IPR2016-01071, No. 1004 Exhibit - US Patent Application Publication 20020066022A1 (P.T.A.B. May. 19, 2016)

(19) United States
`(12) Patent Application Publication (10) Pub. N0.: US 2002/0066022 A1
`Calder ct al.
`(43) Pub. Date:
`May 30, 2002
`
`US 20020066022A1
`
`(54) SYSTEM AND METHOD FOR SECURING AN
`APPLICATION FOR EXECUTION ON A
`COMPUTER
`
`(52) U.S. Cl.
`
`............................................................ .. 713/200
`
`(75)
`
`Inventors: Brad Calder, San Diego, CA (US);
`Andrew A. Chien, La Jolla, CA (US)
`
`C0rre5P0HdeHCe Address?
`KNOBBE MARTENS OLSON & BEAR I-LP
`620 NEWPORT CENTER DRIVE
`SIXTEENTH FLOOR
`NEWPORT BEACH’ CA 92660 (US)
`09
`/727,305
`
`(21) Appl. No.:
`
`(22)
`
`Filed:
`
`N0“ 29, 2000
`
`Publication Classification
`
`(51)
`
`Int. Cl.7 ................................................... .. G06F 12/14
`
`(57)
`
`ABSTRACT
`
`A system for securing an application for execution in a
`computer. In one embodiment, a preprocessor module modi-
`fies an application binary such that the application invokes
`an interception module in response to invoking certain
`system calls. The interception module prevents the applica-
`tion from adversely affecting the operating of a computer
`.
`.
`.
`.
`.
`that is executing the application. Furthermore, the intercep-
`
`tion module protects the contents of the application from
`improper access by a user of the computer. For example, the
`interception module transparently encrypts all files that are
`used by the application such that a user of the computer
`cannot improperly access these files.
`
`BEGIN
`
`COMPILE SOURCE
`
`CODE INTO OBJECT CODE
`
`PREPROCESS APPLICATION PACKAGE FOR
`EXECUTION IN THE SECURE CLIENT
`ENVIRONMENT
`
`
`APPLICATION MANAGER ON CLIENT RETRIEVES
`MODIFIED OBJECT CODE FROM SERVER
`
`
`
`INITIALIZE APPLICATION PACKAGE
`AND PATCH LIBRARIES
`
`‘ii
`
`1
`VIRTUALIZE INTERCEPTED CALLS
`DURING EXECUTION
`
`550
`
`560
`
`
`
`
`TRANSMIT RESULTS TO SERVER
`
`RETURN
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 1
`
` Exhibit 1004 Page 1
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 1 of 51
`
`US 2002/0066022 A1
`
`
`
`PREPROCESSNG
`MODULE
`
` /115
`SERVER
`APPUCKHONPACKAGE
`
`CUENT
`CUENT
`CUENT
`
`
`HG.1
`
`SYMANTEC
`
`EXNbh1004
`
`Page2
`
` Exhibit 1004 Page 2
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 2 of 51
`
`US 2002/0066022 A1
`
`110
`
`
`
`
`215
`
`MODIFIED BINARIES
`
`225
`
`MODIFIED LIBRARIES
`235
`MODIFIED CO6=IGURAT|ON
`FILES
`
`245
`MODIFIED DATA FILES
`
`————————————————————————— —— I 250
`EXECUTION ENVIRONMENT/I
`II
`INFORMATION
`DIRECTORYSTRUCTURES
`J
`SECURITYINFORMATION
`1I
`/ 260 ‘
`I
`3
`
`SYSTEM INFORMATION
`
`PREP ROC ESSOR
`MODULE
`
`IIII II I
`
`I
`NEW "1"":
`I
`
`210
`
`APPLICATION BINARY
`
`220
`LIBRARIES
`
`230
`
`CONFIGURATION FILES
`
`240
`
`DATA FILES
`
`FIG. 2
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 3
`
` Exhibit 1004 Page 3
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 3 of 51
`
`US 2002/0066022 A1
`
`NORMAL EXECUTION
`
`APPLICATION
`
`310
`
`INTERFACE j “STE”
`
`340
`
`350
`
`SYSTEM
`DLL's
`
`33°
`
`360
`
`370
`
`380
`
`320
`
`RESOURCE
`ALLOCATION
`AND
`D EALLOCATION
`
`
`
`REGISTRY
`
`OPERATING SYSTEM
`
`FILE
`SYSTEM
`
`OTHER
`ENVIRONMENT
`
`NETWORK
`
`GRAPHICS
`
`INTERFACES
`
`FIG. 3
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 4
`
` Exhibit 1004 Page 4
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 4 of 51
`
`US 2002/0066022 A1
`
`SECURE EXECUTION
`
`PREPROCESSED
`APPLICATION
`
`APPLICATION
`MANAGER
`
`415
`
`| V'*“”‘“'ZE”S*S*E”‘“*E*‘“‘°E
`
`(RESOURCES. FILES. DATA, NAMES
`
`S
`
`INTERCEPTED
`SYSTEM CALLS
`430
`
`42°
`
`435
`
`VI RTUALIZED
`REGISTRY
`
`VI RTUALIZED
`FILE SYSTEM
`
`425
`
`RESOURCE
`ALLOCATION
`AND
`DEALLOCATION
`
`320
`SYSTEM
`INTERFACE
`
`340
`
`RESOURCE
`ALLoCATIoN
`AND
`EJEALLOCATION
`
`SYSTEM
`DLL's
`
`350
`
`33°
`
`360
`
`370
`
`REGBTRY
`
`FILE
`SYSTEM
`
`OTHER
`ENVIRONMENT
`
`380
`
`390
`
`NETWORK
`
`GRAPHICS
`
`INTERFACES
`
`FIG. 4
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 5
`
`
`
`INTERFACES
`
`VIRTUALIZED
`OTHER
`ENVIRONMENT
`
`VIRTUAUZED
`NETWORK
`
`VIRTUALIZED
`GRAPHICS
`
` Exhibit 1004 Page 5
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 5 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`COMPILE SOURCE
`CODE INTO OBJECT CODE
`
`-2 510
`
`520
`
`°
`
`EXECUTION IN THE SECURE CLIENT
`
`ENVIRONMENT
`PREPROCESS APPLICATION PACKAGE FOR
`
`530
`
`APPLICATION MANAGER ON CLIENT RETRIEVES
`MODIFIED OBJECT CODE FROM SERVER
`
`AND PATCH LIBRARIES
`
`INITIALIZE APPLICATION PACKAGE
`
`550
`
`VIRTUALIZE INTERCEPTED CALLS
`
`DURING EXECUTION
`
`560
`
`TRANSMIT RESULTS TO SERVER
`
`RETURN
`
`FIG. 5
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 6
`
` Exhibit 1004 Page 6
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 6 of 51
`
`US 2002/0066022 A1
`
`520
`
`REWRITE BINARIES
`
`620
`
`
`
`
`
`MODIFY AND ADD ADDITIONAL
`EXECUTION
`ENVIRONMENT INFORMATION
`OF PACKAGE
`
`
`
`
`
`630
`
`ENCRYPT FILES
`
`OF APPLICATION PACKAGE
`
`640
`
`ENCRYPT FILENAM ES
`
`650
`
`ENCRYPT FILENAMES IN IMPORT
`
`TABLE
`
`/ 660
`
`ENCRYPT AND SIGN APPLICATION
`
`PAC KAG E
`
`RETURN
`
`FIG. 6
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 7
`
` Exhibit 1004 Page 7
`
` SYMANTEC
`
`

