111111111111111111111111111!IIIJ111111111111111111111111111111111
`
`US007484247B2
`
`(12) United States Patent
`(12) Unlted States Patent
`Rozman et al.
`Rozman et a].
`
`(10) Patent No.:
`(10) Patent No.:
`(45) Date of Patent:
`(45) Date of Patent:
`
`US 7,484,247 B2
`US 7,484,247 B2
`Jan. 27, 2009
`Jan. 27, 2009
`
`SYSTEM AND METHOD FOR PROTECTING
`(54)
`(54) SYSTEM AND METHOD FOR PROTECTING
`A COMPUTER SYSTEM FROM MALICIOUS
`A COMPUTER SYSTEM FROM MALICIOUS
`SOFTWARE
`SOFTWARE
`
`(76) Inventors: Allen F Rozlnans 735 Mockin bird Dr"
`(76)
`Inventors: Allen F Rozman, 735 Mockingbird Dr.,
`g
`_
`Murphy, TX (US) 75094; Alfonso J
`Murphy, TX (US) 75094, Alfonso J
`Cioffi, 719 Mockingbird Dr., Murphy,
`Clof?, 719 Mock1ngb1rd Dr., Murphy,
`TX (US) 75094
`TX (Us) 75094
`
`.
`
`.
`
`_
`
`( * )
`Notice:
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 710 days.
`U.S.C. 154(b) by 710 days.
`
`(21) Appl. No.: 10/913,609
`(21) Appl. No.: 10/913,609
`
`(22) Filed;
`(22) Filed:
`
`Aug_ 7, 2004
`Aug. 7, 2004
`
`(65)
`(65)
`
`Prior Publication Data
`Prior Publication Data
`US 2006/0031940 Al
`Feb. 9, 2006
`Us 2006/0031940 A1
`Feb' 9’ 2006
`(51) Int- Cl‘
`(51)
`Int. Cl.
`(2006.01)
`G06F 1/26
`(2006.01)
`GO6F 1/26
`(2006.01)
`G06F 12/14
`(2006.01)
`GO6F 12/14
`(2006.01)
`G06F 11/30
`(2006-01)
`G06F 11/30
`(2006.01)
`H04L 9/32
`(2006-01)
`H041‘ 9/32
` 726/34; 713/192; 713/193
`(52) U.S. Cl.
`US. Cl- ........................ ..
`(58) Field of Classification Search
` None
`(58) Field of ‘Classi?cation Search ............. ... ..... .. None
`See app11cat1on ?le for complete search hlstory.
`See application file for complete search history.
`References Cited
`References Cited
`
`(56)
`(56)
`
`U.S. PATENT DOCUMENTS
`US. PATENT DOCUMENTS
`
`12/1989 Dawes et al.
`4,890,098 A
`4,890,098 A 12/1989 Dawes et al.
`5,280,579 A
`1/1994 Nye
`5,280,579 A
`1/1994 Nye
`5,502,808 A
`3/1996 Goddard et al.
`5,502,808 A
`3/1996 Goddard et al.
`5,555,364 A
`9/1996 Goldstein
`5,555,364 A
`9/1996 Goldstein
`5,666,030 A
`9/1997 Parson
`5,666,030 A
`9/1997 Parson
`5,673,403 A *
`9/1997 Brown et al.
` 715/744
`5,673,403 A *
`9/1997 Brown et al. .............. .. 715/744
`5,751,979 A
`5/1998 McCrory
`5,751,979 A
`5/1998 McCrory
`5,826,013 A
`10/1998 Nachenberg
`5,826,013 A 10/1998 Nachenberg
`5,918,039 A
`6/1999 Buswell et al.
`5,918,039 A
`6/1999 Buswellet al.
`
`100
`100
`
`110
`_______
`
`11D
`)
`,,1
`1.' memory
`amts serene
`area
`
`120
`\
`1•prosassor
`
`,
`
`,
`
`5,978,917 A 11/1999 Chi
`11/1999 Chi
`5,978,917 A
`5,995,103 A
`11/1999 Ashe
`5,995,103 A 11/ 1999 Ashe
`6,134,661 A
`10/2000 Topp
`6,134,661 A 10/2000 Topp
`6,167,522 A
`12/2000 Lee et al.
`6,167,522 A 12/2000 Lee et al.
`726/11
`
`6,192,477 B1 *
`2/2001 Corthell
`6,192,477 B1* 2/2001 Corthell ..................... .. 726/11
`6,199,181 B1
`3/2001 Rechef et al.
`6,199,181 B1
`3/2001 Rechefet al.
`6 216 112 B1
`4/2001 F
`6,216,112 B1
`4/2001 Fuller et al.
