US008677494B2
`
`(12) United States Patent
`Edery et a].
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 8,677,494 B2
`*Mar. 18, 2014
`
`(54)
`
`(75)
`
`MALICIOUS MOBILE CODE RUNTIME
`MONITORING SYSTEM AND METHODS
`
`Inventors: Yigal Mordechai Edery, Pardesia (IL);
`Nirmrod Itzhak Vered, Goosh
`Tel-Mond (IL); David R. Kroll, San
`Jose, CA (US); Shlomo Touboul,
`Kefar-Haim (IL)
`
`(73)
`
`Assignee: Finjan, Inc., Wilmington, DE (US)
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`This patent is subject to a terminal dis
`claimer.
`
`(21)
`
`(22)
`
`(65)
`
`(63)
`
`(51)
`
`(52)
`
`(58)
`
`Appl. No.: 13/290,708
`
`Filed:
`
`Nov. 7, 2011
`
`Prior Publication Data
`
`US 2012/0117651A1
`
`May 10, 2012
`
`Related US. Application Data
`
`Continuation of application No. 12/471,942, ?led on
`May 26, 2009, now Pat. No. 8,079,086, which is a
`(Continued)
`
`(2006.01)
`(2006.01)
`(2006.01 )
`
`Int. Cl.
`H04L 29/06
`G06F 11/30
`G06F 15/16
`US. Cl.
`USPC ........................................... .. 726/24; 713/175
`Field of Classi?cation Search
`None
`See application ?le for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,562,305 A
`5,077,677 A
`
`12/1985 Gaffney, Jr.
`12/1991 Murphy et al.
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`
`7/1994
`0636977
`7/2000
`1021276
`(Continued)
`OTHER PUBLICATIONS
`
`Zhong, et 211., “Security in the Large: is Java’s Sandbox Scalable7,”
`Seventh IEEE Symposium on Reliable Distributed Systems, pp. 1-6,
`Oct. 1998.
`
`(Continued)
`Primary Examiner * Christopher Revak
`(74) Attorney, Agent, or Firm * Bey & Cotropia PLLC
`(57)
`ABSTRACT
`Protection systems and methods provide for protecting one or
`more personal computers (“PCs”) and/ or other intermittently
`or persistently network accessible devices or processes from
`undesirable or otherwise malicious operations of Java TN
`applets, ActiveXTM controls, JavaScriptTM scripts, Visual
`Basic scripts, add-ins, downloaded/uploaded programs or
`other “Downloadables” or “mobile code” in whole or part. A
`protection engine embodiment provides for monitoring infor
`mation received, determining whether received information
`does or is likely to include executable code, and if so, causes
`mobile protection code (MPC) to be transferred to and ren
`dered operable within a destination device of the received
`information. An MPC embodiment further provides, within a
`Downloadable-destination, for initiating the Downloadable,
`enabling malicious Downloadable operation attempts to be
`received by the MPC, and causing (predetermined) corre
`sponding operations to be executed in response to the
`attempts.
`
`18 Claims, 10 Drawing Sheets
`
`Retrieve protection parameters and lorrn
`mobile protection code according to the
`parameters
`
`1011
`
`Retrieve protection parameters and form
`protection policies according to the
`parameters
`
`1013
`W
`
`Couple the mobile protection code.
`protection policies and received
`information to form a protection agent (etg.
`MPC first, policies second, and RI third)
`
`1015
`
`End
`
`000001
`
`Symantec 1001
`IPR of U.S. Pat. No. 8,677,494
`
`

`
`US 8,677,494 B2
`Page 2
`
`Related US. Application Data
`
`continuation of application No. 11/370,114, ?led on
`Mar. 7, 2006, noW Pat. No. 7,613,926, Which is a con
`tinuation of application No. 09/861,229, ?led on May
`17, 2001, noW Pat. No. 7,058,822, Which is a continu
`ation-in-part of application No. 09/539,667, ?led on
`Mar. 30, 2000, noW Pat. No. 6,804,780, Which is a con
`tinuation of application No. 08/964,388, ?led on Nov. 6,
`1997, noW Pat. No. 6,092,194, said application No.
`09/861,229 is a continuation-in-part of application No.
`09/551,302, ?led on Apr. 18, 2000, noW Pat. No. 6,480,
`962, and a continuation of application No. 08/790,097,
`?led on Jan. 29, 1997, now Pat. No. 6,167,520.
`
`(60) Provisional application No. 60/205,591, ?led on May
`17, 2000, provisional application No. 60/030,639, ?led
`on Nov. 8, 1996.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5,263,147 A 11/1993 Francisco et al.
`5,278,901 A
`1/1994 Shieh et a1.
`5,311,591 A
`5/1994 Fischer
`5,319,776 A
`6/1994 Hile et a1.
`5,359,659 A 10/1994 Rosenthal
`5,361,359 A 11/1994 Tajalliet a1.
`5,398,196 A
`3/1995 Chambers
`5,412,717 A
`5/1995 Fischer
`5,414,833 A
`5/1995 Hersheyetal.
`5,440,723 A
`8/1995 Arnoldet a1.
`5,452,442 A
`9/1995 Kephart
`5,483,649 A
`1/1996 Kuznetsov et al.
