`Case 4:18-cv-07229—YGR Document 126-12 Filed 10/30/20 Page 1 of 41
`
`
`
`
`
`
`
`
`
`
`
`
`
`EXHIBIT 11
`
`EXHIBIT 11
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 2 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 2 of 41
`
`
`
`PAUL ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`KRISTOPHER KASTENS (State Bar No. 254797)
`kkastens@kramerlevin.com
`KRAMER LEVIN NAFTALIS
` & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FINJAN, INC.,
`
`
`
`
`
`
`v.
`
`
`
`
`QUALYS, INC.,
`
`
`
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`SAN FRANCISCO DIVISION
`
`Plaintiff,
`
`Defendant.
`
`Case No.: 4:18-cv-07229-YGR
`
`PLAINTIFF FINJAN, INC.’S INITIAL
`DISCLOSURE OF ASSERTED CLAIMS
`AND INFRINGEMENT CONTENTIONS
`AND DOCUMENT PRODUCTION
`PURSUANT TO PATENT LOCAL RULES
`3-1 AND 3-2
`
`
`
`
`
`
`
`
`____________________________________________________________________________________
`FINJAN’S ASSERTED CLAIMS & INFRINGEMENT
`CASE NO. 4:18-cv-07229-YGR
`CONTENTIONS PURSUANT TO PATENT L.R. 3-1 AND 3-2
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`EXHIBIT B, PAGE 000001
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 133 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 3 of 41
`
`US Patent No. 6,965,968
`Policy-Based Caching
`
`29
`
`Claim 6
`
`6. The policy‐based cache manager of
`claim 1 further comprising a transmitter
`for transmitting allowable content
`from the cache to a client computer.
`
`6. Contention 1 – The Accused Products include a transmitter resident on Qualys Cloud
`
`Each of the Accused Products discussed above includes a transmitter resident on the Qualys Cloud which
`transmits content, if determined to be allowable, to the client computer associated with the user.
`
`29
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000132
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 134 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 4 of 41
`
`US Patent No. 6,965,968
`Policy-Based Caching
`
`30
`
`Claim 6
`
`6. The policy‐based cache manager of
`claim 1 further comprising a transmitter
`for transmitting allowable content
`from the cache to a client computer.
`
`6. Contention 2 – The Accused Products include a transmitter resident on Appliance / Virtual Scanners
`
`Each of the Accused Products discussed above includes a transmitter resident on the Appliance / Virtual
`Scanners which transmits content, if determined to be allowable, to the client computer associated with the
`user.
`
`Transmitter on
`Appliance and Virtual
`Scanners
`
`30
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000133
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 135 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 5 of 41
`
`US Patent No. 6,965,968
`Policy-Based Caching
`
`31
`
`Claim 7
`
`7. The policy‐based cache manager of
`claim 1 further comprising a receiver for
`receiving digital content from a web
`server.
`
`7. Contention 1 – The Accused Products, each resident on the Qualys Cloud, receive digital content using a
`receiver
`
`Each of the Accused Products, executed on a node that is part of the Qualys Cloud computing environment,
`includes a receiver component on a separate node that receives content based on a client device requesting
`the content from a source computer, such as the Internet. As shown below, the content is received by each
`Accused Product, (via the receiver) when a particular client device requests content provided by a source
`computer.
`
`31
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000134
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 363 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 6 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`2
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call
`including an input, and (ii) for
`invoking a second function
`with the input, only if a
`security computer indicates
`that such invocation is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`Qualys Accused Products include a content processor that processes downloaded web and email
`content that they receive to identify function calls that include an input that is suspicious or malicious,
`and therefore should be submitted to a security computer for emulation / scanning. The
`emulation/scanning technology can be deployed in different configurations and receives content to
`process. The content processors will identify the functions that are attempting to download potentially
`malicious files as an input to those functions or access URLs, and will send the files to be emulated
`/scanned in the security computer. The security computer will return a verdict on whether the file is
`safe to be transmitted to the end user according to the returned verdict and security policy. Further
`explanation of the first and second function and input is provided below.
