Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 1 of 58
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 1 of 58
`
`
`
`
`
`EXHIBIT D
`
`EXHIBIT D
`
`
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 1 of 58
`
`
`
`
`
`EXHIBIT D
`
`EXHIBIT D
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 2 of 58
`D°C”meIIII1IIIIIIIIII IIIIIIIIIIIIIIIIIIIIIIIIIIIIIII 111111 11
`
`U8005987611A
`
`United States Patent
`Freund
`
`[19]
`
`[11]
`
`[45]
`
`Patent Number:
`
`Date of Patent:
`
`5,987,611
`
`Nov. 16, 1999
`
`[54]
`
`SYSTEM AND METHODOLOGY FOR
`MANAGING INTERNET ACCESS ON A PER
`APPLICATION BASIS FOR CLIENT
`COMPUTERS CONNECTED TO THE
`INTERNET
`
`Postel, J .,
`“RFC 8214imple Mail Transfer Protocol,”
`Information Science Institute, University of Southern Cali-
`fornia, Aug. 1982, pp. 1—68.
`
`(List continued on next page.)
`
`['15]
`
`Inventor: Gregor Frellnd, San Francisco, Calif.
`
`[73] Assignee: Zone Labs, Inc., San Francisco, Calif.
`
`[21] Appl. No; 081851,777
`
`[22]
`
`Filed:
`
`May 6, 1997
`
`Related U.S. Application Data
`Provisional application No. 601033975, Dec. 31, 1996.
`
`[60]
`
`G06F13100
`Int. Cl6
`[51]
`7131201
`[52] U..S Cl.
`
`.....39S118'1.01, 186
`[58]
`Field of Search
`
`3641222.5, 286.4, 2.865, 7111163, 70719,
`10, 203; 7131200, 201
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`3641200
`411990 Swinehart et al.
`4.914.586
`3951650
`1211995 Waldo et a].
`.....
`5,415,817
`
`39512002
`5.586.260 1211996 Hu
`
`.. 395118701
`5.623.601
`411997Ir VII
`
`611998 Kells eta].
`5,764,887
`3951186
`5,815,514
`911998 Fortinsky
`...... 380125
`395118701
`5.828.833
`1011998 Belville et al.
`
`1111998 Blakley. III et a].
`.
`.. 395118801
`5,832.21]
`
`1111998 Blakely, III eta].
`.
`. 395118801
`5,838,903
`111999 Blackwell. Jr. et a].
`.
`... .707/10
`5.857.191
`
`.. 3951187. 01
`5.864.665
`111999 Tran
`.. 395118801
`5,875,296
`211999 Slii eta].
`
`311999 Christensen et al.
`395120033
`5,881,230
`
`OTHER PUBLICATIONS
`
`Mullender, “Distributed Systems", Second Edition, ACM
`Press New York, Addison—Wesley, pp. 3. 12—13, 543—578,
`Dec. 1993.
`
`ORFALI et al., “Essential Client/Server Survival Guide",
`Van Nostrand Reinhold, pp. 153—154, Dec. 1994.
`
`Primary Examiner—Robert W. Beausoliel, Jr.
`Assistant Examiner—Stephen C. Elmore
`Attorney, Agent, or Firm—John A. Smart
`ABSTRACT
`
`[57]
`
`A computing environment with methods for monitoring
`access to an open network, such as a WAN or the Internet,
`is described. The system includes one or more clients, each
`operating applications or processes (e.g., Netscape Naviga-
`torTM or Microsoft Internet Explorer“ browser software)
`requiring Internet (or other open network) access (e.g., an
`Internet connection to one or more Web servers). Client-
`based monitoring and filtering of access is provided in
`conjunction with a centralized enforcement supervisor. The
`supervisor maintains access rules for the client-based filter-
`ing and verifies the existence and proper operation of the
`client-based filter application. Access rules which can be
`defined can specify criteria such as total time a user can be
`connected to the Internet (e.g., per day, week, month, or the
`like), time a user can interactively use the Internet (e.g., per
`day, week, month, or the like), a list of applications or
`application versions that a user can or cannot use in order to
`access the Internet, a list of URLs (or WAN addresses) that
`a user application can (or cannot) access, a list of protocols
`or protocol components (such as Java Script“) that a user
`application can or cannot use, and rules to determine what
`events should be logged (including how long are logs to be
`kept). By intercepting process loading and unloading and
`keeping a list of currently-active processes, each client
`process can be checked for various characteristics, including
`checking executable names, version numbers, executable
`file checksums, version header details, configuration
`settings, and the like. With this information, the system can
`determine if a particular process in question should have
`access to the Internet and what kind of accesstie, protocols,
`Internet addresses, time limitations, and the like) is permis-
`sible for the given specific user.
`
`30 Claims, 38 Drawing Sheets
`
`241
`
`240
`
`
`
`
`INTERNET@ accessMONITOR
`
`
`243
`
`WINSOCK
`DRIVER
`
`a
`
`245
`
`260
`
`APPLICATION
`
`
`PRO-BG-RAISRIS)
`
`WINDOWS
`SH ELL
` 250
`
`
`
`USER
`INTERFACE
`
`
`
`USER
`
`QUALYSOO‘I 12787
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 3 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 3 of 58
`
`5,98 7,61 1
`
`Page 2
`
`OTHER PUBLICATIONS
`
`Croker, D., “RFC 822—Standard for the formal of ARPA
`Internet Text Messages,” Department of Electrical Engineer-
`ing, University of Delaware, Aug. 13, 1982, pp. 147.
`Postel, J. and Reynolds, J ., “RFC 959—File Transfer Pro-
`tocol (FTP),” Information Science Institute, University of
`Southern California, Oct. 1985, pp. 1—47.
`Kantor, B. (U.C. San Diego) and Lapsley, P. (U.C. Berke-
`ley), “RFC 977—Network News Transfer Protocol, ” Feb.