`5,485,409 A
`1/1996 Gupta et a1.
`5,485,575 A
`1/1996 Chess etal.
`5,524,238 A
`6/1996 Miller et a1.
`5,572,643 A 11/1996 Judson ........................ .. 709/218
`5,579,509 A 11/1996 Furtneyet a1.
`5,606,668 A
`2/1997 Shwed
`5,621,889 A
`4/1997 LermuzeauX et al.
`5,623,600 A
`4/1997 Jiet a1.
`5,623,601 A
`4/1997 Vu
`5,638,446 A
`6/1997 Rubin
`5,675,711 A 10/1997 Kephart et a1.
`5,692,047 A 11/1997 McManis
`5,692,124 A 11/1997 Holden et a1.
`5,696,822 A 12/1997 Nachenberg
`5,720,033 A
`2/1998 Deo
`5,724,425 A
`3/1998 Chang et a1.
`5,740,248 A
`4/1998 Fieres et al.
`5,740,441 A
`4/1998 Yellin et a1.
`5,761,421 A
`6/1998 Van Hoffet a1.
`5,765,030 A
`6/1998 Nachenberg et al.
`5,765,205 A
`6/1998 Breslau et al.
`5,784,459 A
`7/1998 Devarakonda et al.
`5,796,952 A
`8/1998 Davis et a1.
`5,805,829 A
`9/1998 Cohen et a1.
`5,809,230 A
`9/1998 Pereira
`5,825,877 A 10/1998 Dan etal.
`5,832,208 A 11/1998 Chen et a1.
`5,832,274 A 11/1998 Cutler et a1.
`5,850,559 A 12/1998 Angelo et a1.
`5,854,916 A 12/1998 Nachenberg
`5,859,966 A
`1/1999 Hayman et al.
`5,864,683 A
`1/1999 Boebert et a1.
`5,867,651 A
`2/1999 Dan etal.
`5,878,258 A
`3/1999 Pizietal.
`5,881,151 A
`3/1999 Yamamoto
`5,884,033 A
`3/1999 Duvallet a1.
`5,889,943 A
`3/1999 Jiet a1.
`5,892,904 A
`4/1999 Atkinson et a1.
`5,951,698 A
`9/1999 Chen et a1.
`5,956,481 A
`9/1999 Walsh etal.
`5,958,050 A
`9/1999 Grif?n etal.
`
`9/1999 Chen et a1.
`5,960,170 A
`5,963,742 A 10/1999 Williams
`5,964,889 A 10/ 1999 Nachenberg
`5,974,549 A 10/1999 Golan
`5,978,484 A 11/1999 Apperson et al.
`5,983,348 A 11/1999 Ji
`5,987,611 A 11/1999 Freund
`6,070,239 A
`5/2000 McManis
`6,088,801 A
`7/2000 Grecsek
`6,088,803 A
`7/2000 Tso et a1.
`6,092,194 A
`7/2000 Touboul
`6,125,390 A
`9/2000 Touboul
`6,154,844 A 11/2000 Touboul et a1.
`6,167,520 A 12/2000 Touboul
`6,263,442 B1
`7/2001 Mueller et al.
`6,339,829 B1
`1/2002 Beadle et a1.
`6,351,816 B1
`2/2002 Mueller et al.
`6,425,058 B1
`7/2002 Arimilli et a1.
`6,434,668 B1
`8/2002 Arimilli et a1.
`6,434,669 B1
`8/2002 Arimilli et a1.
`6,480,962 B1
`11/2002 Touboul
`6,487,666 B1
`11/2002 Shanklin et a1.
`6,519,679 B2
`2/2003 Devireddy et al.
`6,571,338 B1
`5/2003 Shaio et a1.
`6,598,033 B2
`7/2003 Ross et a1.
`6,643,696 B2 11/2003 Davis et a1.
`6,732,179 B1
`5/2004 Brown et al.
`6,804,780 B1
`10/2004 Touboul
`6,917,953 B2
`7/2005 Simon et a1.
`7,058,822 B2
`6/2006 Edery et a1.
`7,143,444 B2 11/2006 Porras et a1.
`7,210,041 B1
`4/2007 Gryaznov et al.
`7,308,648 B1
`12/2007 Buchthal et a1.
`7,343,604 B2
`3/2008 Grabarnik et al.
`7,418,731 B2
`8/2008 Touboul
`7,613,926 B2 11/2009 Edery et a1.
`7,647,633 B2
`1/2010 Edery et a1.
`8,079,086 B1 * 12/2011 Edery et a1. ................... .. 726/24
`2003/0014662 A1
`1/2003 Gupta et a1.
`2003/0074190 A1
`4/2003 Allison
`2003/0101358 A1
`5/2003 Porras et a1.
`2004/0073811 A1
`4/2004 Sanin
`2004/ 0088425 A1
`5/2004 Rubinstein et a1.
`2005/0050338 A1
`3/2005 Liang et a1.
`2005/0172338 A1
`8/2005 Sandu et a1.
`2006/0031207 A1
`2/2006 Bjarnestam et a1.
`2006/0048224 A1
`3/2006 Duncan et a1.
`2008/0066160 A1
`3/2008 Becker et a1.
`2010/0195909 A1
`8/2010 Wasson et a1.
