PATENT APPUCATION SERIAL No.8 0 I 0 3 0 6 3 9
`
`U.S. DEPARTMENT OF COMMERCE
`PATENT AND TRADEMARK OFFICE
`FEE RECORD SHEET
`
`PT0-1556
`(5/87)
`
`I
`
`'\
`
`. \
`
`0001
`
`Blue Coat Systems - Exhibit 1085
`
`

`
`BAR CODE LABEL
`
`llll\111111111111111111111111111111111111111111111
`
`U.S. PATENT APPLICATION
`
`SERIAL NUMBER
`
`FILING DATE
`
`CLASS
`
`GROUP ART UNIT
`
`60/030,639
`PROVISIONAL
`
`ll/08/96
`
`SHLOMO TOUBOUL, KEFAR HAIM,
`
`ISRAEL.
`
`**CONTINUING DATA*********************
`VERIFIED
`
`**FOREIGN/PCT APPLICATIONS************
`VERIFIED
`
`STATE OR
`COUNTRY
`
`SHEETS
`DRAWING
`
`TOTAL
`CLAIMS
`
`INDEPENDENT
`CLAIMS
`
`FILING FEE
`RECEIVED
`
`ATTORNEY DOCKET NO.
`
`!LX
`
`7
`
`$150.00
`
`D-558
`
`(/)
`(/)
`w
`
`a: a a
`
`<t:
`
`EPPA HITE
`CARTER DEFILIPPO & FERRELL
`SUITE 200
`2225 EAST BAYSHORE ROAD
`PALO ALTO CA 94303
`
`SYSTEM AND METHOD FOR PROTECTING A COMPUTER FROM HOSTILE
`DOWNLOADABLES
`
`w
`~
`i=
`
`This is to certify that annexed hereto is a true copy from the records of the United States
`Patent and Trademark Office of the application wh1ch is identified above.
`
`By authority of the
`COMMISSIONER OF PATENTS AND TRADEMARKS
`
`Date
`
`Certifying Officer
`
`0002
`
`

`
`I Ill o o /¥~1Ya 9
`PATEN~ 1
`
`DOWNLOAD ABLES
`
`BACKGROUND OF THE INVENTION
`
`5
`
`1.
`
`Field of the Invention
`
`This invention relates generally to computer networks, and
`
`more particularly to a system and method for protecting computers
`
`from hostile Downloadables.
`
`10
`
`2.
`
`Description of the Background Art
`
`The Internet is a collection of currently over 100,000
`
`individual computer networks owned by governments, universities,
`
`nonprofit groups and companies, and is expanding at an accelerating
`
`rate. Because the Internet is public, the Internet has become a maJor
`
`15
`
`source of many system damaging and system fatal application
`
`programs, commonly referred to as "viruses."
`
`Accordingly, programme{·s continue to design computer
`
`security systems for blocking these vuuses from attacking both
`
`individual and network computers. On the most part, these security
`
`20
`
`systems have been relatively successful. However, these security
`
`systems are not configured to recognize computer viruses which
`
`have been attached to Downloadable application programs,
`
`-1-
`
`0003
`
`

`
`PATENT
`
`commonly referred to as "applets" or "Downloadables." A
`
`Downloadable is an executable application program which is
`
`automatically downloaded from a source computer and run on the
`
`destination computer. Examples of Downloadables include applets
`
`5
`
`designed for use in the Java™ distributing environment produced by
`
`Sun Microsystems or for use in the Active X distributing
`
`environment produced by Microsoft Corporation. Therefore, a
`
`system and method are needed to protect computers from viruses
`
`attached to
`
`these Downloadables.
`
`-2-
`
`0004
`
`

`
`PATENT
`
`SUMMARY OF THE INVENTION
`
`The present invention provides a system for protecting a
`
`computer from hostile Downloadables. The system comprises an
`
`interface for receiving a Downloadable, a first memory portion
`
`5
`
`storing security policies and a second memory portion storing known
`
`hostile Downloadables. The system further comprises a first
`
`comparator, coupled to the interface and to the first memory portion,
`
`for discarding the received Downloadable when it matches one of the
`
`known hostile Downloadables. The system further compnses a
`
`10
`
`second comparator, coupled to the first comparator and to the second
`
`memory portion, for discarding the received Downloadable if it
`
`violates one of security policies.
`
`The present invention further provides a method for protecting
`
`a computer from hostile Downloadables. The method comprises the
`
`15
`
`steps of receiving a Downloadable, discarding the received
`
`Downloadable when the received Downloadable matches a
`
`predetermined hostile Downloadable, obtaining Downloadable
`
`security profile data on the received Downloadable when the
`
`Downloadable does not match a predetermined hostile Downloadable
`
`20
`
`and discarding the received Downloadable when the Downloadable
`
`security profile data violates a predetermined security policy.
`
`-3-
`
`0005
`
`

