`Case 4:18-cv-07229—YGR Document 52-4 Filed 03/16/20 Page 1 of 7
`
`
`
`
`
`EXHIBIT C
`
`EXHIBIT C
`
`
`
`•
`
`'
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Case 4:18-cv-07229-YGR Document 52-4 Filed 03/16/20 Page 2 of 7
`
`O \ P /: ,
`~~ ' ' ~~~~~-----------------------C-ER-T-IF-IC_A_T_E_O_F_M_A_I_LI_N_G __________________________ __
`v
`....
`~~mo~aper (along with any paper referred to as being attached or enclosed) is being deposited with the United
`~~ "-TR-=~-~-~tates Postal Service on the date shown below with sufficient postage as first class inail in an enveloped addressed to the Assistant
`.-
`AO
`Commissioner for Patents, Washington, D.C. on
`
`-~'13/v
`~/
`t t)
`
`/_,..\~ '0
`U U-'
`
`By: Marion Dick
`
`MO....:o-
`
`{)~bL_
`
`Serial No.: 08/995,648
`
`Examiner:
`
`C. Revak
`
`Filed: December 22, 1997
`
`For:
`
`System and Method for Attaching a
`Downloadable Security Profile to a
`Downloadable
`
`Assistant Commissioner for Patents
`Washington, D.C. 20231
`
`Art Unit:
`
`2785
`
`RECEIVED
`llfAY"a1 8 2000
`GROUP 2700
`
`Sir:
`
`AMENDMENT AND RESPONSE
`
`In response to the office action mailed on February 8, 2000, the three-month
`
`shortened statutory period for response ending on May 8, 2000, please amend the
`
`application as follows:
`
`IN THE SPECIFICATION:
`On page 2line 8, after "number" please in~OS/964,388--.
`/
`On page 11 line 6, after "number" please inse;;re8/964,388--.
`On page 12 line 15, after"nurilber" please ins~8/964,388--.
`
`On page 18 line 12, after "number" please insert --08/964,388--.
`
`1311202631.01
`05020011223/40492.00005
`
`FINJAN-QUALYS 000318
`
`
`
`Case 4:18-cv-07229-YGR Document 52-4 Filed 03/16/20 Page 3 of 7
`
`•
`
`•
`
`c IN THE CLAIMS:
`
`1.
`
`(Twice amended) A method comprising [the steps o:fJ:
`
`receiving by an inspector a Downloadable;
`
`generating by the inspector a first Downloadable security profile that identifies
`
`suspicious code in the received Downloadable; and
`
`linking by the inspector the first Downloadable security profile to the
`
`Downloadable before a web server makes the Downloadable available to web clients.
`
`11.
`
`(Once amended) The method of claim 1, wherein the first Downloadable security
`
`profile includes a list of operations deemed suspicious by [an] the inspector.
`
`15.
`
`(Twice amended) An inspector system comprising:
`
`memory storing a first rule set; and
`
`a first content inspection engine for using the first rule set to generate a first
`
`Downloadable security profile that identifies suspicious code in a Downloadable, and for
`
`linking the first Downloadable security profile to the Downloadable before a web server
`
`makes the Downloadable available to web clients.
`
`(Twice amended) A method performed by a network gateway com
`
`steps o:fJ:
`
`receiving a Downloadable with a linked Downloadable
`
`identifies suspicious code in the Downloadable; and
`
`comparing the Downloadable security profi
`
`23.
`
`(Twice amended)
`
`steps o:fJ:
`
`e with a linked first Downloadable security profile that
`
`identifies suspicious cod n the Downloadable;
`
`hether to trust the first Downloadable security profile; and
`
`comp
`
`· g the first Downloadable security profile against the security policy if
`
`wnloadable security profile is trustworthy.
`
`131/202631.01
`050200/1223/40492.00005
`
`2
`
`FINJAN-QUALYS 000319
`
`
`
`Case 4:18-cv-07229-YGR Document 52-4 Filed 03/16/20 Page 4 of 7
`
`•
`
`•
`
`(Twice amended) A network gateway system compri · g:
`a Downloadable interceptor for receiving a Do
`
`a file reader coupled to the interceptor
`
`determining whether the Downloadable
`
`includes a Downloadable security pro
`
`that identifies suspicious code in the
`
`\
`
`Downloadable;
`
`he file reader for determining whether to trust the
`
`licy analysis engine coupled to the verification engine for comparing
`
`le security profile against a security policy if the engine determines that
`
`adable security profile is trustworthy.
`-L-------------~~-------------------------------------------------------------~-------
`
`41.
`
`(Twice amended) A computer-readable storage medium storing program code for
`
`causing a data processing system on an inspector to perform the steps of:
`
`receiving a Downloadable;
`
`generating a first Downloadable security profile that identifies suspicious code in
`
`the received Downloadable; and
`
`linking the first Downloadable security profile to the Downloadable before a web
`
`server makes the Downloadable available to web clients.
`
`(Twice amended) A computer-readable storage medium storing
`
`causing a data processing system on a network gateway to perfo
`
`receiving a Downloadable with a linked first Dow
`
`identifies suspicious code in the Downloadable;
`
`the first Downloadable sec
`
`· y profile is trustworthy.
`
`able security profile against the security policy if
`
`1311202631.01
`05020011223/40492.00005
`
`1
`
`3
`
`FINJAN-QUAL YS 000320
`
`
`
`Case 4:18-cv-07229-YGR Document 52-4 Filed 03/16/20 Page 5 of 7
`
`•
`
`•
`
`43.
