111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US008677494B2
`
`c12) United States Patent
`Edery et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,677,494 B2
`*Mar. 18, 2014
`
`(54) MALICIOUS MOBILE CODE RUNTIME
`MONITORING SYSTEM AND METHODS
`
`(75)
`
`Inventors: Yigal Mordechai Edery, Pardesia (IL);
`Nirmrod Itzhak Vered, Goosh
`Tel-Mond (IL); David R. Kroll, San
`Jose, CA (US); Shlomo Touboul,
`Kefar-Haim (IL)
`
`(73) Assignee: Finjan, Inc., Wilmington, DE (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`This patent is subject to a terminal dis(cid:173)
`claimer.
`
`(21) Appl. No.: 13/290,708
`
`(22) Filed:
`
`Nov. 7, 2011
`
`(65)
`
`Prior Publication Data
`
`US 2012/0117651 Al
`
`May 10,2012
`
`Related U.S. Application Data
`
`(63) Continuation of application No. 12/471,942, filed on
`May 26, 2009, now Pat. No. 8,079,086, which is a
`
`(Continued)
`
`(51)
`
`(2006.01)
`(2006.01)
`(2006.01)
`
`Int. Cl.
`H04L29/06
`G06F 11130
`G06F 15116
`(52) U.S. Cl.
`USPC ............................................. 726/24; 713/175
`(58) Field of Classification Search
`None
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,562,305 A
`5,077,677 A
`
`12/1985 Gaffney, Jr.
`12/1991 Murphy et al.
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`
`7/1994
`0636977
`7/2000
`1021276
`(Continued)
`OTHER PUBLICATIONS
`
`Zhong, eta!., "Security in the Large: is Java's Sandbox Scalable?,"
`Seventh IEEE Symposium on Reliable Distributed Systems, pp. 1-6,
`Oct. 1998.
`
`(Continued)
`Primary Examiner- Christopher Revak
`(74) Attorney, Agent, or Firm- Bey & Cotropia PLLC
`ABSTRACT
`(57)
`Protection systems and methods provide for protecting one or
`more personal computers ("PCs") and/or other intermittently
`or persistently network accessible devices or processes from
`undesirable or otherwise malicious operations of Java TN
`applets, ActiveX™ controls, JavaScript™ scripts, Visual
`Basic scripts, add-ins, downloaded/uploaded programs or
`other "Downloadables" or "mobile code" in whole or part. A
`protection engine embodiment provides for monitoring infor(cid:173)
`mation received, determining whether received information
`does or is likely to include executable code, and if so, causes
`mobile protection code (MPC) to be transferred to and ren(cid:173)
`dered operable within a destination device of the received
`information. An MPC embodiment further provides, within a
`Downloadable-destination, for initiating the Downloadable,
`enabling malicious Downloadable operation attempts to be
`received by the MPC, and causing (predetermined) corre(cid:173)
`sponding operations to be executed in response to the
`attempts.
`
`18 Claims, 10 Drawing Sheets
`
`919
`
`""'
`
`Start
`
`Couple the mobile protection code,
`protection policies and received(cid:173)
`information to form a protection agent (e.g.
`MPC first, policies second, and Rl third)
`
`End
`
`BLUE COAT SYSTEMS - Exhibit 1001 Page 1
`
`

`
`US 8,677,494 B2
`Page 2
`
`Related U.S. Application Data
`
`continuation of application No. 11/370,114, filed on
`Mar. 7, 2006, now Pat. No. 7,613,926, which is a con(cid:173)
`tinuation of application No. 09/861,229, filed on May
`17, 2001, now Pat. No. 7,058,822, which is a continu(cid:173)
`ation-in-part of application No. 09/539,667, filed on
`Mar. 30, 2000, now Pat. No. 6,804, 780, which is a con(cid:173)
`tinuation of application No. 08/964,388, filed on Nov. 6,
`1997, now Pat. No. 6,092,194, said application No.
`09/861,229 is a continuation-in-part of application No.
`09/551,302, filed on Apr. 18, 2000, now Pat. No. 6,480,
`962, and a continuation of application No. 08/790,097,
`filed on Jan. 29, 1997, now Pat. No. 6,167,520.
`
`(60) Provisional application No. 60/205,591, filed on May
`17, 2000, provisional application No. 60/030,639, filed
`on Nov. 8, 1996.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5,263,147 A
`5,278,901 A
`5,311,591 A
`5,319,776 A
`5,359,659 A
`5,361,359 A
`5,398,196 A
`5,412,717 A
`5,414,833 A
`5,440,723 A
`5,452,442 A
`5,483,649 A
`5,485,409 A
`5,485,575 A
`5,524,238 A
`5,572,643 A
`5,579,509 A
`5,606,668 A
`5,621,889 A
`5,623,600 A
`5,623,601 A
`5,638,446 A
`5,675,711 A
`5,692,047 A
`5,692,124 A
`5,696,822 A
`5,720,033 A
`5,724,425 A
`5,740,248 A
`5,740,441 A
`5,761,421 A
`5,765,030 A
`5,765,205 A
`5,784,459 A
`5,796,952 A
`5,805,829 A
`5,809,230 A
`5,825,877 A
`5,832,208 A
`5,832,274 A
`5,850,559 A
`5,854,916 A
`5,859,966 A
`5,864,683 A
`5,867,651 A
`5,878,258 A
`5,881,151 A
`5,884,033 A
`5,889,943 A
`5,892,904 A
`5,951,698 A
`5,956,481 A
`5,958,050 A
`
`1111993 Francisco et a!.