`
`FOREIGN PATENT DOCUMENTS
`
`1091276
`EP
`1132796
`EP
`08-263447
`JP
`95/27249
`WO
`95/33237
`WO
`98/21683
`WO
`2004/063948
`WO
`W0 WO 2004/063948
`
`4/2001 .............. .. G06F 1/00
`9/2001
`10/1996
`10/1995
`12/1995
`5/1998
`7/2004
`7/2004 ............ .. G06F 17/30
`
`OTHER PUBLICATIONS
`
`Rubin, et al., “Mobile Code Security,” IEEE Internet, pp. 30-34, Dec.
`1998.
`Schmid, et al. “Protecting Data From Malicious Software,” Proceed
`ing of the 18th Annual Computer Security Applications Conference,
`pp. 1-10, 2002.
`Corradi, et al., “A Flexible Access Control Service for Java Mobile
`Code,” IEEE, pp. 356-365, 2000.
`International Search Report for Application No. PCT/IB97/01626, 3
`pp., May 14, 1998 (mailing date).
`International Search Report for Application No. PCT/ IL05/ 00915, 4
`pp., dated Mar. 3, 2006.
`Written Opinion for Application No. PCT/ IL05/ 00915, 5 pp., dated
`Mar. 3, 2006 (mailing date).
`International Search Report for Application No. PCT/1B0 1/01 138, 4
`pp., Sep. 20, 2002 (mailing date).
`
`000002
`
`

`
`US 8,677,494 B2
`Page 3
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`International Preliminary Examination Report for Application No.
`PCT/IB01/01138, 2 pp., dated Dec. 19,2002.
`Sitaker, Kragen, “Rapid Genetic Evolution of Regular Expressions”
`[online], TheMialArchive, Apr. 24, 2004 (retrieved on Dec. 7, 2004),
`5 pp., Retrieved from the Internet: http://www.mail-archive.com/
`kragen-tol@canonical.org/msg00097.htrnl.
`“Lexical Analysis: DFA Minimization & Wrap Up” [online], Fall,
`2004 [retrieved on Mar. 2, 2005], 8 pp., Retrieved from the Internet:
`http://www.owlnet.rice.edu/~comp412/Lectures/L06LexWrapup4.
`pdf.
`“Minimization of DFA” [online], [retrieved on Dec. 7, 2004], 7 pp.,
`Retrieved from the Internet: http://www.cs.odu.edu/~toida/nerzic/
`390teched/regular/fa/min-fa.htrnl.
`“Algorithm: NFS -> DFA” [online], Copyright 1999-2001 [retrieved
`on Dec. 7, 2004], 4 pp., Retrieved from the Internet: http://rw4.cs.
`uni-sb.de/~ganimal/GANIFNpage16ie.htm.
`“CS 3813: Introduction to Formal Languages and AutomataiState
`Minimization and Other Algorithms for Finite Automata,” 3 pp., May
`11, 2003, Retrieved from the Internet: http://www.cs.msstate.
`edu/~hansen/classes/3813fa1101/slides/06Minimize.pdf.
`Watson, Bruce W., “Constructing Minimal Acyclic Deterministic
`Finite Automata,” [retrieved on Mar. 20, 2005], 38 pp., Retrieved
`from the Internet: http://www.win.tue.nl/~watson/2R870/down
`loads/madfaialgspdf.
`Chang, Chia-Hsiang, “From Regular Expressions to DFA’s Using
`Compressed NFA’s,” Oct. 1992, 112 pp., http://www.cs.nyu.edu/
`web/Research/Theses/changichia-hsiangpdf.
`“Products,” Articles published on the Internet, “Revolutionary Secu
`rity for a New Computing Paradigm” regarding Sur?nGateTM, 7 pp.
`“Release Notes for the Microsoft ActiveX Development Kit,” Aug.
`13, 1996, activex.adsp.orjp/inetsdk/readmetxt, pp. 1-10.
`Doyle, et al., “Microsoft Press Computer Dictionary,” Microsoft
`Press, 2d Edition, pp. 137-138, 1993.
`Finjan Software Ltd., “Powerful PC Security for the New World of
`JavaTM and Downloadables, Sur?n ShieldTM,” Article published on
`the Internet by Finjan Software Ltd., 2 pp. 1996.
`Finjan Sofrtware Ltd., “FinjanAnnounces a Personal JavaTM Firewall
`for Web Browsersithe Sur?nShieldTM 1.6 (formerly known as
`Sur?nBoard),” Press Release of Finjan Releases Sur?nShield 1.6, 2
`pp., Oct. 21, 1996.
`Finjan Software Ltd., “Finjan Announces Major Power Boost and
`New Features for Sur?nShieldTM 2.0,” Las Vegas Convention Center/
`Pavillion 5 P5551, 3 pp., Nov. 18, 1996.
`Finjan Software Ltd., “Finjan Software Releases Sur?nBoard, Indus
`try’s First JAVA Security Product for the World Wide Web,” Article
`published on the Internet by Finjan Software Ltd., 1 p., Jul. 29, 1996.
`Finjan Software Ltd., “Java Security: Issues & Solutions,” Article
`published on the Internet by Finjan Software Ltd., 8 pp. 1996.