`
`(Twice amended) An inspector system comprising:
`
`means for receiving a Downloadable;
`
`means for generating a first Downloadable security profile that identifies
`
`suspicious code in the received Downloadable; and
`
`means for linking the first Downloadable security profile to the Downloadable
`
`before a web server makes the Downloadable available to web clients.
`
`4.
`
`(Twice amended) A network gateway system c
`
`means for receiving a Downloadable with mked first Downloadable security
`
`profile that identifies suspicious code in the
`
`trust the first Downloadable security profile;
`
`and
`
`e first Downloadable security profile against the security
`
`131/202631.0 I
`050200/1223/40492.00005
`
`4
`
`FINJAN-QUAL YS 000321
`
`
`
`Case 4:18-cv-07229-YGR Document 52-4 Filed 03/16/20 Page 6 of 7
`
`••
`
`•
`
`REMARKS
`
`Claims 1-44 were examined and rejected in this case. Claims 1, 11, 15, 22, 23, 32
`
`and 41-44 are being amended. Claims 1-44 are still pending. Reconsideration of the
`
`application as amended is respectfully requested.
`
`Applicant requests the Examiner to enter the above amendments to the
`
`Specification. No new matter is being added.
`
`Before discussing the rejections of the claims, a brief rev.iew of an embodiment of
`
`Applicant's invention is helpful. A system includes an inspector for generating and
`
`link~ng a Downloadable security profile to a Downloadable before a web server makes
`
`the Downloadable available to web clients. The system also includes a network gateway
`
`which examines the Downloadable security profile for security policy violations ifthe
`
`Downloadable security profile is deemed trustworthy.
`
`In paragraphs 3 and 4, the Examiner rejected claims 1-3, 11, 15-17, 22, 23, 32 and
`41-44 under 35 USC§ 102(e) as anticipated by Ii. Ii teaches a method performed on a
`network gateway of examining application programs for lines of code that the client
`
`computer should monitor for security policy violations. Independent claims 1, 15, 41 and
`
`43 as amended similarly recite generating and linking a Downloadable security profile to
`
`a Downloadable before a web server makes the Downloadable available to web clients.
`
`Independent claims 22, 23, 32, 42 and 44 as amended similarly recite comparing a
`
`-- -----~--
`
`Downloadable security profile linked to the Downloadable against a security policy, if
`the Downloadable security profile is deemed trustworthy. Ji does not teach generating
`the Downloadable security profile or linking the Downloadable security profile to a
`
`Downloadable before the web server makes the Downloadable security profile available
`to web clients. Further, Ii does not teach examining an already linked Downloadable
`security profile by network gateways, if the profile is deemed trustworthy. In li's system,
`
`the burden of examining a Downloadable for the suspicious code is always on the
`
`network gateway, and must be done every time. In Applicant's system, some of the
`
`burden may be transferred to the inspector, and generation of the Downloadable security
`
`profile may be performed only once. Applicant therefore requests the Examiner to
`
`131/202631.01
`050200/1223/40492.00005
`
`5
`
`FINJAN-QUAL YS 000322
`
`
`
`Case 4:18-cv-07229-YGR Document 52-4 Filed 03/16/20 Page 7 of 7
`
`••
`
`•
`
`withdraw the rejection of independent claims 1, 15, 22, 23, 32 and 41-44, and of claims 2,
`
`3, 11, 16 and 17 dependent therefrom.
`
`In paragraphs 5 and 6, the Examiner rejected claims 5-8, 12, 19, 27 and 36 under
`35 USC§ 103(a) as unpatentable over li. Since claims 5-8, 12, 19, 27 and 36 depend
`from the independent claims above, Applicant submits that these claims are patentable
`
`for at least the same reasons.
`
`In paragraph 7, the Examiner rejected claims 4, 9, 10, 13, 14, 18, 20, 21, 24-26,
`28-31, 33-35 and 3 7-40 as unpatentable over li in view of Atkinson. The Examiner
`indicates that li does not teach examination of a digital signature to assure the integrity of
`the Downloadable, or the attachment of a certificate and a Downloadable ID with the
`
`Downloadable. The Examiner then asserts that Atkinson teaches sending an attached
`
`certificate that is included in the digital signature with the downloadable. However,
`
`Atkinson does not teach generating the Downlo~dable security profile or linking the
`
`Downloadable security profile to a Downloadable before the web server makes the
`
`Downloadable security profile available to web clients. Further, Atkinson does not teach
`
`examining an already linked Downloadable security profile by network gateways, if the
`
`profile is deemed trustworthy. Accordingly, Applicant submits that, for at least the
`
`reasons described above with reference to the independent claims, claims 4, 9, 10, 13, 14,
`
`18, 20, 21,24-26,28-31,33-35 and 37-40 dependent therefrom are also patentable over
`
`the art of record. Applicant therefore requests the rejection be withdrawn.
`
`If the Examiner has any questions or needs any additional information, the
`
`Examiner is invited to telephone the undersigned attorney at (650) 843-3392.
`
`If for any reason an insufficient fee has been paid, the Assistant Commissioner is
`
`hereby authorized to charge the insufficiency to Deposit Account No. 05-0150.
`
`Dated:~
`
`Graham & James LLP
`600 Hansen Way
`Palo Alto, CA 94304-1043
`650-856-6500
`
`131/202631.01
`050200/1224/40492.00005
`
`6
`
`Respectfully Submitted,
`Touboul et al.
`
`Marc A. Sockol
`Attorney for Applicants
`Reg. No. 40,823
`
`FINJAN-QUAL YS 000323
`
`