`
`PATENT
`
`The system and method of the present invention provide
`
`computer protection from potentially hostile computer vuuses which
`
`have been attached to Downloadables. The system and method of
`
`the present invention advantageously identifies both known hostile
`
`5 Downloadables and identifies potentially hostile commands by
`
`decomposing unknown Downloadables.
`
`-4-
`
`0006
`
`

`
`PATENT
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a block diagram illustrating a network system m
`
`accordance with the present invention;
`
`FIG. 2 is a block diagram illustrating the internal network
`
`5
`
`security system of FIG. 1;
`
`FIG. 3 is a block diagram illustrating the security program of
`
`FIG. 2;
`
`FIG. 4 IS a flow chart illustrating an example security policy of
`
`FIG. 2;
`
`10
`
`FIG. 5 is a block diagram illustrating the security management
`
`console of FIG. 1;
`
`FIG. 6 is a flowchart illustrating a method for protecting an
`
`internal computer network from hostile Downloadables; and
`
`FIG. 7 IS a flowchart illustrating the FIG. 6 method for
`
`15
`
`decomposing a Downloadable.
`
`-5-
`
`0007
`
`

`
`PATENT
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
`
`FIG. 1 is a block diagram illustrating a network system 100 in
`
`accordance with the present invention. Network system 100
`
`includes an external computer network 105, such as the Wide Area
`
`5 Network (WAN) commonly referred to as the Internet, coupled via a
`
`signal bus 125 to an internal network security system 110. Network
`
`system 100 further includes an internal computer network 115, such
`
`as a corporate Local Area Network (LAN), coupled via a signal bus
`
`130 to internal network computer system 110 and coupled via a
`
`10
`
`signal bus 135 to a security management console 120.
`
`Internal network security system 110 examines Downloadables
`
`received from external computer network 105, and prevents all
`
`recognizably-hostile Downloadables from reaching internal computer
`
`network 115. A Downloadable is hostile if it threatens the integrity
`
`15
`
`of an internal computer network 115 component.
`
`Security
`
`management console 120 enables modification of internal network
`
`security system 110.
`
`FIG. 2 is a block diagram of a internal network security system
`
`20
`
`110 which includes a Central Processing Unit (CPU) 205, such as a
`
`Motorola Power PC® microprocessor or an Intel Pentium®
`
`microprocessor, coupled to a signal bus 220.
`
`Internal network
`
`-6-
`
`0008
`
`

`
`PATENT
`
`security system 110 further includes an external communications
`
`interface 210 coupled between signal bus 125 and signal bus 220
`
`for receiving the Downloadables from external computer network
`
`105, and an internal communications interface 225 coupled between
`
`5
`
`signal bus 220 and signal bus 130 for forwarding non-hostile
`
`Downloadables to internal computer network 115. Alternatively,
`
`external communications interface 210 and internal communications
`
`interface 225 may be functional components of an integral
`
`communications interface (not shown) for both recetvmg
`
`10
`
`Downloadables from external computer network 105 and forwarding
`
`non-hostile Downloadables to internal computer network 115.
`
`Internal network security system 110 further includes
`
`Input/Output (I/0) interfaces 215 such as a keyboard, mouse and
`
`Cathode Ray Tube (CRT) display, a data storage device 230 such as
`
`15
`
`Read Only Memory (ROM) or magnetic disk, and a Random-Access
`
`Memory (RAM) 235, each being coupled to signal bus 220. Data
`
`storage . device 230 stores a security database 240 which includes
`
`security policies and Downloadable data on for determining whether
`
`a received Downloadable is hostile, and stores an events log 245
`
`20
`
`which includes the determination results for each Downloadable. An
`
`operating system 250 controls processing by CPU 205, and is
`
`typically stored data storage device 230 and loaded into RAM 235
`
`-7-
`
`0009
`
`

`
`PATENT
`
`for execution. A security program 255 controls operations of
`
`internal network security system 110, and also may be stored m
`
`data storage device 230 and loaded into RAM 235 for execution by
`
`CPU 205.
`
`5
`
`FIG. 3 is a block diagram illustrating details of security
`
`program 255. Security program 255 includes an ID generator 315, a
`
`first comparator 320 coupled to ID generator 315, a code scanner
`
`coupled to first comparator 320, a second comparator 330 coupled to
`
`10
`
`code scanner 325 and to first comparator 320, and a record-keeping
`
`engine 335 coupled to first comparator 320 and to second
`
`comparator 330.
`
`Security program 255 operates in conjunction with security
`
`database 240 and events log 245. Security database 240 stores
`
`15
`
`security policies 305 in a first data storage device 230 portion,
`
`known Downloadables 307 in a second data storage device 230
`
`portion and Downloadable Security Profiles (DSPs) data
`
`corresponding to the known Downloadables 310 in a third data
`
`storage device 230 portion. Security policies 305 include a list of
`
`20
`
`computer operations which are deemed to be potentially hostile to
`
`the integri~y of internal computer network 115.
`
`Potentially hostile
`
`operations may include READ/WRITE operations on a system
`
`-8-
`
`0010
`
`

