`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 1 of 58
`
`
`
`
`
`EXHIBIT D
`
`EXHIBIT D
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 2 of 58
`D°C”meIIII1IIIIIIIIII IIIIIIIIIIIIIIIIIIIIIIIIIIIIIII 111111 11
`
`U8005987611A
`
`United States Patent
`Freund
`
`[19]
`
`[11]
`
`[45]
`
`Patent Number:
`
`Date of Patent:
`
`5,987,611
`
`Nov. 16, 1999
`
`[54]
`
`SYSTEM AND METHODOLOGY FOR
`MANAGING INTERNET ACCESS ON A PER
`APPLICATION BASIS FOR CLIENT
`COMPUTERS CONNECTED TO THE
`INTERNET
`
`Postel, J .,
`“RFC 8214imple Mail Transfer Protocol,”
`Information Science Institute, University of Southern Cali-
`fornia, Aug. 1982, pp. 1—68.
`
`(List continued on next page.)
`
`['15]
`
`Inventor: Gregor Frellnd, San Francisco, Calif.
`
`[73] Assignee: Zone Labs, Inc., San Francisco, Calif.
`
`[21] Appl. No; 081851,777
`
`[22]
`
`Filed:
`
`May 6, 1997
`
`Related U.S. Application Data
`Provisional application No. 601033975, Dec. 31, 1996.
`
`[60]
`
`G06F13100
`Int. Cl6
`[51]
`7131201
`[52] U..S Cl.
`
`.....39S118'1.01, 186
`[58]
`Field of Search
`
`3641222.5, 286.4, 2.865, 7111163, 70719,
`10, 203; 7131200, 201
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`3641200
`411990 Swinehart et al.
`4.914.586
`3951650
`1211995 Waldo et a].
`.....
`5,415,817
`
`39512002
`5.586.260 1211996 Hu
`
`.. 395118701
`5.623.601
`411997Ir VII
`
`611998 Kells eta].
`5,764,887
`3951186
`5,815,514
`911998 Fortinsky
`...... 380125
`395118701
`5.828.833
`1011998 Belville et al.
`
`1111998 Blakley. III et a].
`.
`.. 395118801
`5,832.21]
`
`1111998 Blakely, III eta].
`.
`. 395118801
`5,838,903
`111999 Blackwell. Jr. et a].
`.
`... .707/10
`5.857.191
`
`.. 3951187. 01
`5.864.665
`111999 Tran
`.. 395118801
`5,875,296
`211999 Slii eta].
`
`311999 Christensen et al.
`395120033
`5,881,230
`
`OTHER PUBLICATIONS
`
`Mullender, “Distributed Systems", Second Edition, ACM
`Press New York, Addison—Wesley, pp. 3. 12—13, 543—578,
`Dec. 1993.
`
`ORFALI et al., “Essential Client/Server Survival Guide",
`Van Nostrand Reinhold, pp. 153—154, Dec. 1994.
`
`Primary Examiner—Robert W. Beausoliel, Jr.
`Assistant Examiner—Stephen C. Elmore
`Attorney, Agent, or Firm—John A. Smart
`ABSTRACT
`
`[57]
`
`A computing environment with methods for monitoring
`access to an open network, such as a WAN or the Internet,
`is described. The system includes one or more clients, each
`operating applications or processes (e.g., Netscape Naviga-
`torTM or Microsoft Internet Explorer“ browser software)
`requiring Internet (or other open network) access (e.g., an
`Internet connection to one or more Web servers). Client-
`based monitoring and filtering of access is provided in
`conjunction with a centralized enforcement supervisor. The
`supervisor maintains access rules for the client-based filter-
`ing and verifies the existence and proper operation of the
`client-based filter application. Access rules which can be
`defined can specify criteria such as total time a user can be
`connected to the Internet (e.g., per day, week, month, or the
`like), time a user can interactively use the Internet (e.g., per
`day, week, month, or the like), a list of applications or
`application versions that a user can or cannot use in order to
`access the Internet, a list of URLs (or WAN addresses) that
`a user application can (or cannot) access, a list of protocols
`or protocol components (such as Java Script“) that a user
`application can or cannot use, and rules to determine what
`events should be logged (including how long are logs to be
`kept). By intercepting process loading and unloading and
`keeping a list of currently-active processes, each client
`process can be checked for various characteristics, including
`checking executable names, version numbers, executable
`file checksums, version header details, configuration
`settings, and the like. With this information, the system can
`determine if a particular process in question should have
`access to the Internet and what kind of accesstie, protocols,
`Internet addresses, time limitations, and the like) is permis-
`sible for the given specific user.
`
`30 Claims, 38 Drawing Sheets
`
`241
`
`240
`
`
`
`
`INTERNET@ accessMONITOR
`
`
`243
`
`WINSOCK
`DRIVER
`
`a
`
`245
`
`260
`
`APPLICATION
`
`
`PRO-BG-RAISRIS)
`
`WINDOWS
`SH ELL
` 250
`
`
`
`USER
`INTERFACE
`
`
`
`USER
`
`QUALYSOO‘I 12787
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 3 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 3 of 58
`
`5,98 7,61 1
`
`Page 2
`
`OTHER PUBLICATIONS
`
`Croker, D., “RFC 822—Standard for the formal of ARPA
`Internet Text Messages,” Department of Electrical Engineer-
`ing, University of Delaware, Aug. 13, 1982, pp. 147.
`Postel, J. and Reynolds, J ., “RFC 959—File Transfer Pro-
`tocol (FTP),” Information Science Institute, University of
`Southern California, Oct. 1985, pp. 1—47.
`Kantor, B. (U.C. San Diego) and Lapsley, P. (U.C. Berke-
`ley), “RFC 977—Network News Transfer Protocol, ” Feb.