`
`2
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000362
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 364 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 7 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`3
`
`1b. Contention 1 – Internet Gateway is the Content processor and the Qualys Cloud Platform and/or
`Virtual Scanner Appliances are the security computers
`The Internet Gateway is a processor of content received over a network that includes a call to a function. To
`determine whether the content is safe to invoke, it transmits the content to a security computer (Qualys
`Cloud Platform and/or Virtual Scanner Appliances) for inspection and awaits a determination whether
`invoking functions within that content is safe. The Qualys Cloud Platform and Virtual Scanner Appliances
`comprise Vulnerability Management, Threat Protection, Continuous Monitoring, Indication of Compromise,
`Container Security, Web App Firewall, Web App Scanning, and Compliance Monitoring. See analysis for
`Claim 1a. above.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`3
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000363
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 376 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 8 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`15
`
`1c. Contention 2 – Vulnerability Management is the content processor
`Vulnerability Management processes content received over a network that includes a call to a function. To
`determine whether the content is safe to invoke, it transmits the content to a security computer for inspection
`and awaits a determination whether invoking functions within that content is safe.
`
`Contention 2a – Qualys Cloud Agents are the security computers
`Vulnerability Management transmits the input to Qualys Cloud Agents to scan for vulnerabilities.
`“Vulnerabilities are found faster” and the capturing of vulnerabilities is an indicator that invocation is not safe.
`
`Contention 2b – Continuous Monitoring is the security computer
`Vulnerability Management transmits the input to Continuous Monitoring to be “proactively alerted about
`potential threats so problems can be tackled.” The alerts are indicators about whether invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`15
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000375
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 377 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 9 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`16
`
`1c. Contention 3 – Threat Protection is the content processor
`Threat Protection processes content received over a network that includes a call to a function. To determine
`whether the content is safe to invoke, it transmits the content to a security computer for inspection and awaits
`a determination whether invoking functions within that content is safe.
`
`Contention 3a – Qualys Asset Inventory is the security computer
`Threat Protection transmits the input to Qualys Asset Inventory. The cataloging of IT assets allows a flagging of
`at‐risk assets provides an indicator of whether an invocation is safe.
`
`Contention 3b – Vulnerability Management is the security computer
`Threat Protection transmits the input to Vulnerability Management for “vulnerability detection” and the
`capturing of vulnerabilities is an indicator that invocation is not safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`16
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000376
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 378 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 10 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`17
`
`1c. Contention 4 – Indication of Compromise in combination with Cloud Agent is the content processor
`Indication of Compromise (IOC) in combination with Cloud Agent processes content received over a network
`that includes a call to a function by capturing “endpoint activity on files, processes, mutant handles (mutex),
`registries, and network connections.” To determine whether the content is safe to invoke, it transmits the
`content to a security computer for inspection and awaits a determination whether invoking functions within
`that content is safe.
`
`Contention 4a – Qualys Cloud Platform is the security computer
`IOCtransmits the input to Qualys Cloud Platform for “storage, processing, and query.” The “specific event
`details” captured form an indicator whether an invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`17
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000377
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 379 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 11 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`18
`
`1c. Contention 5 – Container Security is the content processor
`Container Security processes content received over a network that includes a call to a function. To determine
`whether the content is safe to invoke, it transmits the content to a security computer for inspection and awaits a
`determination whether invoking functions within that content is safe.
`
`Contention 5a – CI/CD Tools are the security computer
`Container Security transmits the input to CI/CD Tools such as Jenkins and Bamboo for vulnerability analysis for
`images and containers and vulnerability analysis for registries, which indicate whether an invocation is safe.