`6,275,938 B1
`8/2001 Bond et 31‘
`6,275,938 B1
`8/2001 Bond et al.
`6,351,816 B1
`2/2002 Mueller et al.
`6,351,816 B1
`2/2002 Mueller et al.
`6,385,721 B1 *
`5/2002 Puckette
` 713/2
`6,385,721 B1* 5/2002 Puckette ...................... .. 713/2
`6,480,198 B2 11/2002 Kang
`6,480,198 B2
`11/2002 Kang
`6,507,904 B1
`1/2003 Ellison et al.
`6,507,904 B1
`1/2003 Ellison et a1.
`.
`(Contmued)
`(Continued)
`OTHER PUBLICATIONS
`OTHER PUBLICATIONS
`
`uller et al.
`
`Kevin Townsend; "Spyware, Adware, and Peer to Peer Networks;
`Kevin Townsend; “Spyware, Adware, and Peer to Peer Networks;
`The Hidden Threat to Corporate Security" © Pest Patrol, 2003.
`The Hidden Threat to Corporate Security” © Pest Patrol, 2003.
`(Continued)
`(Continued)
`Primary ExamineriChristian LaForgia
`Primary Examiner Christian LaForgia
`(74) Attorney, Agent, or Firm Allen F Rozman
`(74) Attorney, Agent, or FirmiAllen F RoZman
`
`ABSTRACT
`(57)
`ABSTRACT
`(57)
`In a computer system, a ?rst electronic data processor is
`In a computer system, a first electronic data processor is
`communicatively coupled to a ?rst memory space and a sec
`communicatively coupled to a first memory space and a sec-
`ond memory space. A second electronic data processor is
`ond memory space A second electronic data processor is
`communicatively coupled the second memory space and to a
`communicatively coupled the second memory space and to a
`network interface device. The second electronic data proces
`network interface device. The second electronic data proces-
`sor is capable of exchanging data across a network of one or
`sor 1s capable of exchangmg data across a network of one or
`more computers via the network interface device. A video
`more computers via the network interface device. A video
`processor is adapted to combine video data from the ?rst and
`processor is adapted to combine video data from the first and
`second electronic data processors and transmit the combined
`second electronic data processors and transmit the combined
`video data to a display terminal for displaying the combined
`video data to a display terminal for displaying the combined
`video data in a Windowed format. The computer system is
`video data in a windowed format. The computer system is
`con?gured such that a malware program downloaded from
`configured such that a malware program downloaded from
`the network and executing on the second electronic data pro
`the network and executing on the second electronic data pro-
`cessor is incapable of initiating access to the first memory
`cessor is incapable of initiating access to the ?rst memory
`space.
`space.
`
`20 Claims, 11 Drawing Sheets
`20 Claims, 11 Drawing Sheets
`
`700
`______59
`
`730
`
`\•,- ...
`:::.
`._
`2" memo,
`2" memory
`
`-44' ...rage
`dl'a swine
`arse
`ale!
`
`FT
`
`740
`/
`
`__.... 2. processor
`2" pmmaam
`
`150
`\
`
`User interrsos
`
`160
`
`VIdes.
`poce
`
`151
`
`770
`
`180
`
`190
`1%
`/
`terhce
`N
`Network inmrhu
`
`195
`
`Network
`
`Google - Exhibit 1003, page 1
`
`Google - Exhibit 1003, page 1
`
`

`
`US 7,484,247 B2
`US 7,484,247 B2
`Page 2
`Page 2
`
`US. PATENT DOCUMENTS
`U.S. PATENT DOCUMENTS
`
` 717/174
`1/2003 Curtis et al.
`6,507,948 B1 *
`6,507,948 B1* 1/2003 Curtis et al. .............. .. 717/174
`6,546,554 B1
`4/2003 Schmidt et al.
`6,546,554 B1
`4/2003 Schmidt et 81-
`6,553,377 B1
`4/2003 Eschelbeck et al.
`6553377 B1
`4/2003 Eschelbeck er 31-
`6,578,140 B1
`6/2003 Policard
`6,578,140 B1
`6/2003 Pollcard
`6,581,162 B1
`6/2003 Angelo et al.
`6,581,162 B1
`6/2003 Angelo etal-
`6,633,963 B1
`10/2003 Ellison et al.
`6,633,963 B1
`10/2003 151118011 er a1~
`6,658,573 B1
`12/2003 Bischof et al.
`6,658,573 B1
`12/2003 Bischofet al.
`6,663,000 B1
`12/2003 Muttik et al.
`6,663,000 B1
`12/2003 Muttik et al.
`6,678,712 B1 *
`1/2004 McLaren et a1. .......... .. 718/100
`6,678,712 B1 *
`1/2004 McLaren et al.