`Finjan Software Ltd., Company Pro?le, “FinjaniSafe Sur?ng, The
`Java Security Solutions Provider,” Article published on the Internet
`by Finjan Software Ltd., 3 pp., Oct. 31, 1996.
`“IBM AntiVirus User’s Guide, Version 2.4,”, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Khare, R., “Microsoft Authenticode Analyzed” [online], Jul. 22,
`1996 [retrieved on Jun. 25, 2003], 2 pp., Retrieved from the Internet:
`http://www.xent.com/FoRK-archive/smmer96/0338.htrnl.
`LaDue, M., Online Business Consultant: Java Security: Whose Busi
`ness is It?, Article published on the Internet, Home Page Press, Inc.,
`4 pp., 1996.
`Microsoft, “MicrosoftActiveX Software Development Kit” [online],
`Aug. 12, 1996 [retrieved on Jun. 25, 2003], pp. 1-6, Retrieved from
`the Internet: activex.adsp.orjp/inetsdk/help/overviewhtm.
`Microsoft® Authenticode Technology, “Ensuring Accountability
`and Authenticity for Software Components on the Internet,”
`Microsoft Corporation, Oct. 1996, including Abstract, Contents,
`Introduction, and pp. 1-10.
`
`Microsoft Corporation, Web Page Article “Frequently Asked Ques
`tions About Authenticode,” last updated Feb. 17, 1997, printed Dec.
`23, 1998, URL: http://www.microsoft.com/workshop/security/
`authcode/signfaq.asp#9, pp. 1-13.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Virus Detection,” IEEE/IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`and pp. 1169-1170, URL: http://iel.ihs.com:80/cgi-bin/ielicgi7sen.
`2ehts%26ViewTemplate%3ddocview%5fb%2ehts.
`Omura, J. K., “Novel Applications of Cryptography in Digital Com
`munications,” IEEE Communications Magazine, pp. 21-29, May
`1990.
`Zhang, X. N., “Secure Code Distribution,” IEEE/IEE Electronic
`Library online, Computer, vol. 30, Issue 6, pp. 76-79, Jun. 1997.
`D. Grune, et al., “Parsing Techniques: A Practical Guide,” John Wiley
`& Sons, Inc., NewYork, New York, USA, pp. 1-326, 2000.
`Scott, et al., “Abstracting Application-Level Web Security,”ACM, pp.
`396-407, 2002.
`ThunderByte Antivirus for Windows.
`InterScan VirusWall from Trend Micro.
`ViruSafe from Eliashim.
`Intel LANProtect from Intel.
`The Java Security Manager from Sun Microsystems.
`McAfee Web Shield.
`McAfee WebScan.
`McAfee VirusScan.
`McAfee N etShield.
`Dr. Solomon’s Antivirus Toolkit for Windows 95.
`Dr. Solomon’s Antivirus Toolkit for Windows NT.
`Dr. Solomon’s WinGuard.
`Dr. Solomon’s Virus Guard.
`Dr. Solomon’s Virus Shield.
`Dr. Solomon’s Virex.
`Dr. Solomon’s “Merlin” Anti-Virus Engine.
`Dr. Solomon’sIMcAfee “Olympus” Anti-Virus Engine.
`ActiveX Web Tutorial.
`Java FAQ (1995-1998).
`Norton AntiVirus TUfor Windows@95 User’s Guide. Published by
`Symantec in 1995. (179 pages).
`J aeger, at al ., “Building Systems that Flexibly Control Downloadable
`Executable Conten ,” Proceedian of the Sixth USENIX UNIX
`Security Symposium, Jul. 1996. (19 paQes).
`Rasmusson, Andreas and Jansson, Sverker, “Personal SecurityAssis
`tance for Secure Internet Commerce,” Sep. 16, 1996. (12 pages).
`Bharat et al. Migratory Applications' Nov. 15, 1995. (10 oaoes).
`Dean, Drew, et al., “Java Security: From HotJava to Netscape and
`Beyond,” 1996 IEEE Symposium on Security and Privacy, May 6,
`1996. (11 pages).
`Sterbenz, Andreas, An Evaluation of the Java Security Model,’ IEEE,
`Dec. 1996. f13pages).
`Fritzinger, J. Steven, et al., Java Security,’ Sun Microsystems, Dec.
`1996 (7 paQes).
`Bank Joseoh A. “Java Security,” Dec. 8, 1995. (14 paoes).
`Claunch, “Java Blocking,” http://groups.google.com/group/muc.
`lists.?rewalls/msg/2a5ec02eOOa37071. Sep. 25, 1996. Accessed
`date: May 10, 2011. (2 paces).
`Chappell, 'Understanding ActiveX and OLE: A Guide for Develop
`ers and Managers (Strategic Technology), Sep. 1, 1996, Microsoft
`Press. (91 pages).
`Cro sbie, et al., “Active Defense of a Computer System Using Autono
`mous Agents”. Feb. 15, 1995. (14 pages).
`“Trend Micro’s Virus Protection Added to Sun Microsystems Netra
`Internet Servers,”Business Wire, Oct. 1, 1996, available at http://
`www.cs.indiana. edu/ ~kinzler/pubs/viruswall.htrnl.