`
`Contention 5b – Image Registry is the security computer
`Container Security transmits the input to Image Registry for vulnerability analysis for images and containers and
`vulnerability analysis for registries, which indicate whether an invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`18
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000378
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 380 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 12 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`19
`
`1c. Contention 6 – Web App Firewall is the content processor
`Web App Firewall processes content received over a network that includes a call to a function. To determine whether the
`content is safe to invoke, it transmits the content to a security computer for inspection and awaits a determination
`whether invoking functions within that content is safe.
`
`Contention 6a – Qualys Cloud Platform is the security computer
`Web App Firewall transmits continuous communicates with the Qualys Cloud Platform. As noted in Claim 1a and
`Contentions 1b‐1h of Claim 1b, Qualys Cloud Platform products are security computers.
`
`Contention 6b – Web App Scanning is the security computer
`Web App Firewall transmits the input to Web App Scanning. “From a single console, use WAS to detect vulnerabilities.”
`The detection of vulnerabilities is an indicator that invocation is not safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`19
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000379
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 381 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 13 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`20
`
`1c. Contention 7 – Web App Scanning is the content processor
`Web App Firewall processes content received over a network that includes a call to a function. To determine whether the
`content is safe to invoke, it transmits the content to a security computer for inspection and awaits a determination
`whether invoking functions within that content is safe.
`
`Contention 7a – Web App Firewall is the security computer
`Web App Scanning transmits the input to Web App Firewall. “From a single console, you can…rapidly protect them from
`attack with WAF.” The blocking of attacks is an indicator that invocation is not safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`20
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000380
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 382 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 14 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`21
`
`1c. Contention 8 – Compliance Monitoring is the content processor
`Vulnerability Management processes content received over a network that includes a call to a function. To
`determine whether the content is safe to invoke, it transmits the content to a security computer for inspection
`and awaits a determination whether invoking functions within that content is safe.
`
`Contention 8a – Qualys Cloud Platform is the security computer
`Compliance Monitoring transmits the input to Qualys Cloud Platform for analysis and correlation. As noted in
`Claim 1a and Contentions 1b‐1h of Claim 1b, Qualys Cloud Platform products are security computers.
`
`Contention 8b – Qualys Scanner Appliances are security computers
`Compliance Monitoring transmits the input to Qualys Scanner Applicances to launch scans and for analysis and
`correlation. The analysis yields indicators of whether an invocation is safe. As noted in Claim 1a and Contentions
`1b‐1h of Claim 1b, Qualys Cloud Platform products are security computers.
`
`Contention 8c – Cloud Agents are the security computer
`Compliance Monitoring transmits the input to Cloud Agents to launch scans and for analysis and correlation.
`The analysis yields indicators of whether an invocation is safe.
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`21
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000381
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 385 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 15 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`24
`
`Claim 1
`
`1a. A system for protecting a computer from
`dynamically generated malicious content,
`comprising:
`
`1b. a content processor (i) for processing
`content received over a network, the content
`including a call to a first function, and the call
`including an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation is safe:
`
`1c. a transmitter for transmitting the input to
`the security computer for inspection, when the
`first function is invoked; and
`
`1d. a receiver for receiving an indicator from the
`security computer whether it is safe to invoke
`the second function with the input.
`
`1b. All Contentions – Doctrine of Equivalents – Only if such invocation is safe
`To the extent that the Qualys Accused Products do not literally infringe this claim element,
`Qualys Accused Products infringe under the doctrine of equivalents. The above described
`functionality of the Qualys Accused Products is at most insubstantially different from the
`claimed functionality and performs substantially the same function in substantially the same
`way to achieve substantially the same result.
`
`Qualys Accused Products performs the same function as this element because they process
`content received for a security computer.
`
`Qualys Accused Products performs the same function the same way as this element because
`they determine if it is safe to invoke a second function and can use a security policy with the
`result to determine whether to invoke the content.
`
`Qualys Accused Products achieve the same result as this element because the second
`function is not invoked with the input if it is determined not to be safe.
