Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 1 of 58
`Case 4:18-cv-07229—YGR Document 44-9 Filed 02/28/20 Page 1 of 58
`
`EXHIBIT H
`
`EXHIBIT H
`
`
`Case 4:18-cv-07229—YGR Document 44-9 Filed 02/28/20 Page 1 of 58
`
`EXHIBIT H
`
`EXHIBIT H
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 2 of 58
`Case 4:18-cv-07229—YGR Document 44-9 Filed 02/28/20 Page 2 of 58
`
`
`
`
`APPENDIX G
`
`
`APPENDIX G
`
`
`
`
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 3 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`1
`
`10a. The Qualys Accused Productss provide a system for managing Downloadables.
`
`The Qualys Accused Products provide a system for managing Downloadables.
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`qualys‐overview‐paper.pdf
`
`1
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 4 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`2
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`10b. Contention No. 1: Qualys Accused Products include a receiver for receiving an incoming Downloadable.
`
`Each of the Qualys Accused Products include a respective receiver for receiving incoming
`Downloadables from the Internet, web applications, internal networks, and public and private clouds.
`As shown below, a Downloadable is received by the Qualys Accused Products via a node that is part of
`the Qualys Cloud computing environment.
`
`Receiver
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`2
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 5 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`3
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`10b. Contention No. 2: Qualys Accused Products include a receiver for receiving an incoming Downloadable.
`
`Each of the Qualys Accused Products include a respective receiver at the Qualys scanner (either
`external, internal, physical or virtual) for receiving incoming Downloadables from the Internet, web
`applications, internal networks, and public and private clouds. As shown below, a Downloadable is
`received by the Qualys Accused Products via respective Qualys scanners (either external, internal,
`physical or virtual).
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`Receiver
`
`3
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 6 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`4
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`10b. Contention No. 3: Qualys Accused Products include a receiver for receiving an incoming Downloadable.
`
`Each of the Qualys Accused Products include a receiver at a respective client computing device for
`receiving incoming Downloadables from the Internet, web applications, internal networks, and public
`and private clouds. As shown below, a Downloadable is received by the Qualys Cloud Products via the
`client computer.
`
`Receiver
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`4
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 7 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`5
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable.
`
`Each of the Qualys Accused Products includes a respective Downloadable scanner coupled with its
`corresponding receiver as described in 10b. Contention No. 1.
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`5
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 8 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`6
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`The Downloadable scanner for Malware Detection (MD) (either alone or in combination with WAS, WAF, Secure
`Seal, VM, TP, and/or CM) derives security profile data for a received Downloadable by performing a variety of static
`and dynamic analyses to detect suspicious computer operations that may be attempted by the Downloadable.
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Downloadable scanner for MD derives security profile data
`
`Dynamic
`+
`Static
`
`Malware Detection FAQ _ Qualys, Inc..pdf
`
`6
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 9 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`7
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Malware Detection (MD) (either alone or in combination with WAS, WAF, Secure
`Seal, VM, TP, and/or CM) derives security profile data for a received Downloadable by performing a variety of static
`and dynamic behavioral analyses to detect suspicious computer operations that may be attempted by the
`Downloadable.
`
`Downloadable
`scanner for
`MD derives
`security
`profile data
`
`dynamic analysis
`
`dissectpeproject‐gabriel‐110816130546‐phpapp01.pdf
`
`7
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 10 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`8
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`The security profile data derived from the Downloadable scanner for MD (either alone or in combination with WAS, WAF,
`Secure Seal, VM, and/or CM) includes a list of computer suspicious computer operations that may be attempted by the
`Downloadable. As shown above and below, the list of suspicious computer operations detected by the Downloadable scanner
`for MD performs “disabling security controls, anti-forensic operations, file access, processes, services, etc.,” JavaScript-based
`attacks, iframes, document.write with obfuscation, rogue processes being started, programs being installed and started, and
`files being written to a disk.
`suspicious
`operations
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`marekforinfodaymdspresentation20120606‐120607075424‐phpapp01.pdf
`
`https://www.youtube.com/watch?v=_H5vngwVuNg
`
`8
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 11 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`9
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`The Downloadable scanner for Web Application Scanning (WAS) (either alone or in combination with MD, WAF, Secure Seal, VM, TP, and/or
`CM) derives security profile data for a received Downloadable by performing a variety of static and dynamic analyses to detect suspicious
`computer operations that may be attempted by the Downloadable. The security profile data derived from the Downloadable scanner for WAS
`includes a list of suspicious computer operations that may be attempted by the Downloadable. As shown above and below, the Downloadable
`scanner for WAS can detect “new infections” and “zero-day malware that eludes anti-virus and anti-spyware” software by using “advanced
`behavioral analysis.”