`
`PATENT
`
`configuration file, READ/WRITE operations on a document containing
`
`trade secrets, or any other operation that a user deems potentially
`
`hostile. Known Downloadables 307 may include Downloadables
`
`which Original Equipment Manufacturers (OEMs) know to be hostile,
`
`5
`
`Downloadables which OEMs know to be non-hostile, Downloadables
`
`which second comparator 330 (described below) has previously
`
`determined to be hostile, and Downloadables which second
`
`comparator 330 (described below) has previously determined to be
`
`non-hostile. DSP data 310 includes the fundamental computer
`
`10 · operations included in each known Downloadable 307, and may
`
`include READs, WRITEs, file management operations, system
`
`management operations, memory management operations and CPU
`
`allocation operations.
`
`ID generator 315 receives Downloadables from external
`
`15
`
`computer network 105 via external communications interface 210,
`
`and which generates a digital signature for each Downloadable. A
`
`digital signature may include a Downloadable identification number,
`
`the Downloadable type, the Downloadable source and the
`
`Downloadable destination.
`
`20
`
`First comparator 320 receives and bit-wise compares the
`
`Downloadables from ID generator 315 with known Downloadables
`
`307 stored in security database 240.
`
`If first comparator 320
`
`-9-
`
`0011
`
`

`
`PATENT
`
`determines a received Downloadable is identical to a known hostile
`
`Downloadable 307, then first comparator 320 discards the received
`
`Downloadable, and forwards a non-hostile Downloadable to the
`
`intended destination to inform the user that internal network
`
`5
`
`security system 110 discarded the Downloadable.
`
`If first
`
`comparator 320 determines that the received Downloadable 1s
`
`identical to a known non-hostile Downloadable 307, then first
`
`comparator 320 forwards the received Downloadable and the
`
`corresponding DSP data 310 to second comparator 330.
`
`If first
`
`10
`
`comparator 320 determines that the received Downloadable does
`
`not match a known Downloadable (i.e., an "unknown Downloadable"),
`
`then first comparator 320 forwards the received Downloadable to
`
`code scanner 325 (described below).
`
`In any case, first comparator
`
`320 then sends a status report to record-keeping engine 335
`
`15
`
`(described below).
`
`Code scanner 325 receives unknown Downloadables from first
`
`comparator 320 and uses conventional parsmg techniques to
`
`decompose the byte code of the unknown Downloadable into DSP
`
`data. Code scanner 325 then sends the Downloadable and the
`
`20
`
`corresponding DSP data to second comparator 330.
`
`Second comparator 330 receives the Downloadable and the
`
`corresponding DSP data either from code scanner 325 or from first
`
`-10-
`
`0012
`
`

`
`PATENT
`
`comparator 320, and compares the DSP data against security policies
`
`305 stored in security database 305.
`
`If, from the DSP data, second
`
`comparator 330 determines that the Downloadable includes a
`
`hostile operation, then second comparator 330 prevents the
`
`5
`
`Downloadable from passing to internal computer network 115.
`
`Similarly to first comparator 320, second comparator 330 forwards a
`
`non-hostile Downloadable to the intended destination to inform the
`
`user that internal network security system 110 discarded the
`
`Downloadable.
`
`If second comparator 330 determines that the
`
`10
`
`received Downloadable does not violate any security policy 305,
`
`then second comparator 330 forwards the received non-hostile
`
`Downloadable to internal computer network 115. Further, if second
`
`comparator 330 received the non-hostile Downloadable from code
`
`scanner 325, then the non-hostile Downloadable is stored in known
`
`15
`
`Downloadables 307 and its corresponding DSP data is stored in DSP
`
`data 310.
`
`In any case, second comparator 330 sends a status report
`
`to record-keeping engine 335 (described below).
`
`Record-keeping engine 335 receives status reports from first
`
`comparator 320 and from second comparator 330, and stores the
`
`20
`
`reports in events log 245 in data storage device 230.
`
`-11-
`
`0013
`
`