` 718/100
`6,678,825 B1
`1/2004 Ellison et al.
`6,678,825 B1
`V2004 Ellison et 61
`6,735,700 B1
`5/2004 Flint et al.
`6,735,700 B1
`5/2004 Flint et 31
` 726/16
`7,146,640 B2 * 12/2006 Goodman et al.
`7,146,640 B2 * 12/2006 Goodman et a1~ ~~~~~~~~~~~ ~~ 726/16
`7,260,839 B2 * 8/2007 Karasaki
` 726/11
`7,260,839 B2* 8/2007 Karasaki .................... .. 726/11
`2002/0066016 Al
`5/2002 Riordan
`2002/0066016 A1
`5/2002 Riordan
`2002/0174349 Al
`11/2002 Wolff et al.
`2002/0174349 A1 11/2002 Wolff et al.
`2003/0023857 A1
`l/2003 James et al.
`2003/0023857 Al
`1/2003 James et al.
`
`5/2003 Phan et al.
`2003/0097591 Al
`5/2003 Phan et al.
`2003/0097591 A1
`9/2003 Samman
`2003/0177397 Al
`9/2003 Samman
`2003/0177397 A1
`1/2004 skrepetos
`2004/0006715 A1
`1/2004 Skrepetos
`2004/0006715 Al
`2/2004 Mayer et al.
`2004/0034794 A1
`2/2004 Mayer et al.
`2004/0034794 Al
`2004/0039944 Al *
`2/2004 Karasaki
` 713/201
`2004/0039944 Al* 2/2004 Karasaki ................... .. 713/201
`2004/0054588 A1
`3/2004 Jacobs et al.
`2004/0054588 Al
`3/2004 Jacobs et al.
`2005/0240810 Al * 10/2005 Safford et al.
` 714/10
`2005/0240810 Al* 10/2005 Safford etal. ............... .. 714/10
`2006/0004667 Al *
`1/2006 Neil
` 705/59
`2006/0004667 A1 *
`l/2006 Neil .......................... .. 705/59
`
`OTHER PUBLICATIONS
`OTHER PUBLICATIONS
`David Stang, PhD; “BeyondViruses: WhyAnti-Virus Software is No
`David Stang, PhD; "Beyond Viruses: Why Anti-Virus Software is No
`Longer Enough”, © Pest Patrol 2002.
`Longer Enough", © Pest Patrol 2002.
`"The Web: Threat or Menace?" From "Firewalls and Internet Secu-
`“The Web: Threat or Menace?” From “Firewalls and Internet Secu
`rity: Repelling the Wiley Hacker", Second Edition, Addison-Wesley,
`my;RepellingthewileyHacker”,SecOndEdition, Addisomwesley,
`ISBN ()_2()1_63466_X, 2003 @
`ISBN 0-201-63466-X, 2003 C.
`
`* cited by examiner
`* cited by examiner
`
`Google - Exhibit 1003, page 2
`
`Google - Exhibit 1003, page 2
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 1 of 11
`Sheet 1 or 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`100
`1 O0
`
`130
`130
`
`110
`1 1 0
`----.
`\---",_
`_....d
`15‘ memory
`151 memory
`data storage
`data storage
`area
`area
`
`...___
`
`2"d memory
`2nd memory
`data storage
`data storage
`area
`area
`
`140
`140
`
`120
`120
`\
`1s1 processor
`151 processor
`
`<-——‘
`<————>
`2n° processor -41111-110- Network interface
`2"‘1 processor H Network interface
`
`190
`)90
`
`I A
`
`171
`1 71
`
`191
`191
`
`<—_> Video
`Video
`
`processor processor
`processor
`
`151
`
`170
`
`2170
`
`180
`180
`/
`/
`
`150
`150
`\
`
`User interface
`User interface
`
`T
`
`User
`
`160
`160
`
`Video display
`
`Fig. 1
`Fig. 1
`
`195
`195
`
`Network
`Network
`
`Google - Exhibit 1003, page 3
`
`Google - Exhibit 1003, page 3
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 2 or 11
`Sheet 2 of 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`210
`210
`
`220
`220
`
`230
`230
`
`
`
`240 \
`240
`
`250
`250
`
`200
`200
`
`User opens protected process
`User opens protected process
`J
`
`i
`+
`
`processor (P1) instructs 2“‘1
`1st processor (P1) instructs 2nd
`processor (P2) to initiate protected
`processor (P2) to initiate protected
`process and open process window
`process and open process window
`+
`
`P1 passes user interface data to P2
`P1 passes user interface data to P2
`when P2 window is selected or active
`when P2 window is selected or active
`
`P2 generates video data for P2 process
`P2 generates video data for P2 process
`window(s) and passes video data to
`window(s) and passes video data to
`video processor
`video processor
`
`+
`
`‘L
`
`Video processor interleaves video data
`Video processor interleaves video data
`from all P1 and P2 processes
`from all P1 and P2 processes
`
`260
`260
`
`V
`End
`
`
`
`)
`
`Fig. 2
`Fig. 2
`
`Google - Exhibit 1003, page 4
`