`“Symantec Announces Norton Antivirus 2.0 for Windows NT,”
`Symantec Corporation press release, Sep. 16, 1996, available at http:/
`Iwww. symantec .com| about/news/ release/ article. j sp?prid:
`19960916i01.
`“Dark Avenger Mutation Engine No Threat to Protected PCs,”
`McAfee, Inc. press elease, May 11, 1992, available at http://
`securitydigest.org/virus/mirror/wwwphreak.orgvirus1/ 1992/
`vin105. 191 .
`
`000003
`
`

`
`US 8,677,494 B2
`Page 4
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`“Dark Avenger Mutation Engine No Threat to Protected PCs,”
`McAfee, Inc. press elease, May 11, 1992, available at http://
`securitydigest.org/virus/mirror/wwwphreak.orgvirus1/1992/
`vin105.191.
`Gryaznov, D.O., “Scanners ofthe Year 2000: Heuristics,” Proceed
`ings ofthe Fifth International Virus Bulletin Conference, pp. 225-234
`(1995), available at http://vxheavens.com|lib/angO.html.
`“Symantec Announces Norton Internet Email Gateway at Internet
`WorldiBooth # 369 on Dec. 11, 12, and 13,” Symantec Corporation
`press release, Dec. 11, 1996, available at http:/ Iwww.symantec
`.comlabout/news/release/articlej sp?prid: 19961211i03.
`“Presenting Java,” by John Dec. (1995).
`“The Java Language Speci?cation” by Gosling, et al. (1996).
`“The Java Programming Language,” by Ken Arnold and James Gos
`ling (1996).
`“The Java Virtual Machine Speci?cation,” by Tim Lindholm and
`FrankYellin (1997).
`“ComputerViruses and Arti?cial Intelligence,” by David Stang (Sep.
`1995).
`“Java Security and a Firewall Extension for Authenticity Control of
`Java Applets,” by Magnus Johansson (Jan. 29, 1997).
`“Static Analysis of Programs With Application to Malicious Code
`Detection,” by Raymond Lo (1992).
`File History for US Patent No. 6,804,780.
`“Virus Detection Alternatives,” by Patrick Min (Jul. 1992).
`“Dynamic Detection and Classi?cation of Computer Viruses Using
`General Behaviour Patterns,” by LeCharlier, et al. (Sep. 1995).
`The Giant Black Book of ComputerViruses by Mark Ludwig (1995).
`HotJava: The Security Story.
`The Java Filter.
`“A Java Filter,” by BalfanZ, et al.
`“Improved JavaScript and Java Screening Function,” by Claunch
`(May 4, 1996).
`“New Version of Java, JavaScript, ActiveX Screening,” by Claunch
`(Jul. 3, 1996).
`“A Toolkit and Methods for Internet Firewalls,” by Ranum, et al.
`“Identifying and Controlling Undesirable Program Behaviors,” by
`Maria King.
`“PACLl’s: An Access Control List Approach to Anti-Viral Security,”
`by Wichers, et al.
`Endrijonas, Janet, Rx PC The Anti-Virus Handbook. Published in the
`US. in 1993 by TAB Books, a division of McGraw-Hili, Inc. (201
`paQes).
`“Secure Code Distribution,” by X. Nick Zhang (Jun. 1997).
`IBM AntiVirus User’s Guide (Nov. 15, 1995).
`“Breadth of Runtime Environments and Security Make Java a Good
`Choice for the Internet” (1996).
`Omura, Jim K., “Novel Applications of Cryptography in Digital
`Communications,” IEEE Communications Magazine, pp. 21-29,
`May 1990.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Virus Detection,” IEEE/IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`
`and pp. 1169-1170, URL: http://iel.ihs.com:80/cgibinlielicgi7se 2ehts%26ViewTemplate%3ddocview%5fb%2ehts.
`
`IBM AntiVirus User’s Guide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Leach, Norvin, et al., “IE 3.0 Applets Will Earn Certi?cation,” PC
`Week, vol. 13, No. 29,2 pp., Jul. 22, 1996.
`“Finjan Software Releases Sur?nBoard, Industry’s First JAVA Secu
`rity product for the World Wide Web,” Article published on the
`Internet by Finjan Software Ltd., 1 p., Jul. 29, 1996.
`“Powerful PC Security for the New World of JAVATM and
`Downloadables, Sur?n ShieldTM,” Article published on the Internet
`by Finjan Software Ltd., 2 pp. 1996.
`Microsoft® Authenticode Technology, “Ensuring Accountability
`and Authenticity for Software Components on the Internet,”
`Microsoft Corporation, including Abstract, Contents, Introduction,
`and pp. 1-10, Oct. 1996.
`
`Finjan Announces a Personal JavaTM Firewall for Web Browsersi
`the Sur?nShieldTM 1.6 (formerly known as Sur?nBoard), Press
`Release of Finjan Releases Sur?nShield 1.6, 2 pp., Oct. 21, 1996.
`Company Pro?le, “Finjan-Safe Sur?ng. The Java Security Solutions
`Provider,” Article published on the Internet by Finjan Software Ltd.,
`3 pp., Oct. 31, 1996.
`“Finjan Announces Maj or Power Boost and New Features for
`Sur?nShieldTM 2.0,” Las Vegas Convention Center/ Pavilion 5 P5551,
`3 pp., Nov. 18, 1996.