`1986, pp. 1—27.
`Berners—Lee, T., ”RFC 1630—Universal Resource Identifi-
`ers in WWW,” Jun. 1994, pp. 28.
`Klensin, J., Freed, N., Rose, M., Stefferud, E. and Crocker,
`D., “RFC 18694MTP Service Extensions,” Nov. 1995,
`pp. 1—11.
`Kessler, G. and Shepard, S., “RFC 1739—A Primer On
`Internet And TCPK'IP Tools," Hill Associates, Inc., Dec.
`1994, pp. 1—46.
`Myers, J. (Carnegie Mellon) and Rose, M. (Dover Beach
`Consulting, Inc.), “RFC 19397Post Office Protocoli‘Ver-
`sion 3,” May 1996, pp. 1—23.
`Freed, N., "RFC 20344MT'P Service Extension for
`Returning Enhanced Error Codes,” Innosoft, Oct. 1996, pp.
`1—6.
`Freed, N., Borenstein, N., Moore, K., Klensin, J . and Postel,
`J., "RFC 2045/2046}2047/2048f2049—Multipurpose Inter-
`net Mail Extensions (MIME), Part 1: Format of Internet
`Message Bodies, Part 2: Media Types, Part 3: Message
`Header Extensions for Non—ASCII Text, Part 4: Registration
`Procedures, Part 5: Conformance Criteria and Examples,"
`Nov. 1996, Part 1: pp. 1—31, Part 2: pp. 1—44, Part 3: pp.
`1—15, Part 4: pp. 1—21, Part 5: pp. 1—24.
`Crispin, M., “RFC 2060—Internet Message Access Proto-
`col—Version 4rev1,” University of Washington, Dec. 1996,
`pp. 1—82.
`(Stockholm University) and Hopmann, A.
`Palme, J.
`(Microsoft Corporation), “RFC 2110—MIME E—mail
`Encapsulation of Aggregate Documents, such as HTML
`(MHTML)," Mar. 1997, pp. 1—19.
`
`Fielding, R. (U.C. Irvine), Gettys, J. (DEC), Mogul, J.
`(DEC), Frystyk, H. (MITKLCS) and BerersrLee, T. (MIT?r
`LCS), “Hypertext Transfer Protocol—HTTPKIJ,” Internet
`Engineering Task Force (IET'F)—Internet Draft, Aug. 12,
`1996, pp. 1—52.
`Marsh, K., “Win32 Hooks,” Microsoft Developer Network
`Technology Group, Jul. 29, 1993 (revised Feb. 1994), pp.
`1—14.
`
`Dawson, D., “Firewalls 101—A Introduction to Ascend
`Secure Access,” Ascend Network Secure Business Unit,
`Sep. 4, 1996, pp. 1—6.
`Semeria, C., “Internet Firewalls and Security—A Technol-
`ogy Overview,” 3Com Corporation, Sep. 4, 1996, pp. 1—16.
`Felten, E., Balfanz, D, Dean, D. and Wallach, D., “Web
`Spoofing: An Internet Con Game—Technical Report
`540—96,” Department of Computer Science, Princeton Uni-
`versity, 1996, pp. 1—9
`Microsoft Corporation, “Microsoft Technical Notes—
`Browsing and Windows 95 Networking,” 1995, pp. 1—38.
`Windows Networking Design Team—Microsoft Corpora-
`tion, “Microsoft TCPfIP VxD Interface Specification,” Oct.
`24, 1994, pp. 1723.
`TechNet/Corp. Network Systemszus. Systems Div.—Mi-
`crosoft Corporation, “MS Windows NT 3.5/3.51: TCPK'IP
`Implementation Details," May 22, 1996, pp. 1—65.
`Shah, R., ”Networking in Windows 954unWorld Online,
`” Nov. 1, 1995, pp. 1—6.
`Rickard, 1, “Internet Architecture,” Boardwatch Magazine,
`1996, pp. 1—11.
`Microsoft Corporation, “Active Directory Design Specifi-
`cation, Version 1.0," Oct. 25, 1996, pp. 1—111.
`Semeria, C., "Understanding IP Addressing—Everything
`You Ever Wanted To Know,” NDS Marketing, 3Com Cor-
`poration, Apr. 26, 1996, pp. 1—62.
`Hall, M. et a1, “Windows Sockets 2 Service Provider Inter-
`face, Revision 2.2.0,” Stardust Technologies, May 10, 1996,
`pp. 1—200.
`
`QUALYSOO‘I 12788
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 4 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 4 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 1 of 38
`
`5,987,611
`
`KEYBOARD
`
`POINTING
`
`DEVICE
`
`SCREEN
`
`DISPLAY
`
`MASS
`
`STORAGE
`
`OUTPUT
`
`DEVICE
`
`104
`
`105
`
`106
`
`10?
`
`108
`
`111
`
`E
`
`103
`
`IIO
`
`CONTROLLER
`
`110
`
`FIG. 1
`
`102
`
`MAIN
`
`MEMORY
`
`101
`
`CENTRAL
`
`PROCESSOR
`
`CACHE
`
`MEMORY
`
`1 09
`
`QUALYSOO1 12789
`
`(9.9., ETHERNET)
`
`NETWORK
`
`CONTROLLER
`
`112
`
`
`
`e
`aPm2
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 5 of 58
`m
`
`aScU
`
`.o/_twnoww
`
`Hmm|w.QNN
`
`1wowww
`
`m9
`
`RN.292250:Em.NEmum
`
`
`BEE;wmimmaommmotzoz$82mm,aséoomm
`
`
`
`ma8m5996ozpémao
`
`
`
`
`
`531m$55mmommmwwz.I9582.;682%
`
`mE3
`
`5%mgi,
`
`18fl.m7.,NGE
`
`ovm
`
`QUALYSOO‘I 12790
`
`
`
`
`
`21me
`anr
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 6 of 58
`7
`v_.