`
`FIG. 4 is a block diagram illustrating an example security policy
`
`305.
`
`PATENT
`
`FIG. 5 1s a block diagram illustrating details of security
`
`5 management console 120, which includes a security policy generator
`
`505 coupled to signal bus 135, an event log analysis engine 510
`
`coupled to signal bus 135, a user notification engine 515 coupled to
`
`event log analysis engine 510 and a Downloadable database review
`
`engine 520 coupled to signal bus 135. Security management console
`
`10
`
`120 further includes computer components similar to the computer
`
`components illustrated in FIG. 2.
`
`Security policy generator 505 uses an 1/0 interface similar to
`
`I/0 interface 215 for enabling user modification of security policies
`
`305. Further, security policy generator 505 enables the user to
`
`15
`
`provide multiple security levels, i.e., enables the storage of multiple
`
`sets of security policies 305 (wherein second comparator 330 can
`
`use only a particular set of security policies 305 based on the
`
`destination of a received Downloadable). For example, security
`
`policies 305 may enable a corporate manager to receive selected
`
`20
`
`Downloadables but may prevent the corporate manager's secretary
`
`from receiving those Downloadables.
`
`-12-
`
`0014
`
`

`
`PATENT
`
`Event log analysis engme 510 exammes the status reports
`
`stored in events log 245 of data storage device 230.. Event log
`
`analysis engine 510 determines if notification of the user (e.g., the
`
`security system manager) is warranted. For example, event log
`
`5
`
`analysis engme 510 may warrant user notification whenever ten
`
`(1 0) hostile Downloadables have been discarded by internal network
`
`security system 110 within a thirty (30) minute period, thereby
`
`flagging a possible security threat. Accordingly, event log analysis
`
`engine 510 instructs user notification engine 515 to inform the user.
`
`10
`
`For example, user notification engine 515 may send an e-mail via
`
`internal communications interface 220 or via external
`
`communications interface 210 to the user, or may display a message
`
`on the user's display device (not shown).
`
`Downloadable database review engine 520 enables a user (e.g.,
`
`15
`
`a network security manager) to examine and modify known
`
`Downloadables 307 and DSP data 310. Thus, if for example a user
`
`learns of new hostile Downloadables, the user can add them to
`
`known Downloadables 307 and the corresponding DSP data to DSP
`
`data 310. Similarly, the user can add new non-hostile
`
`20
`
`Downloadables to known Downloadables 307 and corresponding DSP
`
`data to DSP data 310.
`
`-13-
`
`0015
`
`

`
`PATENT
`
`FIG. 6 is a flowchart illustrating a method 600 for protecting an
`
`internal computer network 115 from hostile Downloadables.
`
`Method 600 begins with step 605 by ID generator 315 receiving a
`
`5
`
`Downloadable.
`
`ID generator 315 in step 610 generates a signature
`
`representing the received Downloadable. First comparator 320 in
`
`step 615 compares the received Downloadable with known
`
`Downloadables 307 previously-stored in security database 240.
`
`If
`
`first comparator 320 in step 620 determines that the received
`
`10
`
`Downloadable is the same as a known hostile Downloadable 307,
`
`then first comparator 320 m step 625 discards the received
`
`Downloadable and in step 630 forwards a substitute non-hostile
`
`Downloadable to the intended destination to inform the user. First
`
`comparator 320 in step 635 instructs record-keeping engine 335 to
`
`15
`
`record the findings, 1.e., a status report, in events log 245. Method
`
`600 then ends.
`
`If first comparator 320 m step 620 did not recognize the
`
`received Downloadable as a hostile Downloadable 307, then first
`
`comparator 320 in step 640 determines whether the received
`
`20
`
`Downloadable is a known non-hostile Downloadable 307.
`
`If so, then
`
`first comparator 320 in step 645 retrieves the DSP data 310
`
`corresponding to the known non-hostile Downloadable and jumps to
`
`-14-
`
`0016
`
`

`
`PATENT
`
`step 655. Otherwise, first comparator 320 forwards the received
`
`Downloadable to code scanner 325, which in step 650 decomposes
`
`the received Downloadable into DSP data and then jumps to step
`
`655.
`
`5
`
`In step 655, second comparator 330 compares the DSP data,
`
`either retrieved by first comparator 320 from. security database 240
`
`or generated by code scanner 325, with sec~rity policies 310 stored
`
`in security database 240.
`
`If second comparator 330 in step 660 ·
`
`determines that the DSP data violates a security policy 310, then
`
`10
`
`second comparator 330 proceeds to step 625. Otherwise, second
`
`comparator 330 in step 665 passes the received Downloadable to
`
`internal computer network 115 as a non-hostile Downloadable, and
`
`proceeds to step 635.
`
`15
`
`FIG. 7 is a flowchart illustrating details of method 650 for
`
`decomposing a Downloadable. Method 650 begins m step 705 with
`
`code scanner 3 25 disassembling the machine code of the
`
`Downloadable. Code scanner 325 in step 710 resolves a respective
`
`command in the machine code. Code scanner 325 in step 715
`
`20
`
`determines whether the resolved command is a suspect command.
`
`Examples of suspect commands include a memory allocation
`
`-15-
`
`0017
`
`

