ry
`ce-)
`
`1.
`
`2.
`
`3.
`
`PTOISB/05 (04-04)
`Approved for use through 07/31f2006. OMB 0651-0032
`U.S. Patent and Trademark Office. U.S. DEPARTMENT OF COMMERCE
`persons are required to respond to a collection of information unless it displays a valid OMB control number.
`Under the Paperwork Reduction Act of 1995, no
`ARAc.-
`UTILITY
`PATENT APPLICATION
`TRANSMITTAL
`(Only for new nonprovisional applications under 37 CFR 1.53(b))
`
`Attorney Docket No.
`
`First Inventor
`
`Rozman
`
`APPLICATION ELEMENTS
`See MPEP chapter 600 concerning utility patent application contents.
`
`ADDRESS TO:
`
`C
`I-
`0
`G
`
`.itle.tko1 fir. frofej.,
`Sys1-ew--
`9
`Title
`c cr.......put.cr Sy 514
`.1-xi-hot‘#
`Express Mail Label No. /s" 81/8 S'314
`commissioner for Patents
`P.O.
`Box 1450
`Alexandria VA 22313.1450
`
`1 1
`
`/
`
`/
`
`Fee Transmittal Form (e.g., PTO/SB/17)
`(Submit an original and a duplicate for fee processing)
`Applicant claims small entity status.
`See 37 CFR 1.27.
`[Total Pages
`/Specification
`(preferred arrangement set forth below)
`- Descriptive title of the invention
`- Cross Reference to Related Applications
`- Statement Regarding Fed sponsored R & D
`- Reference to sequence listing, a table,
`or a computer program listing appendix
`- Background of the Invention
`- Brief Summary of the Invention
`- Brief Description of the Drawings (if filed)
`- Detailed Description
`- Claim(s)
`- Abstract of the Disclosure
`
`3
`
`1
`
`1
`
`7. q
`
`CD-ROM or CD-R in duplicate, large table or
`Computer Program (Appendix)
`- 8. Nucleotide and/or Amino Acid Sequence Submission
`(if appLcable, all necessary)
`
`a. Li Computer Readable Form (CRF)
`
`(
`
`i
`.
`
`b.
`
`Specification Sequence Listing on:
`
`i
`
`
`
`I. CD-ROM or CD -R (2 copies); or
`
`ii. q
`
`Paper
`
`Statements verifying identity of above copies
`c. q
`ACCOMPANYING APPLICATION PARTS
`
`11. q
`12. i
`
`Assignment Papers (cover sheet & document(s))
`9. q
`10. IIII 37 CFR 3.73(b) Statement a Power of
`(when there is an assignee)
`Attorney
`English Translation Document (if Applicable)
`Information Disclosure
`GU Copies of IDS
`Statement (IDS)IPT0-1449
`Citations
`13. III Preliminary Amendment
`14. q
`Return Receipt Postcard (MPEP 503)
`(Should be specifically itemized)
`Certified Copy of Priority Document(s)
`(if foreign priority is claimed)
`Nonpublication Request under 35 U.S.C. 122
`(b)(2)(8)(i). Applicant must attach form PTO/SB/35
`or its equivalent.
`Othe r:
`
`15. q
`
`16. q
`
`...
`
`
`17 in. .
`
`4. i Drawing(s) (35 U.S.C. 113)
`
`[Total Sheets
`
`/I
`
`[Total Sheets
`5. Oath or Declaration
`a.
`Newly executed (original or copy)
`/
`
`b. q Copy from a prior application (37 CFR 1.63(d))
`(for continuation/divisional with Box 18 completed)
`
`i.
`
`DELETION OF INVENTOR(S)
`Signed statement attached deleting inventor(s)
`name in the prior application, see 37 CFR
`1.63(d)(2) and 1.33(b).
`
`6. 1511
`
`Application Data Sheet. See 37 CFR 1.76
`
`18. If a CONTINUING APPLICATION, check appropriate box, and supply the requisite information below and in the first sentence of the
`specification following the title, or in an Application Data Sheet under 37 CFR 1.76:
`
`q Continuation
`
`Divisional
`
`1111 Continuation-in-part (CIP)
`
`of prior application No.:
`
`Art Unit:
`Examiner
`Prior application information:
`For CONTINUATION OR DIVISIONAL APPS only; The entire disclosure of the prior application, from which an oath or declaration is supplied under Box
`6b, is considered a part of the disclosure of the accompanying continuation or divisional application and is hereby incorporated by reference.