`1986, pp. 1—27.
`Berners—Lee, T., ”RFC 1630—Universal Resource Identifi-
`ers in WWW,” Jun. 1994, pp. 28.
`Klensin, J., Freed, N., Rose, M., Stefferud, E. and Crocker,
`D., “RFC 18694MTP Service Extensions,” Nov. 1995,
`pp. 1—11.
`Kessler, G. and Shepard, S., “RFC 1739—A Primer On
`Internet And TCPK'IP Tools," Hill Associates, Inc., Dec.
`1994, pp. 1—46.
`Myers, J. (Carnegie Mellon) and Rose, M. (Dover Beach
`Consulting, Inc.), “RFC 19397Post Office Protocoli‘Ver-
`sion 3,” May 1996, pp. 1—23.
`Freed, N., "RFC 20344MT'P Service Extension for
`Returning Enhanced Error Codes,” Innosoft, Oct. 1996, pp.
`1—6.
`Freed, N., Borenstein, N., Moore, K., Klensin, J . and Postel,
`J., "RFC 2045/2046}2047/2048f2049—Multipurpose Inter-
`net Mail Extensions (MIME), Part 1: Format of Internet
`Message Bodies, Part 2: Media Types, Part 3: Message
`Header Extensions for Non—ASCII Text, Part 4: Registration
`Procedures, Part 5: Conformance Criteria and Examples,"
`Nov. 1996, Part 1: pp. 1—31, Part 2: pp. 1—44, Part 3: pp.
`1—15, Part 4: pp. 1—21, Part 5: pp. 1—24.
`Crispin, M., “RFC 2060—Internet Message Access Proto-
`col—Version 4rev1,” University of Washington, Dec. 1996,
`pp. 1—82.
`(Stockholm University) and Hopmann, A.
`Palme, J.
`(Microsoft Corporation), “RFC 2110—MIME E—mail
`Encapsulation of Aggregate Documents, such as HTML
`(MHTML)," Mar. 1997, pp. 1—19.
`
`Fielding, R. (U.C. Irvine), Gettys, J. (DEC), Mogul, J.
`(DEC), Frystyk, H. (MITKLCS) and BerersrLee, T. (MIT?r
`LCS), “Hypertext Transfer Protocol—HTTPKIJ,” Internet
`Engineering Task Force (IET'F)—Internet Draft, Aug. 12,
`1996, pp. 1—52.
`Marsh, K., “Win32 Hooks,” Microsoft Developer Network
`Technology Group, Jul. 29, 1993 (revised Feb. 1994), pp.
`1—14.
`
`Dawson, D., “Firewalls 101—A Introduction to Ascend
`Secure Access,” Ascend Network Secure Business Unit,
`Sep. 4, 1996, pp. 1—6.
`Semeria, C., “Internet Firewalls and Security—A Technol-
`ogy Overview,” 3Com Corporation, Sep. 4, 1996, pp. 1—16.
`Felten, E., Balfanz, D, Dean, D. and Wallach, D., “Web
`Spoofing: An Internet Con Game—Technical Report
`540—96,” Department of Computer Science, Princeton Uni-
`versity, 1996, pp. 1—9
`Microsoft Corporation, “Microsoft Technical Notes—
`Browsing and Windows 95 Networking,” 1995, pp. 1—38.
`Windows Networking Design Team—Microsoft Corpora-
`tion, “Microsoft TCPfIP VxD Interface Specification,” Oct.
`24, 1994, pp. 1723.
`TechNet/Corp. Network Systemszus. Systems Div.—Mi-
`crosoft Corporation, “MS Windows NT 3.5/3.51: TCPK'IP
`Implementation Details," May 22, 1996, pp. 1—65.
`Shah, R., ”Networking in Windows 954unWorld Online,
`” Nov. 1, 1995, pp. 1—6.
`Rickard, 1, “Internet Architecture,” Boardwatch Magazine,
`1996, pp. 1—11.
`Microsoft Corporation, “Active Directory Design Specifi-
`cation, Version 1.0," Oct. 25, 1996, pp. 1—111.
`Semeria, C., "Understanding IP Addressing—Everything
`You Ever Wanted To Know,” NDS Marketing, 3Com Cor-
`poration, Apr. 26, 1996, pp. 1—62.
`Hall, M. et a1, “Windows Sockets 2 Service Provider Inter-
`face, Revision 2.2.0,” Stardust Technologies, May 10, 1996,
`pp. 1—200.
`
`QUALYSOO‘I 12788
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 4 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 4 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 1 of 38
`
`5,987,611
`
`KEYBOARD
`
`POINTING
`
`DEVICE
`
`SCREEN
`
`DISPLAY
`
`MASS
`
`STORAGE
`
`OUTPUT
`
`DEVICE
`
`104
`
`105
`
`106
`
`10?
`
`108
`
`111
`
`E
`
`103
`
`IIO
`
`CONTROLLER
`
`110
`
`FIG. 1
`
`102
`
`MAIN
`
`MEMORY
`
`101
`
`CENTRAL
`
`PROCESSOR
`
`CACHE
`
`MEMORY
`
`1 09
`
`QUALYSOO1 12789
`
`(9.9., ETHERNET)
`
`NETWORK
`
`CONTROLLER
`
`112
`
`
`
`e
`aPm2
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 5 of 58
`m
`
`aScU
`
`.o/_twnoww
`
`Hmm|w.QNN
`
`1wowww
`
`m9
`
`RN.292250:Em.NEmum
`
`
`BEE;wmimmaommmotzoz$82mm,aséoomm
`
`
`
`ma8m5996ozpémao
`
`
`
`
`
`531m$55mmommmwwz.I9582.;682%
`
`mE3
`
`5%mgi,
`
`18fl.m7.,NGE
`
`ovm
`
`QUALYSOO‘I 12790
`
`
`
`
`
`21me
`anr
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 6 of 58
`7
`v_.