`0Q2Q
`.m
`
`0.twnowa»t.1_3A4“I0mm%.msU
`
`9”mama2mm;
`
`mWmm>mwmwwa:OsDmRw.GN
`
`a%mapm,
`
`uw“.0“,
`
`m.wmfl
`
`5S
`
`._HMmwémm4mE;
`
`
`
`(m,.OE
`
`FzmsmomOmZm
`
`mOwSmmmsm
`
`mmm
`
`mm>mmw
`
`szjommzhoz¢mov
`
`
`AJSSme
`
`(mm¢
`
`meZflmz
`
`a:a;
`
`motzoi
`
`mwrm
`
`szjo
`
`10:20:
`
`nrwm
`
`kzmfio
`
`norm
`
`mOCZOE
`
`uvrm
`
`Fzmjo
`
`QUALYSOO‘I 12791
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 7 of 58
`Case 4 18-cv-07229-YGR Document 125-4 Flled 10/22/20 Page 7 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 4 of 38
`
`5,987,611
`
`mm;
`
`xm>mmw
`
`mes
`
`zm>mmw
`
`mm;
`
`mm>mmm
`
`ZOF<OFZMIkD<
`
`mw>mmw
`
`am.
`
`mOwSmmmnw
`
`mm>mmw
`
`mOmSflmmzw
`
`mhm
`
`.20mn249.
`
`vnm
`
`ohm
`
`mam
`
`§
`
`mo
`
`mozmwmmm
`
`an3:
`
`mommowm
`
`wag
`
`10:205
`
`mFFm
`
`Fzmjo
`
`moczOE
`
`germ
`
`Fzmjo
`
`oc—m
`
`10:20:
`
`Hzmjo
`
`mm.OE
`
`
`
`hszmomOmzmo_.5
`
`QUALYSOO‘I 12792
`
`
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 8 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 8 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 5 of 38
`
`5,987,611
`
`440
`
`0:
`
`DATAACQUISITIONMODULE
`
`FIG.4
`
`QUALYSOO‘I 12793
`
`?
`I—
`
`z L
`
`L-l
`_l
`0
`
`APPLICATION1APPLICATION2
`
`O t2 O 2 L
`
`u 9 U
`
`COMMDRIVER430
`
`(WINSOCK)
`
`421
`
`423
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 9 of 58
`m
`2
`a
`
`_e
`
`mMx8:582%am48m%.3:82
`
`zoEwsoo<53m5oz.U
`
`
`
`
`
`mv.8:@895mgmmEmmamadman:9Ezoo...m.__n_m8
`
`0sDmRw.
`
`9mm:3fl
`
`
`
`mN5323mofimmzz.Eta.93m
`
`H6Ft
`
`
`
`a85,Stigma.
`
`4mu".
`
`
`
`
`
`mmmémooflaozx8.5".3:82zopfimmmmflz.E40
`
`.m79%wi,
`
`uw6.,m0E
`
`ww6.5.159wM3.5”.332
`
`
`
`mmam9:29593mgm8..:93
`
`QUALYSOO‘I 12794
`
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 10 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 10 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 7 of 38
`
`5,987,611
`
`509
`
`620
`
`FIG. 6A
`
`QUALYSOO‘I 12795
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 11 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 11 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 3 of 38
`
`5,987,611
`
`.
`f” _
`512
`
`‘
`
`611
`
`5108
`
`620a
`
`_'9mnamgir
`macadirew
`
`-
`
`
`
`FIG. 68
`
`QUALYSOO‘I 12796
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 12 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 12 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 9 of 38
`
`5,987,611
`
`313
`
`fififlc
`
`: h3ELmaImZgi
`-- crel‘IEtBfibms‘emif
`
`FIG. BC
`
`QUALYSOO‘I 12797
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 13 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 13 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 10 0f 38
`
`5,987,611
`
`650
`
`5551
`
`610d
`
`\->-.<-.
`‘-
`Mia Wmix WenFmei
`
`WWW- Wufiwicfigiflb
`
`2$217518E20
`
`2115111111513
`333521111518.
`EEZWJWW
`Wfllmfim
`
`
`
`u»mun-mm»emu1mnn—4Mw...
`
`620d
`
`FIG. 69
`
`QUALYSOO‘I 12798
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 14 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 14 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 11 0133
`
`5,987,611
`
`8009
`
`Viva! Hflnilm ' Elfifailfi-d 1.1:»;
`
`55?
`
`FIG. 6E
`
`QUALYSOO‘I 12799
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 15 of 58
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 15 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 12 of 38
`
`5,987,611
`
`711 312 713 714 715
`
`716
`
`717
`
`_
`_
`‘ mas-1m web access toilaiesi Iekeage veman of Mama Emmet
`'
`{)iwbb any warm activities
`Hamid web access In sites mmwscm, mwmbttwn mmcn ,..
`
`.
`
`an 231 996
`1Qnfl W
`1am 83E
`”12133?
`
`-'
`
`-
`
`if.
`
`“WWII 2713.131 flimajxpitadhmf‘. Wave: applicable.
`
`Bm‘k aim: dmmhading d mam {fies {disahlad} \
`Q Disabze fieaiMdia amass mm: [mm 311m 11) Exam
`.
`V24
`- :$ Flun «rims mack uh aai dmflwded Fins
`
`I
`
`I 1’1 131%?
`3m 39?
`3N 51139?
`
`5131 N 397
`never
`
`1. This rub limits ms nu lheWorld Wide Web tel how m. day.