`The incorporation can only be relied upon when a portion has been Inadvertently omitted from the submitted application parts.
`19. CORRESPONDENCE ADDRESS
`
`q Customer Number:
`
`Name
`
`Address
`
`Allen F Rozman
`735 Mockingbird Dr
`
`City
`Country
`
`Murphy
`USA
`Name (Print/Type) Allen F Rozman
`•
`
`Signature
`
`A P.P...„4,---
`
`OR
`
`
`
`address below i Correspondence
`
`State Texas
`Telephone 972-384-1887
`I Registration No. (Attorney/Agent) 41280
`Date 8 _7 _4,y
`
`Zip Code 75094
`Fax
`NA
`
`.
`
`Google - Exhibit 1004, page 1
`
`This collection of information is required by 37 CFR 1.53(b). The information is required to obtain or retain a benefit by the public which is to file (and by the
`USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated to take 12 minutes to complete,
`including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any comments
`on the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent
`and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1460, Alexandria, VA 22313-1460.
`If you need assistance in completing the form, call 1-800-PTO-9199 and select option 2.
`
`Google - Exhibit 1004, page 1
`
`q
`

`
`00
`—a.
`
`8 FEE TRANSMITTAL
`for FY 2004
`
`
`Effective 10/01/2003. Patent fees are subject
`to annual revision.
`
`i Applicant claims small entity status. See 37 CFR 1.27
`
``TOTAL AMOUNT OF PAYMENT
`
`($) -S-6S, 60
`
`PTO/S13/17 (10-03)
`Approved for use through 07/31/2006. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Cl) Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information
`
`number
`K:3
`Complete if Known
`Application Number
`Filing Date
`First Named Inventor Rozman
`Examiner Name
`Art Unit
`Attorney Docket No.
`
`AR Ac - 0 1
`FEE CALCULATION (continued)
`3. ADDITIONAL FEES
`
`La .e End
`Small En
`Fee
`Fee Fee
`Fee
`Code (5)
`Code (5)
`1051 130 2051
`65 Surcharge - late filing fee or oath
`1052
`50 2052
`25 Surcharge - late provisional filing fee or
`cover sheet
`130 Non-English specification
`1053 130 1053
`1812 2,520 1812 2,520 For filing a request for ex parte reexamination
`1804
`920* 1804 92V Requesting publication of SIR prior to
`Examiner action
`1805 1,840* 1805 1,840* Requesting publication of SIR after
`Examiner action
`110 2251
`1251
`55 Extension for reply within first month
`210 Extension for reply within second month
`420
`1252
`2252
`950
`1253
`475 Extension for reply within third month
`2253
`1254 1,480 2254
`740 Extension for
`reply within
`
`fourth month
`2255 1,005 Extension for reply within fifth month
`1255 2,010
`Utility filing fee
`1401
`330 2401
`165 Notice of Appeal
`Design filing fee
`1402
`330
`2402
`165 Filing a brief in support of an appeal
`Plant filing fee
`145 Request for oral hearing
`1403
`290
`2403
`Reissue filing fee
`1451 1,510 1451 1,510 Petition to institute a public use proceeding
`Provisional filing fee
`1452
`110
`2452
`55 Petition to revive - unavoidable
`
`SUBTOTAL (1)
`($)
`385
`1453 1,330 2453
`
`665 Petition to revive - unintentional
`2. EXTRA CLAIM FEES FOR UTILITY AND REISSUE
`1501 1,330 2501
`665 Utility issue fee (or reissue)
`Fee from
`balm Fee Paid,
`E
`Claims
`1502
`480 2502
`240 Design issue fee
`,
`x I
`1 4 0
`I
`-
`20" =
`1503
`640 2503
`320 Plant issue fee
`X
`4o
`I 1460
`- 3" =
`130 1460
`130 Petitions to the Commissioner
`10
`I 1807
`50
`1807
`50 Processing fee under 37 CFR 1.17(q)
`1806
`180
`1806 180 Submission of Information Disclosure Stmt
`40 Recording each patent assignment per
`property (times number of properties)
`385 Filing a submission after final rejection
`(37 CFR 1.129(a))
`2810 385 For each additional invention to be
`examined (37 CFR 1.129(b))
`385 Request for Continued Examination (RCE)
`900 Request for expedited examination
`of a design application
`
`I
`
`Fee Paid
`
`180
`
`
`
`Fee Description
`
`8021
`
`40
`
`8021
`
`1809
`
`770
`
`2809
`
`1810
`
`770
`
`1801 770 2801
`1802
`900 1802
`
`METHOD OF PAYMENT (check all that apply)
`Check 1 Credit card D Money
`
`Other
`
`None
`
`Order
`
`EICharge
`
`Deposit Account:
`Deposit
`Account
`Number
`Deposit
`Account
`Name
`The Director Is authorized to: (check
`
`all that apply)
`12
`
`Credit any overpayments
`fee(s) indicated below
`
`
`.1 Charge any additional fee(s) or any underpayment of fee(s)
`Charge fee(s) indicated below, except for the filing fee
`to the above
`-identified
`
`deposit account.