`
`Patent Application Publication
`
`May 30, 2002 Sheet 7 of 51
`
`US 2002/0066022 A1
`
`610
`
`/ 710
`
`SCAN FOR IMPROPER
`INSTRUCTIONS OR SEQUENCES
`
`
`
`
`IMPROPER
`INSTRUCTIONS
`AND SEQUENCES
`IDENTIFIED?
`
`
`
`REWRITE APPLICATION
`BINARY TO
`INTERCEPT IMPROPER
`SEQUENCES
`
`
`
`No
`
`740
`
`REWRITE IMPORT TABLE OF
`BINARIES TO ADD INTERCEPTION
`MODULE
`
`760
`
`
`
`
`STORE MODIFIED
`APPLICATION BINARY
`
`
`
`
`RETURN
`
`FIG. 7
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 8
`
` Exhibit 1004 Page 8
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 8 of 51
`
`US 2002/0066022 A1
`
`620
`
`BEGIN
`
`ADD INTERCEPTION
`MODULE TO APPLICATION
`PACKAGE
`
`
`
`
`ADD SECURITY
`INFORMATION TO
`APPLICATION PACKAGE
`
`
`
`
`
`PROVIDE VIRTUAL
`ENVIRONMENTAL SETTINGS
`FOR SYSTEM DATABASE
`
`PROVIDE VIRTUAL SYSTEM
`MODULES TO ALLOW
`APPLICATION PACKAGE TO
`EXECUTE ON NON-NATIVE
`PLATFORMS
`
`
`
`
`REMOVE SELECTED FILES
`FROM APPLICATION
`PACKAGE
`
`
`
`OBFUSCATE DIRECTORY
`STRUCTURE
`
`FIG. 8
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 9
`
` Exhibit 1004 Page 9
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 9 of 51
`
`US 2002/0066022 A1
`
`e 540
`
`BEGIN
`
`910
`
`APPLICATION MANAGER REQUESTS
`OPERATING SYSTEM TO EXECUTE
`APPLICATION PACKAGE
`
`
`
`
`
`920
`
`OPERATING SYSTEM LOADS ALL LIBRARIES
`
`IDENTIFIED BY IMPORT TABLES INTO MEMORY
`
`930
`
`OPERATING SYSTEM EXECUTES
`INITIALIZATION ROUTINE OF DEFAULT
`
`SYSTEM LIBRARIES
`
`940
`
`OPERATING SYSTEM EXAMINES IMPORT
`TABLE AND EXECUTES INITIALIZATION
`ROUTINE OF THE INTERCEPT MODULE FIRST
`
`
`
`
`
`6
`
`PATCH LOADED LIBRARIES
`
`960
`
`950
`
`MAKE ALL CODE PAGES EXECUTE ONLY AND
`REMOVE ALL EXECUTION PRIVILEGES FROM
`REMAINING PAGES
`
`
`
`
`
`970
`
`0 INITIALIZE VIRTUAL SYSTEM DATABASE
`
`980
`
`START VIRTUAL MACHINE COMMUNICATION
`THREAD
`
`OPERATING SYSTEM EXECUTES
`INITIALIZATION ROUTINES OF OTHER
`
`LIBRARIES IN THE IMPORT TABLE
`
`FIG. 9
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 10
`
` Exhibit 1004 Page 10
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 10 of 51
`
`US 2002/0066022 A1
`
`950
`
`BEGIN
`
`
`
`
`
`/// 1010
`CREATE AN AVAILABLE LIST OF
`ROUTINES BASED UPON ALL
`SYSTEM ROUTINES LISTED BY
`THE EXPORT TABLE OF THE
`LIBRARY BEING PROCESSED
`
`
`
`1020
`
`
`
`CREATE A SHUTDOWN LIST BY
`DELETING FROM AVAILABLE LIST
`ALL SYSTEM ROUTIN ES
`MAINTAINED BY INTERCEPT
`MODULE
`
`
`
`
`1030
`
`INTERCEPT ROUTINES IN
`
`SHUTDOWN LIST SO THAT THEY
`INVOKE AN ERROR HANDLING
`ROUTINE
`
`/// 1040
`
`INTERCEPT ALL ROUTINES
`IDENTIFIED BY VIRTUAL LIST
`
`1050
`
`ROUTINES IN MEDIATED LIST ARE
`NOT MODIFIED
`
`RETU RN
`
`FIG. 10
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 11
`
`
`
` Exhibit 1004 Page 11
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 11 of 51
`
`US 2002/0066022 A1
`
`1040
`
`BEGIN
`
`1110
`
`RETRIEVE START ADDRESS OF
`
`ROUTINE TO BE INTERCEPTED
`
`1120
`
`RETRIEVE START ADDRESS OF
`
`THE WRAPPER ROUTINE
`
`1130
`
`CREATE A DYNAMIC VERSION OF
`
`THE INTERCEPTED ROUTINE
`
`1140
`
`SET PAGE ATTRIBUTES OF
`DYNAMICALLY CREATED CODE TO
`
`EXECUTE ONLY
`
`REPLACE ORIGINAL ROUTINE
`WITH NO-OPS ENDING WITH
`ERROR CODE
`
`CHANGE ENTRY POINT OF
`INTERCEPTED ROUTINE TO
`DIRECTLY POINT TO WRAPPER
`ROUTINE
`
`1150
`
`1160
`
`1170
`
`MODIFY VARIABLE USED BY
`WRAPPER ROUTINE TO POINT TO
`DYNAMICALLY CREATED ROUTINE
`
`RETU RN
`
`FIG. 11
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 12
`
` Exhibit 1004 Page 12
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 12 of 51
`
`US 2002/0066022 A1
`
`970
`
`BEGIN
`
`1210
`
`
`
`
`
`OPEN VIRTUAL DATABASE
`
`
`
`
`SHOULD
`1220
`
`APPLICATION
`CREATE NEW
`DATABASE?
`
`Yes
`
`1230
`
`"‘°
`
`DATABASE EXIST?
`
`
`
`Yes
`
`CREATE VIRTUAL
`DATABASE
`
`COPY PREDEFINED
`LIST NON-CHANGED
`KEYS FROM SYSTEM
`DATABASE TO
`
`SYSTEM DATABASE
`
`READ PREDEFINED
`LIST OF MASKED
`KEYS FROM REAL
`
`COMPLETELY OR PARTIALLY
`CHANGE DATA USING PREDEFINED
`DATA FOR DATABASE TABLE
`MAINTAINED BY INTERCEPT
`MODULES
`
`
`
`WRITE THE NEW
`
`CHANGED DATA TO
`VIRTUAL DATABASE
`
`RETURN
`
`
`
`FIG‘ 12
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 13
`
` Exhibit 1004 Page 13
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 13 of 51
`
`US 2002/0066022 A1
`
`550
`
`BEGIN
`
`
`
`LIBRARY
`
`REQUEST
`
`1335
`
`1355
`
`NETWORK
`REQUEST
`
`RESOURCE
`
`REQUEST
`
`DATABASE
`
`
`
`..:I...I:II.:5
`
`FILE
`SYSTEM
`
`1360
`
`1330
`
`1345
`
`GRAPHICS
`
`SHUTDOWN
`
`1 340
`
`e MACHINE
`SPECIFIC
`
`INFORMATION
`[3 CALLED
`
`1350
`
`RAISE AN ERROR
`IDENTIFYING
`WHICH ROUTINE
`
`1325
`
`END
`
`END
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 14
`
`EXCEPTION
`
`PROCESS
`CREATE AND
`TERMINATE
`
`
`
`MODIFY PAGE
`PERMISSIONS
`
`THREAD QUERY
`
`FIG. 13
`
` Exhibit 1004 Page 14
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 14 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`1405
`
`1410
`
`OPEN
`
`IDENTIFY TYPE OF
`FILE SYSTEM
`REQUEST
`
`
`
`1415
`
`READ OR
`WRITE
`
`1420
`
`MAP FILE TO
`MEMORY
`
`Q 1480
`
`Yes
`
`DO NOT
`MODIFY CALL
`
`
`
`
`
`
`IS FILE
`
`TO BE OPENED IN
`A PRE-DEFINED
`
`LIST?
`
`
`No
`
`1445
`
`IS FILE TO BE
`
`OPENED IN
`SANDBOX
`DIRECTORY?
`
`
`No
`
`Yes
`
`1450
`
`
`
`ENCRYPT
`FILENAME
`
`
`
` 1430
`
`
`9
`
`ROUTINES
`
`THAT RETURN
`A FILENAME
`
`1425
`UNMAP FILE 0
`FROM
`MEMORY
`
`CREATE VIRTUAL AND
`DOES FILE
`ENCRYPTED FILENAME TO
`EXIST AND DOES
`REDIRECT IT TO SANDBOX
`REMOVE
`wR|TE
`IT CONTAIN
`EXECUTABLE
`pR;V”_E(3Es
`CODE?
`FROM OPEN
`
`COMMAND
`
`
`
`
`
`1455
`
`
`
`DOES
`
`DIRECTORY
`
`
`IN FILENAME EXIST
`IN VIRTUAL ROOT
`
`TREE’?
`
`
`
`
`CREATE
`DIRECTORIES IN
`VIRTUAL TREE
`
`FIG. 14
`
`
`
`CALL ORIGINAL
`OPEN AND RETURN
`HANDLE
`
`RETURN