`Google - Exhibit 1003, page 4
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 3 of 11
`Sheet 3 0f 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`300
`300
`
`310
`310
`
`320
`320
`
`33(
`
`330\
`
`3L\
`
`340\
`
`User selects data file(s) to
`User selects data ?le(s) to
`download via browser
`download via browser
`
`l
`
`Data downloaded from network to 2nd
`Data downloaded from network to 2"‘
`processor (P2) and written to 2nd memory
`processor (P2) and written to 2m1 memory
`(M2)
`(M2)
`
`1
`
`V
`User directs 151 processor (P1) to move
`User directs 1st processor (P1) to move
`file from M2 to 1st memory (M1)
`?le from M2 to 1“ memory (M1)
`
`l
`
`P2 performs malware scan on
`P2 performs malware scan on
`downloaded data file in M2, either in real
`downloaded data ?le in M2, either in real
`time as data is transferred, or while data
`time as data is transferred, or while data
`file resides in M2
`?le resides in M2
`
`350
`350
`
`Malware
`Malware
`detected in data
`detected in data
`file ?
`?le ?
`
`No
`
`Move or
`Move or
`copy data
`copy data
`file to Mi
`?le to M1
`
`}60
`/360
`
`370
`370
`
`Yes
`
`Quarantine data file on M2, alert user
`Quarantine data ?le on M2, alert user
`
`3E\
`
`Delete, clean or quarantine data file on
`Delete, clean or quarantine data ?le on
`M2
`M2
`
`390\
`390
`V
`End
`
`Fig. 3
`Fig. 3
`
`Google - Exhibit 1003, page 5
`
`Google - Exhibit 1003, page 5
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 4 or 11
`Sheet 4 of 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`400
`400
`
`410
`410
`
`Malware detected or suspected
`Malware detected or suspected
`in 2"d processor (P2), 2"d
`in 2nd processor (P2), 2nd
`memory (M2) system
`memory (M2) system
`
`i
`
`User instructs 1st processor (P1) to
`User instructs 1st processor (P1) to
`reload critical system files onto 2nd
`reload critical system ?les onto 2nd
`memory (M2) from protected image on 1st
`memory (M2) from protected image on 1st
`memory (M1)
`memory (M1)
`
`420
`420
`
`430
`430
`
`
`
`440
`440
`
`450
`450
`
`460
`460
`
`P1 may scan all or part of the data
`P1 may scan all or part of the data
`contained on M2 for malware. P1 may
`contained on M2 for malware. P1 may
`delete or quarantine infected files on M2
`delete or quarantine infected ?les on M2
`
`t
`
`P1 may delete all or part of the data
`P1 may delete all or part of the data
`contained on M2. P1 may reset P2 and
`contained on M2. P1 may reset P2 and
`flush RAM coupled to P2
`?ush RAM coupled to P2
`
`‘
`
`lir
`
`Critical system files for P2 system are
`Critical system ?les for P2 system are
`loaded onto M2 from M1
`loaded onto M2 from M1
`
`V
`
`P2 system reinitializes (reboots) from
`P2 system reinitializes (reboots) from
`clean critical system files
`clean critical system ?les
`
`470
`470
`
`Fig. 4
`Fig. 4
`
`Google - Exhibit 1003, page 6
`
`Google - Exhibit 1003, page 6
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 5 of 11
`Sheet 5 0f 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`510
`510
`
`520
`520
`\
`
`User opens protected process
`User opens protected process
`
`i
`+
`
`Critical system files for P2 system are
`Critical system ?les for P2 system are
`loaded onto M2 from M1
`loaded onto M2 from M1
`
`530 \
`530
`
`Go to step 220
`Go to step 220
`(Figure 2)
`(Figure 2)
`
`Fig. 5A
`Fig. 5A
`
`Google - Exhibit 1003, page 7
`
`Google - Exhibit 1003, page 7
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 6 of 11
`Sheet 6 0f 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`540
`540
`
`550
`N
`
`550\
`
`560
`N
`
`560
`
`(
`User closes protected process
`User closes protected process
`
`I
`
`P1 or P2 may initiate a malware scan on
`P1 or P2 may initiate a malware scan on
`the P2-M2 system
`the P2-M2 system
`
`P1 or P2 may delete all or part of the
`P1 or P2 may delete all or part of the
`data contained on M2.
