`Case 4:18-cv-07229—YGR Document 143-2 Filed 11/13/20 Page 1 of 27
`
`EXHIBIT A
`
`EXHIBIT A
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 2 of 27
`
`US Patent No. 6,965,968
`Policy-Based Caching
`
`30
`
`Claim 6
`
`6. The policy‐based cache manager of
`claim 1 further comprising a transmitter
`for transmitting allowable content
`from the cache to a client computer.
`
`6. Contention 2 – The Accused Products include a transmitter resident on Appliance / Virtual Scanners
`
`Each of the Accused Products discussed above includes a transmitter resident on the Appliance / Virtual
`Scanners which transmits content, if determined to be allowable, to the client computer associated with the
`user.
`
`Transmitter on
`Appliance and Virtual
`Scanners
`
`30
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 3 of 27
`
`US Patent No. 6,965,968
`Policy-Based Caching
`
`31
`
`Claim 7
`
`7. The policy‐based cache manager of
`claim 1 further comprising a receiver for
`receiving digital content from a web
`server.
`
`7. Contention 1 – The Accused Products, each resident on the Qualys Cloud, receive digital content using a
`receiver
`
`Each of the Accused Products, executed on a node that is part of the Qualys Cloud computing environment,
`includes a receiver component on a separate node that receives content based on a client device requesting
`the content from a source computer, such as the Internet. As shown below, the content is received by each
`Accused Product, (via the receiver) when a particular client device requests content provided by a source
`computer.
`
`31
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 4 of 27
`
`US Patent No. 6,965,968
`Policy-Based Caching
`
`32
`
`Claim 7
`
`7. The policy‐based cache manager of
`claim 1 further comprising a receiver for
`receiving digital content from a web
`server.
`
`7. Contention 2 – The Accused Products, each resident on the Qualys Cloud, receive digital content using a
`receiver
`
`Each of the Accused Products executed on Appliance Scanners, dispersed over a computer network, includes a
`receiver component that receives content based on a client device requesting the content from a source
`computer, such as the Internet. As shown below, the content is received by each Accused Product (via the
`receiver of the Appliance Scanner) when a particular client device requests content provided by a source
`computer.
`
`32
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 5 of 27
`
`US Patent No. 6,965,968
`Policy-Based Caching
`
`33
`
`Claim 7
`
`7. The policy‐based cache manager of
`claim 1 further comprising a receiver for
`receiving digital content from a web
`server.
`
`7. Contention 2 – The Accused Products, each resident on the Qualys Cloud, receive digital content
`using a receiver (continued)
`
`As shown below, Scanner Appliances dispersed as endpoints throughout a computer network
`receive content based on a client device requesting the content from a source computer, such as the
`Internet.
`
`Receiver
`
`33
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 6 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation
`is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`1a. All Contentions – “A system for protecting a computer…”:
`Qualys Accused Products, including Vulnerability Management, Threat Protection, Continuous
`Monitoring, Indication of Compromise, Container Security, Web App Firewall, Web App Scanning, and
`Compliance Monitoring provide computer security functionality that will protect against dynamically
`generated malicious content.
`
`1
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 7 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`25
`
`1c. Contention 1 – The Internet Gateway is the transmitter
`The Internet Gateway is a transmitter because it includes network interfaces for transmitting
`the input to security computers (Qualys Cloud Platform, and/or Virtual Scanner Appliances) as
`set forth in Contention 1 for Claim 1a. to return a verdict if the file is malicious.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`25
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 8 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`26
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1c. Contention 2 – Vulnerability Management is the transmitter
`Vulnerability Management has a transmitter because it includes network interfaces for transmitting
`the input to the security computer to return a verdict if the file is malicious, as set forth in Contention
`1 for 1b.
`
`Moreover, Vulnerability Management has a transmitter because it may transmit the input by working
`with Qualys Cloud Agents to extend network coverage to assets that cannot be scanned.
`
`Vulnerability Management is further a transmitter because it may transmit to Continuous Monitoring
`to be “proactively alerted about potential threats so problems can be tackled.”
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation is
`safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`26
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 9 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`27
`
`1c. Contention 3 – Threat Protection is the transmitter
`Threat Protection has a transmitter because it includes network interfaces for transmitting
`the input to the security computer to return a verdict if the file is malicious, as set forth in
`Contention 2 for 1b.