`111994 Shieh et al.
`5/1994 Fischer
`6/1994 Hile eta!.
`10/1994 Rosenthal
`1111994 Tajalli eta!.
`3/1995 Chambers
`5/1995 Fischer
`5/1995 Hershey et a!.
`8/1995 Arnold eta!.
`9/1995 Kephart
`111996 Kuznetsov et a!.
`111996 Gupta eta!.
`111996 Chess eta!.
`6/1996 Miller eta!.
`1111996 Judson .......................... 709/218
`1111996 Furtney et al.
`2/1997 Shwed
`4/1997 Lermuzeaux et a!.
`4/1997 Ji eta!.
`4/1997 Vu
`6/1997 Rubin
`10/1997 Kephart et a!.
`1111997 McManis
`1111997 Holden et al.
`12/1997 Nachenberg
`2/1998 Deo
`3/1998 Chang et al.
`4/1998 Fieres eta!.
`4/1998 Yellin et al.
`6/1998 Van Hoff et a!.
`6/1998 Nachenberg eta!.
`6/1998 Breslau et a!.
`7/1998 Devarakonda et a!.
`8/1998 Davis et al.
`9/1998 Cohen et al.
`9/1998 Pereira
`10/1998 Dan eta!.
`1111998 Chen eta!.
`1111998 Cutler eta!.
`12/1998 Angelo et al.
`12/1998 Nachenberg
`111999 Hayman eta!.
`111999 Boebert et a!.
`2/1999 Dan eta!.
`3/1999 Pizi eta!.
`3/1999 Yamamoto
`3/1999 Duvall eta!.
`3/1999 Ji eta!.
`4/1999 Atkinson et al.
`9/1999 Chen eta!.
`9/1999 Walsh eta!.
`9/1999 Griffin et a!.
`
`9/1999 Chen eta!.
`5,960,170 A
`10/1999 Williams
`5,963,742 A
`10/1999 Nachenberg
`5,964,889 A
`10/1999 Golan
`5,974,549 A
`5,978,484 A
`1111999 Apperson et a!.
`1111999 Ji
`5,983,348 A
`5,987,611 A
`1111999 Freund
`5/2000 McManis
`6,070,239 A
`7/2000 Grecsek
`6,088,801 A
`7/2000 Tso eta!.
`6,088,803 A
`7/2000 Touboul
`6,092,194 A
`9/2000 Touboul
`6,125,390 A
`6,154,844 A
`1112000 Touboul et al.
`12/2000 Touboul
`6,167,520 A
`6,263,442 B1
`7/2001 Mueller eta!.
`112002 Beadle eta!.
`6,339,829 B1
`212002 Mueller eta!.
`6,351,816 B1
`7/2002 Arimilli et a!.
`6,425,058 B1
`8/2002 Arimilli et a!.
`6,434,668 B1
`8/2002 Arimilli et a!.
`6,434,669 B1
`1112002 Touboul
`6,480,962 B1
`6,487,666 B1
`1112002 Shanklin et a!.
`2/2003 Devireddy et a!.
`6,519,679 B2
`5/2003 Shaio eta!.
`6,571,338 B1
`7/2003 Ross eta!.
`6,598,033 B2
`1112003 Davis et al.
`6,643,696 B2
`5/2004 Brown eta!.
`6,732,179 B1
`10/2004 Touboul
`6,804,780 B1
`7/2005 Simon eta!.
`6,917,953 B2
`6/2006 Edery eta!.
`7,058,822 B2
`1112006 Porras et al.
`7,143,444 B2
`4/2007 Gryaznov et a!.
`7,210,041 B1
`12/2007 Buchthal et al.
`7,308,648 B1
`3/2008 Grabarnik et a!.
`7,343,604 B2
`8/2008 Touboul
`7,418,731 B2
`7,613,926 B2
`1112009 Edery eta!.
`112010 Edery eta!.
`7,647,633 B2
`8,079,086 B1 * 12/2011 Edery eta!. ..................... 726/24
`112003 Gupta eta!.
`2003/0014662 A1
`2003/0074190 A1
`4/2003 Allison
`2003/0101358 A1
`5/2003 Porras et al.
`2004/0073811 A1
`4/2004 San in
`2004/0088425 A1
`5/2004 Rubinstein et a!.
`2005/0050338 A1
`3/2005 Liang eta!.
`2005/0172338 A1
`8/2005 Sandu eta!.
`2006/0031207 A1
`2/2006 Bjarnestam eta!.
`2006/0048224 A1
`3/2006 Duncan eta!.
`2008/0066160 A1
`3/2008 Becker eta!.
`2010/0195909 A1
`8/2010 Wasson eta!.
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`JP
`wo
`wo
`wo
`wo
`wo
`
`4/2001
`9/2001
`10/1996
`10/1995
`12/1995
`5/1998
`7/2004
`7/2004
`
`1091276
`1132796
`08-263447
`95/27249
`95/33237
`98/21683
`2004/063948
`wo 2004/063948
`OTHER PUBLICATIONS
`
`................ G06F 1100
`
`.............. G06F 17/30
`
`Rubin, eta!., "Mobile Code Security," IEEE Internet, pp. 30-34, Dec.