`data contained on M2.
`
`570
`570
`\
`N
`
`i
`
`P1 may reset P2 and flush RAM coupled
`P1 may reset P2 and ?ush RAM coupled
`to P2
`to P2
`
`580
`580
`
`End
`
`Fig. 5B
`Fig. 5B
`
`Google - Exhibit 1003, page 8
`
`Google - Exhibit 1003, page 8
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 7 0f 11
`Sheet 7 of 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`600
`600
`
`610
`610
`
`620
`620
`
`\
`
`User initiates interactive
`User initiates interactive
`network process via 2nd
`network process via 2nd
`processor (P2)
`processor (P2)
`
`i
`+
`
`1'
`
`
`
`
`
`
`
`630
`630
`
`640
`640
`
`650
`650
`
`660
`660
`
`P2 receives interactive network process
`P2 receives interactive network process
`status data from network connection
`status data from network connection
`
`i
`
`P2 informs 1st processor (P1) that
`P2 informs 1st processor (P1) that
`interactive network process status data is
`interactive network process status data is
`available
`available
`
`P1 retrieves interactive network process
`P1 retrieves interactive network process
`status data from P2 and uses status data
`status data from P2 and uses status data
`to run interactive network process and
`to run interactive network process and
`update video display
`update video display
`
`+
`t
`
`i
`
`P1 passes updated interactive network
`P1 passes updated interactive network
`process status data to F2
`process status data to F2
`
`P2 sends updated interactive network
`P2 sends updated interactive network
`process status data to network via
`process status data to network via
`network connection
`network connection
`
`670
`670
`
`End
`
`/
`
`Fig. 6
`Fig. 6
`
`Google - Exhibit 1003, page 9
`
`Google - Exhibit 1003, page 9
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 8 of 11
`Sheet 8 0f 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`100
`
`100\
`
`110
`1 1U
`
`----.
`,.......
`151 memory
`15’ memory
`data storage
`data storage
`area
`area
`
`700
`700
`730 /
`730
`.-/-----'-.--
`___,
`......_
`2" memory
`2"‘ memory
`data storage
`data storage
`area
`area
`
`190
`4
`190
`120
`120
`/
`/
`<———>
`\
`4
`2- processor
`161 processor
`.4--01 Network interface
`2"‘ processor <___> Network interface
`1" processor <_.
`--P.
`111
`
`740
`740
`
`150
`15G
`\
`
`User interface
`User interface
`
`I
`
`I
`
`151
`151
`
`77G
`
`70
`
`v
`
`Videc
`Videc
`processor
`processor
`
`160
`160
`
`180
`180
`/
`/
`
`195
`
`t User
`
`User
`
`Video display
`Video display
`
`Fig. 7
`Fig. 7
`
`‘
`
`'
`
`—
`
`Network
`Network
`
`Google - Exhibit 1003, page 10
`
`Google - Exhibit 1003, page 10
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 9 0f 11
`Sheet 9 of 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`100
`
`100\
`
`810
`
`1*‘ memory
`15t memory
`data storage
`data storage
`area
`area
`
`<_
`820
`820
`<—
`\
`1'1 processor
`15' PI'OCESSOr <_
`
`800
`800
`830 /
`830
`
`Ow
`
`2" memory
`2“ memory
`data storage
`data storage
`area
`area
`
`A
`
`890
`890
`/
`Network interface
`-> Network interface
`I
`
`150
`150
`\
`
`840
`840
`2"‘ processor
`2" processor
`
`User interface
`User interface
`
`<——>
`
`Video processor
`Video processor
`
`870
`870
`
`151
`151
`
`160
`160
`
`u.,
`User
`
`180
`180
`/
`/
`
`19
`195
`5
`
`Vioeo'dispiay
`Video display
`
`Fig 8
`Fig 8
`
`Network
`Network
`
`Google - Exhibit 1003, page 11
`
`Google - Exhibit 1003, page 11
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 10 0f 11
`Sheet 10 of 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`100
`
`910
`910
`
`950
`950
`
`920
`920
`
`'t memory
`930
`1“ memory
`data storage area
`data storage area
`0‘
`
`2"“ memory
`2nd memory
`data storage area
`data storage area
`
`\
`
`940
`949
`2"d processor
`2n0 processor
`
`960
`960
`\ 1st processor <—
`1st processor
`
`190
`1 9O
`
`’ Network interface
`Network interface
`
`t
`
`150
`
`150
`\ V
`
`T
`
`970
`
`'70
`
`Y
`
`User interface
`User interface
`
`T
`
`<- > Video
`Video
`processor
`processor
`
`151
`
`160
`
`180
`180
`/
`
`195
`195
`
`7
`
`Video display
`Video disp ay
`Fig. 9