`“Java Security: Issues & Solutions,” Article published on the Internet
`by Finjan Software Ltd., 8 pp., 1996.
`“Products,” Article published on the Internet, 7 pp.
`Mark LaDue, “Online Business Consultant: Java Security: Whose
`Business Is It?,” Article published on the Internet, Home Page Press,
`Inc., 4 pp., 1996.
`Web Page Article, “Frequently Asked Questions About
`Authenticode,” Microsoft Corporation, last updated Feb. 17, 1997,
`printed Dec. 23, 2998, URL: http://www.microsoft.com/workshop/
`security/authcodee/signfaq.asp#9, pp. 1-13.
`Zhang, X.N., “Secure Code Distribution,” IEEE/IEE Electronic
`Library online, Computer vol. 30, Issue 6, pp. 76-79, Jun. 1997.
`Binstock, Andrew, “Multithreading, Hyper-Threading, Multipro
`cessing: Now, What’s the Difference?,” httn: !hlv’\v\v-inteLcom!cd/
`ids!dcvdchr!asmo-na/en?/20456.htm, Paci?c Data Works, LLC,
`downloaded Jul. 7, 2008, 7 pp.
`VirexPC Version 2.0 or later from Microcom.
`AntiVirus Kit From 1 stAide Software.
`FluShot+ Series of Products by Ross Greenberg.
`Symantec Antivirus ofthe Mac version 3.0 or later.
`“SynthesiZing Fast Intrusion Prevention/Detection Systems From
`High-Level Speci?cations,” by Sekar, et al. (1999).
`Art of Computer Virus Research and Defense b Peter Szor (Feb.
`2005).
`“Process Execution Controls as a Mechanism to Ensure Consis
`tency,” by Eugen Bacic (1990).
`“Process Execution Controls: Revisited,” by Bacic (1990).
`“A Flexible Access Control Service for Java Mobile Code,” by Cor
`radi, et al. (2000).
`“Java Security: Issues & Solutions” (1996).
`“Microsoft Authenticode analyzed,” by Rohit Khare (Jul. 22, 1996).
`“Java Security: Whose Business Is It?” by Mark LaDue (1996).
`Microsoft Authenticode Technology (Oct. 1996).
`“Mobile Code Security,” by Rubin, et al.
`“Protecting Data From Malicious Software,” by Schmid, et al.
`“Security in the Large: Is Java’s Sandbox Scalable?” by Zhong, et al.
`(Apr. 1998).
`“A Domain and type Enforcement UNIX Prototype,” by Badger, et al.
`(Jun. 1995).
`“Heuristic Anti-Virus Technology,” by Frans Veldman.
`“Standards for Security in Open Systems,” by Warwick Ford (1989).
`“Secure File Transfer Over TCP/IP,” by Brown, et al. (Nov. 1992).
`“Standards in Commercial Security,” by Nick Pope.
`“X.400 Security Features,” by Tony Whyman.
`“Using CASE Tools to Improve the Security of Applications Sys
`tems,” by Hosmer, et al. (1988).
`“Miro: Visual Speci?cation of Security,” by Heydon, et al. (Oct.
`1990).
`“An Evaluation of Obj ect-Based Pro gramming with Visual Basic,” by
`Dukovic, et al. (1995).
`“Visual Basic 5.0 Signi?cantly Improved,” by W. Dennis Swift (Jun.
`1997).
`“Development of an Object Oriented Framework for Design and
`Implementation of Database Powered Distributed Web Applications
`With the DEMETER Project as a Real-Life Example,” by Goschka,
`et al. (1997).
`Detecting Unusual Program Behavior Using the Statistical Compo
`nent ofthe Nextgeneration Intrusion Detection Expert System
`(NIDES), by Anderson, et al. (May 1995).
`“A Generic Virus Scanner in C++,” by Kumar, et al. (Sep. 17, 1992).
`“A Model for Detecting the Existence of Software Corruption in Real
`Time,” by Voas, et al. (1993).
`“Protection Against Trojan Horses by Source Code Analysis,” by
`Saito, et al. (Mar. 1993).
`
`000004
`
`

`
`US 8,677,494 B2
`Page 5
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`Intelligence,” by Rigth
`
`“Information Agents for Automated Browsing,” by Dharap, et al.
`(1996).
`“Static Analysis Virus Detection Tools for Unix Systems,” by
`Kerchen, et al. (1990).
`“Managing Trust in an Information-Labeling System,” by Blaze, et
`al. (Nov. 4, 1996).
`List of Secure Internet Programming Publications from www.cs.
`printceton.edu.
`“A Guide to the Selection of Anti-Virus Tools and Techniques,” by
`Polk, et al. (Dec. 2, 1992).
`“An Integrated Toolkit for Operating System Security,” by Rabin, et
`al. (Aug. 1988).
`“A Web Navigator With Applets in Caml,” by Francois Ronaix (May
`1996).
`“Intel Launches Virus Counterattack,” by Charles Bruno (Aug.
`1992).
`Intel LANProtect Software User’s Guide (1992).
`“Parents Can Get PC Cruise Control,” by George Mannes (Jul. 1996).
`“A New Techniques for Detecting Polymorphic Computer Viruses,”
`by Carey Nachenberg (1995).