`FEE CALCULATION
`1. BASIC FILING FEE
`Large Entity Small Entity
`Fee Fee
`ee Fee
`Code
`o e
`1001 770
`2001 385
`1002 340
`2002 170
`1003 530
`2003 265
`1004 770
`2004 385
`1005 160
`2005
`80
`
`Fee Description
`
`Fee Paid
`
`385
`
`20
`Total Claims
`3
`Independent
`Claims
`Multiple Dependent
`
`Fee Description
`
`1205
`
`18
`
`2205
`
`9
`
`La e EntitySm II E •
`Fee Fee
`Fee Fee
`Code (5)
`Code (5)
`9 Claims in excess of 20
`1202
`18
`2202
`43 Independent claims in excess of 3
`1201
`2201
`86
`1203 290
`2203 145 Multiple dependent claim, if not paid
`
`** Reissue independent claims
`1204
`43
`86
`2204
`over original patent
`** Reissue claims in excess of 20
`and over original patent
`
`0 ($)
`SUBTOTAL (2)
`**or number previously paid, if greater; For Reissues, see above
`
`Other fee (specify)
`*Reduced by Basic Filing Fee Paid
`
`SUBTOTAL (3)
`
`($) 180
`
`I Registration No.
`fAttomey/Acent) 141280
`
`•
`SUBMITTED BY
`Name (Print/Type)
`
`* Signature
`
`(Complete (if applicable))
`Telephone 972-384-1887
`Allen F Rozman
`1 e- 7- 04i
`/k I= ac.,,, w.,..,...—_____
`Date
`WARNING: Information on this form may become public. Credit card information should not
`be included on this form. Provide credit card information and authorization on PTO-2038.
`This collection of information is required by 37 CFR 1.17 and 1.27. The information is required to obtain or retain a benefit by the public which is to file (and by the
`USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated to take 12 minutes to complete,
`including gathering, preparing, and submitting the completed application form to the USPTO. lime will vary depending upon the individual case. Any comments on
`the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent and
`Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS.
`SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
`Google - Exhibit 1004, page 2
`If you need assistance in completing the form, call 1-800-PTO-9199 and select option 2.
`
`Google - Exhibit 1004, page 2
`
`

`
`PTO/SB/06 (08-03)
`Approved for use through 7/31/2006. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
`PATENT APPLICATION FEE DETERMINATION RECORD
`Application or Docket Number
`Substitute for Form PTO-875
`AK A< -6 1
`
`CLAIMS AS FILED - PART I
`(Column 1)
`
`(Column 2)
`
`SMALL ENTITY
`
`OR
`
`OTHER THAN
`SMALL ENTITY
`
`NUMBER FILED
`
`NUMBER EXTRA
`
`RATE
`
`FEE
`
`RATE
`
`FEE
`
`FOR
`BASIC FEE
`(37 CFR 1.16(a))
`TOTAL CLAIMS
`(37 CFR 1.16(c))
`INDEPENDENT CLAIMS
`(37 CFR 1.16(b))
`
`385'
`0
`
`minus 20 =
`
`3 minus 3 =
`
`MULTIPLE DEPENDENT CLAIM PRESENT
`
`(37 CFR 1.16(d))
`
`-S38 ---
`
`$
`
`X $_=
`
`o
`
`x$
`
`+$
`
`= 0
`a
`
`=
`
`OR
`
`OR
`
`OR
`
`OR
`
`X $
`
`X $_=
`
`• If the difference in column 115 less than zero, enter '0 in column 2.
