`Case 4:18-cv-07229—YGR Document 44-9 Filed 02/28/20 Page 1 of 58
`
`EXHIBIT H
`
`EXHIBIT H
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 2 of 58
`Case 4:18-cv-07229—YGR Document 44-9 Filed 02/28/20 Page 2 of 58
`
`
`
`
`APPENDIX G
`
`
`APPENDIX G
`
`
`
`
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 3 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`1
`
`10a. The Qualys Accused Productss provide a system for managing Downloadables.
`
`The Qualys Accused Products provide a system for managing Downloadables.
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`qualys‐overview‐paper.pdf
`
`1
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 4 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`2
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`10b. Contention No. 1: Qualys Accused Products include a receiver for receiving an incoming Downloadable.
`
`Each of the Qualys Accused Products include a respective receiver for receiving incoming
`Downloadables from the Internet, web applications, internal networks, and public and private clouds.
`As shown below, a Downloadable is received by the Qualys Accused Products via a node that is part of
`the Qualys Cloud computing environment.
`
`Receiver
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`2
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 5 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`3
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`10b. Contention No. 2: Qualys Accused Products include a receiver for receiving an incoming Downloadable.
`
`Each of the Qualys Accused Products include a respective receiver at the Qualys scanner (either
`external, internal, physical or virtual) for receiving incoming Downloadables from the Internet, web
`applications, internal networks, and public and private clouds. As shown below, a Downloadable is
`received by the Qualys Accused Products via respective Qualys scanners (either external, internal,
`physical or virtual).
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`Receiver
`
`3
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 6 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`4
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`10b. Contention No. 3: Qualys Accused Products include a receiver for receiving an incoming Downloadable.
`
`Each of the Qualys Accused Products include a receiver at a respective client computing device for
`receiving incoming Downloadables from the Internet, web applications, internal networks, and public
`and private clouds. As shown below, a Downloadable is received by the Qualys Cloud Products via the
`client computer.
`
`Receiver
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`4
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 7 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`5
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable.
`
`Each of the Qualys Accused Products includes a respective Downloadable scanner coupled with its
`corresponding receiver as described in 10b. Contention No. 1.
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`5
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 8 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`6
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`The Downloadable scanner for Malware Detection (MD) (either alone or in combination with WAS, WAF, Secure
`Seal, VM, TP, and/or CM) derives security profile data for a received Downloadable by performing a variety of static
`and dynamic analyses to detect suspicious computer operations that may be attempted by the Downloadable.
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Downloadable scanner for MD derives security profile data
`
`Dynamic
`+
`Static
`
`Malware Detection FAQ _ Qualys, Inc..pdf
`
`6
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 9 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`7
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Malware Detection (MD) (either alone or in combination with WAS, WAF, Secure
`Seal, VM, TP, and/or CM) derives security profile data for a received Downloadable by performing a variety of static
`and dynamic behavioral analyses to detect suspicious computer operations that may be attempted by the
`Downloadable.
`
`Downloadable
`scanner for
`MD derives
`security
`profile data
`
`dynamic analysis
`
`dissectpeproject‐gabriel‐110816130546‐phpapp01.pdf
`
`7
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 10 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`8
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`The security profile data derived from the Downloadable scanner for MD (either alone or in combination with WAS, WAF,
`Secure Seal, VM, and/or CM) includes a list of computer suspicious computer operations that may be attempted by the
`Downloadable. As shown above and below, the list of suspicious computer operations detected by the Downloadable scanner
`for MD performs “disabling security controls, anti-forensic operations, file access, processes, services, etc.,” JavaScript-based
`attacks, iframes, document.write with obfuscation, rogue processes being started, programs being installed and started, and
`files being written to a disk.
`suspicious
`operations
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`marekforinfodaymdspresentation20120606‐120607075424‐phpapp01.pdf
`
`https://www.youtube.com/watch?v=_H5vngwVuNg
`
`8
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 11 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`9
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`The Downloadable scanner for Web Application Scanning (WAS) (either alone or in combination with MD, WAF, Secure Seal, VM, TP, and/or
`CM) derives security profile data for a received Downloadable by performing a variety of static and dynamic analyses to detect suspicious
`computer operations that may be attempted by the Downloadable. The security profile data derived from the Downloadable scanner for WAS
`includes a list of suspicious computer operations that may be attempted by the Downloadable. As shown above and below, the Downloadable
`scanner for WAS can detect “new infections” and “zero-day malware that eludes anti-virus and anti-spyware” software by using “advanced
`behavioral analysis.”