`“Heuristic
`Scanners:
`Arti?cial
`Zwienenberg (Sep. 1995).
`Intel LANProtect, 30-Day Test Drive Version User’s Manual.
`Slade, Robert, “Guide to Computer Viruses: How to a void Them,
`How to Get Rid of Them, and How to Get Help” (Apr. 1996).
`A Pathology of Computer Viruses by David Ferbranche (Nov. 1994).
`Earl Boebert’s post to the greatcircle ?rewalls mailing list. Taken
`from http://www.greatcircle.com/lists/?rewalls/archive/?rewalls.
`199410 (Oct. 16, 1994).
`CSL Bulletin: Connecting to the Internet: Security Considerations.
`Taken from http://csrc.nist.gov/publications/nistbul/cs193-07.!xt
`(Jul. 1993).
`FAQ: Interscan ViruswalL Taken from http://\veb,archive.org/web/
`19970605050331/www..antivirus.com/faq/?nterscanfaqhtml (last
`updated Aug. 8, 1996).
`Network Security and SunScreen SPF-lOO: Technical White Paper,
`Sun Microsystems, 1995.
`“Why Do We Need Heuristics?” by Frans Veldman (Sep. 1995).
`“Leading Content Security Vendors Announce Support for Check
`Point Firewallil .3 .0; New Partners for Anti-Virus Protection, URL
`Screening and Java Security,” Business Wire, Oct. 7, 1996, available
`at http://www.allbusiness.comltechnolo gyl computernetworks
`computer -networksecurity172743 15 -1 .html#ixzz 1 gkaf4g1 .
`“McAfee Introduces Web shield; Industry’s First Secure Anti-Virus
`Solution for Network Firewalls: Border Network Technologies and
`Secure Computing to Enter into Web Shield OEM Agreements,”
`Business Wire, May 14, 1996, available at http://?ndarticles.comlp/
`articles/miimOEINIisil996iMayi14/aii182834561.
`“Trend Micro Announces Virus and Security Protection for Microsoft
`Proxy Server; Also Blocks Java Applets, ActiveX,” Business Wire,
`Oct.
`29,
`1996,
`available
`at
`http://www.thefreelibrary.
`comlTrend+Micro+announces+virus+and+security+protection+
`for+MicrosofL.-aOI8810512.
`Finj an’ s Opposition to Websense’ s Renewed Motion for Judgment as
`a Matter ofLaw, dated Dec. 21, 2012, ?led in Finjan, Inc. v. Symantec
`Corp, Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS).
`Declaration of Paul Batcher Re Websense, Inc.s. Proffer of Evidence
`Re Laches, dated.Dec. 19, 2012, ?led in Finjan, Inc. v. Symantec
`Corp, Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS)
`(Redacted Dec. 26, 2012).
`Opposition to Symantec’s Motion for JMOL, dated Dec. 17, 2012,
`?led in Finjan, Inc. v. Symantec Corp, Sophos, Inc., and Websense,
`Inc., CA. No. 10-cv-593 (OMS) (Redacted Dec. 27, 2012).
`Omura, Jim K., “Novel Applications of Crypotgraphy in Digital
`Communications,” IEEE Communications Magazine, pp. 21-29,
`May 1990.
`Okamoto, E., et al., “ID-Based Authentication System for Computer
`Virus Detection,” IEEEI IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`
`1169-1170, URL: http://iel.ihs.com:80/cgibin/iel
`and pp.
`cgi?se .. .2ehts%26ViewTemplate%3ddocview%5fb%ehts.
`IBM AntiVirus User’s Ouide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Leach, Norvin, et al., “IE 3.0 Applets Will Earn Certi?cation,” PC
`Week, vol. 13, No. 29, 2 pp., Jul. 22, 1996.
`Finjan Announces a Personal Java198 Firewall for Web Browsersi
`the Sur?nShieldTM 1.6 (formerly known as Sur?nBoard), Press
`Release of Finjan Releases Sur?nShield 1.6,2 pp., Oct. 21, 1996.
`Web Page Article, “Frequently Asked Questions About
`Authenticode,” Microsoft Corporation, last updated Feb. 17, 1997,
`printed Dec. 23, 1998, URL: http://www.microsoft.com/workshop/
`security/authcodee/signfaq.asp#9, pp. 1-13.
`Binstock, Andrew, “Multithreading, Hyper-Threading, Multipro
`cessing: Now, What’s the Difference?,” http://www.intel.com/cd/ids/
`developer/asmo-na/eng/20456.htm, Paci?c DataWorks, LLC, down
`loaded Jul. 7, 2008,7 pp.
`“Frequently Asked Questions About Authenticode,” Microsoft Cor
`poration, updated Feb. 17, 1997.
`“WWWProxyto Cut Off Java,” by Carl Claunch (Apr. 12, 1996).
`“Combating Viruses Heuristically,” by Frans Veldman (Sep. 1993).
`“MCF: A Malicious Code Filter,” by Lo, et al. (May 4, 1994).
`Anti-Virus Tools and Techniques for Computer Systems by Polk, et
`al. (1995).
`“Dynamic Detection and Classi?cation of Computer Viruses Using
`General Behaviour Patterns,” by LeCharlier, et al. (Jul. 2, 1995).