`
`TOTAL
`
` OR
`
`TOTAL
`
`CLAIMS AS AMENDED - PART II
`
`(Column 1)
`CLAIMS
`REMAINING
`AFTER
`AMENDMENT
`•
`
`•
`
`Total
`(37 CFR 1.16(c))
`Independent
`(37 CFR 1.16(b))
`
`HIGHEST
`NUMBER
`PREVIOUSLY
`PAID FOR
`
`Minus
`
`tr.
`
`Minus
`
`(Column 2)
`
`(Column 3)
`
`SMALL ENTITY
`
`OR
`
`OTHER THAN
`SMALL ENTITY
`
`PRESENT
`EXTRA
`
`RATE
`
`ADDI-
`TIONAL
`FEE
`
`RATE
`
`ADDI-
`TIONAL
`FEE
`
`FIRST PRESENTATION OF MULTIPLE DEPENDENT CLAIM
`
`(37 CFR 1.16(d))
`
`X$
`
`X$
`
`=
`
`=
`
` =
`
`OR
`
`OR
`
`OR
`
`X $
`
`X $
`
`$
`
`AMENDMENT A
`
`+$
`TOTAL
`ADD'L FEE
`
`I
`
`
`
`OR
`
`TOTAL
`ADD'L FEE
`
`RATE
`
`ADDI-
`TIONAL
`FEE
`
`RATE
`
`ADDI-
`TIONAL
`FEE
`
`'.-X $
`
`X $
`
`=
`
`=
`
`=
`
`+$
`TOTAL
`ADD'L FEE
`
`OR
`
`X
`
`OR
`
`OR
`
`OR
`
`$
`
`+$
`TOTAL
`ADD'L FEE
`
`RATE
`
`ADDI-
`TIONAL
`FEE
`
`RATE
`
`ADDI-
`TIONAL
`FEE
`
`X$
`
`X $
`
`=
`
`=
`
`=
`
`+$
`TOTAL
`ADD'L FEE
`
`OR
`
`OR
`
`OR
`
`OR
`
`
`
`X$_
`
`$
`
`+ $
`TOTAL
`ADD'L FEE
`
`(Column 1)
`CLAIMS
`REMAINING
`AFTER
`AMENDMENT
`•
`
`•
`
`Minus
`
`Minus
`
`Total
`(37 CFR 1.16(e))
`Independent
`(37 CFR 1.16(b))
`
`(Column 2)
`HIGHEST
`NUMBER
`PREVIOUSLY
`PAID FOR
`
`(Column 3)
`
`PRESENT
`EXTRA
`
`FIRST PRESENTATION OF MULTIPLE DEPENDENT CLAIM
`
`(37 CFR 1.16(d))
`
`(Column 1)
`CLAIMS
`REMAINING
`AFTER
`AMENDMENT
`•
`
`Column 2)
`HIGHEST
`NUMBER
`PREVIOUSLY
`PAID FOR
`''•
`
`Minus
`
`Minus
`
`•••
`
`(Column 3
`
`PRESENT
`EXTRA
`
`=
`
`=
`
`Total
`(37 CFR 1.16(c))
`Independent
`(37 CFR 1.16(3))
`
`FIRST PRESENTATION OF MULTIPLE DEPENDENT CLAIM
`
`(37 CFR 1.16(d))
`
`AMENDMENT B
`
`1 AMENDMENT C
`
`* If the entry in column 1 is less than the entry in column 2, write '0 in column 3.
`•• If the 'Highest Number Previously Paid For IN THIS SPACE is less than 20, enter '20 .
`••• If the 'Highest Number Previously Paid For IN THIS SPACE is less than 3, enter '3 .
`The 'Highest Number Previously Paid For (Total or Independent) is the highest number found in the appropriate box in column 1.
`This collection of information is required by 37 CFR 1.16. The information is required to obtain or retain a benefit by the public which is to file (and by the
`USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated to take 12 minutes to complete,
`including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any comments
`on the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent
`and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1460, Alexandria, VA 22313-1450.
