Case 4:18-cv-07229-YGR Document 198-5 Filed 05/18/21 Page 1 of 6
`Case 4:18-cv-07229—YGR Document 198-5 Filed 05/18/21 Page 1 of 6
`
`EXHIBIT D
`
`EXHIBIT D
`
`
`Case 4:18-cv-07229—YGR Document 198-5 Filed 05/18/21 Page 1 of 6
`
`EXHIBIT D
`
`EXHIBIT D
`
`
`
`Case 4:18-cv-07229-YGR Document 198-5 Filed 05/18/21 Page 2 of 6
`Case 4:18-cv-07229—YGR Document 198-5 Filed 05/18/21 Page 2 of 6
`
`APPENDIX F
`
`
`
`
`APPENDIX F
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 4:18-cv-07229-YGR Document 198-5 Filed 05/18/21 Page 3 of 6
`
`US Patent No. 8,225,408
`Method and System for Adaptive Rule-based Content Scanners
`Claim 1
`
`1
`
`The Qualys Accused Products perform a multi‐lingual method for scanning incoming
`program code that a user attempts to download from the Internet. The program
`code is diverted to the Accused Products for analysis if the program code appears
`suspicious or is of a certain file type. Each Accused Product performs static,
`dynamic and behavioral analysis of received downloaded program code to identify
`exploits, and uses internal databases (as described below) to parse and analyze
`program code to detect exploits indicating that the program code is suspicious or
`malicious.
`
`1a. A computer processor‐based multi‐lingual method for scanning
`incoming program code, comprising:
`
`1b. receiving, by a computer, an incoming stream of program
`code;
`
`1c. determining, by the computer, any specific one of a plurality of
`programming languages in which the incoming stream is written;
`
`1d. instantiating, by the computer, a scanner for the specific
`programming language, in response to said determining, the
`scanner comprising parser rules and analyzer rules for the specific
`programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the
`specific programming language, and wherein the analyzer rules
`identify certain combinations of tokens and patterns as being
`indicators of potential exploits, exploits being portions of program
`code that are malicious;
`
`1e. identifying, by the computer, individual tokens within the
`incoming stream;
`
`1f. dynamically building, by the computer while said receiving
`receives the incoming stream, a parse tree whose nodes represent
`tokens and patterns in accordance with the parser rules;
`
`1g. dynamically detecting, by the computer while said dynamically
`building builds the parse tree, combinations of nodes in the parse
`tree which are indicators of potential exploits, based on the
`analyzer rules; and
`
`1h. indicating, by the computer, the presence of potential exploits
`within the incoming stream, based on said dynamically detecting.
`
`1
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 198-5 Filed 05/18/21 Page 4 of 6
`
`US Patent No. 8,225,408
`Method and System for Adaptive Rule-based Content Scanners
`Claim 1
`1a. A computer processor‐based multi‐lingual method for scanning
`incoming program code, comprising:
`
`1b. Contention 1 – The Accused Products, each resident on the Qualys Cloud,
`receive an incoming stream of computer code
`
`2
`
`1b. receiving, by a computer, an incoming stream of program
`code;
`
`1c. determining, by the computer, any specific one of a plurality of
`programming languages in which the incoming stream is written;
`
`1d. instantiating, by the computer, a scanner for the specific
`programming language, in response to said determining, the
`scanner comprising parser rules and analyzer rules for the specific
`programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the
`specific programming language, and wherein the analyzer rules
`identify certain combinations of tokens and patterns as being
`indicators of potential exploits, exploits being portions of program
`code that are malicious;
`
`1e. identifying, by the computer, individual tokens within the
`incoming stream;
`
`1f. dynamically building, by the computer while said receiving
`receives the incoming stream, a parse tree whose nodes represent
`tokens and patterns in accordance with the parser rules;
`
`1g. dynamically detecting, by the computer while said dynamically
`building builds the parse tree, combinations of nodes in the parse
`tree which are indicators of potential exploits, based on the
`analyzer rules; and
`
`1h. indicating, by the computer, the presence of potential exploits
`within the incoming stream, based on said dynamically detecting.