`2. This use is said ham 3.12.1886 ham 3AM to 6PM on mkdaysu
`3. This we implies he: al use: and cmier meat to: Marketing. Admhiflrafim. RH}. HIS.
`‘Wabvaef'md easel: "E Fremd" and “EHatrmann‘i
`'
`- _ 4. This Ida can be: {notified andfut suspended by department and mkgmup supewisms
`' 5 If this rub has been vicilazed. Manet Mm wii readied web baffle. to page
`
`'736 -
`
`737
`
`FIG. 7A
`
`QUALYSOO‘I 12800
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 16 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 16 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 13 of 38
`
`5,987,611
`
`749
`
`
`
`LII-alt what fies mam can be mmoadad
`' Link ihe arm-fl 20% time {hat we can spam: an fiha Intamat'
`Disable sewer satisfies
`: Fiestas! mesa it! wrtain Meme! sites
`' Disabhs MW conhnls
`max fm kmvm mama: :pmbhms
`
`A Mamet Em: exam whafi maimed: may can use}
`
`\ This ruie can age 5.! wha! annicatéons can do on the:
`
`FIG, 7B
`
`QUALYSOO‘I 12801
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 17 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 17 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 14 of 38
`
`5,987,611
`
`744
`
`743
`
`FJG. 7C
`
`QUALYSOO‘I 12802
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 18 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 18 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 15 of 38
`
`5,987,611
`
`2’46
`
`74Gb
`
`immncr Hardin!1 .
`‘5‘
`
`747
`
`.
`
`.
`
`mmications
`a Imt Eupimel
`
`.
`
`'
`
`‘ -fi Latest leiease verséuns
`flu
`03d versims
`gym: Bswser
`m Netmapa NW
`
`;
`
`.
`'
`
`Ea Lateahebase
`$3.3 Valsion 3.132
`
`345
`
`.
`
`_
`
`.
`
`FIG. 70
`
`QUALYSOO‘I 12803
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 19 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 19 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 16 of 38
`
`5,987,611
`
`7406
`
`?5?
`
`755
`
`777
`
`FIG. 7E
`
`QUALYSOO‘I 12804
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 20 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 20 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 17 of 38
`
`5,987,611
`
`Mfld
`
`751.
`
`FIG. 7F
`
`QUALYSOO‘I 12805
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 21 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 21 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 18 of 38
`
`5,987,611
`
`7409
`
`5 Skip the activity [edited user la cunt page Mm [sensible
`@ Slop tha activity. gamma appdicalim mm
`3 Wam use: @311 dia‘og
`
`769
`
`amen:gdmifilsjtmlm if 9m hm a
`
`757
`
`FIG. 76
`
`QUALYSOO‘I 12806
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 22 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 22 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 19 of 38
`
`5,987,611
`
`T4Gf
`
`
`
`FIG. 7H
`
`QUALYSOO‘I 12807
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 23 of 58
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 23 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 20 of 38
`
`5,987,611
`
`
`
`FIG. 7!
`
`QUALYSOO‘I 12808
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 24 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 24 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 21 of 38
`
`5,987,611
`
`740.?1
`
`775
`
`1 The Mic prohibits ail annimfiom gmfix Irmama! Eapfiacl Mdflelsmme
`Navigate! Bram awessma lhe Mamet
`.2 The vula is valid from 3231 I1 83? from W to 5:3EPM ems: day.
`'3 The tube apaiee in a! use: and compute: eases! FmMatkfihg,”WebSewefl’
`and use: "EFiamd".
`:1. II the tub hat been Vidafied, Meme: Manic: mil £5913an am am dialog m3
`slap Ehe respactiva application from accessing the Entemat
`
`_
`
`_
`
`777
`
`7’80
`
`FIG. 7'J
`
`QUALYSOO‘I 12809
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 25 of 58
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 25 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 22 of 38
`
`5,987,611
`
`10H £1936 mm
`Bum! web access to latest [deem ms'tomoi lrmmt Explain:
`1&3.” #1998 mm
`& Disable w sci-m adiviies
`iifimflwah accesstooitmmw.mcmm_rrmlmcom, mm.___ Vii-133?
`mm-
`- gomall»:much-g oi mm fil'as {disabled}
`112-3199?
`never
`Sisahle Rwanda access mekdogs irom Sam is Born
`3221133?
`31.91%: ckeckonalldowriaodaflibs _
`_
`__
`M51133?
`
`__
`
`
`
`:
`
`7315
`
`783
`
`_
`
`_
`
`1 The tale pmhimils oi awicalicmx asleep! to: lnkemet Ewl'nrermand tiascape Navigate: fiom
`-
`_ Hanging: accessing the lriom.
`' 2. Them Is valid hum 3331f195? from 3AM MEEEFM every day.