`
`If you need assistance in completing the form, call 1-800-PTO-9199 and select option 2
`
`Google - Exhibit 1004, page 3
`
`Google - Exhibit 1004, page 3
`
`

`
`System and Method for Protecting a Computer System from Malicious
`Software
`
`TECHNICAL FIELD
`
`[0001]
`
`The present invention relates generally to computer hardware and software, and
`
`more particularly to a system and method for protecting a computer system from malicious
`
`software.
`
`CROSS REFERENCE TO RELATED PATENTS AND APPLICATIONS
`
`[0002]
`
`This application is related to the following U.S. patents and applications:
`
`U.S. Patent or PUB
`
`Application Number
`
`Title
`
`Inventor(s)
`
`5,826,013
`
`5,978,917
`
`6,735,700
`
`6,663,000
`
`6,553,377
`
`6,216,112
`
`4,890,098
`
`5,555,364
`
`5,666,030
`
`Polymorphic virus detection module.
`
`Detection and elimination of macro viruses.
`
`Fast virus scanning using session stamping.
`
`Validating components of a malware scanner.
`
`System and process for maintaining a plurality of remote security
`applications using a modular framework in a distributed computing
`environment.
`
`Nachenberg
`
`Chi
`
`Flint , et al
`
`Muttik , et al.
`
`Eschelbeck , et al.
`
`Method for software distribution and compensation with
`replenishable advertisements.
`
`Fuller, et al.
`
`Flexible window management on a computer display.
`
`Dawes , et al.
`
`Windowed computer display.
`
`Multiple window generation in computer display.
`
`Goldstein
`
`Parson
`
`ARAC-01 US 2004
`
`-1-
`
`Google - Exhibit 1004, page 4
`
`Google - Exhibit 1004, page 4
`
`

`
`5,995,103
`
`Window grouping mechanism for creating, manipulating and
`
`Ashe
`
`displaying windows and window groups on a display screen of a
`computer system.
`
`5,502,808
`
`Video graphics display system with adapter for display
`
`Goddard , et al.
`
`management based upon plural memory sources.
`
`5,280,579
`
`Memory mapped interface between host computer and graphics
`
`Nye
`
`system.
`
`5,918,039
`
`Method and apparatus for display of windowing application
`
`Buswell , et al
`
`programs on a terminal.
`
`6,480,198
`
`Multi-function controller and method for a computer graphics
`display system.
`
`Kang
`
`6,167,522
`
`Method and apparatus for providing security for servers executing
`
`Lee , et al.
`
`application programs received via a network
`
`6,199,181
`
`6,275,938
`
`6,321,337
`
`6,351,816
`
`6,546,554
`
`6,658,573
`
`6,507,904
`
`6,633,963
`
`6,678,825
`
`Method and system for maintaining restricted operating
`environments for application programs or operating systems.
`
`Security enhancement for untrusted executable code.
`
`Method and system for protecting operations of trusted internal
`networks.
`
`Rechef , et al.
`
`Bond , et al.
`
`Reshef , et al.
`
`System and method for securing a program's execution in a network
`environment.
`
`Mueller , et al.
`
`Browser-independent and automatic apparatus and method for
`receiving, installing and launching applications from a browser on a
`client computer.
`
`Schmidt , et al.
`
`Protecting resources in a distributed computer system.
`
`Executing isolated mode instructions in a secure system running in
`privilege rings.
`
`Controlling access to multiple memory zones in an isolated
`execution environment.
`
`Controlling access to multiple isolated memories in an isolated
`execution environment.
`
`Bischof , et al
`
`Ellison , et al.
`
`Ellison , et al.
`
`Ellison , et al.
`
`ARAC-01 US 2004
`
`-2-
`
`Google - Exhibit 1004, page 5
`
`Google - Exhibit 1004, page 5
`
`

`
`5,751,979
`
`6,581,162
`
`6,134,661
`
`6,578,140
`
`Video hardware for protected, multiprocessing systems.
`
`McCrory
`
`Method for securely creating, storing and using encryption keys in
`
`Angelo , et al.
`
`a computer system.
`
`Computer network security device and method.
`
`Topp
`
`Personal computer having a master computer system and in internet
`
`Policard
`
`computer system and monitoring a condition of said master and
`
`internet computer systems
`
`PUB Application #
`
`E-mail software and method and system for distributing
`
`Jacobs, Paul E., et al.
