
`The scanner for Vulnerability Management (VM) derives security profiles for received files by performing analyses
`to detect suspicious commands that the files are programmed to perform. The security profiles derived from the
`files for VM include a list of commands that the files are programmed to perform. As shown above and below, the
`lists of commands that are detected by the scanner for VM cause malware infections and zero-day threats.
`
`Scanner for VM 
`derives security 
`profile
`
`marek‐qgsuiteupdatesnewfeatures20120606‐120607075251‐phpapp01.pdf
`
`10
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 13 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`11
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Continuous Monitoring (CM) technology (either alone or in combination
`with MD, WAS, WAF, Secure Seal, IOC, TP, VM, CA, and/or PC technology) includes a scanner for scanning
`incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the
`security profiles comprises a list of computer commands that a corresponding one of the incoming files is
`programmed to perform.
`
`The scanner for Continuous Monitoring (CM) derives security profiles for received files by performing analyses to
`detect commands including suspicious commands that a file is programmed to perform.
`
`Scanner for CM 
`derives security 
`profile for an 
`incoming file 
`
`https://www.qualys.com/apps/vulnerability‐management/
`
`11
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 14 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`12
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – ThreatPROTECT (TP) technology (either alone or in combination with
`MD, WAS, WAF, Secure Seal, IOC, CM, VM, CA, and/or PC technology) includes a scanner for scanning
`incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the
`security profiles comprises a list of computer commands that a corresponding one of the incoming files is
`programmed to perform.
`
`The scanner for ThreatPROTECT(TP) derives security profiles for received files. The scanner for TP performs
`analyses to detect commands including suspicious commands that files are programmed to perform, which
`provides “Realtime Threat Intelligence Attributes” for “Zero Day” and other active attacks. The security profile
`derived from the scanner for TP includes a list of commands associated with the file. As shown above and below,
`the list of suspicious commands that are detected by the scanner for TP cause “Zero Day” malware and attacks
`with “high lateral movement.”
`
`Scanner for TP 
`derives 
`security profile
`
`rsac2016‐qualys‐threatprotect‐170112004807.pdf
`
`12
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 15 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`13
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Cloud Agent (CA) technology (either alone or in combination with MD,
`WAS, WAF, Secure Seal, IOC, CM, TP, VM, CA, and/or PC technology) includes a scanner for scanning
`incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the
`security profiles comprises a list of computer commands that a corresponding one of the incoming files is
`programmed to perform.
`
`The scanner for Cloud Agent derives security profiles for received files. The scanner for Cloud Agent performs
`analyses to detect commands that may be attempted by files. The security profile data derived from the scanner for
`Cloud Agent includes a list of commands that files are programmed to perform. As shown above, the list of
`commands that are detected by the scanner for Cloud Agent cause malware infections and zero-day threats.
`
`Scanner for Cloud 
`Agent derives 
`security profile
`
`https://www.qualys.com/videos/platform/cloud‐agent/intro/
`
`13
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 16 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`14
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) – Accused Products include a scanner for scanning incoming files from
`the Internet and deriving security profiles for the incoming files, wherein each of the security profiles
`comprises a list of computer commands that a corresponding one of the incoming files is programmed to
`perform.
`
`The Qualys Cloud Platform products may also analyze information gathered from previous scans, Qualys
`researchers, and external data feeds to derive security profiles for received files, including a list of computer
`commands that files are programmed to perform.
`
`security_wp_mva.pdf
`
`threatprotect‐datasheet.pdf
`14
`
`https://www.qualys.com/apps/vulnerabil
`ity‐management/
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`

`

`Case 4:18-cv-07229-YGR Document 44-8 Filed 02/28/20 Page 17 of 128
`
`US Patent No. 7,418,731
`Methods and System for Caching at Secure Gateways
`
`15
`
`Claim 1
`
`1a. A computer gateway for an 
`intranet of computers, comprising:
`
`1b. a scanner for scanning incoming 
`files from the Internet and deriving 
`security profiles for the incoming 
`files, wherein each of the security 
`profiles comprises a list of 
`computer commands that a 
`corresponding one of the incoming 
`files is programmed to perform;
`
`1c. a file cache for storing files that 
`have been scanned by the scanner 
`for future access, wherein each of 
`the stored files is indexed by a file 
`identifier; and
`
`1d. a security profile cache for 
`storing the security profiles derived 
`by the scanner, wherein each of the 
`security profiles is indexed in the 
`security profile cache by a file 
`identifier associated with a 
`corresponding file stored in the file 
`cache; and
`
`1e. a security policy cache for 
`storing security policies for intranet 
`computers within the intranet, the 
`security policies each including a list 
`of restrictions for files that are 
`transmitted to a corresponding 
`subset of the intranet computers.
`
`1b. Contention No. 1 (continued) –
`
`Doctrine of Equivalents:
`
`To the extent that the Qualys Cloud Products do not literally infringe this claim element, Qualys infringes under the doctrine of
`equivalents. The above described functionality of the Qualys Cloud Platform products is at most insubstantially different from
`the claimed functionality and performs substantially the same function in substantially the same way to achieve substantially the
`same result.
`
`The Qualys Cloud Platform products perform the same function of creating a security profile for incoming files. For example,
`the scanner for MD utilizes a simulated user environment, which carries out substantially the same function as the element
`because it performs dynamic behavioral analysis to identify commands in the file. The scanner for MD performs dynamic
`analysis by running the file in a simulated user environment and recording the different commands that the file attempts in
`memory. The commands identified include, e.g., disabling security controls, anti-forensic operations, file access, processes,
`services, Microsoft Windows registry keys being written, rogue processes being started, programs being installed and started,
`and files being written to a disk.
`
`Qualys Cloud Platform products perform this function in the same way because they utilize a scanner which scans files and
`derives security profile data for the file, including a list of commands that the file is programmed to perform. For example, the
`scanner for MD performs this function the same way because it runs the file in a simulated user environment and records the
`different commands that the file attempts in memory. The scanner for MD performs dynamic analysis by running the file in a
`simulated user environment and recording the different commands that the file attempts in memory. The commands identified
`include, e.g., disabling security controls, anti-forensic operations, file access, processes, services, Microsoft Windows registry
`keys