`
`Downloadable
`scanner for WAS
`derives security
`profile data
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Qualys Web Application Scanning (WAS) _ Qualys, Inc..pdf
`
`9
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 12 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`10
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Web Application Scanning (WAS) (either alone or in combination with MD, WAF, Secure Seal, VM, TP, and/or
`CM) derives security profile data for a received Downloadable by performing a variety of static and dynamic analyses to detect suspicious
`computer operations that may be attempted by the Downloadable. The security profile data derived from the Downloadable scanner for WAS
`includes a list of suspicious computer operations that may be attempted by the Downloadable. As shown above and below, the list of
`suspicious computer operations that are detected by the Downloadable scanner for WAS cause malware infections and “Zero Day Risk.”
`
`Downloadable
`scanner for
`WAS derives
`security profile
`data
`
`Static
`+
`Dynamic
`
`msk‐qualysguardroadmapforh2‐2013‐201420130917‐130924091408‐phpapp02.pdf
`
`10
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 13 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`11
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`The Downloadable scanner for Web Application Firewall (WAF) (either alone or in combination with MD, WAS, Secure Seal, VM, TP, and/or
`CM) derives security profile data for a received Downloadable by detecting “Realtime Secuirty Events” and suspicious computer operations
`that may be attempted by the Downloadable. The security profile data derived from the Downloadable scanner for WAF includes a list of
`suspicious computer operations that may be attempted by the Downloadable, which include computer operations that cause malware
`infections and “zero-day” attacks.
`
`Downloadable
`scanner for
`WAF derives
`security profile
`data
`
`WAF
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`https://docplayer.net/1990870‐Web‐application‐firewall.html
`
`Qualys Web Application Firewall (WAF) _ Qualys, Inc..pdf
`
`11
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 14 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`12
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Secure Seal (either alone or in combination with MD, WAS, WAF, CM, TP, and/or
`VM) derives security profile data for Downloadables by scanning websites for malware. Websites are scanned for
`“malicious software the website could unintentionally infect users with” and other suspicious operations that may be
`attempted by the Downloadable.
`
`Secure Seal
`derives
`security profile
`data
`
`Qualys SECURE Seal _ Qualys, Inc..pdf
`
`12
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 15 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`13
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1– Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`The Downloadable scanner for Vulnerability Management (VM) (either alone or in combination with MD, WAS,
`WAF, Secure Seal, CM, and/or TP) derives security profile data for a received Downloadable by performing
`analyses to detect suspicious computer operations that may be attempted by the Downloadable. The security
`profile data derived from the Downloadable scanner for VM includes a list of suspicious computer operations that
`may be attempted by the Downloadable. As shown above and below, the list of suspicious computer operations that
`are detected by the Downloadable scanner for VM cause malware infections and zero-day threats.
`
`Downloadable
`scanner for VM
`derives security
`profile data
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`marek‐qgsuiteupdatesnewfeatures20120606‐120607075251‐phpapp01.pdf
`
`13
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 16 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`14
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`The Downloadable scanner for Continuous Monitoring (CM) (either alone or in combination with MD, WAS, WAF,
`Secure Seal, VM, or TP) derives security profile data for a received Downloadable by performing analyses to detect
`suspicious computer operations that may be attempted by the Downloadable.
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Downloadable
`scanner for CM
`derives security
`profile data for
`Downloadables
`
`https://www.qualys.com/apps/vulnerability‐management/
`
`14
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 17 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`15
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for ThreatPROTECT(TP) (either alone or in combination with MD, WAS, WAF, Secure
`Seal, CM, and/or VM) derives security profile data for a received Downloadable. The Downloadable scanner for TP
`performs analyses to detect suspicious computer operations that may be attempted by a Downloadable, which
`provides “Realtime Threat Intelligence Attributes” for “Zero Day” and other active attacks. The security profile data
`derived from the Downloadable scanner for TP includes a list of suspicious computer operations that may be
`attempted by the Downloadable. As shown above and below, the list of suspicious computer operations that are
`detected by the Downloadable scanner for TP cause “Zero Day” malware and attacks with “high lateral movement.”