`
`Moreover, Threat Protection transmits the input to Qualys Asset Inventory and Qualys
`Vulnerability Management for vulnerability detection and remediation.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`27
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 10 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`
`28
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1c. Contention 4 – Indication of Compromise is the transmitter
`Indication of Compromise has a transmitter because it includes network interfaces for transmitting the
`input to the security computer to return a verdict if the file is malicious, as set forth in Contention 4 for
`1b.
`
`Moreover, Indication of Compromise has a transmitter for utilizing “the Cloud Agent to capture
`endpoint activity on files, processes, mutant handles (mutex), registries, and network connections, and
`uploads the data to the Qualys Cloud Platform for storage, processing, and query.”
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the
`input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`28
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 11 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`29
`
`1c. Contention 5 – Container Security is the transmitter
`Container Security has a transmitter because it includes network interfaces for transmitting the input
`to the security computer to return a verdict if the file is malicious, as set forth in Contention 5 for 1b.
`
`Moreover, Container Security has a transmitter for addressing “vulnerability management for images
`and containers in their DevOps pipeline and deployments across cloud and on‐premise environments,
`such as by transmitting the input to CI/CD tools (Jenkins and Bamboo) and Image Registry.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including
`a call to a first function, and the
`call including an input, and (ii)
`for invoking a second function
`with the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security
`computer for inspection, when
`the first function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`29
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 12 of 27
`
`30
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`Claim 1
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received
`over a network, the content
`including a call to a first
`function, and the call including
`an input, and (ii) for invoking a
`second function with the input,
`only if a security computer
`indicates that such invocation
`is safe:
`
`1c. a transmitter for
`transmitting the input to the
`security computer for
`inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function
`with the input.
`
`1c. Contention 6 – Web App Firewall is the transmitter
`Web App Firewall has a transmitter because it includes network interfaces for transmitting the input to
`the security computer to return a verdict if the file is malicious, as set forth in Contention 6 for 1b.
`
`Moreover, Web App Firewall is a virtual appliance that can transmit content as part of its deployment
`on premises “using Vmware, Hyper‐V or Docker; and in public cloud platforms, such as AWS, Azure or
`Google Cloud Platform.” “WAF continuously communicates with the Qualys Cloud Platform.”
`
`Additionally, Web App Firewall transmits to integrated Qualys Web App Scanning (WAS) to provide
`detection and mitigation of vulnerabilities.
`
`30
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 13 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`31
`
`1c. Contention 7 – Web App Scanning is the transmitter
`Container Security has a transmitter because it includes network interfaces for transmitting
`the input to the security computer to return a verdict if the file is malicious, as set forth in
`Contention 7 for 1b.
`
`Moreover, Web App Scanning is also a transmitter which transmits to integrated Web App
`Firewall (WAF) in order to “detect web application vulnerabilities… and rapidly protect them
`from attack.”
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`31
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 14 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`32
`
`1c. Contention 8 – Compliance Monitoring is the transmitter
`Compliance Monitoring has a transmitter because it includes network interfaces for
`transmitting the input to the security computer to return a verdict if the file is malicious, as
`set forth in Contention 8 for 1b.
`
`Moreover, Compliance Monitoring is a transmitter that can transmit content to the Qualys
`Cloud Platform to be analyzed as well as transmit to other scanner appliances and/or Cloud
`Agents to launch scans.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`32
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 15 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`33
`
`1d. Contention 1 – Internet Gateway is the receiver
`The Internet Gateway is the receiver because it includes network interfaces for receiving the
`results determining if the file is malicious from the security computers in Qualys Cloud
`Platform and Virtual Scanner Appliances, as set forth in Contention 1 for Claim 1b and 1c.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`33
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 16 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`34
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1d. Contention 2 – Vulnerability Management is the receiver
`Vulnerability Management is the receiver because it includes network interfaces for receiving the
`results determining if the file is malicious from the security computers that are set forth in
`Contention 2 for Claim 1b and 1c.
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security computer
`for inspection, when the first
`function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`34
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 17 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`Claim 1
`
`35
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1d. Contention 3 – Threat Protection is the receiver
`Threat Protection is the receiver because it includes network interfaces for receiving the results
`determining if the file is malicious from the security computers that are set forth in Contention 3 for
`Claim 1b and 1c.