`0Q2Q
`.m
`
`0.twnowa»t.1_3A4“I0mm%.msU
`
`9”mama2mm;
`
`mWmm>mwmwwa:OsDmRw.GN
`
`a%mapm,
`
`uw“.0“,
`
`m.wmfl
`
`5S
`
`._HMmwémm4mE;
`
`
`
`(m,.OE
`
`FzmsmomOmZm
`
`mOwSmmmsm
`
`mmm
`
`mm>mmw
`
`szjommzhoz¢mov
`
`
`AJSSme
`
`(mm¢
`
`meZflmz
`
`a:a;
`
`motzoi
`
`mwrm
`
`szjo
`
`10:20:
`
`nrwm
`
`kzmfio
`
`norm
`
`mOCZOE
`
`uvrm
`
`Fzmjo
`
`QUALYSOO‘I 12791
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 7 of 58
`Case 4 18-cv-07229-YGR Document 125-4 Flled 10/22/20 Page 7 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 4 of 38
`
`5,987,611
`
`mm;
`
`xm>mmw
`
`mes
`
`zm>mmw
`
`mm;
`
`mm>mmm
`
`ZOF<OFZMIkD<
`
`mw>mmw
`
`am.
`
`mOwSmmmnw
`
`mm>mmw
`
`mOmSflmmzw
`
`mhm
`
`.20mn249.
`
`vnm
`
`ohm
`
`mam
`
`§
`
`mo
`
`mozmwmmm
`
`an3:
`
`mommowm
`
`wag
`
`10:205
`
`mFFm
`
`Fzmjo
`
`moczOE
`
`germ
`
`Fzmjo
`
`oc—m
`
`10:20:
`
`Hzmjo
`
`mm.OE
`
`
`
`hszmomOmzmo_.5
`
`QUALYSOO‘I 12792
`
`
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 8 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 8 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 5 of 38
`
`5,987,611
`
`440
`
`0:
`
`DATAACQUISITIONMODULE
`
`FIG.4
`
`QUALYSOO‘I 12793
`
`?
`I—
`
`z L
`
`L-l
`_l
`0
`
`APPLICATION1APPLICATION2
`
`O t2 O 2 L
`
`u 9 U
`
`COMMDRIVER430
`
`(WINSOCK)
`
`421
`
`423
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 9 of 58
`m
`2
`a
`
`_e
`
`mMx8:582%am48m%.3:82
`
`zoEwsoo<53m5oz.U
`
`
`
`
`
`mv.8:@895mgmmEmmamadman:9Ezoo...m.__n_m8
`
`0sDmRw.
`
`9mm:3fl
`
`
`
`mN5323mofimmzz.Eta.93m
`
`H6Ft
`
`
`
`a85,Stigma.
`
`4mu".
`
`
`
`
`
`mmmémooflaozx8.5".3:82zopfimmmmflz.E40
`
`.m79%wi,
`
`uw6.,m0E
`
`ww6.5.159wM3.5”.332
`
`
`
`mmam9:29593mgm8..:93
`
`QUALYSOO‘I 12794
`
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 10 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 10 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 7 of 38
`
`5,987,611
`
`509
`
`620
`
`FIG. 6A
`
`QUALYSOO‘I 12795
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 11 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 11 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 3 of 38
`
`5,987,611
`
`.
`f” _
`512
`
`‘
`
`611
`
`5108
`
`620a
`
`_'9mnamgir
`macadirew
`
`-
`
`
`
`FIG. 68
`
`QUALYSOO‘I 12796
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 12 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 12 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 9 of 38
`
`5,987,611
`
`313
`
`fififlc
`
`: h3ELmaImZgi
`-- crel‘IEtBfibms‘emif
`
`FIG. BC
`
`QUALYSOO‘I 12797
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 13 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 13 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 10 0f 38
`
`5,987,611
`
`650
`
`5551
`
`610d
`
`\->-.<-.
`‘-
`Mia Wmix WenFmei
`
`WWW- Wufiwicfigiflb
`
`2$217518E20
`
`2115111111513
`333521111518.
`EEZWJWW
`Wfllmfim
`
`
`
`u»mun-mm»emu1mnn—4Mw...
`
`620d
`
`FIG. 69
`
`QUALYSOO‘I 12798
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 14 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 14 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 11 0133
`
`5,987,611
`
`8009
`
`Viva! Hflnilm ' Elfifailfi-d 1.1:»;
`
`55?
`
`FIG. 6E
`
`QUALYSOO‘I 12799
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 15 of 58
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 15 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 12 of 38
`
`5,987,611
`
`711 312 713 714 715
`
`716
`
`717
`
`_
`_
`‘ mas-1m web access toilaiesi Iekeage veman of Mama Emmet
`'
`{)iwbb any warm activities
`Hamid web access In sites mmwscm, mwmbttwn mmcn ,..
`
`.
`
`an 231 996
`1Qnfl W
`1am 83E
`”12133?
`
`-'
`
`-
`
`if.
`
`“WWII 2713.131 flimajxpitadhmf‘. Wave: applicable.
`
`Bm‘k aim: dmmhading d mam {fies {disahlad} \
`Q Disabze fieaiMdia amass mm: [mm 311m 11) Exam
`.
`V24
`- :$ Flun «rims mack uh aai dmflwded Fins
`
`I
`
`I 1’1 131%?
`3m 39?
`3N 51139?
`
`5131 N 397
`never
`
`1. This rub limits ms nu lheWorld Wide Web tel how m. day.
`2. This use is said ham 3.12.1886 ham 3AM to 6PM on mkdaysu
`3. This we implies he: al use: and cmier meat to: Marketing. Admhiflrafim. RH}. HIS.