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 15
`
` Exhibit 1004 Page 15
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 15 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`
`
`
`
`
`1510
`
`IS EXCEPTION AN
`
`ACCESS VIOLATION AND
`
`
`FALLING WITHIN ONE OF
`
`
`MEMORY MAPPED
`VIRTUAL BUFFERS?
`
`
`
`PASS ON EXCEPTION
`
`1550
`
`1560
`
`IF EXCEPTION IS NOT
`HANDLED BY THE
`APPLICATION, THEN NOTIFY
`A VIRTUAL MACHINE TH READ
`
`
`
`IDENTIFY BLOCK
`CORRESPONDING TO
`ADDRESS CAUSING
`EXCEPTION
`
`
`
`
`
`DECRYPT BLOCK FROM
`
`REAL BUFFER COPYING IT
`TO THE VIRTUAL BUFFER
`
`
`
`
`MODIFY VIRTUAL MEMORY
`BLOCK PROTECTION FLAG
`TO BE ACCESSIBLE
`
`RETURN
`
`FIG. 15
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 16
`
` Exhibit 1004 Page 16
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 16 of 51
`
`US 2002/0066022 A1
`
`ENCRYPT FILENAME
`
`LOADED
`
`LOAD LIBRARY "NAME" INTO
`MEMORY IF NOT ALREADY
`
`HAS FILE BEEN
`MODIFIED?
`
`1630
`
`
`No
`
`1610
`
`“
`
`1620
`
`Yes
`
`1650
`
`CHECK FOR IMPROPER
`INSTRUCTION
`
`SEQUENCES
`
`1640
`
`@
`
`RECURSIVELY LOAD ALL
`LIBRARIES THAT SELECTED
`
`LIBRARY DEPENDS UPON IN °
`
`ITS IMPORT TABLE LIST INTO
`k4EIA(3FQ\/IF IJC)T'/\LF2EDA[)\/
`
`LOADED
`LIBRARIES
`
`PATCH LOADED
`
`MAKE CODE PAGES
`EXECUTE ONLY AND
`REMOVE ALL EXECUTION
`PRIVILEGES FROM
`REMAINING NEW PAGES
`
`EXECUTE DLL INITIALIZATION
`OF ALL LOADED LIBRARIES
`
`1665
`
`1670
`
`END
`
`FIG. 18
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 17
`
` Exhibit 1004 Page 17
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 17 of 51
`
`US 2002/0066022 A1
`
`@
`
`Yes
`
`VIRTUAL MEMORY SPACE
`ALLOCATED CONTAINING THOSE
`IMPROPER SEQUENCES NOT
`INTERCEPTED WILL BE SET SUCH
`
`THAT IT CANNOT BE EXECUTED
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 18
`
`CHECK FILE FOR IMPROPER
`INSTRUCTION SEQUENCES
`
`INTERCEPT IMPROPER
`
`SEQUENCES THAT WERE FOUND
`
`
`
`WERE THERE
`
`ANY IMPROPER
`SEQUENCES OF
`
`INSTRUCTION NOT
`INTERCEPTED?
`
`173°
`
`
`
`No
`
`END
`
`FIG. 17
`
` Exhibit 1004 Page 18
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 18 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`1805
`
`1815
`
`1825
`
`1835
`
`1845
`
`1855
`
`1855
`
`ACCEPT
`
`SEND TO
`
`RECEIVE
`FROM
`
`SHUT-
`DOWN
`
`SOCKET
`
`CONNECT
`
`QUERY
`
`1810
`
`1820
`
`1830
`
`1840
`
`1850
`
`1860
`
`1870
`
`SEND
`
`RECEIVE
`
`CLOSE
`
`SELECT
`
`BIND
`
`LISTEN
`
`UPDATE
`
`FIG. 18
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 19
`
` Exhibit 1004 Page 19
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 19 of 51
`
`US 2002/0066022 A1
`
`ACCEPT
`
`BEGIN
`
`1905
`
`
`IS
`
`ADDRESS
`IN APPROVED
`
`LIST?
`
`1945
`
`RAISE VIRTUAL
`MACHINE
`
`ERROR
`
`LEVEL ERROR
`RETURN LOW
`
`1910
`
`
`
`IS
`
`SOCKET
`
`IN TABLE?
`
`
`
`
`
`
`IS OPTION
`BLOCKING?
`
`
`
`IS THERE
`AN ENTRY IN
`CONNECTION
`QUEUE?
`
`CREATE NEW ENTRY IN
`RETURN EMPTY
`
`SOCKET TABLE
`
`QUEUE STATUS
`
`
`
`INITIALIZE SOCKET STRUCTURE
`(LOCAL) WITH INPUT PARAMETERS
`TO ACCEPT
`
`
`
`
`
`
`
`E 1935
`I
`REMOVE ENTRY FROM CONNECT
`QUEUE AND INITIALIZE OPTIONS
`AND REMOTE SOCKET STRUCTURE
`FROM ENTRY
`
`
`
`
`
`
`ENQUEUE MESSAGE FOR PROXY
`SENDING BACK LOCAL SOCKET
`STRUCTURE TO REMOTE PROXY
`
`RETURN
`
`FIG. 19
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 20
`
`
`
`1915
`
`Na
`
`IS
`STATUS
`FLAG VALID FOR
`ACCEPT?
`
`
`
` Exhibit 1004 Page 20
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 20 of 51
`
`US 2002/0066022 A1
`
`BBB
`
`SEND
`
`SOCKET
`IN TABLE?
`
`YES
`
`RETURN LOW LEVEL
`ERROR
`
`RETURN LOW LEVEL
`ERROR
`
`
`
`WRITE BUFFER INTO SEND QUEUE
`
`
`
`NOTIFY PROXY
`
`
`
`RETURN
`
`FIG. 20
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 21
`
`2050
`
`
`
`
`
`STATUS
`VALID FOR
`SEND?
`
`
`
`
`
` Exhibit 1004 Page 21
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 21 of 51
`
`US 2002/0066022 A1
`
`SEND TO
`
`2170 2110
`
`RETURN
`ERROR
`
`IS
`
`DESTINATION
`ADDRESS
`VALID?
`
`
`
`IS
`
`SOCKET ID
`IN TABLE?
`
`No
`
`
`
`
`
`IS
`STATUS
`VALID FOR
`SEND?
`
`
`
`Yes
`
`2140
`
`UPDATE REMOTE SOCKET STRUCTURE IN
`SOCKET TABLE
`
`WRITE BUFFER INTO SEND QUEUE
`
`
`
`
`
`
`RETU RN
`
`
`
`NOTIFY
`PROXY
`
`FIG. 21
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 22
`
` Exhibit 1004 Page 22
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 22 of 51
`
`US 2002/0066022 A1
`
`RECEIVE
`
`BEGIN
`
`
`
`IS SOCKET
`IN TABLE?
`
`2210
`
`RETURN
`E RROR
`
`
`
`2220
`IS
`RECEIVE
`
`
`VALID GIVEN
`CURRENT
`
`STATUS?
` Yes
`
`
`
`N“
`
`w
`
`RETURN
`ERROR
`
`IS
`THERE AN
`ENTRY IN RECEIVE
`QUEUE?
`
`IS STATUS
`BLOCKING?
`
`
`
`
`
`
`
`RETURN
`STATUS
`
`
`
`Yes
`
`COPY INTO BUFFER UP TO
`AMOUNT SPECIFIED TO
`RECEIVE
`
`REMOVE CONSUMABLE
`ENTRIES FROM RECEIVE
`QUEUE
`
`RETURN NUMBER OF BYTES
`COPIED
`
`FIG. 22
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 23
`
` Exhibit 1004 Page 23
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 23 of 51
`
`US 2002/0066022 A1
`
`RECEIVE
`FROM
`
`ERROR
`IN TABLE?
`IS
`RECEIVE
`
`
`VALID GIVEN
`
`
`CURRENT
`
`STATUS?
`
`
`IS SOCKET
`
`RETURN
`
`/// 2310
`
`Yes
`
`Yes
`
`
`
`2320
`
`RETU RN
`ERROR
`
`N°
`
`IS
`THERE AN
`ENTRY IN RECEIVE
`QUEUE?
`
`'3 STATUS
`BLOCKING?
`
`RETURN
`STATUS
`
`COPY INTO BUFFER UP TO
`AMOUNT SPECIFIED TO
`RECEIVE
`
`REMOVE CONSUMABLE
`ENTRIES FROM RECEIVE
`QUEUE
`
`LOOKUP THE REMOTE
`ADDRESS AND UPDATE THE
`ARGUMENTS
`
`RETURN NUMBER OF BYTES
`COPIED
`
`FIG. 23
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 24
`
` Exhibit 1004 Page 24
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 24 of 51
`
`US 2002/0066022 A1
`
`CLOSE
`
`BEGIN
`
`
`
`IS
`SOCKET
`IN TABLE?
`
`2410
`
`
`
`
`
`
`
`
` 2450
`
`RETURN LOW LEVEL
`ERROR
`
`N°
`
`YES
`
`2460
`
`IS STATUS
`VALID FOR
`TERMINATION?
`
`RETURN LOW LEVEL