`Fig. 9
`
`Network
`Network
`
`Google - Exhibit 1003, page 12
`
`Google - Exhibit 1003, page 12
`
`

`
`U.S. Patent
`US. Patent
`
`Jan. 27, 2009
`Jan. 27, 2009
`
`Sheet 11 of 11
`Sheet 11 0f 11
`
`US 7,484,247 B2
`US 7,484,247 B2
`
`1010
`1010
`
`1000
`1000
`
`User opens protected process
`User opens protected process
`
`1020
`1020
`
`
`
`
`
`
`
`
`
`1030
`1030
`
`1040
`1040
`
`1050
`1050
`
`1060
`1060
`
`1070
`1070
`
`1
`
`1st processor (P1) instructs 2nd
`1st processor (P1) instructs 2nd
`processor (P2) to initiate protected
`processor (P2) to initiate protected
`process and open process window
`process and open process window
`
`i
`
`P1 encrypts user interface data and
`P1 encrypts user interface data and
`passes user interface data to P2 when
`passes user interface data to P2 when
`P2 window is selected or active
`P2 window is selected or active
`
`i
`i
`
`P2 generates video data for P2 process
`P2 generates video data for P2 process
`window(s) and passes video data to
`window(s) and passes video data to
`video processor
`video processor
`
`i
`+
`
`Video processor decrypts user interface
`Video processor decrypts user interface
`data and interleaves video data from all
`data and interleaves video data from all
`P1 and P2 processes
`P1 and P2 processes
`
`i
`
`P2 passes encrypted user interface data
`P2 passes encrypted user interface data
`to network interface device
`to network interface device
`
`1
`
`Network interface device decrypts user
`Network interface device decrypts user
`interface data and passes decrypted user
`interface data and passes decrypted user
`interface data to network
`interface data to network
`
`1080
`1080
`
`End
`
`)
`
`Fig. 10
`Fig. 10
`
`Google - Exhibit 1003, page 13
`
`Google - Exhibit 1003, page 13
`
`

`
`US 7,484,247 B2
`US 7,484,247 B2
`
`1
`1
`SYSTEM AND METHOD FOR PROTECTING
`SYSTEM AND METHOD FOR PROTECTING
`A COMPUTER SYSTEM FROM MALICIOUS
`A COMPUTER SYSTEM FROM MALICIOUS
`SOFTWARE
`SOFTWARE
`
`TECHNICAL FIELD
`TECHNICAL FIELD
`
`2
`2
`method for protecting a computer system from malicious
`method for protecting a computer system from malicious
`software.
`software.
`
`CROSS REFERENCE TO RELATED PATENTS
`CROSS REFERENCE TO RELATED PATENTS
`AND APPLICATIONS
`AND APPLICATIONS
`
`5
`
`The present invention relates generally to computer hard
`The present invention relates generally to computer hard-
`ware and software, and more particularly to a system and
`ware and software, and more particularly to a system and
`
`This application is related to the following U.S. patents and
`This application is related to the following U.S. patents and
`applications:
`applications:
`
`U.S. patent or PUB
`U.S. patent or PUB
`Application Number Title
`Application Number Title
`
`5,826,013
`5,826,013
`5,978,917
`5,978,917
`6,735,700
`6,735,700
`6,663,000
`6,663,000
`6,553,377
`6,553,377
`
`6,216,112
`6,216,112
`
`4,890,098
`4,890,098
`5,555,364
`5,555,364
`5,666,030
`5,666,030
`5,995,103
`5,995,103
`
`5,502,808
`5,502,808
`
`5,280,579
`5,280,579
`
`5,918,039
`5,918,039
`
`6,480,198
`6,480,198
`
`6,167,522
`6,167,522
`
`6,199,181
`6,199,181
`
`6,275,938
`6,275,938
`6,321,337
`6,321,337
`
`6,351,816
`6,351,816
`
`6,546,554
`6,546,554
`
`6,658,573
`6,658,573
`6,507,904
`6,507,904
`
`6,633,963
`6,633,963
`
`6,678,825
`6,678,825
`
`5,751,979
`5,751,979
`6,581,162
`6,581,162
`
`6,134,661
`6,134,661
`6,578,140
`6,578,140
`
`Polymorphic virus detection module.
`Polymorphic virus detection module.
`Detection and elimination of macro viruses.
`Detection and elimination of macro viruses.
`Fast virus scanning using session stamping.
`Fast virus scanning using session stamping.
`Validating components of a malware scanner.
`Validating components of a malware scanner.
`System and process for maintaining a plurality of remote security
`System and process for maintaining a plurality of remote security
`applications using a modular framework in a distributed computing
`applications using a modular framework in a distributed computing
`environment.