`
`20040054588
`
`advertisements to client devices that have such e-mail software
`
`installed thereon.
`
`PUB Application #
`
`20040034794
`
`System and method for comprehensive general generic protection
`for computers against malicious programs that may steal
`
`Mayer, Yaron ; et al.
`
`information and/or cause damages.
`
`PUB Application #
`
`System and method for providing security to a remote computer
`
`Skrepetos, Nicholas
`
`20040006715
`
`over a network browser interface.
`
`PUB Application #
`
`Virus protection in an internet environment.
`
`20030177397
`
`C.
`
`Samman, Ben
`
`PUB Application #
`
`20030097591
`
`System and method for protecting computer users from web sites
`hosting computer viruses.
`
`Pham, Khai ; et al.
`
`PUB Application #
`
`Malware infection suppression.
`
`20030023857
`
`PUB Application #
`
`Access control for computers.
`
`20020066016
`
`Hinchliffe, Alexander
`
`James ; et al.
`
`Riordan, James
`
`PUB Application #
`
`Detecting malicious alteration of stored computer files.
`
`Wolff, Daniel Joseph
`
`20020174349
`
`; et al.
`
`[0003]
`
`The above-listed U.S. Patents and U.S. Patent applications are incorporated by
`
`reference as if reproduced herein in their entirety.
`
`ARAC-01 US 2004
`
`-3-
`
`Google - Exhibit 1004, page 6
`
`Google - Exhibit 1004, page 6
`
`

`
`BACKGROUND
`
`[0004]
`
`The very popular and ubiquitous rise of the 'personal' computer system as an
`
`essential business tool and home appliance, together with the exponential growth of the Internet
`
`as a means of providing information flows across a wide variety of connected computing
`
`devices, has changed the way people live and work. Information in the form of data files and
`
`executable software programs regularly flows across the planetary wide system of interconnected
`
`computers and data storage devices.
`
`[0005]
`
`Popular and ubiquitous computer hardware and software architectures have typically
`
`been designed to allow for open interconnection via, for example, the internet, a VPN, a LAN, or
`
`a WAN, with information often capable of being freely shared between the interconnected
`
`computers. This open interconnection architecture has contributed to the adoption and
`
`mainstream usage of these computers and the subsequent interconnection of vast networks of
`
`computers. This easy to use system has given rise to the explosive popularity of applications
`
`such as email, internet browsing, search engines, interactive gaming, instant messaging, and
`
`many, many more.
`
`[0006]
`
`Although there are definite benefits to this open interconnection architecture, a lack
`
`of security against unwanted incursions into the computers main processing and non-volatile
`
`memory space has emerged as a significant problem. An aspect of some current computer
`
`architectures that has contributed to the security problem is that by default programs are typically
`
`allowed to interact with and/or alter other programs and data files, including critical operating
`
`system files, such as the windows registry, for example. Current open interconnection
`
`architectures have opened the door to a new class of unwanted malicious software generally
`
`known a malware. This malware is capable of infiltrating any computer system which is
`
`ARAC-01 US 2004
`
`-4-
`
`Google - Exhibit 1004, page 7
`
`Google - Exhibit 1004, page 7
`
`

`
`connected to a network of interconnected computer systems. Malware is comprised of, but not
`
`limited to, classes of software files known as viruses, worms, Trojan horses, browser hijackers,
`
`adware, spyware, pop-up windows, data miners, etc. Such malware attacks are capable of
`
`stealing data by sending user keystrokes or information stored on a user's computer back to a
`
`host, changing data or destroying data on personal computers and/or servers and/or other
`
`computerized devices, especially through the Internet. In the least, these items represent a
`
`nuisance that interferes with the smooth operation of the computer system, and in the extreme,
`
`can lead to the unauthorized disclosure of confidential information stored on the computer
`
`system, significant degradation of computer system performance, or the complete collapse of
`
`computer system function.