`‘Wabvaef'md easel: "E Fremd" and “EHatrmann‘i
`'
`- _ 4. This Ida can be: {notified andfut suspended by department and mkgmup supewisms
`' 5 If this rub has been vicilazed. Manet Mm wii readied web baffle. to page
`
`'736 -
`
`737
`
`FIG. 7A
`
`QUALYSOO‘I 12800
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 16 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 16 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 13 of 38
`
`5,987,611
`
`749
`
`
`
`LII-alt what fies mam can be mmoadad
`' Link ihe arm-fl 20% time {hat we can spam: an fiha Intamat'
`Disable sewer satisfies
`: Fiestas! mesa it! wrtain Meme! sites
`' Disabhs MW conhnls
`max fm kmvm mama: :pmbhms
`
`A Mamet Em: exam whafi maimed: may can use}
`
`\ This ruie can age 5.! wha! annicatéons can do on the:
`
`FIG, 7B
`
`QUALYSOO‘I 12801
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 17 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 17 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 14 of 38
`
`5,987,611
`
`744
`
`743
`
`FJG. 7C
`
`QUALYSOO‘I 12802
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 18 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 18 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 15 of 38
`
`5,987,611
`
`2’46
`
`74Gb
`
`immncr Hardin!1 .
`‘5‘
`
`747
`
`.
`
`.
`
`mmications
`a Imt Eupimel
`
`.
`
`'
`
`‘ -fi Latest leiease verséuns
`flu
`03d versims
`gym: Bswser
`m Netmapa NW
`
`;
`
`.
`'
`
`Ea Lateahebase
`$3.3 Valsion 3.132
`
`345
`
`.
`
`_
`
`.
`
`FIG. 70
`
`QUALYSOO‘I 12803
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 19 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 19 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 16 of 38
`
`5,987,611
`
`7406
`
`?5?
`
`755
`
`777
`
`FIG. 7E
`
`QUALYSOO‘I 12804
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 20 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 20 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 17 of 38
`
`5,987,611
`
`Mfld
`
`751.
`
`FIG. 7F
`
`QUALYSOO‘I 12805
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 21 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 21 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 18 of 38
`
`5,987,611
`
`7409
`
`5 Skip the activity [edited user la cunt page Mm [sensible
`@ Slop tha activity. gamma appdicalim mm
`3 Wam use: @311 dia‘og
`
`769
`
`amen:gdmifilsjtmlm if 9m hm a
`
`757
`
`FIG. 76
`
`QUALYSOO‘I 12806
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 22 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 22 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 19 of 38
`
`5,987,611
`
`T4Gf
`
`
`
`FIG. 7H
`
`QUALYSOO‘I 12807
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 23 of 58
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 23 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 20 of 38
`
`5,987,611
`
`
`
`FIG. 7!
`
`QUALYSOO‘I 12808
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 24 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 24 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 21 of 38
`
`5,987,611
`
`740.?1
`
`775
`
`1 The Mic prohibits ail annimfiom gmfix Irmama! Eapfiacl Mdflelsmme
`Navigate! Bram awessma lhe Mamet
`.2 The vula is valid from 3231 I1 83? from W to 5:3EPM ems: day.
`'3 The tube apaiee in a! use: and compute: eases! FmMatkfihg,”WebSewefl’
`and use: "EFiamd".
`:1. II the tub hat been Vidafied, Meme: Manic: mil £5913an am am dialog m3
`slap Ehe respactiva application from accessing the Entemat
`
`_
`
`_
`
`777
`
`7’80
`
`FIG. 7'J
`
`QUALYSOO‘I 12809
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 25 of 58
`Case 4:18-cv-07229—YGR Document 125-4 Filed 10/22/20 Page 25 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 22 of 38
`
`5,987,611
`
`10H £1936 mm
`Bum! web access to latest [deem ms'tomoi lrmmt Explain:
`1&3.” #1998 mm
`& Disable w sci-m adiviies
`iifimflwah accesstooitmmw.mcmm_rrmlmcom, mm.___ Vii-133?
`mm-
`- gomall»:much-g oi mm fil'as {disabled}
`112-3199?
`never
`Sisahle Rwanda access mekdogs irom Sam is Born
`3221133?
`31.91%: ckeckonalldowriaodaflibs _
`_
`__
`M51133?
`
`__
`
`
`
`:
`
`7315
`
`783
`
`_
`
`_
`
`1 The tale pmhimils oi awicalicmx asleep! to: lnkemet Ewl'nrermand tiascape Navigate: fiom
`-
`_ Hanging: accessing the lriom.
`' 2. Them Is valid hum 3331f195? from 3AM MEEEFM every day.