`
`24
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000384
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 387 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 16 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`26
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1c. Contention 2 – Vulnerability Management is the transmitter
`Vulnerability Management has a transmitter because it includes network interfaces for transmitting
`the input to the security computer to return a verdict if the file is malicious, as set forth in Contention
`1 for 1b.
`
`Moreover, Vulnerability Management has a transmitter because it may transmit the input by working
`with Qualys Cloud Agents to extend network coverage to assets that cannot be scanned.
`
`Vulnerability Management is further a transmitter because it may transmit to Continuous Monitoring
`to be “proactively alerted about potential threats so problems can be tackled.”
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`26
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000386
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 388 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 17 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`27
`
`1c. Contention 3 – Threat Protection is the transmitter
`Threat Protection has a transmitter because it includes network interfaces for transmitting
`the input to the security computer to return a verdict if the file is malicious, as set forth in
`Contention 2 for 1b.
`
`Moreover, Threat Protection transmits the input to Qualys Asset Inventory and Qualys
`Vulnerability Management for vulnerability detection and remediation.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`27
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000387
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 389 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 18 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`28
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1c. Contention 4 – Indication of Compromise is the transmitter
`Indication of Compromise has a transmitter because it includes network interfaces for transmitting the
`input to the security computer to return a verdict if the file is malicious, as set forth in Contention 4 for
`1b.
`
`Moreover, Indication of Compromise has a transmitter for utilizing “the Cloud Agent to capture
`endpoint activity on files, processes, mutant handles (mutex), registries, and network connections, and
`uploads the data to the Qualys Cloud Platform for storage, processing, and query.”
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the
`input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`28
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000388
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 390 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 19 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`29
`
`1c. Contention 5 – Container Security is the transmitter
`Container Security has a transmitter because it includes network interfaces for transmitting the input
`to the security computer to return a verdict if the file is malicious, as set forth in Contention 5 for 1b.
`
`Moreover, Container Security has a transmitter for addressing “vulnerability management for images
`and containers in their DevOps pipeline and deployments across cloud and on‐premise environments,
`such as by transmitting the input to CI/CD tools (Jenkins and Bamboo) and Image Registry.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including
`a call to a first function, and the
`call including an input, and (ii)
`for invoking a second function
`with the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security
`computer for inspection, when
`the first function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`29
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000389
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 391 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 20 of 41
`
`30
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation
`is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`1c. Contention 6 – Web App Firewall is the transmitter
`Web App Firewall has a transmitter because it includes network interfaces for transmitting the input to
`the security computer to return a verdict if the file is malicious, as set forth in Contention 6 for 1b.
`
`Moreover, Web App Firewall is a virtual appliance that can transmit content as part of its deployment
`on premises “using Vmware, Hyper‐V or Docker; and in public cloud platforms, such as AWS, Azure or
`Google Cloud Platform.” “WAF continuously communicates with the Qualys Cloud Platform.”
`
`Additionally, Web App Firewall transmits to integrated Qualys Web App Scanning (WAS) to provide
`detection and mitigation of vulnerabilities.
`
`30
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000390
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 392 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 21 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`31
`
`1c. Contention 7 – Web App Scanning is the transmitter
`Container Security has a transmitter because it includes network interfaces for transmitting
`the input to the security computer to return a verdict if the file is malicious, as set forth in
`Contention 7 for 1b.
`
`Moreover, Web App Scanning is also a transmitter which transmits to integrated Web App
`Firewall (WAF) in order to “detect web application vulnerabilities… and rapidly protect them
`from attack.”
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`31
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`EXHIBIT B, PAGE 000391
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 100-11 Filed 09/04/20 Page 393 of 527Case 4:18-cv-07229-YGR Document 126-12 Filed 10/30/20 Page 22 of 41
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`32
`
`1c. Contention 8 – Compliance Monitoring is the transmitter
`Compliance Monitoring has a transmitter because it includes network interfaces for
`transmitting the input to the security computer to return a verdict if the file is malicious, as
`set forth in Contention 8 for 1b.
`
`Moreover, Compl