`1998.
`Schmid, eta!. "Protecting Data From Malicious Software," Proceed(cid:173)
`
`ing of the 181h Annual Computer Security Applications Conference,
`pp. 1-10, 2002.
`Corradi, eta!., "A Flexible Access Control Service for Java Mobile
`Code," IEEE, pp. 356-365, 2000.
`International Search Report for Application No. PCT /IB97 /01626, 3
`pp., May 14, 1998 (mailing date).
`International Search Report for Application No. PCT/IL05/00915, 4
`pp., dated Mar. 3, 2006.
`Written Opinion for Application No. PCT/IL05/00915, 5 pp., dated
`Mar. 3, 2006 (mailing date).
`International Search Report for Application No. PCT /IBO 1101138, 4
`pp., Sep. 20, 2002 (mailing date).
`
`BLUE COAT SYSTEMS - Exhibit 1001 Page 2
`
`

`
`US 8,677,494 B2
`Page 3
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`International Preliminary Examination Report for Application No.
`PCT/IBOl/01138, 2 pp., dated Dec. 19,2002.
`Sitaker, Kragen, "Rapid Genetic Evolution of Regular Expressions"
`[online], The MialArchive, Apr. 24, 2004 (retrieved on Dec. 7, 2004),
`5 pp., Retrieved from the Internet: http://www.rnail-archive.com/
`kragen -tol@canonical.org/msg00097 .htrnl.
`"Lexical Analysis: DFA Minimization & Wrap Up" [online], Fall,
`2004 [retrieved on Mar. 2, 2005], 8 pp., Retrieved from the Internet:
`http:/ /www.owlnet.rice.edu/ -comp412/Lectures/L06Lex W rapup4.
`pdf.
`"Minimization ofDFA" [online], [retrieved on Dec. 7, 2004], 7 pp.,
`Retrieved from the Internet: http://www.cs.odu.edu/-toida/nerzic/
`390teched!regular/fa/min-fa.htrnl.
`"Algorithm: NFS -> DFA" [online], Copyright 1999-2001 [retrieved
`on Dec. 7, 2004], 4 pp., Retrieved from the Internet: http://rw4.cs.
`uni-sb.de/-ganimal/GANIFA/page16_e.htrn.
`"CS 3813: Introduction to Formal Languages and Automata-State
`Minimization and Other Algorithms for Finite Automata," 3 pp., May
`11, 2003, Retrieved from the Internet: http:/ /www.cs.msstate.
`edu/ -hansen/classes/3813fall0 llslides/06Minimize. pdf.
`Watson, Bruce W., "Constructing Minimal Acyclic Deterministic
`Finite Automata," [retrieved on Mar. 20, 2005], 38 pp., Retrieved
`from the Internet: http://www.win.tue.nl/-watson/2R870/down(cid:173)
`loads/rnadfa_algs.pdf.
`Chang, Chia-Hsiang, "From Regular Expressions to DFA's Using
`Compressed NFA's," Oct. 1992, 112 pp., http://www.cs.nyu.edu/
`web/Research/Theses/chang_chia-hsiang.pdf.
`"Products," Articles published on the Internet, "Revolutionary Secu(cid:173)
`rity for a New Computing Paradigm" regarding SurfinGate™, 7 pp.
`"Release Notes for the Microsoft ActiveX Development Kit," Aug.
`13, 1996, activex.adsp.or.jp/inetsdk/readme.txt, pp. 1-10.
`Doyle, et a!., "Microsoft Press Computer Dictionary," Microsoft
`Press, 2d Edition, pp. 137-138, 1993.
`Finjan Software Ltd., "Powerful PC Security for the New World of
`Java™ and Downloadables, Surfin Shield™," Article published on
`the Internet by Fin jan Software Ltd., 2 pp. 1996.
`Finjan Sofrtware Ltd., "FinjanAnnounces a Personal Java™ Firewall
`for Web Browsers-the SurfinShield™ 1.6 (formerly known as
`SurfinBoard)," Press Release of Finjan Releases SurfinShield 1.6, 2
`pp., Oct. 21, 1996.
`Finjan Software Ltd., "Finjan Announces Major Power Boost and
`New Features for SurfinShield™ 2.0," Las Vegas Convention Center/
`Pavillion 5 P5551, 3 pp., Nov. 18, 1996.
`Finjan Software Ltd., "Finjan Software Releases SurfinBoard, Indus(cid:173)
`try's First JAVA Security Product for the World Wide Web," Article
`published on the Internet by Fin jan Software Ltd., 1 p., Jul. 29, 1996.
`Finjan Software Ltd., "Java Security: Issues & Solutions," Article
`published on the Internet by Fin jan Software Ltd., 8 pp. 1996.
`Finjan Software Ltd., Company Profile, "Fin jan-Safe Surfing, The
`Java Security Solutions Provider," Article published on the Internet
`by Fin jan Software Ltd., 3 pp., Oct. 31, 1996.