`I}. The mle 13mm to all use: and motor accept {1:11 Mum." WabServot“ and uaa “‘GFreund",
`A; If that ruia has been Wed, Internet Mania wii dispiay am urm'diedog anal 311:1: the macho
`oopicotm from: access“; the internal
`
`FIG. 7K
`
`QUALYSOO‘I 12810
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 26 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 26 of 58
`
`US. Patent
`
`Nov. 13,1999
`
`Sheet 23 of 33
`
`5,987,611
`
`CLIENTLOADIIVG
`METHOD
`
`@
`
`BEGIN
`
`CLIENT MONITOR CHECKS IF A SUPERVISOR HAS
`BEEN ASSIGNED FOR THIS CLIENT MONITOR
`
`IF YES, CLIENT MONITORS SEND LOGIN
`REQUEST TO SUPERVISOR
`
`SUPERVISOR CHECKS IF REQUEST
`COMES FROM WITHIN THE LAN
`
`SUPERVISOR CHECKS IF CLIENT MONITOR
`HAS ANY INTERNET ACCESS RIGHTS
`
`SUPERVISOR DETERMINES DEPARTMENT OR
`WORKGROUP FOR CLIENT MONITOR
`
`SUPERVISOR FILTERS APPROPRIATE RULES FROM
`DATABASE; TRANSMITS RULES TO CLIENT MONITOR
`
`CLIENT MONITOR CONFIRMS SUCCESSFUL
`RECEPTION OF RULES
`
`CLIENT MONITOR SAVES COPY OF RULES ON TO
`A LOCAL STORAGE MEDIUM
`
`SUPERVISOR CONTACTS FIREWALL TO REQUEST
`INTERNET ACCESS FOR THE CLIENT MONITOR
`
`CONTINUE TO FIG. SB
`
`FIG. 8A
`
`301
`
`302
`
`803
`
`304
`
`805
`
`303
`
`307
`
`308
`
`809
`
`QUALYSOO‘I 12811
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 27 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 27 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 24 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 8A
`
`CONNECTION BETWEEN CLIENT MONITOR AND
`
`SUPERVISOR REMAINS OPEN
`
`SUPERVISOR REGULARLY SEND CHECK
`
`MESSAGES TO CLIENT MONITOR
`
`CLIENT MONITOR STORES LOG INFORMATION
`
`ON LOCAL STORAGE (IF AVAILABLE)
`
`CLIENT MONITOR SENDS LOG MESSAGES
`
`T0 SUPERVISOR
`
`810
`
`B11
`
`812
`
`813
`
`814
`
`IF SUPERVISOR DETERMINES ANY PROBLEM WITH
`CLIENT MONITOR, IT NOTIFIES FIREWALL TO
`DISABLE INTERNET ACCESS FOR CLIENT MONITOR
`
`FIG. 8B
`
`QUALYSOO‘I 12812
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 28 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 28 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 25 of 38
`
`5,987,611
`
`CLIENT MONITOR UNABLE
`
`TO LOCAngéJPERVISOR
`
`
`
`
`CLIENT MONITOR LOADS THE LAST STORED
`APPLICATION, HOST, RULES DATABASE. ETC.
`FROM LOCAL STORAGE
`
`901
`
`902
`
`
`
`CLIENT MONITOR MAY ATTEMPT TO CONTACT
`THE INTERNET DIRECTLY -- THE LAST STORED
`
`
`RULES STILL APPLY
`
`
`
`FIG. 9
`
`QUALYSOO‘I 12813
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 29 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 29 Of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 26 of 38
`
`5,987,611
`
`UNLOADING THE
`CLIENT MONITOR
`@
`
`BEGIN
`
`THE CLIENT MONITOR APPLICATION NOTIFI ES THE
`SUPERVISOR THAT IT IS ABOUT TO BE UNLOADED
`
`THE SUPERVISOR CONTACTS THE FIREWALL OF
`THAT CLIENT MONITOR TO STOP INTERNET ACCESS
`FOR THAT CLIENT MONITOR
`
`THE CLIENT MONITOR STORES ANY REMAINING
`LOG INFORMATION ON LOCAL STORAGE
`
`THE CLIENT MONITOR SENDS ANY REMAINING
`LOG MESSAGES TO THE SUPERVISOR
`
`'
`
`THE CLIENT MONITOR SHUTS DOWN
`
`1001
`
`1002
`
`1003
`
`1004
`
`1005
`
`FIG. 10
`
`QUALYSOO‘I 12814
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 30 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 30 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 27 of 38
`
`5,987,611
`
`LOADING THE
`CLIENT MONITOR IN
`AN ISP ENnggONMENT
`
`BEGIN
`
`RAS CALLS ISP POP USING SLIP PPP OR SIMILAR
`PROTOCOL WITH USER IDIPASSWORD
`
`ISP POP SERVER CALLS ISP AUTHENTICATION
`SERVER WITH USER IDIPASSWORD
`
`ISP AUTHENTICATION SERVER CHECKS
`USER ID 8: PASSWORD
`
`IF OK, AUTHENTICATION SERVER CHECKS
`WITH ISP SUPERVISOR IF USER HAS ACCESS
`RULES MECHANISM INSTALLED
`
`(B) N0: CLIENT ACCESS UNRESTRICTED
`
`A YES: CLIENT RESTRICTED TO
`8 "SANDBOX" SERVER
`
`CLIENT MONITORS SEND LOGIN REQUEST
`TO ISP SUPERVISOR
`
`ISP SUPERVISOR TRANSMITS ACCESS RULES ETC.