`
`PATENT
`
`command, a loop command such as "go to", "while", "if', ~'than" or the
`
`like.
`
`If not, then code scanner 325 returns to step 710.
`
`Otherwise, code scanner 325 in step 720 decodes and registers
`
`the command and the command parameters as DSP data. Code
`
`5
`
`scanner 325 in step 720 registers commands and command
`
`parameters into a format based on command class, e.g., file system
`
`class, network system class, memory system class and CPU system
`
`class). Code scanner 325 in step 725 determines whether the
`
`machine code includes another command.
`
`If so, then code scanner
`
`10
`
`325 returns to step 710. Otherwise, method 650 ends.
`
`-16-
`
`0018
`
`

`
`PATENT
`
`The foregoing description of the preferred embodiments of the
`
`invention is by way of example only, and other variations of the
`
`above-described embodiments and methods are provided by
`
`the
`
`present invention. For example, although the invention has been
`
`5
`
`described in a system for protecting an internal computer network,
`
`the invention can be embodied in a system for protecting an
`
`individual computer. Components of this invention may be
`
`implemented using a programmed general purpose digital computer,
`
`using application specific integrated circuits, or using a network of
`
`10
`
`interconnected conventional components and circuits. The
`
`embodiments described herein have been presented for purposes of
`
`illustration and are not intended to be exhaustive or limiting. Many
`
`variations and modifications are possible in light of the foregoing
`
`teaching. The system IS limited only by the following claims.
`
`-17-
`
`0019
`
`

`
`PATENT
`
`WHAT IS CLAIMED IS:
`
`1
`
`1.
`
`A computer-based method for determining whether a
`
`2 Downloadable is hostile, comprising the steps of:
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`receiving a Downloadable;
`
`decomposing the Downloadable into Downloadable security
`
`profile data;
`
`companng the Downloadable security profile data against
`
`predetermined security policies to determine if a security policy has
`
`been violated; and
`
`discarding the received Downloadable when a security policy
`
`10
`
`has been violated.
`
`1
`
`2
`
`3
`
`4
`
`2.
`
`A computer-based method for protecting a computer from
`
`hostile Downloadables, comprising the steps of:
`
`receiving a Downloadable;
`
`discarding the received Downloadable when the received
`
`5 Downloadable matches a predetermined hostile Downloadable;
`
`6
`
`obtaining Downloadable security profile data on the received
`
`7 Downloadable when the Downloadable does not match a
`
`8
`
`predetermined hostile Downloadable; and
`
`-18-
`
`0020
`
`

`
`9
`
`discarding the received Downloadable when the Downloadable
`
`10
`
`security profile data violates a predetermined security policy.
`
`'PATENT
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`3.
`
`A system for determining whether a Downloadable is hostile,
`
`comprising:
`
`a security database storing security policies;
`
`an interface for receiving a current Downloadable;
`
`a code scanner, coupled to the interface, for decomposing the
`
`current Downloadable into Downloadable security profile data; and
`
`a comparator, coupled to the code scanner and to the security
`
`database, for comparing the security policies against the
`
`9 Downloadable security profile data to determine if a security policy
`
`10
`
`has been violated.
`
`1
`
`4.
`
`A system for protecting a computer from hostile
`
`2 Downloadables, compnsmg:
`
`3
`
`4
`
`5
`
`6
`
`an interface for receiving a Downloadable;
`
`a first memory portion storing security policies;
`
`a second memory portion storing known hostile Downloadables;
`
`a first comparator, coupled to the interface and to the first
`
`7 memory portion, for discarding the received Downloadable when it
`
`8 matches one of the known hostile Downloadables; and
`
`-19-
`
`0021
`
`

`
`9
`
`a second comparator, coupled to the first comparator and to the
`
`10
`
`second memory portion, for discarding the received Downloadable if
`
`11
`
`it violates one of security policies.
`
`PATENT
`
`1
`
`2
`
`3
`
`4
`
`5.
`
`A system for determining whether a Downloadable 1s hostile,
`
`comprising:
`
`means for rece1vmg a Downloadable;
`
`means for decomposing the Downloadable into Downloadable
`
`5
`
`security profile data;
`
`6
`
`7
`
`8
`
`9
`
`means for comparing the Downloadable security profile data
`
`against predetermined security policies to determine if a security
`
`policy has been violated; and
`
`means for discarding the received Downloadable when a
`
`10
`
`security policy has been violated.
`
`1
`
`6.
`
`A system for protecting a computer from hostile
`
`2 Downloadables, comprising:
`
`3
`
`4
`
`5
`
`means for receiving a Downloadable;
`
`means for discarding the received Downloadable when the
`
`received Downloadable matches a ·predetermined hostile
`
`6 Downloadable;
`
`-20-
`
`0022
`
`