`"IBM AntiVirus User's Guide, Version 2.4,", International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Khare, R., "Microsoft Authenticode Analyzed" [online], Jul. 22,
`1996 [retrieved on Jun. 25, 2003], 2 pp., Retrieved from the Internet:
`http://www.xent.com/FoRK-archive/smmer96/0338.htrnl.
`LaDue, M., Online Business Consultant: Java Security: Whose Busi(cid:173)
`ness is It?, Article published on the Internet, Home Page Press, Inc.,
`4 pp., 1996.
`Microsoft, "MicrosoftActiveX Software Development Kit" [online],
`Aug. 12, 1996 [retrieved on Jun. 25, 2003], pp. 1-6, Retrieved from
`the Internet: activex.adsp.or.jp/inetsdk/help/overview.htrn.
`Microsoft® Authenticode Technology, "Ensuring Accountability
`and Authenticity for Software Components on the Internet,"
`Microsoft Corporation, Oct. 1996, including Abstract, Contents,
`Introduction, and pp. 1-10.
`
`Microsoft Corporation, Web Page Article "Frequently Asked Ques(cid:173)
`tions About Authenticode," last updated Feb. 17, 1997, printed Dec.
`23, 1998, URL: http:/ /www.microsoft.com/workshop/security/
`authcode/signfaq.asp#9, pp. 1-13.
`Okamoto, E., eta!., "ID-BasedAuthentication System for Computer
`Virus Detection," IEEEIIEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`and pp. 1169-1170, URL: http://iel.ihs.com:80/cgi-bin/iel_cgi?se ..
`2ehts%26ViewTemplate%3ddocview%5 fb%2ehts.
`Omura, J. K., "Novel Applications of Cryptography in Digital Com(cid:173)
`munications," IEEE Communications Magazine, pp. 21-29, May
`1990.
`Zhang, X. N., "Secure Code Distribution," IEEEIIEE Electronic
`Library online, Computer, vol. 30, Issue 6, pp. 76-79, Jun. 1997.
`D. Grune, eta!., "Parsing Techniques: A Practical Guide," John Wiley
`& Sons, Inc., New York, New York, USA, pp. 1-326,2000.
`Scott, eta!., "Abstracting Application-Level Web Security," ACM, pp.
`396-407, 2002.
`Thunder Byte Antivirus for Windows.
`InterScan Virus Wall from Trend Micro.
`ViruSafe from Eliashim.
`Intel LANProtect from Intel.
`The Java Security Manager from Sun Micro systems.
`McAfee Web Shield.
`McAfee WebScan.
`McAfee VirusScan.
`McAfee N etShield.
`Dr. Solomon's Antivirus Toolkit for Windows 95.
`Dr. Solomon's Antivirus Toolkit for Windows NT.
`Dr. Solomon's WinGuard.
`Dr. Solomon's Virus Guard.
`Dr. Solomon's Virus Shield.
`Dr. Solomon's Virex.
`Dr. Solomon's "Merlin" Anti-Virus Engine.
`Dr. Solomon'siMcAfee "Olympus" Anti-Virus Engine.
`ActiveX Web Tutorial.
`Java FAQ (1995-1998).
`Norton AntiVirus TUfor Windows@95 User's Guide. Published by
`Symantec in 1995. (179 pages).
`Jaeger, at al., "Building Systems that Flexibly Control Downloadable
`Executable Content," ProceedinQs of the Sixth USENIX UNIX
`Security Symposium, Jul. 1996. (19 paQes).
`Rasmusson, Andreas and Jansson, Sverker, "Personal Security Assis(cid:173)
`tance for Secure Internet Commerce," Sep. 16, 1996. (12 pages).
`Bharat eta!. Migratory Applications• Nov. 15, 1995. (10 oaoes).
`Dean, Drew, eta!., "Java Security: From HotJava to Netscape and
`Beyond," 1996 IEEE Symposium on Security and Privacy, May 6,
`1996. (11 pages).
`Sterbenz, Andreas, An Evaluation of the Java Security Model,• IEEE,
`Dec. 1996. fl3pages).
`Fritzinger, J. Steven, eta!., Java Security,• Sun Microsystems, Dec.
`1996 (7 paQes).
`Bank Joseoh A. "Java Security," Dec. 8, 1995. (14 paoes).
`Claunch, "Java Blocking," http://groups.google.com/group/muc.
`lists.firewalls/msg/2a5ec02e00a37071. Sep. 25, 1996. Accessed
`date: May 10, 2011. (2 paces).
`Chappell, •Understanding ActiveX and OLE: A Guide for Develop(cid:173)
`ers and Managers (Strategic Technology), Sep. 1, 1996, Microsoft
`Press. (91 pages).
`Crosbie, eta!., "Active Defense of a Computer System Using Autono(cid:173)
`mous Agents". Feb. 15, 1995. (14 pages).
`"Trend Micro's Virus Protection Added to Sun Microsystems Netra
`Internet Servers,"Business Wire, Oct. 1, 1996, available at http://
`www.cs.indiana. edu/ -kinzler/pubs/viruswall.htrnl.
`"Symantec Announces Norton Antivirus 2.0 for Windows NT,"
`Symantec Corporation press release, Sep. 16, 1996, available at http:/
`Iwww.symantec.comlabout/news/release/article.jsp?prid~
`19960916 01.