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including
`a call to a first function, and the
`call including an input, and (ii) for
`invoking a second function with
`the input, only if a security
`computer indicates that such
`invocation is safe:
`
`1c. a transmitter for transmitting
`the input to the security
`computer for inspection, when
`the first function is invoked; and
`
`1d. a receiver for receiving an
`indicator from the security
`computer whether it is safe to
`invoke the second function with
`the input.
`
`35
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 18 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`36
`
`1d. Contention 4 – Indication of Compromise is the receiver
`Indication of Compromise is the receiver because it includes network interfaces for receiving the
`results determining if the file is malicious from the security computers that are set forth in
`Contention 4 for Claim 1b and 1c.
`
`Claim 1
`
`1a. A system for protecting a
`computer from dynamically
`generated malicious content,
`comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a
`call to a first function, and the call
`including an input, and (ii) for
`invoking a second function with the
`input, only if a security computer
`indicates that such invocation is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an
`indicator from the security computer
`whether it is safe to invoke the
`second function with the input.
`
`36
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 19 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`37
`
`1d. Contention 5 – Container Security is the receiver
`Container Security is the receiver because it includes network interfaces for receiving the
`results determining if the file is malicious from the security computers that are set forth in
`Contention 5 for Claim 1b and 1c.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`37
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 20 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`38
`
`1d. Contention 6 – Web App Firewall is the receiver
`Web App Firewall is the receiver because it includes network interfaces for receiving the
`results determining if the file is malicious from the security computers that are set forth in
`Contention 6 for Claim 1b and 1c.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`38
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 21 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`39
`
`1d. Contention 7 – Web App Scanning is the receiver
`Web App Scanning is the receiver because it includes network interfaces for receiving the
`results determining if the file is malicious from the security computers that are set forth in
`Contention 7 for Claim 1b and 1c.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`39
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 22 of 27
`
`US Patent No. 8,141,154
`Inspecting Dynamically Generated Executable Code
`
`40
`
`1d. Contention 8 – Compliance Monitoring is the receiver
`Compliance Monitoring is the receiver because it includes network interfaces for receiving
`the results determining if the file is malicious from the security computers that are set forth
`in Contention 8 for Claim 1b and 1c.
`
`Claim 1
`
`1a. A system for protecting a computer
`from dynamically generated malicious
`content, comprising:
`
`1b. a content processor (i) for
`processing content received over
`a network, the content including a call
`to a first function, and the call including
`an input, and (ii) for invoking a second
`function with the input, only if a security
`computer indicates that such invocation
`is safe:
`
`1c. a transmitter for transmitting the
`input to the security computer for
`inspection, when the first function is
`invoked; and
`
`1d. a receiver for receiving an indicator
`from the security computer whether it is
`safe to invoke the second function with
`the input.
`
`40
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 23 of 27
`
`US Patent No. 8,225,408
`Method and System for Adaptive Rule-based Content Scanners
`Claim 1
`1a. A computer processor‐based multi‐lingual method for scanning
`incoming program code, comprising:
`
`1b. Contention 1 – The Accused Products, each resident on the Qualys Cloud,
`receive an incoming stream of computer code
`
`2
`
`1b. receiving, by a computer, an incoming stream of program
`code;
`
`1c. determining, by the computer, any specific one of a plurality of
`programming languages in which the incoming stream is written;
`
`1d. instantiating, by the computer, a scanner for the specific
`programming language, in response to said determining, the
`scanner comprising parser rules and analyzer rules for the specific
`programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the
`specific programming language, and wherein the analyzer rules
`identify certain combinations of tokens and patterns as being
`indicators of potential exploits, exploits being portions of program
`code that are malicious;
`
`1e. identifying, by the computer, individual tokens within the
`incoming stream;
`
`1f. dynamically building, by the computer while said receiving
`receives the incoming stream, a parse tree whose nodes represent
`tokens and patterns in accordance with the parser rules;
`
`1g. dynamically detecting, by the computer while said dynamically
`building builds the parse tree, combinations of nodes in the parse
`tree which are indicators of potential exploits, based on the
`analyzer rules; and
`
`1h. indicating, by the computer, the presence of potential exploits
`within the incoming stream, based on said dynamically detecting.
`
`Each of the Accused Products, executed on a node that is part of the Qualys Cloud
`computing environment, includes a receiver component on a node that receives
`content based on a client device requesting the content from a source computer,
`such as the Internet. As shown below, the content is received by each Accused
`Product, (via the receiver) when a particular client device requests content provided
`by a source computer.