`TO CLIENT MONITOR
`
`CLIENT MONITOR SAVES COPY OF RULES ON A
`LOCAL HARD DISK TO A LOCAL STORAGE MEDIUM
`
`[SP SUPERVISOR CONTACTS ISP POP SERVER TO
`REMOVE 'SANDBOX" RESTRICTIONS
`
`CONTINUE TO FIG. 113
`
`FIG. 11A
`
`1101
`
`1102
`
`1103
`
`1104
`
`1105
`
`1106
`
`1107
`
`1108
`
`QUALYSOO112815
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 31 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 31 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 28 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 11A
`
`CONNECTION BETWEEN CLIENT MONITOR AND
`ISP SUPERVISOR REMAINS OPEN
`
`ISP SUPERVISOR REGULARLY SEND CHECK
`MESSAGES T0 CLIENT MONITOR
`
`CLIENT MONITOR STORES LOG INFORMATION
`ON LOCAL STORAGE
`
`CLIENT MONITOR SENDS LOG MESSAGES
`TO ISP SUPERVISOR
`
`1109
`
`1110
`
`1111
`
`1112
`
`1113
`
`IF ISP SUPERVISOR DETERMINES ANY PROBLEM
`WITH CLIENT MONITOR, IT NOTIFIES [SP
`POP SERVER TO RESTRICT ACCESS RIGHTS
`
`TO "SANDBOX MODE"
`
`FIG. 11B
`
`QUALYSOO112816
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 32 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 32 of 58
`
`US. Patent
`
`Nov. 16,1999
`
`Sheet 29 of 38
`
`5,987,611
`
`INTERPRETATION
`OFA TYPICAL HTTP
`"GET" REQUEST
`@
`
`BEGIN
`
`THE APPLICATION CALLS WINSOCK WSAStartupO
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`CHECKS THE RULES AND APPLICATION DATABASE
`IF THE APPLICATION OR SPECIFIC VERSION OF
`
`THE APPLICATION HAS INTERNET ACCESS RIGHTS
`
`IF NOT, THE CLIENT MONITOR FAILS WASStartupO CAL
`
`APPLICATION CALLS SOCKETI)
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`CHECKS IF THE APPLICATION OR USER HAVE RIGHTS
`TO CONTINUED USE OF THE INTERNET
`
`IF NOT, THE CLIENT MONITOR FAILS SOCKETO CALL
`
`THE APPLICATION CONTACTS THE HOST USING
`WINSOCK CONNECTO
`
`CLIENT MONITOR INTERCEPTS THE CALL 81 CHECKS
`THE RULES AND HOST DATABASE IF APPLICATION
`HAS ACCESS RIGHTS TO THE SPECIFIC HOST
`
`THE CLIENT MONITOR CHECKS IF THE APPLICATION
`OR USER HAVE RIGHTS TO CONTINUED USE
`OF THE INTERNET
`
`CONTINUE TO FIG. 12B
`
`FIG. 12A
`
`1201
`
`1202
`
`1203
`
`1204
`
`1205
`
`1206
`
`120?
`
`1203
`
`1209
`
`QUALY800112817
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 33 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 33 of 58
`
`US. Patent
`
`Nov. 16, 1999
`
`Sheet 30 0f 38
`
`5,987,611
`
`CONTINUE FROM FIG. 12A
`
`IF NO ON PREVIOUS 2 STEPS. THE CLIENT
`MONITOR FAILS OR REDIRECTS CONNECT CALL
`
`THE APPLICATION CALLS WINSOCK SENDO WITH
`HTTP COMMAND "GET FOO.HTML"
`
`
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`DETERMINES PROTOCOL BASED ON A COMBINATION
`OF THE TCPIIP PORT ADDRESS, ADDRESS
`FAMILY CONTENTS ETC.
`
`THE CLIENT MONITOR CHECKS THE RULES AND
`APPLICATON DATABASE IF THE APPLICATION
`HAS THE RIGHT TO USE HTTP
`
`THE CLIENT MONITOR CHECKS THE RULES
`DATABASE IF THE USERICOMPUTER HAS THE RIGHT
`TO DOWNLOAD ”.HTML" FILES
`
`IF NO ON THE LAST 2 STEPS, THE CLIENT MONITOR
`FAILS OR REDIRECTS SEND CALL
`
`THE CLIENT MONITOR LOADS THE CONTENT
`
`DRIVER FOR “.HTML" FILES
`
`THE APPLICATION CALLS WINSOCK RECVI)
`
`1210
`
`1211
`
`1212
`
`1213
`
`1214
`
`1215
`
`1216
`
`1217
`
`CONTINUE TO FIG. 120
`
`FIG. 128
`
`QUALYSOO112818
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 34 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 34 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 31 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 123
`
`THE HOST SENDS THE CONTENTS OF "FOOHTML"
`
`THE CLIENT MONITOR INTERCEPTS RETURN OF
`THE RECVQ CALL AND PASSES THE CONTENTS
`0 THE CONTENT DRIVER
`
`THE CONTENT DRIVER PARSES CONTENTS OF
`"FOO.HTML'I AND CHECKS FOR A NUMBER OF
`COMPONENTS:
`
`NETWORK PROBLEMS
`
`FlREFERENCES TO JAVA, ACTIVEX. ETC.
`
`B REFERENCES T0 NETSCAPE STYLE PLUG-INS
`C IMBEDDED SCRIPTS SUCH A JAVASCRIPT,
`VBSCRIPT. ETC.
`(D) REFERENCES TO OTHER FILES OR COMPONENTS
`(E) OTHER SYNTAX ELEMENTS THAT ARE KNOWN
`OR SUSPECTED TO CAUSE SECURITY OR
`
`THE CONTENTS DRIVER CHECKS THE APPLICATON
`AND RULES DATABASE IF THE SPECIFIC HTML
`COMPONENT IS PERMISSIBLE
`
`IF NOT, THE DRIVER EITHER REMOVES THE HTML
`COMPONENT OR FAILS THE RECV ) CALL DEPENDING
`ON THE VIOLATED ULE
`
`THE APPLICATION RECEIVED CONTENTS OF
`"FOO.HTML"
`
`
`
`THE CLIENT MONITOR INTERCEPTS FILE IIO CALLS