`"Dark Avenger Mutation Engine No Threat to Protected PCs,"
`McAfee, Inc. press elease, May 11, 1992, available at http://
`securitydigest.org/virus/mirror/www.phreak.orgvirus1/1992/
`vin105.191.
`
`BLUE COAT SYSTEMS - Exhibit 1001 Page 3
`
`

`
`US 8,677,494 B2
`Page 4
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`"Dark Avenger Mutation Engine No Threat to Protected PCs,"
`McAfee, Inc. press elease, May 11, 1992, available at http://
`securitydigest.org/virus/mirror/www.phreak.orgvirus1/1992/
`vinl05.191.
`Gryaznov, D.O., "Scanners ofthe Year 2000: Heuristics," Proceed(cid:173)
`ings ofthe Fifth International Virus Bulletin Conference, pp. 225-234
`(1995), available at http://vxheavens.comllib/adgOO.html.
`"Symantec Announces Norton Internet Email Gateway at Internet
`World-Booth# 369 on Dec. 11, 12, and 13," Symantec Corporation
`press release, Dec. 11, 1996, available at http:/ Iwww.symantec
`. comlaboutlnews/release/article.jsp?prid~ 19961211_03.
`"Presenting Java," by John Dec. (1995).
`"The Java Language Specification" by Gosling, et a!. ( 1996).
`"The Java Progranuning Language," by Ken Arnold and James Gos(cid:173)
`ling (1996).
`"The Java Virtual Machine Specification," by Tim Lindholm and
`Frank Yellin (1997).
`"Computer Viruses and Artificial Intelligence," by David Stang (Sep.
`1995).
`"Java Security and a Firewall Extension for Authenticity Control of
`Java Applets," by Magnus Johansson (Jan. 29, 1997).
`"Static Analysis of Programs With Application to Malicious Code
`Detection," by Raymond Lo (1992).
`File History for U.S. Patent No. 6,804,780.
`"Virus Detection Alternatives," by Patrick Min (Jul. 1992).
`"Dynamic Detection and Classification of Computer Viruses Using
`General Behaviour Patterns," by LeCharlier, eta!. (Sep. 1995).
`The Giant Black Book of Computer Viruses by Mark Ludwig ( 1995).
`HotJava: The Security Story.
`The Java Filter.
`"A Java Filter," by Balfanz, eta!.
`"Improved JavaScript and Java Screening Function," by Claunch
`(May 4, 1996).
`"New Version of Java, JavaScript, ActiveX Screening," by Claunch
`(Jul. 3, 1996).
`"A Toolkit and Methods for Internet Firewalls," by Ranum, eta!.
`"Identifying and Controlling Undesirable Program Behaviors," by
`Maria King.
`"PACLI's: An Access Control List Approach to Anti-Viral Security,"
`by Wichers, et a!.
`Endrijonas, Janet, Rx PC The Anti-Virus Handbook. Published in the
`U.S. in 1993 by TAB Books, a division of McGraw-Hili, Inc. (20 1
`paQes).
`"Secure Code Distribution," by X. Nick Zhang (Jun. 1997).
`IBM AntiVirus User's Guide (Nov. 15, 1995).
`"Breadth of Runtime Environments and Security Make Java a Good
`Choice for the Internet" (1996).
`Omura, Jim K., "Novel Applications of Cryptography in Digital
`Communications," IEEE Communications Magazine, pp. 21-29,
`May 1990.
`Okamoto, E., eta!., "ID-BasedAuthentication System for Computer
`Virus Detection," IEEE/IEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`and pp. 1169-1170, URL: http:/ /iel.ihs.com:80/cgibinliel_cgi?se .
`2ehts%26ViewTemplate%3ddocview%5fb%2ehts.
`IBM AntiVirus User's Guide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Leach, Norvin, et al., "IE 3.0 Applets Will Earn Certification," PC
`Week, vol. 13, No. 29,2 pp., Jul. 22, 1996.
`"Finjan Software Releases SurfinBoard, Industry's First JAVA Secu(cid:173)
`rity product for the World Wide Web," Article published on the
`Internet by Fin jan Software Ltd., 1 p., Jul. 29, 1996.
`"Powerful PC Security for the New World of JAVATM and
`Downloadables, Surfin Shield™," Article published on the Internet
`by Fin jan Software Ltd., 2 pp. 1996.
`Microsoft® Authenticode Technology, "Ensuring Accountability
`and Authenticity for Software Components on the Internet,"
`Microsoft Corporation, including Abstract, Contents, Introduction,
`and pp. 1-10, Oct. 1996.
`
`Finjan Announces a Personal Java™ Firewall for Web Browsers(cid:173)
`the SurfinShield™ 1.6 (formerly known as SurfinBoard), Press
`Release ofFinjan Releases SurfinShield 1.6, 2 pp., Oct. 21, 1996.
`Company Profile, "Finjan-Safe Surfing. The Java Security Solutions
`Provider," Article published on the Internet by Fin jan Software Ltd.,
`3 pp., Oct. 31, 1996.
`"Finjan Announces Major Power Boost and New Features for
`SurfinShield™ 2.0," Las Vegas Convention Center/Pavilion 5 P5551,
`3 pp., Nov. 18, 1996.