`
`Downloadable
`scanner for TP
`derives
`security profile
`data
`
`rsac2016‐qualys‐threatprotect‐170112004807.pdf
`
`15
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 18 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`16
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Cloud Agent (either alone or in combination with MD, WAS, WAF, VM, CM, or TP)
`derives security profile data for a received Downloadable. The Downloadable scanner for Cloud Agent performs
`analyses to detect suspicious computer operations that may be attempted by a Downloadable. The security profile
`data derived from the Downloadable scanner for Cloud Agent includes a list of suspicious computer operations that
`may be attempted by the Downloadable. As shown above, the list of suspicious computer operations that are
`detected by the Downloadable scanner for Cloud Agent cause malware infections and zero-day threats.
`
`Downloadable
`scanner for Cloud
`Agent derives
`security profile
`data
`
`https://www.qualys.com/videos/platform/cloud‐agent/intro/
`
`16
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 19 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`17
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Qualys Accused Products may also analyze information gathered from previous scans, Qualys researchers, and/or external data feeds to
`derive security profile data for a received Downloadable, including a list of suspicious computer operations that may be attempted by the
`Downloadable.
`
`security_wp_mva.pdf
`
`https://www.qualys.com/apps/vulnerabil
`ity‐management/
`
`threatprotect‐datasheet.pdf
`
`17
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 20 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`18
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Doctrine of Equivalents:
`
`To the extent that the Qualys Cloud Products do not literally infringe this claim element, Qualys infringes under the doctrine of
`equivalents. The above described functionality of the Qualys Accused Products is at most insubstantially different from the
`claimed functionality and performs substantially the same function in substantially the same way to achieve substantially the
`same result.
`
`The Qualys Accused Products perform the same function because they have a Downloadable scanner to scan Downloadables
`in order to derive security profile data for the Downloadable that includes a list of suspicious computer operations that may be
`attmepted by the Downloadable. For example, the Downloadable scanner for MD utilizes a simulated user environment, which
`carries out substantially the same function as the element because it performs dynamic behavioral analysis to identify
`suspicious computer operations in the Downloadable. The Downloadable scanner for MD performs dynamic analysis by
`running the Downloadable in a simulated user environment and recording the different suspicious computer operations that the
`Downloadable attempts in memory. The suspicious computer operations identified include, e.g., disabling security controls, anti-
`forensic operations, file access, processes, services, Microsoft Windows registry keys being written, rogue processes being
`started, programs being installed and started, and files being written to a disk.
`
`Qualys Accused Products perform this function in the same way because they utilize a scanner which scans Downloadables
`and derives security profile data for the Downloadable, including a list of suspicious computer operations that the Downloadable
`may attempt. For example, the Downloadable scanner for MD performs this function the same way because it runs the
`Downloadable in a simulated user environment and records the different suspicious computer operations that the Downloadable
`attempts in memory.
`
`Qualys Accused Products achieve the same result as this element because a list of suspicious computer operations that may
`be attempted by the Downloadable are included in the derived security profile data for the Downloadable. For example, the
`Downloadable scanner for MD achieves the same result because it results in the generation of security profile data when it
`analyzes Downloadables using dynamic analysis. The results are the same because the Downloadable scanner for MD records
`suspicious computer operations that the Downloadable attempts (disabling security controls, anti-forensic operations, file
`access, processes, services, Microsoft Windows registry keys being written, rogue processes being started, programs being
`installed and started, and files being written to a disk) in memory when the Downloadable is run in a simulated user
`environment.
`
`18
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 21 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`19
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 2 – Qualys Accused Products includes a Downloadable scanner coupled with said receiver, for deriving
`security profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the
`Downloadable.
`
`Each of the Qualys Accused Products includes a respective Downloadable scanner coupled with its corresponding
`receiver as described in 10b. Contention No. 2.
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`19
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 22 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`20
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 2 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Malware Detection (MD) derives security profile data for the Downloadable, including a list of
`suspicious computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No. 1.
`
`The Downloadable scanner for Web Application Scanning (WAS) derives security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No.
`1.
`
`The Downloadable scanner for Web Application Firewall (WAF) derives security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No.
`1.
`
`The Downloadable scanner for Secure Seal derives security profile data for the Downloadable, including a list of suspicious
`computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No. 1
`
`The Downloadable scanner for Vulnerability Management (VM) derives security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by the Download