`ERROR
`
`
`
`
`Yes
`
`SET STATUS AS "TERMINATE" FOR
`TABLE ENTRY
`
`NOTIFY PROXY
`
`
`
`RETURN
`
`
`
`FIG. 24
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 25
`
` Exhibit 1004 Page 25
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 25 of 51
`
`US 2002/0066022 A1
`
`SHUTDOWN
`
`BEGIN
`
`
`
`
`
`2540
`
`Riga?”
`
`No
`
`SHUTDOWN? ERROR
`
`[S STATUS
`
`«
`
`2530
`
`[8 SOCKET
`IN TABLE?
`
`2520
`
`RETURN LOW
`LEVEL ERROR
`
`Yes
`
`2550
`
`CHANGE STATUS TO BE
`
`SHUTDOWN
`
`/ 2560
`
`NOTIFY PROXY
`
`RETU RN
`
`FIG. 25
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 26
`
` Exhibit 1004 Page 26
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 26 of 51
`
`US 2002/0066022 A1
`
`SELECT
`
`
`
`BEGIN
`
`WAIT FOR SPECIFIED DELAY TIME
`TO EXPIRE
`
`/ 2610
`
`
`
`2620
`
`2630
`
`GIVEN LIST(S) OF SOCKETS, FIND
`ALL SOCKET MEETING A GIVEN
`CONDITION
`
`MODIFY SOCKET LIST BASED ON
`QUERY
`
`/ 2840
`
`RETURN NUMBER OF SOCKETS
`THAT MEET CONDITION
`
`FIG. 26
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 27
`
` Exhibit 1004 Page 27
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 27 of 51
`
`US 2002/0066022 A1
`
`1845
`
`SOCKET
`
`BEGIN
`
`CREATE NEW ENTRY 1N
`SOCKET TABLE AND
`INITIALTZE ENTRY
`
`2710
`
`2720
`
`
`
`
`RETURN UNIQUE
`SOCKET ID
`
`FIG. 27
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 28
`
` Exhibit 1004 Page 28
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 28 of 51
`
`US 2002/0066022 A1
`
`BIND
`
`
`
`IS
`
`/ 2310
`NETWORK
`ADDRESS
`
`
`IN APPROVED
`LIST?
`
`
`2850
`
`RAISE VIRTUAL
`
`
`No
`MACHINE
`
`ERROR
`
`
`
`IS SOCKET
`IN TABLE?
`
`RETURN LOW
`LEVEL ERROR
`
`STORE THE PASSED
`NETWORK ADDRESS IN
`SOCKET STRUCTURE
`
`
`
`RETU RN
`
`
`
`FIG. 28
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 29
`
` Exhibit 1004 Page 29
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 29 of 51
`
`US 2002/0066022 A1
`
`CONNECT
`
`BEGIN
`
`
`
`2910
`
`IS ADDRESS
`
`IN APPROVED
`LIST?
`
`2960
`
`RAISE VIRTUAL
`
`MACHINE
`ERROR
`
`Yes
`
`
`
`
`
`
`
`NO
`
`RETURN LOW
`LEVEL ERROR
`
`Yes
`
`us STATUS
`
`FLAG
`‘C/3'dfi£C<3TFf)
`
`2930
`
`Yes
`J
`
`2940
`
`UPDATE STATUS FLAG ENTRY TO
`BE CONNECTING
`
`NOTIFY PROXY
`
`
`
`RETURN
`
`
`
`FIG. 29
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 30
`
`
`
`
`
`
`/ 2920
`
`N°
`
`IS SOCKET
`IN TABLE?
`
`RETURN LOW
`LEVEL ERROR
`
` Exhibit 1004 Page 30
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 30 of 51
`
`US 2002/0066022 A1
`
`LISTEN
`
`BEGIN
`
`
`
`
`
`
`3040
`
`IS SOCKET
`IN TABLE?
`
`RETURN LOW
`
`LEVEL ERROR
`
`YES
`
`3020
`
`
`
`IS STATUS
`FLAG VALID
`FOR LISTEN?
`
`RETURN LOW
`LEVEL ERROR
`
`
`
`
`
`UPDATE STATUS FLAG TO LISTEN
`AND INITIALIZE CONNECTION
`QUEUE
`
`
`
`RETURN
`
`FIG. 30
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 31
`
` Exhibit 1004 Page 31
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 31 of 51
`
`US 2002/0066022 A1
`
`QUERY
`
`BEGIN
`
`
`
`
`
`RETURN LOW
`LEVEL ERROR
`
`
`
`IS SOCKET IN
`
`SOCKET TABLE?
`
`REFRIEVE ENTRY FROM TABLE
`AND RETURN DATA
`
`FIG. 31
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 32
`
` Exhibit 1004 Page 32
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 32 of 51
`
`US 2002/0066022 A1
`
`UPDATE
`
`BEGIN
`
`
`
`3230
`
` IS SOCKET ID
`
`RETURN LOW LEVEL
`ERROR
`
`IN TABLE’?
`
`UPDATE STATUS OF CONDITIONS
`OR FLAGS
`
`
`
`RETURN
`
`FIG. 32
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 33
`
` Exhibit 1004 Page 33
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 33 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`//, 3310
`REFUSE TO MAKE PAGE
`WITH EXECUTION
`
`PRIVILEGES READABLE
`
`3320
`
`REFUSE TO MAKE PAGE
`WITH EXECUTION
`PRIVILEGES WRITEABLE
`
`3330
`
`
`
`
`
`I S
`ATTEMPT
`TO MAKE PAGE
`EXECUTABLE?
`
`No——
`
`3370
`
`
`
`
`
`Yes
`
`3340
`
`CHECK PAGE FOR
`IMPROPER
`INSTRUCTION
`SEQUENCES
`
`3350
`
`INTERCEPT IMPROPER
`SEQUENCES FOUND
`
`3380
`3360
`WERE
`REFUSE TO MAKE PAGES
`
`
`
`THERE ANY
`CONTAINING THESE
`IMPROPER SEQUENCES
`REMAINING NOT
`
`
`OF INSTRUCTIONS NOT
`INTERCEPTED IMPROPER
`INTERCEPTED?
`SEQUENCES EXECUTABLE
`
`
`
`
`
`
`
`
`
`No
`
`Yes
`
`
`
`MAKE PAGES WITH NO IMPROPER
`SEQUENCES OR ONES WITH ALL
`IMPROPER SEQUENCES
`
`INTERCEPTED AS EXECUTABLE
`
`END
`
`FIG. 33
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 34
`
` Exhibit 1004 Page 34
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 34 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`3405
`
`3415
`
`3430
`
`ROUTINES THAT
`DIRECTLY:
`
`- SHOW WINDOW OR
`
`- ACTIVATE
`
`MAKE ITVISIBLE
`' DRAW
`FOCUS
`.
`- PAINT ETC.
`’
`
`DISABLE ASPECTS OF
`ROUTINE THAT AFFECT
`
`ISIBLE ASPECT OF
`GRAPHICAL USER
`INTERFACE
`
`CREATE
`WINDOW OR
`NORMAL DIALOG
`BOX CREATION
`
`3420
`SET STYLE OF
`W"“D°W To
`"HIDE" OR
`
`"'NV‘s‘B'-E"
`
`3425
`CALL THE
`ORIGINAL
`CREATE
`ROUTINE
`
`SEND MESSAGES
`AND SET WINDOW
`PROPERTIES TO
`WINDOWS NOT IN
`APPLICATION
`PACKAGE ARE
`DISABLED
`
`CALL A
`WINDOW
`
`SET WINDOW
`PROPERTIES
`
`3445
`
`BEFORE CALLING
`
`THE REAL
`
`OPERATING
`SYSTEM ROUTINE,
`
`REMOVE THE
`WINDOW STYLES
`
`THAT:
`
`-
`SHOW IT
`
`- MAKE IT VISIBLE
`-
`ACTIVATE IT
`
`- MAKE IT THE
`
`FOCUS
`
`ETC.
`
`
`
`
`
`
`
`
`
`
`
`
`CREATE A
`MODAL
`
`DIALOG BOX
`
`3435
`
`DO N_oT CREATE
`MODAL DIALOG BOX.
`INSTEAD RETURN A
`RESULT MOST
`LIKELY TO
`CONTINUE
`EXECUTION
`
`3460
`
`COMMUNICATE
`DIALOG MESSAGE
`TO VM
`COMMUNICATION
`
`RETURN
`
`FIG. 34
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 35
`
`
`
`
`THREAD
`
` Exhibit 1004 Page 35
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 35 of 51
`
`US 2002/0066022 A1
`
`3560
`
`
`
`
`
`
`
`SAVE KEY
`
`RESTORE
`KEY
`
`3550
`
`@
`
`BEGIN
`
`3505
`
`3520
`
`3535
`
`3545
`
`OPEN KEY
`
`0
`
`QUERY
`
`VALUE
`
`3510
`