`I}. The mle 13mm to all use: and motor accept {1:11 Mum." WabServot“ and uaa “‘GFreund",
`A; If that ruia has been Wed, Internet Mania wii dispiay am urm'diedog anal 311:1: the macho
`oopicotm from: access“; the internal
`
`FIG. 7K
`
`QUALYSOO‘I 12810
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 26 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 26 of 58
`
`US. Patent
`
`Nov. 13,1999
`
`Sheet 23 of 33
`
`5,987,611
`
`CLIENTLOADIIVG
`METHOD
`
`@
`
`BEGIN
`
`CLIENT MONITOR CHECKS IF A SUPERVISOR HAS
`BEEN ASSIGNED FOR THIS CLIENT MONITOR
`
`IF YES, CLIENT MONITORS SEND LOGIN
`REQUEST TO SUPERVISOR
`
`SUPERVISOR CHECKS IF REQUEST
`COMES FROM WITHIN THE LAN
`
`SUPERVISOR CHECKS IF CLIENT MONITOR
`HAS ANY INTERNET ACCESS RIGHTS
`
`SUPERVISOR DETERMINES DEPARTMENT OR
`WORKGROUP FOR CLIENT MONITOR
`
`SUPERVISOR FILTERS APPROPRIATE RULES FROM
`DATABASE; TRANSMITS RULES TO CLIENT MONITOR
`
`CLIENT MONITOR CONFIRMS SUCCESSFUL
`RECEPTION OF RULES
`
`CLIENT MONITOR SAVES COPY OF RULES ON TO
`A LOCAL STORAGE MEDIUM
`
`SUPERVISOR CONTACTS FIREWALL TO REQUEST
`INTERNET ACCESS FOR THE CLIENT MONITOR
`
`CONTINUE TO FIG. SB
`
`FIG. 8A
`
`301
`
`302
`
`803
`
`304
`
`805
`
`303
`
`307
`
`308
`
`809
`
`QUALYSOO‘I 12811
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 27 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 27 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 24 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 8A
`
`CONNECTION BETWEEN CLIENT MONITOR AND
`
`SUPERVISOR REMAINS OPEN
`
`SUPERVISOR REGULARLY SEND CHECK
`
`MESSAGES TO CLIENT MONITOR
`
`CLIENT MONITOR STORES LOG INFORMATION
`
`ON LOCAL STORAGE (IF AVAILABLE)
`
`CLIENT MONITOR SENDS LOG MESSAGES
`
`T0 SUPERVISOR
`
`810
`
`B11
`
`812
`
`813
`
`814
`
`IF SUPERVISOR DETERMINES ANY PROBLEM WITH
`CLIENT MONITOR, IT NOTIFIES FIREWALL TO
`DISABLE INTERNET ACCESS FOR CLIENT MONITOR
`
`FIG. 8B
`
`QUALYSOO‘I 12812
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 28 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 28 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 25 of 38
`
`5,987,611
`
`CLIENT MONITOR UNABLE
`
`TO LOCAngéJPERVISOR
`
`
`
`
`CLIENT MONITOR LOADS THE LAST STORED
`APPLICATION, HOST, RULES DATABASE. ETC.
`FROM LOCAL STORAGE
`
`901
`
`902
`
`
`
`CLIENT MONITOR MAY ATTEMPT TO CONTACT
`THE INTERNET DIRECTLY -- THE LAST STORED
`
`
`RULES STILL APPLY
`
`
`
`FIG. 9
`
`QUALYSOO‘I 12813
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 29 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 29 Of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 26 of 38
`
`5,987,611
`
`UNLOADING THE
`CLIENT MONITOR
`@
`
`BEGIN
`
`THE CLIENT MONITOR APPLICATION NOTIFI ES THE
`SUPERVISOR THAT IT IS ABOUT TO BE UNLOADED
`
`THE SUPERVISOR CONTACTS THE FIREWALL OF
`THAT CLIENT MONITOR TO STOP INTERNET ACCESS
`FOR THAT CLIENT MONITOR
`
`THE CLIENT MONITOR STORES ANY REMAINING
`LOG INFORMATION ON LOCAL STORAGE
`
`THE CLIENT MONITOR SENDS ANY REMAINING
`LOG MESSAGES TO THE SUPERVISOR
`
`'
`
`THE CLIENT MONITOR SHUTS DOWN
`
`1001
`
`1002
`
`1003
`
`1004
`
`1005
`
`FIG. 10
`
`QUALYSOO‘I 12814
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 30 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 30 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 27 of 38
`
`5,987,611
`
`LOADING THE
`CLIENT MONITOR IN
`AN ISP ENnggONMENT
`
`BEGIN
`
`RAS CALLS ISP POP USING SLIP PPP OR SIMILAR
`PROTOCOL WITH USER IDIPASSWORD
`
`ISP POP SERVER CALLS ISP AUTHENTICATION
`SERVER WITH USER IDIPASSWORD
`
`ISP AUTHENTICATION SERVER CHECKS
`USER ID 8: PASSWORD
`
`IF OK, AUTHENTICATION SERVER CHECKS
`WITH ISP SUPERVISOR IF USER HAS ACCESS
`RULES MECHANISM INSTALLED
`
`(B) N0: CLIENT ACCESS UNRESTRICTED
`
`A YES: CLIENT RESTRICTED TO
`8 "SANDBOX" SERVER
`
`CLIENT MONITORS SEND LOGIN REQUEST
`TO ISP SUPERVISOR
`
`ISP SUPERVISOR TRANSMITS ACCESS RULES ETC.