`
`[0007]
`
`Malware has recently become much more sophisticated and much more difficult for
`
`users to deal with. Once resident on a computer system, many malware programs are designed
`
`to protect themselves from deletion. For example, some malware programs comprise a pair of
`
`programs running simultaneously, with each program monitoring the other for deletion. If one of
`
`the pair of programs is deleted, the other program installs a replacement within milliseconds. In
`
`another example, some malware will run as a Windows program with a .dlls extension, which
`
`Windows may not allow a user to delete while it is executing. Malware may also reset a user's
`
`browser home page, change browser settings, or hijack search requests and direct such requests
`
`to another page or search engine. Further, the malware is often designed to defeat the user's
`
`attempts to reset the browser settings to their original values. In another example, some malware
`
`programs secretly record user input commands (such as keystrokes), then send the information
`
`back to a host computer. This type of malware is capable of stealing important user information,
`
`such as passwords, credit account numbers, etc.
`
`ARAC-01 US 2004
`
`-5-
`
`Google - Exhibit 1004, page 8
`
`Google - Exhibit 1004, page 8
`
`

`
`[00081
`
`Many existing computers rely on a special set of instructions which define an
`
`operating system (0/S) in order to provide an interface for computer programs and computer
`
`components such as the computer's memory and central processing unit (CPU). Many current
`
`operating systems have a multi-tasking capability which allows multiple computer programs to
`
`run simultaneously, with each program not having to wait for termination of another in order to
`
`execute instructions. Multi-tasking 0/S's allow programs to execute simultaneously by allowing
`
`programs to share resources with other programs. For example, an operating system running
`
`multiple programs executing at the same time allows the programs to share the computer's CPU
`
`time. Programs which run on the same system, even if not simultaneously with other programs,
`
`share space on the same nonvolatile memory storage medium. Programs which are executing
`
`simultaneously are presently able to place binaries and data in the same physical memory at the
`
`same time, limited to a certain degree by the 0/S restrictions and policy, to the extent that these
`
`are properly implemented. Memory segments are shared by programs being serviced by the 0/S,
`
`in the same manner. 0/S resources, such as threads, process tables and memory segments, are
`
`shared by programs executing simultaneously as well.
`
`100091
`
`While allowing programs to share resources has many benefits, there are resulting
`
`security related ramifications, particularly regarding malware programs. Security problems
`
`include allowing the malware program: to capitalize CPU time, leaving other programs with little
`
`or no CPU time; to read, forge, write, delete or otherwise corrupt files created by other programs;
`
`to read, forge, write, delete or otherwise corrupt executable files of other programs, including the
`
`0/S itself; and to read and write memory locations used by other programs to thus corrupt
`
`execution of those programs.
`
`ARAC-01 US 2004
`
`-6-
`
`Google - Exhibit 1004, page 9
`
`Google - Exhibit 1004, page 9
`
`

`
`[0010]
`
`In the case of a computer connected to the Internet, the computer may run an O/S,
`
`with several user applications, together comprising a known and trusted set of programs,
`
`concurrently with an Internet browser, possibly requiring the execution of downloaded code,
`
`such as Java applets, or EXE/COM executables, with the latter programs possibly containing
`
`malware. Many security features and products are being built by software manufacturers and by
`
`0/S programmers to prevent malware infiltrations from taking place, and to ensure the correct
`
`level of isolation between programs. Among these are architectural solutions such as rings-of-
`
`protection in which different trust levels are assigned to memory portions and tasks, paging
`
`which includes mapping of logical memory into physical portions or pages, allowing different
`
`tasks to have different mapping, with the pages having different trust levels, and segmentation
`
`which involves mapping logical memory into logical portions or segments, each segment having
`
`its own trust level wherein each task may reference a different set of segments. Since the sharing
`
`capabilities using traditional operating systems are extensive, so are the security features.
`
`However, the more complex the security mechanism is, the more options a malware practitioner
`
`has to bypass the security and to hack or corrupt other programs or the 0/S itself, sometimes
`
`using these very features that allow sharing and communication between programs to do so.
`
`[0011]
`
`Further, regarding malware programs, for virtually every software security
`
`mechanism, a malware practitioner has found a way to subvert, or hack around, the security
`
`system, allowing a malware program to cause harm to other programs in the shared environment.
`
`This includes every operating system and even the Java language, which was designed to create a
`
`standard interface, or sandbox, for Internet downloadable programs or applets.