`CLOSE KEY
`
`DELETE
`
`QUERYKEY
`
`3530
`
`
`3540
`
`
`CREATE KEY
`
`
`
`SET VALUE
`
`
`
`3515
`
`9
`
`/
`DELETE KEY
`
`REEE$CE
`
`3525
`
`UPDATE KEY
`
`FIG. 35
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 36
`
` Exhibit 1004 Page 36
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 36 of 51
`
`US 2002/0066022 A1
`
`OPEN KEY
`
`BEGIN
`
`
`
` 3605
`
`LOOK IN VIRTUAL
`DATABASE FOR KEY
`
`
`
`
`
`IS KEY IN
`VIRTUAL
`DATABASE?
`
`Yes
`
`3635
`
`No
`
`3515
`
`IS KEY IN A
`
`PREDEFINED
`ALLOWABLE LIST?
`
`OPEN KEY IN REAL
`DATABASE
`
`Y“
`
`3640
`
`LOOK UP KEY IN
`PREDEFINED RUN-TIME
`CHANGE LIST
`
`CHANGE ALL VALUES IN
`PREDEFINED LIST
`
`3 5
`6 0
`
`WRITE KEY WITH ALL NEW
`AND UNCHANGED VALUES
`AND DATA TO VIRTUAL
`
`
`DATABASE 3645
`ALLOCATE A HANDLE IN VIRTUAL DATABASE
` DATABASE
`
`N0
`
`3620
`
`AK KEY V L
`IN E
`E
`' A UE’
`S RTF
`AND DATA IN VIRTUAL
`
`3625
`
`3630
`
`RETURN HANDLE
`
`RETURN
`
`FIG. 36
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 37
`
`
`
` Exhibit 1004 Page 37
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 37 of 51
`
`US 2002/0066022 A1
`
`CLOSE KEY
`
`BEGIN
`
` 3720
`
`REMOVE KEY FROM
`ALLOCATED LIST
`
`IS KEY ALLOCATED
`IN VIRTUAL DATABASE?
`
`
`
`/// 3730
`
` RETURN ERROR
`
`RETURN SUCCESS
`
`
`
`RETURN
`
`FIG. 37
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 38
`
` Exhibit 1004 Page 38
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 38 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`
`
`
`
`QUERY SYSTEM USING FILE
`HANDLE TO GET FILENAME
`
`
`
`READ OR WRITE
`FILE
`
`IS FILE
`
`ENCRYPTED?
`
`
`
`
`
`3860
`
`READ AND
`DECRYPT FILE
`BUFFER
`
`IS
`READ
`REQUEST?
`
`
`
`
`No
`(WRITE REQUEST)
`
`ENCRYPT AND WRITE
`FILE BUFFER
`
`
`
`RETU RN
`
`FIG. 38
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 39
`
` Exhibit 1004 Page 39
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 39 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`
`
`IDENTIFY ENCRYPTED
`BLOCKS CONTAINING
`REQUESTED DATA
`
`3910
`
`3920
`
`
`
`3930
`
`DECRYPT CONTENTS OF
`TEMPORARY BUFFER
`
`3940
`
`COPY DECRYPTED
`ADDRESS RANGE INTO
`ORIGINAL BUFFER
`
`
`
`RETURN
`
`
`
`FIG. 39
`
`SYMANTEC
`
`EXmbh1004
`
`Page40
`
`
`
`READ ENCRYPTED
`BLOCKS FROM FILE
`SYSTEM INTO A
`TEMPORARY BUFFER
`
`
`
` Exhibit 1004 Page 40
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 40 of 51
`
`US 2002/0066022 A1
`
`IDENTIFY ADDRESS RANGE
`TO BE WRITTEN TO
`
`READ ENCRYPTED BLOCKS CONTAINING
`CORRESPONDING ADDRESS RANGE
`FROM FILE SYSTEM INTO A TEMPORARY
`BUFFER
`
`DECRYPT CONTENTS OF
`TEMPORARY BUFFER
`
`4040
`
`COPY STORED BUFFER
`INTO TEMPORARY BUFFER
`
`4010
`
`
`
`
`
`
`
`4050
`
`4060
`
`ENCRYPT TEMPORARY
`BUFFER
`
`WRITE BUFFER TO DISK
`
`RETURN
`
`FIG. 40
`
`SYMANTEC
`
`EXNbh1004
`
`Page41
`
` Exhibit 1004 Page 41
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 41 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`4110
`
`LOAD AND MAP FILE INTO
`MEMORY
`
`
`
`
`
`HAS FILE BEEN
`MODIFIED?
`
`
`
`
`CHECK FOR IMPROPER
`INSTRUCTION SEQUENCES
`
`IS FILE
`ENCRYPTED?
`
`RESERVE A REGION WITHOUT
`ALLOCATING PHYSICAL
`RESOURCES
`
`
`
`
`STORE IN MEMORY MAPPED
`TABLE A POINTER TO VIRTUAL
`BUFFER, POINTER TO REAL
`BUFFER, SIZE AND HANDLE
`
`
`
`
`
`RETURN POINTER TO VIRTUAL
`ADDRESS BUFFER
`
`
`
`413°
`
`RETURN POINTER TO
`REAL BUFFER
`
`
`
`RETU RN
`
`FIG. 41
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 42
`
` Exhibit 1004 Page 42
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 42 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`4210
`
`LOAD AND MAP FILE
`INTO MEMORY
`
`ALTERNATE TO F|G.41)
`
`
`IS FILE
`ENCRYPTED?
`
`
`
`Yes
`
`4230
`
`/
`
`CREATE A VIRTUAL BUFFER
`CONTAINING DECRYPTED
`DATA FROM REAL BUFFER
`
`REAL BUFFER
`
`RETURN POINTER TO
`
`4240
`
`RETURN POINTER TO
`VIRTUAL BUFFER
`
`RETU RN
`
`FIG. 42
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 43
`
` Exhibit 1004 Page 43
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 43 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`
`
`4310
`
`IS BUFFER REAL
`BUFFER OR
`VIRTUAL?
`
`
`
`IDENTIFY WHICH PORTIONS
`OF BUFFER HAVE BEEN
`MODIFIED
`
`ENCRYPT IDENTIFIED
`PORTIONS OF MEMORY INTO
`REAL BUFFER
`
`
`
`CALL OPERATING SYSTEM
`WITH REAL BUFFER
`
`
`
`RETURN
`
`
`
`FIG. 43
`
`SYMANTEC
`
`.
`
`Exhibit1004
`
`Page 44
`
`. Exhibit 1004 Page 44
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 44 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`EXECUTE REQUESTED
`ROUTINE
`
`
`
`DECRYPT EACH OF THE
`RETURNED FILENAMES
`
`
`
`RETURN
`
`FIG. 44
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 45
`
` Exhibit 1004 Page 45
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 45 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`
`
` 4500
`
`IS FILE
`
`LOCATED IN NON-
`
`ENCRYPTED
`DIRECTORY?
`
`4510
`
`IDENTIFY ENCRYPTED
`PORTIONS OF PATHNAME
`USING PREFIX AND
`POSTFIX SYMBOLS
`
`4520
`
`DECRYPT THE ENCRYPTED
`PART OF THE PATHNAME
`
`
`
`4530
`
`ENCRYPT THE FULL
`PATHNAME
`
`RETURN
`
`FIG. 45
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 46
`
` Exhibit 1004 Page 46
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 46 of 51
`
`US 2002/0066022 A1
`
`TRADITIONAL
`SYTEM LAYOUT
`
`/ EXE FILE
`APP D18: DATAFILE
`
`UBRARY
`
`APP WORKSPACE
`
`C;——-—— SYSTEM FILES
`
`TMP
`
`FIG. 46
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 47
`
` Exhibit 1004 Page 47
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 47 of 51
`
`US 2002/0066022 A1
`
`VIRTUALIZED
`SYTEM LAYOUT
`
`EXE FILE
`
`APP DIRT? DATA FILE
`
`SANDBOX
`/ LAYER
`
`C_
`
`APPWORKSPACE < 01* TMP
`/T
`D2
`VIRTUAL ROOT
`
`SYSTEM FILE
`
`FIG. 47
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 48
`
` Exhibit 1004 Page 48
`
` SYMANTEC
`
`