`environment.
`Method for software distribution and compensation with
`Method for software distribution and compensation with
`replenishable advertisements.
`replenishable advertisements.
`Flexible window management on a computer display.
`Flexible window management on a computer display.
`Windowed computer display.
`Windowed computer display.
`Multiple window generation in computer display.
`Multiple window generation in computer display.
`Window grouping mechanism for creating, manipulating and
`Window grouping mechanism for creating, manipulating and
`displaying windows and window groups on a display screen of a
`displaying windows and window groups on a display screen ofa
`computer system.
`computer system.
`Video graphics display system with adapter for display
`Video graphics display system with adapter for display
`management based upon plural memory sources.
`management based upon plural memory sources.
`Memory mapped interface between host computer and graphics
`Memory mapped interface between host computer and graphics
`system.
`system.
`Method and apparatus for display of windowing application
`Method and apparatus for display of windowing application
`programs on a terminal.
`programs on a terminal.
`Multi-function controller and method for a computer graphics
`Multi-function controller and method for a computer graphics
`display system.
`display system.
`Method and apparatus for providing security for servers executing
`Method and apparatus for providing security for servers executing
`application programs received via a network
`application programs received via a network
`Method and system for maintaining restricted operating
`Method and system for maintaining restricted operating
`environments for application programs or operating systems.
`environments for application programs or operating systems.
`Security enhancement for untrusted executable code.
`Security enhancement for untrusted executable code.
`Method and system for protecting operations of trusted internal
`Method and system for protecting operations of trusted internal
`networks.
`networks.
`System and method for securing a program's execution in a network
`System and method for securing a program’s execution in a network
`environment.
`environment.
`Browser-independent and automatic apparatus and method for
`Browser-independent and automatic apparatus and method for
`receiving, installing and launching applications from a browser on a
`receiving, installing and launching applications from a browser on a
`client computer.
`client computer.
`Protecting resources in a distributed computer system.
`Protecting resources in a distributed computer system.
`Executing isolated mode instructions in a secure system mining in
`Executing isolated mode instructions in a secure system running in
`privilege rings.
`privilege rings.
`Controlling access to multiple memory zones in an isolated
`Controlling access to multiple memory Zones in an isolated
`execution environment.
`execution environment.
`Controlling access to multiple isolated memories in an isolated
`Controlling access to multiple isolated memories in an isolated
`execution environment.
`execution environment.
`Video hardware for protected, multiprocessing systems.
`Video hardware for protected, multiprocessing systems.
`Method for securely creating, storing and using encryption keys in
`Method for securely creating, storing and using encryption keys in
`a computer system.
`a computer system.
`Computer network security device and method.
`Computer network security device and method.
`Personal computer having a master computer system and in internet
`Personal computer having a master computer system and in internet
`computer system and monitoring a condition of said master and
`computer system and monitoring a condition of said master and
`internet computer systems
`internet computer systems
`PUB Application #
`E-mail software and method and system for distributing
`PUB Application # E-mail software and method and system for distributing
`20040054588
`advertisements to client devices that have such e-mail software
`20040054588
`advertisements to client devices that have such e-mail software
`installed thereon.
`installed thereon.
`System and method for comprehensive general generic protection
`System and method for comprehensive general generic protection
`for computers against malicious programs that may steal
`for computers against malicious programs that may steal
`information and/or cause damages.
`information and/or cause damages.
`System and method for providing security to a remote computer
`PUB Application #
`System and method for providing security to a remote computer
`PUB Application #
`over a network browser interface.
`20040006715
`over a network browser interface.
`20040006715
`PUB Application #
`Virus protection in an internet environment.
`PUB Application # Virus protection in an internet environment.
`20030177397
`20030177397
`System and method for protecting computer users from web sites
`PUB Application #
`System and method for protecting computer users from web sites
`PUB Application #
`hosting computer viruses.
`20030097591
`20030097591
`hosting computer viruses.
`PUB Application #
`PUB Application # Malware infection suppression.
`
`Malware infection suppression
`20030023857
`20030023857
`Access control for computers.
`PUB Application #
`PUB Application # Access control for computers.
`20020066016
`20020066016
`
`PUB Application #
`PUB Application #
`20040034794
`20040034794
`
`Inventor(s)
`Inventor(s)
`
`Nachenberg
`Nachenberg
`Chi
`Chi
`Flint, et al
`Flint, et al
`Muttik, et al.
`Muttik, et al.
`Eschelbeck, et al.
`Eschelbeck, et al.
`
`Fuller, et al.
`Fuller, et al.
`
`Dawes, et al.
`Dawes, et al.
`Goldstein
`Goldstein
`Parson
`Parson
`Ashe
`Ashe
`
`Goddard, et al.