`FROM THE APPLICATION AND TRIES TO DETERMINE
`
`WHERE THE APPLICATION HAS SAVED THE
`
`FILE IT JUST RECEIVED
`
`DONE
`
`FIG. 12C
`
`1218
`
`1219
`
`1220
`
`1221
`
`1 222
`
`1223
`
`1 224
`
`QUALYSOO112819
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 35 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 35 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 32 of 38
`
`5,987,611
`
`1301
`
`1 302
`
`1 303
`
`1304
`
`1 305
`
`BAND WIDTH
`AND INTERACTIVE
`USE MONITORING
`1300
`—
`
`BEGIN
`
`THE APPLICATION CALLS WINSOCK SENDO OR
`RECVO CALLS
`
`
`
` CLIENT MONITOR INTERCEPTS TH ESE CALLS AND:
`(A) MARKS THE TIME OF THE CALL IN THE
`
`
`LASTINTERNETACCESS FIELD OF THE
`APPLICATION'S LIST ENTRY
`
`
`(B) CHECKS IF THE SENDI) 0R RECV ) USES AN
`
`
`INTERNET PROTOCOL USUALLY SSSOCIATED
`
`
`WITH INTERACTIVE ACTIVITY
`
`
`(C) IF YES, MARKS THE TIME OF THE CALL IN THE
`
`
`LASTINTERACTIVEACCESS FIELD OF THE
`
`
`APPLICATION'S LIST ENTRY
`
`
`(D) ADDS THE DATA LENGTHS TO DATAIN OR
`
`
`DATAOUT ACCUMULATIVE COUNTER OF THE
`
`
`APPLICATION'S LIST ENTRY AND GLOBAL
`
`
`ACTIVITY RECORD
`
`
`(E) IF DATAIN OR DATAOUT FIELDS EXCEED RULE-
`
`
`BASED QUANTITY EITHER FOR THE SPECIFIC
`
`
`APPLICATION OR THE USERIWORKSTATION,
`
`
`THE CLIENT MONITOR DISABLES FUTURE
`
`
`INTERNET ACCESS ANDIOR WARNS THE USER
`
`WINDOWS SENDS CERTAIN KEYBOARD AND MOUSE
`MESSAGES TO A WINDOW
`
`CLIENT MONITOR INTERCEPTS THESE MESSAGES
`
`THE CLIENT MONITOR IDENTIFIES THE TARGET
`WINDOW AND APPLICATION OF THE MESSAGE
`AND MARKS THE TIME OF THE LASTINTERACTIVEUSE
`FIELD OF THE APPLICATION'S LIST ENTRY
`
`
`
`’
`
`CONTINUE TO FIG. 138
`
`‘
`
`FIG. 13A
`
`QUALYSOO1 12820
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 36 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 36 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 33 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 13A
`
`1 306
`
`EVERY MINUTE THE CLIENT MONITOR CHECKS
`EACH ENTRY OF THE APPLICATION LIST:
`
`(A) HAS THE LASTINTERNETACCESS FIELD
`CHANGED IN THE LAST MINUTE
`(B) IF YES, ADD ONE MINUTE TO THE
`TOTALINTERNETUSE FIELD OF THE
`APPLICATION'S LIST ENTRY
`(C) HAVE THE LASTINTERACTIVEACCESS AND
`LASTINTERACTIVEUSE FIELDS CHANGED
`IN THE LAST 5 MINUTES
`(D) IF YES, ADD ONE MINUTE TO THE
`TOTALINTERACTIVEUSE FIELD OF THE
`APPLICATION'S LIST ENTRY
`(E) IF THE TOTALINTERNETUSE OR
`TOTALINTERACTIVEUSE FIELDS OF ANY
`APPLICATION'S LIST ENTRY HAVE CHANGED ALSO
`ADD ONE MINUTE TO THE CORRESPONDING
`FIELD OF THE GLOBAL RECORD.
`(F) IF ANY OF THE TOTALINTERNETUSE OR
`TOTALINTERACTIVEUSE FIELDS EXCEED RULE-
`BASED QUANTITY EITHER FOR THE SPECIFIC
`APPLICATION OR THE USER/WORKSTATION,
`THE CLIENT MONITOR DISABLES FUTURE
`INTERNET ACCESS AND/OR WARNS THE USER
`
`
`
`FIG. 13B
`
`QUALYSOO‘I 12821
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 37 of 58
`Case 4:18-Cv-07229-YGR Document 125-4 Filed 10/22/20 Page 37 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 34 of 38
`
`5,987,611
`
`MANAGING
`NETWORK
`CONGES TION
`
`w 1401
`
`IF THE SUPERVISOR DETERMINES A CONGESTION
`OF INTERN ET ACCESS EITHER BY INTERPRETING
`THE LOG MESSAGES FROM THE CLIENT MONITORS.
`ITS OWN MONITORING OF ACCESS SPEED, OR THIRD
`PARTY MONITORING TOOLS, IT NOTIFIES
`THE CLIENT MONITORS OF TEMPORARY
`ACCESS RESTRICTIONS
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DEPENDING ON THE SPECIFIC RULES IN THIS CASE,
`THE CLIENT MONITOR CAN EITHER:
`
`(A) DELAY INTERNET ACCESS FOR NON-CRITICAL
`APPLICATIONS OR PROTOCOLS BY:
`- APPLICATONS CALL WINSOCK SENDO. RECV(),
`CONNECTBHL ETC. CALL
`
`
`
`1402
`
`
`
`
`
`- THE CLIE MONITOR INTERCEPTS THE CALL
`AND CHECKS RULES AND APPLICATION
`DATABASE |F CALLS RELATE TO NON-
`CRITICAL ACTIVITIES
`- IF YES, DELAY THE SPECIFIC THREAD OF THE
`APPLICATION BY A PREDETERMINED AMOUNT
`- THIS WILL OPEN BANDWIDTH FOR CRITICAL
`ACTIVITIES
`
`
`
`
`
`
`(B) DISABLE INTERN ET ACCESS FOR NON-
`CRITICAL APPLICATONS OR PROTOCOLS
`
`
`
`
`FIG. 14
`
`QUALYSOO‘I 12822
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 38 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 38 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 35 of 38
`
`5,987,611
`
`INTERCEPTING
`WINSOCK
`MESSAGES
`
`fl)
`
`
`
`
`
`
`1501
`
`THE CLIENT MONITOR LOADS OUR CLIENT VXD