`
`[0012]
`
`Major vulnerabilities of existing computer systems lies in the architectures of the
`
`computer system and of the operating system itself. A typical multi-tasking 0/S environment
`
`ARAC-01 US 2004
`
`-7-
`
`Google - Exhibit 1004, page 10
`
`Google - Exhibit 1004, page 10
`
`

`
`includes an 0/S kernel loaded in the computer random access memory (RAM) at start-up of the
`
`computer. The 0/S kernel is a minimal set of instructions which loads and off-loads resources
`
`and resource vectors into RAM as called upon by individual programs executing on the
`
`computer. Sometimes, when two or more executing programs require the same resource, such as
`
`printer output, for example, the 0/S kernel leaves the resource loaded in RAM until all programs
`
`have finished with that resource. Other resources, such as disk read and write, are left in RAM
`
`while the operating system is running because such resources are more often used than others.
`
`The inherent problem with existing architectures is that resources, such as RAM, or a hard disk,
`
`are shared by programs simultaneously, giving a malware program a conduit to access and
`
`corrupt other programs, or the 0/S itself through the shared resource. Furthermore, as many
`
`application programs are of a general nature, many features are enabled by default or by the 0/S,
`
`thus in many cases bypassing the 0/S security mechanism. Such is the case when a device driver
`
`or daemon is run by the 0/S in kernel mode, which enables it unrestricted access to many if not
`
`all the resources.
`
`[0013]
`
`The most common state-of the-art solutions for preventing malware infiltration are
`
`software based, such as blockers, sweepers and firewalls, for example, and hardware based
`
`solutions such as router/firewalls. Examples of software designed to counter malware are Norton
`
`Systems Works, distributed by the Symantec Corporation, Ad-aware, distributed by the Lavasoft
`
`Corporation of Sweeden, Spy Sweeper, distributed by the Webroot Software Corporation,
`
`Spyware Guard, distributed by Javacool Software LLC, among others. Currently there are a
`
`plethora of freeware, shareware and purchased software programs designed to counter malware
`
`by a variety of means. Such anti-malware programs are limited because they can only detect
`
`ARAC-01 US 2004
`
`-8-
`
`Google - Exhibit 1004, page 11
`
`Google - Exhibit 1004, page 11
`
`

`
`known malware that has already been identified (usually after the malware has already attacked
`
`one or more computers).
`
`[0014]
`
`Network firewalls are typically based on packet filtering, which is limited in
`
`principle, since the rules determining which packets to accept and which to reject may contain
`
`subjective decisions based on trusting known sites or known applications. However, once
`
`security is breached for any reason (for example, due to a software or hardware error, a new
`
`piece of malware unrecognized by the anti-malware program or firewall, or an intended
`
`deception), a malicious application may take over the computer or server or possibly the entire
`
`network and create unlimited damages (directly or indirectly by opening the door to additional
`
`malicious applications).
`
`[0015]
`
`The methods in the prior art are typically comprised of embedded software
`
`countermeasures that detect and filter unwanted intrusions in real time, or scan the computer
`
`system either at the direction of a user or as a scheduled event. Two problems arise from these
`
`methods. In the first instance, a comprehensive scan, detect, and elimination of malware from
`
`desired incoming data streams could significantly slow or preclude the interactive nature of
`
`many applications such a gaming, messaging, and browsing. In the second instance, newly
`
`implemented software screens may be quickly circumvented by malware practitioners who are
`
`determined to pass their files through the screen. Newly discovered malware leads to the
`
`development of additional screens, which lead to more malware, etc., thus creating an escalating
`
`cycle of measure, countermeasure. The basic flaw is that all incoming executable data files must
`
`be resident on the computers main processor to perform their desired function. Once resident on
`
`that processor, access may be gained to non-volatile memory and other basic computer system
`
`ARAC-01 US 2004
`
`-9-
`
`Google - Exhibit 1004, page 12
`
`Google - Exhibit 1004, page 12
`
`

`
`elements. Malware exploits this key architectural flaw to infiltrate and compromise computer
`
`systems.
`
`[0016]
`
`The majority of these applications rely upon a scanning engine which searches
`
`suspect files for the presence of predetermined malware signatures. These signatures are held in
`
`a database which must be constantly updated to reflect the most recently identified malware.
`
`Typically, users regularly download replacement databases, either over the Internet, from a
`
`received e-mail, or from a CDROM or floppy disc. Users are also expected to update their
`
`software engines every so often in order to take advantage of new virus detection techniques
`
`(e.g. which may be required when a new strain of malware is detected).
`
`[0017]
`
`Many of the afor