`"Java Security: Issues & Solutions," Article published on the Internet
`by Fin jan Software Ltd., 8 pp., 1996.
`"Products," Article published on the Internet, 7 pp.
`Mark LaDue, "Online Business Consultant: Java Security: Whose
`Business Is It?," Article published on the Internet, Home Page Press,
`Inc., 4 pp., 1996 .
`Web Page Article,
`"Frequently Asked Questions About
`Authenticode," Microsoft Corporation, last updated Feb. 17, 1997,
`printed Dec. 23, 2998, URL: http://www.microsoft.com/workshop/
`security/authcodee/ signfaq.asp#9, pp. 1-13.
`Zhang, X.N., "Secure Code Distribution," IEEE/IEE Electronic
`Library online, Computer vol. 30, Issue 6, pp. 76-79, Jun. 1997.
`Binstock, Andrew, "Multithreading, Hyper-Threading, Multipro(cid:173)
`cessing: Now, What's the Difference?," httn: !hlv'\v\v-inteLcom!cd/
`ids!dcvdoQcr!asmo-na/enfl/20456.htm, Pacific Data Works, LLC,
`downloaded Jul. 7, 2008, 7 pp.
`VirexPC Version 2.0 or later from Microcom.
`AntiVirus Kit From 1 stAide Software.
`FluShot+ Series of Products by Ross Greenberg.
`Symantec Antivirus ofthe Mac version 3.0 or later.
`"Synthesizing Fast Intrusion Prevention/Detection Systems From
`High-Level Specifications," by Sekar, eta!. (1999).
`Art of Computer Virus Research and Defense b Peter Szor (Feb.
`2005).
`"Process Execution Controls as a Mechanism to Ensure Consis(cid:173)
`tency,'' by Eugen Bacic (1990).
`"Process Execution Controls: Revisited," by Bacic (1990).
`"A Flexible Access Control Service for Java Mobile Code," by Cor(cid:173)
`radi, et al. (2000).
`"Java Security: Issues & Solutions" ( 1996).
`"Microsoft Authenticode analyzed," by Rohit Khare (Jul. 22, 1996).
`"Java Security: Whose Business Is It?" by Mark LaDue (1996).
`Microsoft Authenticode Technology (Oct. 1996).
`"Mobile Code Security," by Rubin, eta!.
`"Protecting Data From Malicious Software," by Schmid, et al.
`"Security in the Large: Is Java's Sandbox Scalable?" by Zhong, et al.
`(Apr. 1998).
`"A Domain and type Enforcement UNIX Prototype," by Badger, et al.
`(Jun. 1995).
`"Heuristic Anti-Virus Technology," by Frans Veldman.
`"Standards for Security in Open Systems," by Warwick Ford ( 1989).
`"Secure File Transfer Over TCP/IP," by Brown, eta!. (Nov. 1992).
`"Standards in Commercial Security," by Nick Pope.
`"X.400 Security Features," by Tony Whyman.
`"Using CASE Tools to Improve the Security of Applications Sys(cid:173)
`tems," by Hosmer, eta!. (1988).
`"Miro: Visual Specification of Security," by Heydon, et al. (Oct.
`1990).
`"An Evaluation ofObject-Based Progranuning with Visual Basic," by
`Dukovic, et al. (1995).
`"Visual Basic 5.0 Significantly Improved," by W. Dennis Swift (Jun.
`1997).
`"Development of an Object Oriented Framework for Design and
`Implementation of Database Powered Distributed Web Applications
`With the DEMETER Project as a Real-Life Example," by Goschka,
`eta!. (1997).
`Detecting Unusual Program Behavior Using the Statistical Compo(cid:173)
`nent ofthe Nextgeneration Intrusion Detection Expert System
`(NIDES), by Anderson, et al. (May 1995).
`"A Generic Virus Scanner in C++," by Kumar, eta!. (Sep. 17, 1992).
`"A Model for Detecting the Existence of Software Corruption in Real
`Time," by Voas, et a!. ( 1993).
`"Protection Against Trojan Horses by Source Code Analysis," by
`Saito, eta!. (Mar. 1993).
`
`BLUE COAT SYSTEMS - Exhibit 1001 Page 4
`
`

`
`US 8,677,494 B2
`Page 5
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`Intelligence," by Righard
`
`"Information Agents for Automated Browsing," by Dharap, et a!.
`(1996).
`"Static Analysis Virus Detection Tools for Unix Systems," by
`Kerchen, eta!. (1990).
`"Managing Trust in an Information-Labeling System," by Blaze, et
`a!. (Nov. 4, 1996).
`List of Secure Internet Progranuning Publications from www.cs.
`printceton.edu.
`"A Guide to the Selection of Anti-Virus Tools and Techniques," by
`Polk, eta!. (Dec. 2, 1992).
`"An Integrated Toolkit for Operating System Security," by Rabin, et
`a!. (Aug. 1988).
`"A Web Navigator With Applets in Cam!," by Francois Ronaix (May
`1996).
`"Intel Launches Virus Counterattack," by Charles Bruno (Aug.
`1992).
`Intel LANProtect Software User's Guide (1992).
`"Parents Can Get PC Cruise Control," by George Mannes (Jul. 1996).