`
`Patent Application Publication
`
`May 30, 2002 Sheet 48 of 51
`
`US 2002/0066022 A1
`
`zofiomzzoo
`
`mnmao
`
`n_m_hm_zzoom_o-
`
`omfiomzzoo-
`
`om:<z_s_mm_»-
`
`Z>>OD._.DIw-
`
`ozaom-
`
`OZ_._.0m_ZZO0-
`
`oz_>_mom_m-
`
`oz_zm:w_._-
`
`oz_ozm_m.-
`
`
`
`
`
`amfiomzzooz:-mabfimExoow
`
`
`
`Nmmvmmmvvmmvoumv
`
`
`
`
`
`
`
`m_._m<._.Exoom
`
`3.O_u_
`
`
`
`mmmmmmoo<v_mO>>._.mZ-
`
`w._O0O._.Omn_-
`
`wzO_._.n_O-
`
`oz_v_oo._m-
`
`._.Zm_>m_-
`
`>._:>_<u_.
`
`crewN_m¢
`
`«emu
`
`mmahoomhm
`
`mmEoswfim
`
`m_»o_2m_m
`
`Ezoow
`
`_.>m._.Zm_._
`
`
`
`Exoom._<0O._
`
`82
`
`m_n_>_.
`
`
`
`
`
`
`
` Exoom-Q.Ezoomm5o_z:-mmakoamhmExoom
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 49
`
` Exhibit 1004 Page 49
`
` SYMANTEC
`
`
`
`
`