`
`PATENT
`
`7
`
`8
`
`9
`
`10
`
`means for obtaining Downloadable security profile data on the
`
`received Downloadable when the Downloadable does not match a
`
`predetermined hostile Downloadable; and
`
`means for discarding the received Downloadable when the
`
`11 Downloadable security profile data violates a predetermined security
`
`12
`
`policy.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`7.
`
`A computer-readable storage medium storing program code for
`
`causmg a computer to perform the steps of:
`
`receiving a Downloadable;
`
`decomposing the Downloadable into Downloadable security
`
`profile data;
`
`companng the Downloadable security profile data against
`
`predetermined security policies to determine if a security policy has
`
`been violated; and
`
`discarding the received Downloadable when a security policy
`
`10
`
`has been violated.
`
`1
`
`2
`
`3
`
`8.
`
`A computer-readable storage medium storing program code for
`
`causing a computer to perform the steps of:
`
`receiving a Downloadable;
`
`-21-
`
`0023
`
`

`
`PATENT
`
`4
`
`discarding the received Downloadable when the received
`
`5 Downloadable matches a predetermined hostile Downloadable;
`
`6
`
`obtaining Downloadable security profile data on the received
`
`7 Downloadable when the Downloadable does not match a
`
`8
`
`9
`
`predetermined hostile Downloadable; and
`
`discarding the received Downloadable when the Downloadable
`
`10
`
`security profile data violates a predetermined security policy.
`
`-22-
`
`0024
`
`

`
`SYSTEM AND METHOD FOR PROTECTING A COMPUTER FROM HOSTILE
`
`PATENT
`
`DOWNLOAD ABLES
`
`ABSTRACT OF THE DISCLOSURE
`
`5
`
`A system protects a computer from hostile Downloadables. The
`
`system comprises an interface for receiving a Downloadable, a first
`
`memory portion storing. security policies and a second memory
`
`portion storing known hostile Downloadables. The system further
`
`comprises a first comparator, coupled to the interface and to the first
`
`10 memory portion, for discarding the received Downloadable when it
`
`matches one of the known hostile Downloadables. The system
`
`further comprises a second comparator, coupled to the first
`
`comparator and to the second memory portion, for discarding the
`
`received Downloadable if it violates one of security policies.
`
`-23-
`
`0025
`
`

`
`.~
`(,
`
`~
`~ :2_
`~
`
`\()
`
`-~ ~
`<.
`'
`~~ C)
`Vl
`-f ~ C"l
`j
`,-{ ~VI
`~
`£ ~
`--~
`~ ,_
`~
`'(]
`~ ~
`\~ ~
`- - -
`
`~
`s;:
`
`4
`><
`w
`
`'\
`
`6 0/ 0·3 063 9
`60/030639
`
`0%‘
`
`
`
`3L|§AV§\WQ10K-6
`
`{J
`
`DTum:GU
`
`\«4Ea3o0\M.W_
`
`.':;,~.
`<..
`~
`~
`2
`~
`;$
`Q_
`'
`<.::
`G
`0
`
`~
`s;:
`
`~
`'
`'t\
`
`0026
`
`0026
`
`
`

`
`()
`
`Q:\
`
`
`
`~»u.§L.N.rKmwN.EOLU
`
`kN_\3ru\_§Q©
`mayxL92%wZ
`
`c
`N
`N
`
`\j
`I
`
`_mwd
`
`67%.,.
`
`,.QU6.
`ji%Lrl
`
`las.\{.\1x1slJi.I:\§:Ln+xm.
`
`
`
`mxw.WJr__Wk\W+RH:§06Lw&\N.x\\$mr§L...QuN§\3E_;s.n.©.
`
`
`
`.023
`
`m/RN
`
`
`
`\.(I
`()
`«\
`
`----
`::5
`Q_
`()
`
`- ..
`60/o3063é
`60/030639
`
`·-
`
`-
`
`
`.&¥Lmmw_ul‘)_A
`DTWW/3:fi\§}QLCmwikm
`
`
`----~------."·-~--
`
`
`
`C)
`
`-
`
`I
`
`
`
`h.\0ICu)%Q\_SSEE00
`
`.»)6CL9+?fl
`
`~
`n
`~ \.()
`R/VJ
`>:
`~
`~ ......
`s v ~
`~ ~
`·- ,_ 0
`Ci v
`921%.
`1()-
`\.u.\U..Gm\v.L1«rLv,.\w.\.fi
`1~
`d <;::
`G
`'~~
`~ ~ <;;: f:
`xv
`$:
`<-.
`~~-
`~'f-Y-
`'
`' ~ s;:
`\l
`\-\0\--\
`l
`
`
`
`m..yL§1¥®Z
`
`L<...LbgQ\EQQVJȤ)..N\\CH
`
`0027
`
`0027
`
`
`
`