`"A New Techniques for Detecting Polymorphic Computer Viruses,"
`by Carey Nachenberg (1995).
`"Heuristic Scanners: Artificial
`Zwienenberg (Sep. 1995).
`Intel LANProtect, 30-Day Test Drive Version User's Manual.
`Slade, Robert, "Guide to Computer Viruses: How to a void Them,
`How to Get Rid of Them, and How to Get Help" (Apr. 1996).
`A Pathology of Computer Viruses by David Ferbranche (Nov. 1994).
`Earl Boebert's post to the greatcircle firewalls mailing list. Taken
`from
`http:/ /www.greatcircle.com/lists/firewalls/archive/firewalls.
`199410 (Oct. 16, 1994).
`CSL Bulletin: Connecting to the Internet: Security Considerations.
`Taken
`from http:/ /csrc.nist.gov/publications/nistbul/cs193-07 .txt
`(Jul. 1993).
`FAQ: Interscan ViruswalL Taken from http://\veb,archive.org/web/
`1997060 50 50331/www .. antivirus.corn/faq/finterscanfaq.htrnl
`(last
`updated Aug. 8, 1996).
`Network Security and SunScreen SPF-100: Technical White Paper,
`Sun Microsystems, 1995.
`"Why Do We Need Heuristics?" by Frans Veldman (Sep. 1995).
`"Leading Content Security Vendors Announce Support for Check
`Point F irewall-1.3 .0; New Partners for Anti-Virus Protection, URL
`Screening and Java Security," Business Wire, Oct. 7, 1996, available
`at http://www.allbusiness.comltechnolo gyl computernetworks(cid:173)
`computer -networksecurity 1727 4315 -1.htrnl#ixzz 1 gkbKf4g 1.
`"McAfee Introduces Web shield; Industry's First Secure Anti-Virus
`Solution for Network Firewalls: Border Network Technologies and
`Secure Computing to Enter into Web Shield OEM Agreements,"
`Business Wire, May 14, 1996, available at http://findarticles.comlp/
`articles/mi_mOEINiis_1996_May _14/ai_182834 561.
`"Trend Micro Announces Virus and Security Protection for Microsoft
`Proxy Server; Also Blocks Java Applets, ActiveX," Business Wire,
`Oct.
`29,
`1996,
`available
`at
`http:/ /www.thefreelibrary.
`com!Trend+Micro+announces+virus+and+security+protection+
`for+MicrosofL.-aOI881 0512.
`F inj an's Opposition to Websense' s Renewed Motion for Judgment as
`aMatterofLaw, dated Dec. 21,2012, fiiedinFinjan,lnc. v. Symantec
`Corp., Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS).
`Declaration of Paul Batcher Re Websense, Inc.s. Proffer of Evidence
`Re Laches, dated.Dec. 19, 2012, filed in Finjan, Inc. v. Symantec
`Corp., Sophos, Inc., and Websense, Inc., CA. No. 10-cv-593 (OMS)
`(Redacted Dec. 26, 20 12).
`Opposition to Symantec's Motion for JMOL, dated Dec. 17, 2012,
`filed in Fin) an, Inc. v. Symantec Corp., Sophos, Inc., and Websense,
`Inc., CA. No. 10-cv-593 (OMS) (Redacted Dec. 27, 2012).
`Omura, Jim K., "Novel Applications of Crypotgraphy in Digital
`Communications," IEEE Communications Magazine, pp. 21-29,
`May 1990.
`Okamoto, E., eta!., "ID-BasedAuthentication System for Computer
`Virus Detection," IEEEI lEE Electronic Library online, Electronics
`Letters, vol. 26, Issue 15, ISSN 0013-5194, Jul. 19, 1990, Abstract
`
`1169-1170, URL:
`pp.
`and
`http://iel.ihs.com:80/cgibin/iel
`cgi?se ... 2ehts%26ViewTemplate%3ddocview%5fb%ehts.
`IBM AntiVirus User's Ouide Version 2.4, International Business
`Machines Corporation, pp. 6-7, Nov. 15, 1995.
`Leach, Norvin, eta!., "IE 3.0 Applets Will Earn Certification," PC
`Week, vol. 13, No. 29, 2 pp., Jul. 22, 1996.
`Finjan Announces a Personal Java198 Firewall for Web Browsers(cid:173)
`the SurfinShield™ 1.6 (formerly known as SurfinBoard), Press
`Release ofFinjan Releases SurfinShield 1.6,2 pp., Oct. 21, 1996.
`Web Page Article,
`"Frequently Asked Questions About
`Authenticode," Microsoft Corporation, last updated Feb. 17, 1997,
`printed Dec. 23, 1998, URL: http://www.microsoft.com/workshop/
`security/authcodee/ signfaq.asp#9, pp. 1-13.
`Binstock, Andrew, "Multithreading, Hyper-Threading, Multipro(cid:173)
`cessing: Now, What's the Difference?," http://www.intel.com/cd/ids/
`developer/asmo-na/eng/20456.htm, Pacific Data Works, LLC, down(cid:173)
`loaded Jul. 7, 2008,7 pp.
`"Frequently Asked Questions About Authenticode," Microsoft Cor(cid:173)
`poration, updated Feb. 17, 1997.