`
`Downloadable
`scanner for WAS
`derives security
`profile data
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Qualys Web Application Scanning (WAS) _ Qualys, Inc..pdf
`
`9
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 12 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`10
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Web Application Scanning (WAS) (either alone or in combination with MD, WAF, Secure Seal, VM, TP, and/or
`CM) derives security profile data for a received Downloadable by performing a variety of static and dynamic analyses to detect suspicious
`computer operations that may be attempted by the Downloadable. The security profile data derived from the Downloadable scanner for WAS
`includes a list of suspicious computer operations that may be attempted by the Downloadable. As shown above and below, the list of
`suspicious computer operations that are detected by the Downloadable scanner for WAS cause malware infections and “Zero Day Risk.”
`
`Downloadable
`scanner for
`WAS derives
`security profile
`data
`
`Static
`+
`Dynamic
`
`msk‐qualysguardroadmapforh2‐2013‐201420130917‐130924091408‐phpapp02.pdf
`
`10
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 13 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`11
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`The Downloadable scanner for Web Application Firewall (WAF) (either alone or in combination with MD, WAS, Secure Seal, VM, TP, and/or
`CM) derives security profile data for a received Downloadable by detecting “Realtime Secuirty Events” and suspicious computer operations
`that may be attempted by the Downloadable. The security profile data derived from the Downloadable scanner for WAF includes a list of
`suspicious computer operations that may be attempted by the Downloadable, which include computer operations that cause malware
`infections and “zero-day” attacks.
`
`Downloadable
`scanner for
`WAF derives
`security profile
`data
`
`WAF
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`https://docplayer.net/1990870‐Web‐application‐firewall.html
`
`Qualys Web Application Firewall (WAF) _ Qualys, Inc..pdf
`
`11
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 14 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`12
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Secure Seal (either alone or in combination with MD, WAS, WAF, CM, TP, and/or
`VM) derives security profile data for Downloadables by scanning websites for malware. Websites are scanned for
`“malicious software the website could unintentionally infect users with” and other suspicious operations that may be
`attempted by the Downloadable.
`
`Secure Seal
`derives
`security profile
`data
`
`Qualys SECURE Seal _ Qualys, Inc..pdf
`
`12
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 15 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`13
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1– Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`The Downloadable scanner for Vulnerability Management (VM) (either alone or in combination with MD, WAS,
`WAF, Secure Seal, CM, and/or TP) derives security profile data for a received Downloadable by performing
`analyses to detect suspicious computer operations that may be attempted by the Downloadable. The security
`profile data derived from the Downloadable scanner for VM includes a list of suspicious computer operations that
`may be attempted by the Downloadable. As shown above and below, the list of suspicious computer operations that
`are detected by the Downloadable scanner for VM cause malware infections and zero-day threats.
`
`Downloadable
`scanner for VM
`derives security
`profile data
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`marek‐qgsuiteupdatesnewfeatures20120606‐120607075251‐phpapp01.pdf
`
`13
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 16 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`14
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`The Downloadable scanner for Continuous Monitoring (CM) (either alone or in combination with MD, WAS, WAF,
`Secure Seal, VM, or TP) derives security profile data for a received Downloadable by performing analyses to detect
`suspicious computer operations that may be attempted by the Downloadable.
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Downloadable
`scanner for CM
`derives security
`profile data for
`Downloadables
`
`https://www.qualys.com/apps/vulnerability‐management/
`
`14
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 17 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`15
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for ThreatPROTECT(TP) (either alone or in combination with MD, WAS, WAF, Secure
`Seal, CM, and/or VM) derives security profile data for a received Downloadable. The Downloadable scanner for TP
`performs analyses to detect suspicious computer operations that may be attempted by a Downloadable, which
`provides “Realtime Threat Intelligence Attributes” for “Zero Day” and other active attacks. The security profile data
`derived from the Downloadable scanner for TP includes a list of suspicious computer operations that may be
`attempted by the Downloadable. As shown above and below, the list of suspicious computer operations that are
`detected by the Downloadable scanner for TP cause “Zero Day” malware and attacks with “high lateral movement.”
`
`Downloadable
`scanner for TP
`derives
`security profile
`data
`
`rsac2016‐qualys‐threatprotect‐170112004807.pdf
`
`15
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 18 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`16
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Cloud Agent (either alone or in combination with MD, WAS, WAF, VM, CM, or TP)
`derives security profile data for a received Downloadable. The Downloadable scanner for Cloud Agent performs
`analyses to detect suspicious computer operations that may be attempted by a Downloadable. The security profile
`data derived from the Downloadable scanner for Cloud Agent includes a list of suspicious computer operations that
`may be attempted by the Downloadable. As shown above, the list of suspicious computer operations that are
`detected by the Downloadable scanner for Cloud Agent cause malware infections and zero-day threats.