`
`60/030639
`60/030639
`
`-I
`
`--· _f
`i >
`
`Lu
`
`I
`I
`I_,
`7
`I
`I
`I
`I
`
`l -
`
`~ ~ $ <;::
`\m:\:.®Cw
`~~
`c \.0
`~
`~
`If\
`
`~)
`
`~--
`
`
`
`ngfiwvxsaggy
`
`.
`
`~
`·.:s--
`\'<
`_l ____ _
`
`l
`\
`'V'!
`
`I·~
`
`--
`
`l
`
`{
`
`~
`I
`I
`
`(
`
`l
`I
`
`\
`
`I
`
`0028
`
`0028
`
`
`

`
`60/030639
`. ,
`
`DoES"
`ili·IS APPLrr
`c 0 NT A til A COMMAWD
`__ _,_M_0_< w H 1 c. H v 1 o <..A "ft;:S A
`Cr t:E 1./e;f( lc.. S"E:C£4. r<.rtt
`PDL..L c '(
`7 .
`
`D t> cARD
`
`~Pf LEI
`
`r>oes
`(f.JIS' A:fPU:-r
`{VIAicH A.V AftL~
`___ ...t-,-__ 5(Jt.c I r cc AL-L-'{
`fv1/3AITIO /IF:b
`J)y A- SECc.t.l(.l t '(
`POL..( c y
`7 .
`
`0029
`
`

`
`a\
`
`0/Rm
`
`
`
`LU4r3Q>\<.0\.V._sm(L\W.rCfi
`
`.\§nC:L..\NP
`
`¥§s+¢2
`
`-
`
`---
`
`
`
`WfiQiwfinmgm
`
`:35my%3%Q\©3»3§£:38
`
`
`0m_m3.E..\.xfitom
`QSZWJEW.0.L0.T)D\N..\\M.Q
`
`®94+:®§mwW\GLLQQPwm
`
`
`
`
`
`60/0306
`
`9
`
`T
`
`~-
`
`.v:o.LH©0..pw.C.ub\/\
`
`L\.,uW\\V
`
`\W§.u®§.u¢W
`
`0030
`
`0030
`
`
`
`
`

`
`4Lf
`
`[)(,1,L«/V1t00_ag»0,b(‘C’/ ‘(*1 0 5
`/27:» C6Tx/'6
` 1 ,.
`é’t.a44.,_p,;-{,:-.,‘(7’@ [Dov/V\ !0a—0La../6
`
`H-’v
`
`1
`
`‘.
`
`¥r
`
`(L 0
`
`
`
` 5 T3 V1 r=f‘'U« 759
`
` —
`
`30/030639
`-’
`/Q00
`J7
`.I.
`C
`‘
`$25
`
`
`3'
`
`_______,__,..——z—’-'*'’‘''
`
`_.__N__m
`
`W;—H\ )0/76;:/Tou._«$(/'
`
`7V,/if/cfié’ Down Ioo«a&a«é>I«e./
`S’1”ar=€»pC ism,“ ramzwlas
`
`.
`W 5
`
`\L_;~._M_.-._...,w__._.”_._
`/ Oaqm/oafwex Re/ca
`
`
`Ye-s
`
`..-((;5o
`
`H
`
`
`
`
`(Vo
`
`\
`
`.
`~' 0t-fO
`'-,<:'
`/<not.vYI
`Knouul/I
`Non-· Hosf~{e. ""
`No;/mu Hos+?l6 \
`
`7
`De..co!V!po5e.- Do~~ I oo.do.bfc.--
`lllcaamposa Dot:/:1l£70.£Jlo»b{1‘)
`'inf-o D5 r c;lo:fc_
`J
`'m+o DE 10
`. ···-··---·--·~···--·-~-~---
`
`
`
`/Ze+r'·ieve.. ~)e.med
`Op-ero-+lot1 S
`
`
`
`
`
`$+o~r~
`
`Campaxta
`x S~ccL<,z,r'{’i"}/
`M17
`
`"M}5,55
`
`(~7o(7cF€/6
`
`(9690
`
`_
`
`Yes
`
`K’\.
`
`g//‘ \‘~.
`D 065
`0/oe,/~c2:h"an \/f'a[,,;f—g
`0.. S»e0.uur"x ‘T y
`Polfcy
`
`
`
`::7-010*“£)_2_L_»«./I/I IOadt/40/
`Pass bawm1mmo0Jo::;7— W5
`wn #wmE::”
`7,,&SJ,c'93‘/5
`
`
`
`
`
`
`
`I K600
`
`F’: mod
`
`5 2 S’
`N.-.“..............w\/....¢,...,
`
`5'}:-Lnab §r.4,ES‘lL’?+uff'I‘:’/
`Dav/V\ l0o~£A’zr.ub(~€« +0
`CT—m'?or*~ m (X/384“
`
`
`(930
`
`(/rC~:m0C
`
`0031
`
`0031
`
`