`
`2
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 24 of 27
`
`US Patent No. 8,225,408
`Method and System for Adaptive Rule-based Content Scanners
`Claim 1
`
`3
`
`1a. A computer processor‐based multi‐lingual method for scanning
`incoming program code, comprising:
`
`1b. Contention 2 – The Accused Products, each resident on Appliance Scanners,
`receive an incoming stream of computer code
`
`1b. receiving, by a computer, an incoming stream of program
`code;
`
`1c. determining, by the computer, any specific one of a plurality of
`programming languages in which the incoming stream is written;
`
`1d. instantiating, by the computer, a scanner for the specific
`programming language, in response to said determining, the
`scanner comprising parser rules and analyzer rules for the specific
`programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the
`specific programming language, and wherein the analyzer rules
`identify certain combinations of tokens and patterns as being
`indicators of potential exploits, exploits being portions of program
`code that are malicious;
`
`1e. identifying, by the computer, individual tokens within the
`incoming stream;
`
`1f. dynamically building, by the computer while said receiving
`receives the incoming stream, a parse tree whose nodes represent
`tokens and patterns in accordance with the parser rules;
`
`1g. dynamically detecting, by the computer while said dynamically
`building builds the parse tree, combinations of nodes in the parse
`tree which are indicators of potential exploits, based on the
`analyzer rules; and
`
`1h. indicating, by the computer, the presence of potential exploits
`within the incoming stream, based on said dynamically detecting.
`
`Each of the Accused Products executed on Appliance Scanners, dispersed over a
`computer network, includes a receiver component that receives content based on a
`client device requesting the content from a source computer, such as the Internet.
`As shown below, the content is received by each Accused Product (via the receiver
`of the Appliance Scanner) when a particular client device requests content provided
`by a source computer.
`
`3
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 25 of 27
`
`US Patent No. 8,225,408
`Method and System for Adaptive Rule-based Content Scanners
`Claim 1
`1a. A computer processor‐based multi‐lingual method for scanning
`incoming program code, comprising:
`
`1b. Contention 2 – The Accused Products, each resident on Appliance Scanners,
`receive an incoming stream of computer code (continued)
`
`4
`
`1b. receiving, by a computer, an incoming stream of program
`code;
`
`1c. determining, by the computer, any specific one of a plurality of
`programming languages in which the incoming stream is written;
`
`1d. instantiating, by the computer, a scanner for the specific
`programming language, in response to said determining, the
`scanner comprising parser rules and analyzer rules for the specific
`programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the
`specific programming language, and wherein the analyzer rules
`identify certain combinations of tokens and patterns as being
`indicators of potential exploits, exploits being portions of program
`code that are malicious;
`
`1e. identifying, by the computer, individual tokens within the
`incoming stream;
`
`1f. dynamically building, by the computer while said receiving
`receives the incoming stream, a parse tree whose nodes represent
`tokens and patterns in accordance with the parser rules;
`
`1g. dynamically detecting, by the computer while said dynamically
`building builds the parse tree, combinations of nodes in the parse
`tree which are indicators of potential exploits, based on the
`analyzer rules; and
`
`1h. indicating, by the computer, the presence of potential exploits
`within the incoming stream, based on said dynamically detecting.
`
`As shown below, Scanner Appliances dispersed as endpoints throughout a
`computer network, receive content based on a client device requesting the content
`from a source computer, such as the Internet.
`
`receiver
`
`4
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 143-2 Filed 11/13/20 Page 26 of 27
`
`US Patent No. 8,677,494
`Malicious Mobile Code Runtime Monitoring System and Methods
`
`3
`
`Claim 10
`
`10a. A system for managing
`Downloadables, comprising:
`
`10b. a receiver for receiving
`an incoming Downloadable;
`
`10c. a Downloadable scanner
`coupled with said receiver, for
`deriving security profile data
`for the Downloadable,
`including a list of suspicious
`computer operations that
`may be attempted by the
`Downloadable; and
`
`10d. a database manager
`coupled with said
`Downloadable scanner,
`for storing the Downloadable
`security profile data in
`a database.
`
`10b. Contention No. 2: Qualys Accused Products include a receiver for receiving an incoming Downloadable.
`
`Each of the Qualys Accused Products include a respective receiver at the Qualys scanner (either
`external, internal, physical or virtual) for receiving incoming Downloadables from t