`
`Patent Application Publication May 30, 2002 Sheet 49 of 51
`
`US 2002/0066022 A1
`
`
`
`
`
`SEND CREATE OR
`TERMINATE
`MESSAGE TO
`APPLICATION
`MANAGER WITH
`PROCESS ID
`
`IS EVENT
`PROCESS
`CREATE OR
`TERMINATE?
`
`
`
`
`
`
`SEND ERROR OR
`IS EVENT
`
`AN ERROR
`M ESSAG E TO
`OR DIALOG
`APPLICATION
`MANAGER
`MESSAGE?
`
`
`
`
`
`
`
`Yes
`
`PROCESS
`APPLICATION
`MANAGER EVENT
`
`IS EVENT
`
`FROM
`
`APPLICATION
`
`
`MANAGER’?
`
`
`
`
`Yes
`
`PROCESS
`
`APPLICATION EVENT
`
`IS EVENT
`FROM
`APPLICATION?
`
`
`
`
`
`4940
`
`UNKNOWN EVENT
`SEND ERROR TO
`
`APPLICATION MANAGER
`
`FIG. 49
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 50
`
`
`
` Exhibit 1004 Page 50
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 50 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`®
`
`5000
`
`PAUSE
`
`5005
`
`RESUME
`
`CHECKPOINT
`
`5040
`
`CALL RESUME THREAD
`ON ALL THREADS IN
`SUSPEND LIST
`
`5030
`
`5035
`
`REMOVE THREAD
`FROM SUSPEND LIST
`ONCE IT IS RESUMED
`
`No-'-
`
`
`
`DOES
`
`APPLICATION HAVE A
`"CHECKPOINT"
`
`
`ROUTINE?
`
`
`Yes
`
`CALL CHECKPOINT
`ROUTINE IN
`APPLICATION
`
`5045
`
`
`
`MAKE LIST OF
`ALL THREADS IN
`PROCESS
`
`REMOVE FROM LIST
`
`VM THREADS
`SUSPENDED THREADS
`
`SUSPEND ALL
`THREADS REMAINING
`IN THIS "SUSPEND"
`LIST
`
`STORE THE LIST OF
`
`5005
`
`5010
`
`5015
`
`5020
`
`5025
`
`RETURN SUCCESS OR FAILURE
`
`EVENT TO APPLICATION MANAGER
`
`FIG. 50
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 51
`
` Exhibit 1004 Page 51
`
` SYMANTEC
`
`