`
`6 O I 0-3 0 6 3 9
`
`;_.·:· '~ '
`
`Y'e:.s
`7:Zo
`----------- _____ __£_ ____ ---
`DeA.3-·ade/ O"""Vl c£ ~--~ ~ s1"e--r CoM maA~Jc;..U
`
`O~nd, GorVJ rYJa._,V\of_, Po._r--o . .AfVI·e/-t"-u-s
`0....-S DSP do:fo.-
`bo~s-e.d/ on
`UOtMfl1oAd/ C.Ao/ss ( flle- 1 1\1-e-i-wo-r-l<..
`
`A.A-e--YYwr-y / r::. Ptl-)
`
`\
`t \
`
`c- ( (")
`17
`\
`. __ _/, /
`
`0032
`
`

`
`31-0CT-1996 20:46
`
`FROM >'I NJR~I SOFTWARE
`
`TO
`
`001d'~8123444------
`
`P.07
`
`APP tlJ D l ""-
`
`Gateway Level Corporate Security for the
`New World of Java TM and Downloadables
`
`SurfinGate™ Means Business
`
`New downloadable technologies including Java™ and ActiveX™ present today's enterprises with
`expanded Intranet capabilities, but they also expose corporate computer resources to new kinds of
`security attacks. SurfinGaterM addresses the new computing paradigm with corporate-level security at
`the gatcwny kvcl for safe usc of Java <:md other Internet downloadablcs. An intelligent security solution
`for companies with access to the Internet, SurlinGatc Cunctions at the corporate gateway, where it
`intclligemly scans, digitally signs, and controls all downloadables before they access the network.
`S urtinGatc · s powerful entcqJrise-widc security is combined with efficient, centralized control of the
`company's Intranet computer users.
`
`SurfinGate offers corporate security managers the ability to:
`
`• Establish a security policy for use of Java applets and other Internet downloadables
`
`•
`
`•
`
`•
`
`Prevent loading of suspicious Java cipplets or ActiveX entities at the gateway level
`
`Prov1de corporate users with safe Internet access without having to disable downloadable technology
`such as Java or Act1veX
`
`Protect the corporate resources from damage or unauthorized access by downloadables
`
`SurfinGate addresses a new computing paradigm, where mini-applications called downloadables are
`automatically pushed into corporate Intranets unbelmownst to users. As Intranet users access the on(cid:173)
`line resources they need, the business enterprise is exposed to downloadable-transmitted risks like
`corporate espionage, e-mail fraud, or resource attacks. For the corporate security manager, the new
`paradigm's Java applets and ActivcX technologies represent serious new security threats that are
`simply not addressed by built-in security systems like the Java Security Manager. SurfinGate offers
`sophisticated security at the outem1ost gateway level, keeping potentially problematic applets
`completely outside of the corporate environment.
`
`SmiinGate functions:
`
`•
`
`•
`
`Intelligently scans. analyzes, and controls automatically downloaded Java applets or ActiveX entities
`
`Specifically executes corporate security policy as defined by the security manager via Security
`Management Console (SMC), including:
`
`0
`
`0
`
`0
`
`blocking out any applet that meets a suspicious applet profile
`
`positively identifying applets before allowing them into the system
`
`scanning applets for unauthorized actions and assigning appropriate applet security profile
`
`0033
`
`

`
`.· .. · ·.~x~~ -OCT -19'36
`~~-.)i:,i'
`
`FRml F I NJHN SOFTW!=lRE
`
`TO
`
`0014158123444------
`
`P.08
`
`o
`
`intelligently deciding appropriate access based on security policy guidelines and on apple!
`security profile
`
`0
`
`digitally signing acceptable applets before entry
`
`• Page 212
`
`0034
`
`

`
`FROM
`
`-I NJRi'l SOFTWRRE
`
`TO
`
`00lt' q123444------
`
`P.09
`
`Control and Security ji-om Three Different Perspectives
`The essence ofSudinGate's protective powers is aJhrce-fold checks and balances process that includes
`the profile generator, database, and Security Management Console. Incoming applets or objects are
`first "x-rayed" to expose any potential problems and are assigned a security profile. That profile is then
`checked against known hostile applets in the database, and is evaluated yet again with infonnation
`from the Security Management Console (SMC) to ensure that filtering precisely executes the
`company's security policy.)An integral part ofSurfinGate, the SMC allows corporate security
`managers specific control~over business groups or departments, including what resources