`TO CLIENT MONITOR
`
`CLIENT MONITOR SAVES COPY OF RULES ON A
`LOCAL HARD DISK TO A LOCAL STORAGE MEDIUM
`
`[SP SUPERVISOR CONTACTS ISP POP SERVER TO
`REMOVE 'SANDBOX" RESTRICTIONS
`
`CONTINUE TO FIG. 113
`
`FIG. 11A
`
`1101
`
`1102
`
`1103
`
`1104
`
`1105
`
`1106
`
`1107
`
`1108
`
`QUALYSOO112815
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 31 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 31 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 28 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 11A
`
`CONNECTION BETWEEN CLIENT MONITOR AND
`ISP SUPERVISOR REMAINS OPEN
`
`ISP SUPERVISOR REGULARLY SEND CHECK
`MESSAGES T0 CLIENT MONITOR
`
`CLIENT MONITOR STORES LOG INFORMATION
`ON LOCAL STORAGE
`
`CLIENT MONITOR SENDS LOG MESSAGES
`TO ISP SUPERVISOR
`
`1109
`
`1110
`
`1111
`
`1112
`
`1113
`
`IF ISP SUPERVISOR DETERMINES ANY PROBLEM
`WITH CLIENT MONITOR, IT NOTIFIES [SP
`POP SERVER TO RESTRICT ACCESS RIGHTS
`
`TO "SANDBOX MODE"
`
`FIG. 11B
`
`QUALYSOO112816
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 32 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 32 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 29 of 38
`
`5,987,611
`
`INTERPRETATION
`OFA TYPICAL HTTP
`"GET" REQUEST
`@
`
`BEGIN
`
`THE APPLICATION CALLS WINSOCK WSAStartupO
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`CHECKS THE RULES AND APPLICATION DATABASE
`IF THE APPLICATION OR SPECIFIC VERSION OF
`
`THE APPLICATION HAS INTERNET ACCESS RIGHTS
`
`IF NOT, THE CLIENT MONITOR FAILS WASStartupO CAL
`
`APPLICATION CALLS SOCKETI)
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`CHECKS IF THE APPLICATION OR USER HAVE RIGHTS
`TO CONTINUED USE OF THE INTERNET
`
`IF NOT, THE CLIENT MONITOR FAILS SOCKETO CALL
`
`THE APPLICATION CONTACTS THE HOST USING
`WINSOCK CONNECTO
`
`CLIENT MONITOR INTERCEPTS THE CALL 81 CHECKS
`THE RULES AND HOST DATABASE IF APPLICATION
`HAS ACCESS RIGHTS TO THE SPECIFIC HOST
`
`THE CLIENT MONITOR CHECKS IF THE APPLICATION
`OR USER HAVE RIGHTS TO CONTINUED USE
`OF THE INTERNET
`
`CONTINUE TO FIG. 12B
`
`FIG. 12A
`
`1201
`
`1202
`
`1203
`
`1204
`
`1205
`
`1206
`
`120?
`
`1203
`
`1209
`
`QUALY800112817
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 33 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 33 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 30 0f 38
`
`5,987,611
`
`CONTINUE FROM FIG. 12A
`
`IF NO ON PREVIOUS 2 STEPS. THE CLIENT
`MONITOR FAILS OR REDIRECTS CONNECT CALL
`
`THE APPLICATION CALLS WINSOCK SENDO WITH
`HTTP COMMAND "GET FOO.HTML"
`
`
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`DETERMINES PROTOCOL BASED ON A COMBINATION
`OF THE TCPIIP PORT ADDRESS, ADDRESS
`FAMILY CONTENTS ETC.
`
`THE CLIENT MONITOR CHECKS THE RULES AND
`APPLICATON DATABASE IF THE APPLICATION
`HAS THE RIGHT TO USE HTTP
`
`THE CLIENT MONITOR CHECKS THE RULES
`DATABASE IF THE USERICOMPUTER HAS THE RIGHT
`TO DOWNLOAD ”.HTML" FILES
`
`IF NO ON THE LAST 2 STEPS, THE CLIENT MONITOR
`FAILS OR REDIRECTS SEND CALL
`
`THE CLIENT MONITOR LOADS THE CONTENT
`
`DRIVER FOR “.HTML" FILES
`
`THE APPLICATION CALLS WINSOCK RECVI)
`
`1210
`
`1211
`
`1212
`
`1213
`
`1214
`
`1215
`
`1216
`
`1217
`
`CONTINUE TO FIG. 120
`
`FIG. 128
`
`QUALYSOO112818
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 34 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 34 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 31 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 123
`
`THE HOST SENDS THE CONTENTS OF "FOOHTML"
`
`THE CLIENT MONITOR INTERCEPTS RETURN OF
`THE RECVQ CALL AND PASSES THE CONTENTS
`0 THE CONTENT DRIVER
`
`THE CONTENT DRIVER PARSES CONTENTS OF
`"FOO.HTML'I AND CHECKS FOR A NUMBER OF
`COMPONENTS:
`
`NETWORK PROBLEMS
`
`FlREFERENCES TO JAVA, ACTIVEX. ETC.
`
`B REFERENCES T0 NETSCAPE STYLE PLUG-INS
`C IMBEDDED SCRIPTS SUCH A JAVASCRIPT,
`VBSCRIPT. ETC.