`“Towards a Testbed for Malicious Code Detection,” by Lo, et al.
`(1991).
`“Blocking Java Applets at the Firewall,” by Martin, et al.
`Virus Detection and Elimination by Rune Skardhamar (1996).
`Computer Viruses and Anti-Virus Warfare by Jan Hruska (1992).
`“Active Content Security,” by Brady, et al. (Dec. 13, 1999).
`“Low Level Security in Java,” by Frank Yellin.
`“Email With a Mind o?ts Own: The Safe-Tcl Language for Enabled
`Mail,” by Nathaniel Borenstein.
`“Mobile Agents: Are They a Good Idea?” by Chess, et al. (Dec. 21,
`1994).
`“Remote Evaluation,” by Stamos, et al. (Oct. 1990).
`“Active Message Processing: Messages as Messengers,” by John
`Vittal (1981).
`“Programming Languages for Distributed Computing Systems,” by
`Bal, et al. (Sep. 1989).
`“Scripts and Agents: The New Software High Ground,” by John
`Ousterhout (Oct. 20, 1995).
`“The HotJava Browser: A White Paper”.
`The JavaVirtual Machine Speci?cation, Sun Microsystems (Aug. 21,
`1995).
`“Security of Web Browser Scripting Languages: Vulnerabilities,
`Attacks and Remedies,” by Anupam, et al. (Jan. 1998).
`“ActiveX and Java: The Next Virus Carriers?”.
`“Gateway Level Corporate Security for the New World of Java and
`Downloadables” (1996).
`“Practical Domain and Type Enforcement for UNIX,” by Badger, et
`al. (1995).
`“A Sense of Self for Unix Processes,” by Forrest, et al. (1996).
`“Antivirus Scanner Analysis 1995,” by Marko Helenius (1995).
`“State Transition Analysis: A Rule-Based Intrusion Detection
`Approach,” by Ilgun, et al. (Mar. 1995).
`“Automated Detection of Vulnerabilities in Privileged Programs by
`Execution Monitoring,” by K0, et al. (1994).
`“Execution Monitoring of Security-Critical Programs in Distributed
`Systems: A Speci?cation-Based Approach,” by K0, et al. (1997).
`“Classi?cation and Detection of Computer Intrusions,” by Sandeep
`Kumar (Aug. 1995).
`ThunderBYTE Anti-Virus Utilities User Manual (1995).
`Doyle, et al., “Microsoft Press Computer Dictionary,” Microsoft
`Press, 2nd Edition, pp. 137-138,1993.
`Schmitt, D.A., “.EXE ?les, OS-2 style,” PC Tech Journal, vol. 6, No.
`11, p. 76(13), Nov. 1988.
`International Search Report for Application No. PCT/IB97/01626,
`dated May 14, 1999,2 pp.
`Supplementary European Search Report for Application No. EP 97
`950351, dated Nov. 17, 2004,2 pp.
`
`000005
`
`

`
`US 8,677,494 B2
`Page 6
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`File History for Canadian Application No. 2,275,771, 84 pp.
`File History for European Application No. 979503513, 58 pp.
`File History for Japanese Application No. 10-522345,48 pp.
`Lemay, Laura, et al., “Approach of Java Language, Applet, AWT and
`Advanced Apparatus,” First Edition, 25 pp. (translated), Aug. 20,
`1996 (CS-NB-1999-00238-001).
`Order Construing the Terms of US. Patent Nos. 6,092,194;
`6,804,780; 7,058,822; 6,357,010; and 7,185,361,4 pp., Dec. 11,
`2007.
`PlaintiftFinjan Software, Ltd. ’s Opening Claim Construction Brief,
`38 pp., Sep. 7, 2007.
`Defendant Secure Computing Corporation’s Opening Claim Con
`struction Brief, 46 pp., Sep. 7, 2007.
`PlaintiftFinjan Software, Ltd. ’s Answering Claim Construction
`Brief (Public Version), 45 pp., Sep. 28, 2007.
`Defendant Secure Computing Corporation’s Responsive Claim Con
`struction Brief (Public Version), 37 pp., Sep. 28, 2007.
`Secure Computing Corporation’s Disclosure of Prior Art Pursuant to
`35 U.S.c. § 282, 6 pp., Feb. 1,2008.
`Stang, David J ., “ComputerViruses andAIti?cial Intelligence,”Virus
`Bulletin Conference, pp. 235-257, Sep. 1995.
`Johannsen, Magnus, “Java Security and a Firewall Extension for
`Authenticity Control of Java Applets,” Thesis Proposal, Computer
`Science Department, University of Colorado at Colorado Springs, 5
`pp., Jan. 29, 1997.
`Joint Appendix o?ntrinsic and Extrinsic Evidence Regarding Claim
`Construction Brie?ng, vol. 1, Oct. 4, 2007.
`Joint Appendix o?ntrinsic and Extrinsic Evidence Regarding Claim
`Construction Brie?ng, vol. 2, Oct. 4, 2007.
`Final Joint Claim Construction Chart, Aug. 24, 2007.
`Joint Post-Hearing Claim Construction Chart, Oct. 30, 2007.
`Plaintiffs Trial Brief (Public Version), Jan. 14, 200