`"WWWProxyto Cut Off Java," by Carl Claunch (Apr. 12, 1996).
`"Combating Viruses Heuristically," by Frans Veldman (Sep. 1993).
`"MCF: A Malicious Code Filter," by Lo, eta!. (May 4, 1994).
`Anti-Virus Tools and Techniques for Computer Systems by Polk, et
`a!. (1995).
`"Dynamic Detection and Classification of Computer Viruses Using
`General Behaviour Patterns," by LeCharlier, eta!. (Jul. 2, 1995).
`"Towards a Testbed for Malicious Code Detection," by Lo, et al.
`(1991).
`"Blocking Java Applets at the Firewall," by Martin, eta!.
`Virus Detection and Elimination by Rune Skardhamar (1996).
`Computer Viruses and Anti-Virus Warfare by Jan Hruska (1992).
`"Active Content Security," by Brady, eta!. (Dec. 13, 1999).
`"Low Level Security in Java," by Frank Yellin.
`"Email With a Mind oflts Own: The Safe-Tel Language for Enabled
`Mail," by Nathaniel Borenstein.
`"Mobile Agents: Are They a Good Idea?" by Chess, eta!. (Dec. 21,
`1994).
`"Remote Evaluation," by Stamos, eta!. (Oct. 1990).
`"Active Message Processing: Messages as Messengers," by John
`Vittal (1981).
`"Progranuning Languages for Distributed Computing Systems," by
`Bal, eta!. (Sep. 1989).
`"Scripts and Agents: The New Software High Ground," by John
`Ousterhout (Oct. 20, 1995).
`"The HotJava Browser: A White Paper".
`The Java Virtual Machine Specification, Sun Micro systems (Aug. 21,
`1995).
`"Security of Web Browser Scripting Languages: Vulnerabilities,
`Attacks and Remedies," by Anupam, et al. (Jan. 1998).
`"ActiveX and Java: The Next Virus Carriers?".
`"Gateway Level Corporate Security for the New World of Java and
`Downloadables" (1996).
`"Practical Domain and Type Enforcement for UNIX," by Badger, et
`a!. (1995).
`"A Sense of Self for Unix Processes," by Forrest, et a!. ( 1996).
`"Antivirus Scanner Analysis 1995," by Marko Helenius (1995).
`"State Transition Analysis: A Rule-Based Intrusion Detection
`Approach," by Ilgun, eta!. (Mar. 1995).
`"Automated Detection of Vulnerabilities in Privileged Programs by
`Execution Monitoring," by Ko, eta!. (1994).
`"Execution Monitoring of Security-Critical Programs in Distributed
`Systems: A Specification-BasedApproach," by Ko, et al. (1997).
`"Classification and Detection of Computer Intrusions," by Sandeep
`Kumar (Aug. 1995).
`ThunderBYTE Anti-Virus Utilities User Manual (1995).
`Doyle, et al., "Microsoft Press Computer Dictionary," Microsoft
`Press, 2nd Edition, pp. 137-138,1993.
`Schmitt, D.A., ".EXE files, OS-2 style," PC Tech Journal, vol. 6, No.
`11, p. 76(13), Nov. 1988.
`International Search Report for Application No. PCT/IB97/01626,
`dated May 14, 1999,2 pp.
`Supplementary European Search Report for Application No. EP 97
`950351, dated Nov. 17, 2004,2 pp.
`
`BLUE COAT SYSTEMS - Exhibit 1001 Page 5
`
`

`
`US 8,677,494 B2
`Page 6
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`File History for Canadian Application No. 2,275,771, 84 pp.
`File History for European Application No. 97950351.3, 58 pp.
`File History for Japanese Application No. 10-522345,48 pp.
`Lemay, Laura, et al., "Approach of Java Language, Applet, A WT and
`Advanced Apparatus," First Edition, 25 pp. (translated), Aug. 20,
`1996 (CS-NB-1999-00238-00 1).
`Order Construing the Terms of U.S. Patent Nos. 6,092,194;
`6,804,780; 7,058,822; 6,357,010; and 7,185,361,4 pp., Dec. 11,
`2007.
`PlaintifiFinjan Software, Ltd. 's Opening Claim Construction Brief,
`38 pp., Sep. 7, 2007.
`Defendant Secure Computing Corporation's Opening Claim Con(cid:173)
`struction Brief, 46 pp., Sep. 7, 2007.
`PlaintifiFinjan Software, Ltd. 's Answering Claim Construction
`Brief (Public Version), 45 pp., Sep. 28, 2007.
`Defendant Secure Computing Corporation's Responsive Claim Con(cid:173)
`struction Brief (Public Version), 37 pp., Sep. 28, 2007.
`Secure Computing Corporation's Disclosure of Prior Art Pursuant to
`35 U.S.c. § 282, 6 pp., Feb. 1, 2008.
`Stang, David J., "Computer Viruses and Artificial Intelligence," Virus
`Bulletin Conference, pp. 235-257, Sep. 1995.
`Johannsen, Magnus, "Java Security and a Firewall Extension for
`Authenticity Control of Java Applets," Thesis Proposal, Computer
`Science Department, University of Colorado at Colorado Springs, 5
`pp., Jan. 29, 1997.
`Joint Appendix oflntrinsic and Extrinsic Ev