`(D) REFERENCES TO OTHER FILES OR COMPONENTS
`(E) OTHER SYNTAX ELEMENTS THAT ARE KNOWN
`OR SUSPECTED TO CAUSE SECURITY OR
`
`THE CONTENTS DRIVER CHECKS THE APPLICATON
`AND RULES DATABASE IF THE SPECIFIC HTML
`COMPONENT IS PERMISSIBLE
`
`IF NOT, THE DRIVER EITHER REMOVES THE HTML
`COMPONENT OR FAILS THE RECV ) CALL DEPENDING
`ON THE VIOLATED ULE
`
`THE APPLICATION RECEIVED CONTENTS OF
`"FOO.HTML"
`
`
`
`THE CLIENT MONITOR INTERCEPTS FILE IIO CALLS
`FROM THE APPLICATION AND TRIES TO DETERMINE
`
`WHERE THE APPLICATION HAS SAVED THE
`
`FILE IT JUST RECEIVED
`
`DONE
`
`FIG. 12C
`
`1218
`
`1219
`
`1220
`
`1221
`
`1 222
`
`1223
`
`1 224
`
`QUALYSOO112819
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 35 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 35 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 32 of 38
`
`5,987,611
`
`1301
`
`1 302
`
`1 303
`
`1304
`
`1 305
`
`BAND WIDTH
`AND INTERACTIVE
`USE MONITORING
`1300
`—
`
`BEGIN
`
`THE APPLICATION CALLS WINSOCK SENDO OR
`RECVO CALLS
`
`
`
` CLIENT MONITOR INTERCEPTS TH ESE CALLS AND:
`(A) MARKS THE TIME OF THE CALL IN THE
`
`
`LASTINTERNETACCESS FIELD OF THE
`APPLICATION'S LIST ENTRY
`
`
`(B) CHECKS IF THE SENDI) 0R RECV ) USES AN
`
`
`INTERNET PROTOCOL USUALLY SSSOCIATED
`
`
`WITH INTERACTIVE ACTIVITY
`
`
`(C) IF YES, MARKS THE TIME OF THE CALL IN THE
`
`
`LASTINTERACTIVEACCESS FIELD OF THE
`
`
`APPLICATION'S LIST ENTRY
`
`
`(D) ADDS THE DATA LENGTHS TO DATAIN OR
`
`
`DATAOUT ACCUMULATIVE COUNTER OF THE
`
`
`APPLICATION'S LIST ENTRY AND GLOBAL
`
`
`ACTIVITY RECORD
`
`
`(E) IF DATAIN OR DATAOUT FIELDS EXCEED RULE-
`
`
`BASED QUANTITY EITHER FOR THE SPECIFIC
`
`
`APPLICATION OR THE USERIWORKSTATION,
`
`
`THE CLIENT MONITOR DISABLES FUTURE
`
`
`INTERNET ACCESS ANDIOR WARNS THE USER
`
`WINDOWS SENDS CERTAIN KEYBOARD AND MOUSE
`MESSAGES TO A WINDOW
`
`CLIENT MONITOR INTERCEPTS THESE MESSAGES
`
`THE CLIENT MONITOR IDENTIFIES THE TARGET
`WINDOW AND APPLICATION OF THE MESSAGE
`AND MARKS THE TIME OF THE LASTINTERACTIVEUSE
`FIELD OF THE APPLICATION'S LIST ENTRY
`
`
`
`’
`
`CONTINUE TO FIG. 138
`
`‘
`
`FIG. 13A
`
`QUALYSOO1 12820
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 36 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 36 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 33 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 13A
`
`1 306
`
`EVERY MINUTE THE CLIENT MONITOR CHECKS
`EACH ENTRY OF THE APPLICATION LIST:
`
`(A) HAS THE LASTINTERNETACCESS FIELD
`CHANGED IN THE LAST MINUTE
`(B) IF YES, ADD ONE MINUTE TO THE
`TOTALINTERNETUSE FIELD OF THE
`APPLICATION'S LIST ENTRY
`(C) HAVE THE LASTINTERACTIVEACCESS AND
`LASTINTERACTIVEUSE FIELDS CHANGED
`IN THE LAST 5 MINUTES
`(D) IF YES, ADD ONE MINUTE TO THE
`TOTALINTERACTIVEUSE FIELD OF THE
`APPLICATION'S LIST ENTRY
`(E) IF THE TOTALINTERNETUSE OR
`TOTALINTERACTIVEUSE FIELDS OF ANY
`APPLICATION'S LIST ENTRY HAVE CHANGED ALSO
`ADD ONE MINUTE TO THE CORRESPONDING
`FIELD OF THE GLOBAL RECORD.
`(F) IF ANY OF THE TOTALINTERNETUSE OR
`TOTALINTERACTIVEUSE FIELDS EXCEED RULE-
`BASED QUANTITY EITHER FOR THE SPECIFIC
`APPLICATION OR THE USER/WORKSTATION,
`THE CLIENT MONITOR DISABLES FUTURE
`INTERNET ACCESS AND/OR WARNS THE USER
`
`
`
`FIG. 13B
`
`QUALYSOO‘I 12821
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 37 of 58
`Case 4:18-Cv-07229-YGR Document 125-4 Filed 10/22/20 Page 37 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 34 of 38
`
`5,987,611
`
`MANAGING
`NETWORK
`CONGES TION
`
`w 1401
`
`IF THE SUPERVISOR DETERMINES A CONGESTION
`OF INTERN ET ACCESS EITHER BY INTERPRETING
`THE LOG MESSAGES FROM THE CLIENT MONITORS.
`ITS OWN MONITORING OF ACCESS SPEED, OR THIRD
`PARTY MONITORING TOOLS, IT NOTIFIES
`THE CLIENT MONITORS OF TEMPORARY
`ACCESS RESTRICTIONS
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEPENDING ON THE SPECIFIC RULES IN THIS CASE,
`THE CLIENT MONITOR CAN EITHER:
`
`(A) DELAY INTERNET ACCESS FOR NON-CRITICAL
`APPLICATIONS OR PROTOCOLS BY:
`- APPLICATONS CALL WINSOCK SENDO. RECV(),
`CONNECTBHL ETC. CALL
`
`
`
`1402
`
`
`
`
`
`- THE CLIE MONITOR INTERCEPTS THE CALL
`AND CHECKS RULES AND APPLICATION
`DATABASE |F CALLS RELATE TO NON-
`CRITICAL ACTIVITIES
`- IF YES, DELAY THE SPECIFIC THREAD OF THE
`APPLICATION BY A PREDETERMINED AMOUNT
`- THIS WILL OPEN BANDWIDTH FOR CRITICAL
`ACTIVITIES
`
`
`
`
`
`
`(B) DISABLE INTERN ET ACCESS FOR NON-
`CRITICAL APPLICATONS OR PROTOCOLS
`
`
`
`
`FIG. 14
`
`QUALYSOO‘I 12822