`Goddard, et al.
`
`Nye
`Nye
`
`Buswell, et al
`Buswell, et al
`
`Kang
`Kang
`
`Lee, et al.
`Lee, et al.
`
`Rechef, et al.
`Rechef, et al.
`
`Bond, et al.
`Bond, et al.
`Reshef, et al.
`Reshef, et al.
`
`Mueller, et al.
`Mueller, et al.
`
`Schmidt, et al.
`Schmidt, et al.
`
`Bischof, et al
`Bischof, et al
`Ellison, et al.
`Ellison, et al.
`
`Ellison, et al.
`Ellison, et al.
`
`Ellison, et al.
`Ellison, et al.
`
`McCrory
`McCrory
`Angelo, et al.
`Angelo, et al.
`
`Topp
`Topp
`Policard
`Policard
`
`Jacobs, Paul E., et al.
`Jacobs, Paul E., et al.
`
`Mayer, Yaron; et al.
`Mayer, Yaron; et al.
`
`Skrepetos, Nicholas
`Skrepetos, Nicholas
`C.
`C.
`Samman, Ben
`Samman, Ben
`
`Pham, Khai; et al.
`Pham, Khai; et al.
`
`Hinchliffe, Alexander
`Hinchliffe, Alexander
`James; et al.
`James; et al.
`Riordan, James
`Riordan, James
`
`Google - Exhibit 1003, page 14
`
`Google - Exhibit 1003, page 14
`
`

`
`US 7,484,247 B2
`US 7,484,247 B2
`
`3
`
`-continued
`-continued
`
`4
`
`U.S. patent or PUB
`U.S. patent or PUB
`Application Number Title
`Application Number Title
`
`PUB Application #
`Detecting malicious alteration of stored computer ?les.
`PUB Application # Detecting malicious alteration of stored computer files.
`20020174349
`20020174349
`
`Inventor(s)
`Inventor(s)
`
`Wolff, Daniel Joseph;
`Wolff, Daniel Joseph;
`et al.
`et al.
`
`The above-listed US. Patents and US. patent applications
`The above-listed U.S. Patents and U.S. patent applications 10
`are incorporated by reference as if reproduced herein in their
`are incorporated by reference as if reproduced herein in their
`entirety.
`entirety.
`
`BACKGROUND
`BACKGROUND
`
`15
`
`The very popular and ubiquitous rise of the ‘personal’
`The very popular and ubiquitous rise of the 'personal'
`computer system as an essential business tool and home
`computer system as an essential business tool and home
`appliance, together with the exponential growth of the Inter
`appliance, together with the exponential growth of the Inter-
`net as a means of providing information flows across a wide
`net as a means of providing information ?ows across a wide
`variety of connected computing devices, has changed the way
`variety of connected computing devices, has changed the way 20
`20
`people live and work. Information in the form of data ?les and
`people live and work. Information in the form of data files and
`executable software programs regularly flows across the
`executable software programs regularly ?ows across the
`planetary wide system of interconnected computers and data
`planetary wide system of interconnected computers and data
`storage devices.
`storage devices.
`Popular and ubiquitous computer hardware and software
`Popular and ubiquitous computer hardware and software 25
`25
`architectures have typically been designed to allow for open
`architectures have typically been designed to allow for open
`interconnection via, for example, the internet, a VPN, a LAN,
`interconnection via, for example, the internet, a VPN, a LAN,
`or a WAN, with information often capable of being freely
`or a WAN, with information often capable of being freely
`shared between the interconnected computers. This open
`shared between the interconnected computers. This open
`interconnection architecture has contributed to the adoption
`interconnection architecture has contributed to the adoption 30
`30
`and mainstream usage of these computers and the subsequent
`and mainstream usage of these computers and the subsequent
`interconnection of vast networks of computers. This easy to
`interconnection of vast networks of computers. This easy to
`use system has given rise to the explosive popularity of appli
`use system has given rise to the explosive popularity of appli-
`cations such as email, internet browsing, search engines,
`cations such as email, internet browsing, search engines,
`interactive gaming, instant messaging, and many, many more. 35
`interactive gaming, instant messaging, and many, many more.
`35
`Although there are definite benefits to this open intercon-
`Although there are de?nite bene?ts to this open intercon
`nection architecture, a lack of security against unwanted
`nection architecture, a lack of security against unwanted
`incursions into the computers main processing and non-vola
`incursions into the computers main processing and non-vola-
`tile memory space has emerged as a significant problem. An
`tile memory space has emerged as a signi?cant problem. An
`aspect of some current computer architectures that has con- 40
`aspect of some current computer architectures that has con
`40
`tributed to the security problem is that by default programs
`tributed to the security problem