`
`
` 1502
`
`
`
`
`THE CLIENT VXD LOADS WSOCK.VXD AND REDIRECTS
`THE DEVICEIOCONTROL CODE POINTER OF
`WSOCK.VXD TO ITS OWN INTERCEPTION ROUTINE
`
`1503
`
`
`
`THE APPLICATION CALLS WINSOCK FUNCTION IN
`WSOCK32.DLL THAT REQUIRE INTERNET ACCESS
`
`
`
`
`
`
`WSOCK32.DLL PROCESSES THE PARAMETERS
`AND CALLS WSOCK.VXD VIA WIN32
`DEVICEIOCONTROLO FUNCTION
`
` 1 505
`
`
`
`
`
`
`
`IF THE DISPATCH TABLE REQUIRES AN INTERCEPT,
`THE CLIENT VXD CREATES AN INTERCEPTION
`MESSAGE AND CALLS THE CLIENT MONITOR
`
`1 504
`
`1 506
`
`CLIENT VxD LOOKS UP THE CALL VIA THE
`"INTERCEPT BEFORE" DISPATCH TABLE
`
`
`
`IF THE CLIENT MONITOR ALLOWS THE CALL TO GO
`FORWARD, THE CLIENT VXD CALLS THE ORIGINAL
`WSOCK.VXD ROUTINE, OTHERWISE IT RETURNS
`WSOCK32DLL AND THE APPLICATION
`
`1507
`
`1508
`
`
`
`
`THE CLIENT VXD LOOKS UP THE CALL VIA THE
`"INTERCEPT AFTER" DISPATCH TABLE
`
` CONTINUE TO FIG. 153
`
`FIG. 15A
`
`QUALYSOO1 12823
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 39 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 39 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 36 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 15A
`
`IF THE DISPATCH TABLE REQUIRES AN INTERCEPT,
`THE CLIENT VXD CREATES AN INTERCEPTION
`MESSAGE AND CALLS THE CLIENT MONITOR
`
` 1509
`
`THE CLIENT VxD RETURNS TO WSOCK32.DLL WITH
`EITHER THE ORIGINAL RETURN RESULTS OR
`RESULTS MODIFIED BY THE CLIENT MONITOR
`
`1510
`
`FIG. 15B
`
`QUALYSOO‘I 12824
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 40 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 40 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 37 of 38
`
`5,987,611
`
`TRANSMITTING MESSAGES
`FROM RING 0 TO RING 3
`
`w
`
`1601
`
`1 602
`
`1603
`
`1 504
`
`1 605
`
`FILE, WINSOCK OR THREAD COMPONENTS OF
`CLIENT VxD CALL THE MESSAGE DISPATCHER
`
`THE DISPATCHER DETERMINES IF ANY ADDITIONAL
`DATA IS REQUIRED:
`
`(A) IF YES, THE DISPATCHER DETERMINES IF
`ADDITIONAL DATA FITS INTO EXTRA SPACE
`- IF YES, THE DISPATCHER COPIES DATA INTO
`ADDITIONAL SPACE
`(B) IF NO, THE DISPATCHER DETERMINES IF DATA
`IS ALREADY MAPPED INTO GLOBAL SPACE
`- IF NO. THE DISPATCHER ALLOCATES GLOBAL
`MEMORY POINTER TO DATA AND PUTS
`POINTER INTO MESSAGE BODY
`
`
`
`
`THE DISPATCHER COPIES MESSAGE TO ARRAY
`
`THE DISPATCHER DETERMINES IF IT NEEDS
`TO WAIT FOR MESSAGE PROCESSING BECAUSE:
`(A) gOhIIIITI-EIR NEED TO FREE THE GLOBAL MEMORY
`(B) THE CLIENT MONITOR NEEDS TO APPROVE THE
`UNDERLYING ACTION
`(C) THE CLIENT MONITOR MIGHT PATCH ANY OF THE
`PARAMETERS
`
` IF THE DISPATCHER NEEDS TO WAIT, IT:
`(A) TELLS WINDOWS TO SWITCH TO THE
`RING 3 CLIENT MONITOR‘S MESSAGE THREAD
`(B) PUTS ITSELF INTO SLEEP MODE OTHERWISE IT
`RETURNS IMMEDIATELY TO THE CALLER
`
`
`
`
`
`CONTINUE TO FIG. 163
`
`FIG. 16A
`
`QUALYSOO1 12825
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 41 of 58
`Case 4:18—cv-07229-YGR Document 125-4 Filed 10/22/20 Page 41 of 58
`
`US. Patent
`
`N0v.16,1999
`
`Sheet 38 of 38
`
`5,987,611
`
`CONTINUE FROM FIG. 16A
`
`AFTER THE CLIENT MONITOR PROCESSED THE
`MESSAGE, THE DISPATCHER DOES ONE OR MORE
`OF THE FOLLOWING ACTIONS:
`
` 1 606
`
`(A) DE-ALLOCATES GLOBAL MEMORY POINTER, IF
`PREVIOUSLY ALLOCATED
`
`(B) EEPAES ANY PATCHED MEMORY TO CORRECT
`
`FIG. 16B
`
`QUALYSOO‘I 12826
`
`
`
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 42 of 58
`Case 4:18-cv-07229-YGR Document 125-4 Filed 10/22/20 Page 42 of 58
`
`5,987,611
`
`1
`SYSTEM AND METHODOLOGY FOR
`MANAGING INTERNET ACCESS ON A PER
`APPLICATION BASIS FOR CLIENT
`COMPUTERS CONNECTED TO THE
`INTERNET
`
`The present application claims priority from commonly-
`owned provisional patent application Ser. No. 60/033,975,
`filed Dec. 31, 1996, entitled SYSTEM AND METHODS
`FOR MONITORING INTERNET ACCESS, and listing as
`inventor Gregor P. Freund, the disclosure of which is hereby
`incorporated by reference.
`COPYRIGHT NOTICE
`
`A portion of the disclosure of this patent document
`contains material which is subject to copyright protection.
`The copyright owner has no objection to the facsimile
`reproduction by anyone of the patent document or the patent
`disclosure as it appears in the Patent and Trademark Office
`patent file or records, but otherwise reserves all
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