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 38 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 38 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 35 of 38
`
`5,987,611
`
`INTERCEPTING
`WINSOCK
`MESSAGES
`
`fl)
`
`
`
`
`
`
`1501
`
`THE CLIENT MONITOR LOADS OUR CLIENT VXD
`
`
` 1502
`
`
`
`
`THE CLIENT VXD LOADS WSOCK.VXD AND REDIRECTS
`THE DEVICEIOCONTROL CODE POINTER OF
`WSOCK.VXD TO ITS OWN INTERCEPTION ROUTINE
`
`1503
`
`
`
`THE APPLICATION CALLS WINSOCK FUNCTION IN
`WSOCK32.DLL THAT REQUIRE INTERNET ACCESS
`
`
`
`
`
`
`WSOCK32.DLL PROCESSES THE PARAMETERS
`AND CALLS WSOCK.VXD VIA WIN32
`DEVICEIOCONTROLO FUNCTION
`
` 1 505
`
`
`
`
`
`
`
`IF THE DISPATCH TABLE REQUIRES AN INTERCEPT,
`THE CLIENT VXD CREATES AN INTERCEPTION
`MESSAGE AND CALLS THE CLIENT MONITOR
`
`1 504
`
`1 506
`
`CLIENT VxD LOOKS UP THE CALL VIA THE
`"INTERCEPT BEFORE" DISPATCH TABLE
`
`
`
`IF THE CLIENT MONITOR ALLOWS THE CALL TO GO
`FORWARD, THE CLIENT VXD CALLS THE ORIGINAL
`WSOCK.VXD ROUTINE, OTHERWISE IT RETURNS
`WSOCK32DLL AND THE APPLICATION
`
`1507
`
`1508
`
`
`
`
`THE CLIENT VXD LOOKS UP THE CALL VIA THE
`"INTERCEPT AFTER" DISPATCH TABLE
`
` CONTINUE TO FIG. 153
`
`FIG. 15A
`
`QUALYSOO1 12823
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 39 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 39 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 36 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 15A
`
`IF THE DISPATCH TABLE REQUIRES AN INTERCEPT,
`THE CLIENT VXD CREATES AN INTERCEPTION
`MESSAGE AND CALLS THE CLIENT MONITOR
`
` 1509
`
`THE CLIENT VxD RETURNS TO WSOCK32.DLL WITH
`EITHER THE ORIGINAL RETURN RESULTS OR
`RESULTS MODIFIED BY THE CLIENT MONITOR
`
`1510
`
`FIG. 15B
`
`QUALYSOO‘I 12824
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 40 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 40 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 37 of 38
`
`5,987,611
`
`TRANSMITTING MESSAGES
`FROM RING 0 TO RING 3
`
`w
`
`1601
`
`1 602
`
`1603
`
`1 504
`
`1 605
`
`FILE, WINSOCK OR THREAD COMPONENTS OF
`CLIENT VxD CALL THE MESSAGE DISPATCHER
`
`THE DISPATCHER DETERMINES IF ANY ADDITIONAL
`DATA IS REQUIRED:
`
`(A) IF YES, THE DISPATCHER DETERMINES IF
`ADDITIONAL DATA FITS INTO EXTRA SPACE
`- IF YES, THE DISPATCHER COPIES DATA INTO
`ADDITIONAL SPACE
`(B) IF NO, THE DISPATCHER DETERMINES IF DATA
`IS ALREADY MAPPED INTO GLOBAL SPACE
`- IF NO. THE DISPATCHER ALLOCATES GLOBAL
`MEMORY POINTER TO DATA AND PUTS
`POINTER INTO MESSAGE BODY
`
`
`
`
`THE DISPATCHER COPIES MESSAGE TO ARRAY
`
`THE DISPATCHER DETERMINES IF IT NEEDS
`TO WAIT FOR MESSAGE PROCESSING BECAUSE:
`(A) gOhIIIITI-EIR NEED TO FREE THE GLOBAL MEMORY
`(B) THE CLIENT MONITOR NEEDS TO APPROVE THE
`UNDERLYING ACTION
`(C) THE CLIENT MONITOR MIGHT PATCH ANY OF THE
`PARAMETERS
`
` IF THE DISPATCHER NEEDS TO WAIT, IT:
`(A) TELLS WINDOWS TO SWITCH TO THE
`RING 3 CLIENT MONITOR‘S MESSAGE THREAD
`(B) PUTS ITSELF INTO SLEEP MODE OTHERWISE IT
`RETURNS IMMEDIATELY TO THE CALLER
`
`
`
`
`
`CONTINUE TO FIG. 163
`
`FIG. 16A
`
`QUALYSOO1 12825
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 41 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 41 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 38 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 16A
`
`AFTER THE CLIENT MONITOR PROCESSED THE
`MESSAGE, THE DISPATCHER DOES ONE OR MORE
`OF THE FOLLOWING ACTIONS:
`
` 1 606
`
`(A) DE-ALLOCATES GLOBAL MEMORY POINTER, IF
`PREVIOUSLY ALLOCATED
`
`(B) EEPAES ANY PATCHED MEMORY TO CORRECT
`
`FIG. 16B
`
`QUALYSOO‘I 12826
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 42 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 42 of 58
`
`5,987,611
`
`1
`SYSTEM AND METHODOLOGY FOR
`MANAGING INTERNET ACCESS ON A PER
`APPLICATION BASIS FOR CLIENT
`COMPUTERS CONNECTED TO THE
`INTERNET
`
`The present application claims priority from commonly-
`owned provisional patent application Ser. No. 60/033,975,
`filed Dec. 31, 1996, entitled SYSTEM AND METHODS
`FOR MONITORING INTERNET ACCESS, and listing as
`inventor Gregor P. Freund, the disclosure of which is hereby
`incorporated by reference.
`COPYRIGHT NOTICE
`
`A portion of the disclosure of this patent document
`contains material which is subject to copyright protection.
`The copyright owner has no objection to the facsimile
`reproduction by anyone of the patent document or the patent
`disclosure as it appears in the Patent and Trademark Office
`patent file or records, but otherwise reserves all