`
`Downloadable
`scanner for Cloud
`Agent derives
`security profile
`data
`
`https://www.qualys.com/videos/platform/cloud‐agent/intro/
`
`16
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 19 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`17
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Qualys Accused Products may also analyze information gathered from previous scans, Qualys researchers, and/or external data feeds to
`derive security profile data for a received Downloadable, including a list of suspicious computer operations that may be attempted by the
`Downloadable.
`
`security_wp_mva.pdf
`
`https://www.qualys.com/apps/vulnerabil
`ity‐management/
`
`threatprotect‐datasheet.pdf
`
`17
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 20 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`18
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 1 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for deriving security
`profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the Downloadable.
`(continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`Doctrine of Equivalents:
`
`To the extent that the Qualys Cloud Products do not literally infringe this claim element, Qualys infringes under the doctrine of
`equivalents. The above described functionality of the Qualys Accused Products is at most insubstantially different from the
`claimed functionality and performs substantially the same function in substantially the same way to achieve substantially the
`same result.
`
`The Qualys Accused Products perform the same function because they have a Downloadable scanner to scan Downloadables
`in order to derive security profile data for the Downloadable that includes a list of suspicious computer operations that may be
`attmepted by the Downloadable. For example, the Downloadable scanner for MD utilizes a simulated user environment, which
`carries out substantially the same function as the element because it performs dynamic behavioral analysis to identify
`suspicious computer operations in the Downloadable. The Downloadable scanner for MD performs dynamic analysis by
`running the Downloadable in a simulated user environment and recording the different suspicious computer operations that the
`Downloadable attempts in memory. The suspicious computer operations identified include, e.g., disabling security controls, anti-
`forensic operations, file access, processes, services, Microsoft Windows registry keys being written, rogue processes being
`started, programs being installed and started, and files being written to a disk.
`
`Qualys Accused Products perform this function in the same way because they utilize a scanner which scans Downloadables
`and derives security profile data for the Downloadable, including a list of suspicious computer operations that the Downloadable
`may attempt. For example, the Downloadable scanner for MD performs this function the same way because it runs the
`Downloadable in a simulated user environment and records the different suspicious computer operations that the Downloadable
`attempts in memory.
`
`Qualys Accused Products achieve the same result as this element because a list of suspicious computer operations that may
`be attempted by the Downloadable are included in the derived security profile data for the Downloadable. For example, the
`Downloadable scanner for MD achieves the same result because it results in the generation of security profile data when it
`analyzes Downloadables using dynamic analysis. The results are the same because the Downloadable scanner for MD records
`suspicious computer operations that the Downloadable attempts (disabling security controls, anti-forensic operations, file
`access, processes, services, Microsoft Windows registry keys being written, rogue processes being started, programs being
`installed and started, and files being written to a disk) in memory when the Downloadable is run in a simulated user
`environment.
`
`18
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 21 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`19
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 2 – Qualys Accused Products includes a Downloadable scanner coupled with said receiver, for deriving
`security profile data for the Downloadable, including a list of suspicious computer operations that may be attempted by the
`Downloadable.
`
`Each of the Qualys Accused Products includes a respective Downloadable scanner coupled with its corresponding
`receiver as described in 10b. Contention No. 2.
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`http://www.brsec.com.br/eng/int_qualysguard.asp
`
`19
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 44-9 Filed 02/28/20 Page 22 of 58
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`20
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10c. Contention No. 2 – Qualys Accused Products include a Downloadable scanner coupled with said receiver, for
`deriving security profile data for the Downloadable, including a list of suspicious computer operations that may be
`attempted by the Downloadable. (continued)
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`The Downloadable scanner for Malware Detection (MD) derives security profile data for the Downloadable, including a list of
`suspicious computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No. 1.
`
`The Downloadable scanner for Web Application Scanning (WAS) derives security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No.
`1.
`
`The Downloadable scanner for Web Application Firewall (WAF) derives security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No.
`1.
`
`The Downloadable scanner for Secure Seal derives security profile data for the Downloadable, including a list of suspicious
`computer operations that may be attempted by the Downloadable, as described above in 10c. Contention No. 1
`
`The Downloadable scanner for Vulnerability Management (VM) derives security profile data for the Downloadable, including a
`list of suspicious computer operations that may be attempted by the Download
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