`
`Patent Application Publication May 30, 2002 Sheet 51 of 51
`
`US 2002/0066022 A1
`
`BEGIN
`
`
`
`
`
`
`PROGRESS
`RESULT FILE
`5‘°5
`COMPLETION
`
`SEND PROGRESS
`
`STATISTICS TO
`APPLICATION MANAGER SEND FINISHED RESULT
`FILENAME AND LOCATION
`TO APPLICATION MANAGER
`
`5115
`
`
`
`FIG. 51
`
`SYMANTEC
`
`Exhibit 1004
`
`Page 52
`
` Exhibit 1004 Page 52
`
`

This document is available on Docket Alarm but you must sign up to view it.

Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

Up-to-date information for this case.
Email alerts whenever there is an update.
Full text search for other cases.
Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.

Access Government Site

We are redirecting you
to a mobile optimized page.

Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket

Supplemental Search

Search for PTAB Motions

PTAB Analytics

TTAB Analytics

Basic Search

Filters

Party Search

Advanced

Selected Courts

Recently Selected Courts

Find PTAB Decisions

PTAB Analytics

Special PTAB Alerts

Orange Book

Directly Search Federal Courts

Search Trademark ...

This document is available on Docket Alarm but you must sign up to view it.

Accessing this document will incur an additional charge of $.

Still Working On It

A few More Minutes ... Still Working

This document could not be displayed.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

One Moment Please

Your document is on its way!

Sealed Document

We are redirecting youto a mobile optimized page.

Document Unreadable or Corrupt

We are unable to display this document.

STEP 2 of 2

Choose your membership type

Flat-Fee

Pay-As-You-Go

Add your payment information

Login or Join

Enter your corporate Email

Thousands of your peers are saving time and gaining a competitive advantage with Docket Alarm.

Join Docket Alarm to perform smarter legal research.

Download this document and millions of others instantly with a Docket Alarm membership.

Join Docket Alarm and start performing smarter legal research.

Start tracking this docket instantly with a Docket Alarm membership.

Join thousands of your peers and start performing smarter legal research.

STEP 1 of 2

Millions of Documents | 15 Seconds to Signup

Hi !

Welcome to Docket Alarm

Welcome to Docket Alarm!

Explore Litigation Insights andManage Your Cases

Reset Password

What is PACER?

Why do I need it?

What will I be charged?

Do other courts have fees?

Basic Free Access

Welcome

Thank you

Check Firm Account

We are redirecting you
to a mobile optimized page.

Explore Litigation Insights and
Manage Your Cases