`
`Each of the Accused Products, executed on a node that is part of the Qualys Cloud
`computing environment, includes a receiver component on a node that receives
`content based on a client device requesting the content from a source computer,
`such as the Internet. As shown below, the content is received by each Accused
`Product, (via the receiver) when a particular client device requests content provided
`by a source computer.
`
`2
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 198-5 Filed 05/18/21 Page 5 of 6
`
`US Patent No. 8,225,408
`Method and System for Adaptive Rule-based Content Scanners
`Claim 1
`
`3
`
`1a. A computer processor‐based multi‐lingual method for scanning
`incoming program code, comprising:
`
`1b. Contention 2 – The Accused Products, each resident on Appliance Scanners,
`receive an incoming stream of computer code
`
`1b. receiving, by a computer, an incoming stream of program
`code;
`
`1c. determining, by the computer, any specific one of a plurality of
`programming languages in which the incoming stream is written;
`
`1d. instantiating, by the computer, a scanner for the specific
`programming language, in response to said determining, the
`scanner comprising parser rules and analyzer rules for the specific
`programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the
`specific programming language, and wherein the analyzer rules
`identify certain combinations of tokens and patterns as being
`indicators of potential exploits, exploits being portions of program
`code that are malicious;
`
`1e. identifying, by the computer, individual tokens within the
`incoming stream;
`
`1f. dynamically building, by the computer while said receiving
`receives the incoming stream, a parse tree whose nodes represent
`tokens and patterns in accordance with the parser rules;
`
`1g. dynamically detecting, by the computer while said dynamically
`building builds the parse tree, combinations of nodes in the parse
`tree which are indicators of potential exploits, based on the
`analyzer rules; and
`
`1h. indicating, by the computer, the presence of potential exploits
`within the incoming stream, based on said dynamically detecting.
`
`Each of the Accused Products executed on Appliance Scanners, dispersed over a
`computer network, includes a receiver component that receives content based on a
`client device requesting the content from a source computer, such as the Internet.
`As shown below, the content is received by each Accused Product (via the receiver
`of the Appliance Scanner) when a particular client device requests content provided
`by a source computer.
`
`3
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
`
`Case 4:18-cv-07229-YGR Document 198-5 Filed 05/18/21 Page 6 of 6
`
`US Patent No. 8,225,408
`Method and System for Adaptive Rule-based Content Scanners
`Claim 1
`1a. A computer processor‐based multi‐lingual method for scanning
`incoming program code, comprising:
`
`1b. Contention 2 – The Accused Products, each resident on Appliance Scanners,
`receive an incoming stream of computer code (continued)
`
`4
`
`1b. receiving, by a computer, an incoming stream of program
`code;
`
`1c. determining, by the computer, any specific one of a plurality of
`programming languages in which the incoming stream is written;
`
`1d. instantiating, by the computer, a scanner for the specific
`programming language, in response to said determining, the
`scanner comprising parser rules and analyzer rules for the specific
`programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the
`specific programming language, and wherein the analyzer rules
`identify certain combinations of tokens and patterns as being
`indicators of potential exploits, exploits being portions of program
`code that are malicious;
`
`1e. identifying, by the computer, individual tokens within the
`incoming stream;
`
`1f. dynamically building, by the computer while said receiving
`receives the incoming stream, a parse tree whose nodes represent
`tokens and patterns in accordance with the parser rules;
`
`1g. dynamically detecting, by the computer while said dynamically
`building builds the parse tree, combinations of nodes in the parse
`tree which are indicators of potential exploits, based on the
`analyzer rules; and
`
`1h. indicating, by the computer, the presence of potential exploits
`within the incoming stream, based on said dynamically detecting.
`
`As shown below, Scanner Appliances dispersed as endpoints throughout a
`computer network, receive content based on a client device requesting the content
`from a source computer, such as the Internet.
`
`receiver
`
`4
`
`© 2018 Finjan, Inc. ALL RIGHTS RESERVED
`Subject to FRE 408
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
