.....
`
`Attorney docket no. ELG-P-9139US2
`
`~
`0
`.p,.
`w
`~
`~ 0
`c
`())- 0
`1:1 Applicants
`b
`
`U.S. Serial No.
`
`Filed
`
`Title
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Yigal Mordechai Edery et al.
`
`unknown
`
`herewith
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING
`SYSTEM AND METHODS
`
`V1'
`::::J/
`rrl'
`...D
`Ltl
`...D
`;:r-
`cr
`
`[]""'
`[]""'
`rn
`~ w
`. :
`
`\._
`
`Group Art Unit
`
`Examiner
`
`unknown
`
`unknown
`
`EXPRESS MAIL MAILING LABEL NUMBER EO 399946563 US, Date of Deposit: March 7. 2006
`
`I hereby certify that this paper or fee is being deposited with the United States Postal Service "Express Mail Post Office to Addressee"
`Service under 37 CFR 1.10 on the date indicated above and is addressed to the Commissioner for Patents, P.O. Box 1450, Alexandria, VA
`22313-1450.
`
`Andrew L. Tia'oloff
`(Name of person mailing paper or fee)
`
`March 7 2006
`Date
`
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`/
`
`PATENT APPLICATION TRANSMITTAL LETTER
`
`Sir:
`
`Attorney for the above-captioned applicants transmits herewith the following:
`
`1. a fee transmittal sheet (1 page);
`
`2. an application data sheet (3 pages);
`
`3.
`
`the application, which is a copy of the parent application as filed, comprising a
`
`cover sheet (1 page), specification (42 pages), claims (15 pages), drawings (10
`
`pages), and abstract (1 page);
`
`ELG-P-9139US2
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 1
`
`

`
`4. a copy of an executed declaration of the inventors from the parent application;
`
`and
`
`5. a Preliminary Amendment and Information Disclosure Statement.
`
`PLEASE ASSOCIATE THIS APPLICATION WITH CUSTOMER NUMBER
`
`43214.
`
`Should any questions arise, the Patent Office is invited to telephone attorney for
`
`applicants at 212-490-3285.
`
`CUSTOMER NUMBER
`
`43214
`
`U.S. PATENT TRADEMARK OFFICE
`
`Tiajoloff & Kelly
`Chrysler Building, 37th floor
`405 Lexington A venue
`New York, NY 10174
`
`tel. 212-490-3285
`fax 212-490-3295
`
`Respectfully submitted,
`
`Andrew L. Tiajoloff
`Registration No. 31,575
`
`ELG-P-9139US2
`
`2
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 2
`
`

`
`Approved for use through 07/3112006. OMB 0651-0032
`Patent and Trademark Office: U.S. DEPARTMENT OF COMMERCE
`to a collection of information unless it
`a valid OMB control number.
`
`0
`w
`0
`""""' 0
`0>
`
`Under the
`
`Reduction Act of 1995, no
`
`EE TRANSMITTAL
`for FY 2005
`
`Effective 12/0812004
`
`TOTAL AMOUNT OF PAYMENT
`
`($)7350
`
`METHOD OF PAYMENT (check all that apply)
`D Check D Credit Card 0 Money Order D None 0 Other (please spec i fy ) : - - - - - - - - - - -
`[8] Deposit Account Number 50-3400
`Deposit Account Name: Eltan Law Group
`For the above-identified deposit account. the Director is hereby authoriZed to: (check all that apply)
`D Charge fee(s) indicated below, except for the filing fee
`[8] Charge fee(s) indicated below
`!8J Charge any additional fee(s) or underpayments of fee(s)
`[8l Credit any overpayments
`under 37 CFE 1.16 and 1.17
`WARNING: Information on this form may become public. Credit card Information should not be Included on this form. Provide credit card
`information and authorization on PT0-2038.
`
`FEE CALCULATION
`1. BASIC FILING, SEARCH, AND EXAMINATION FEES
`FILING FEES
`Small Entity
`~
`~
`300
`150
`
`Application Type
`Utility
`
`SEARCH FEES
`Small Entltv
`Ett.ru
`250
`
`f!!!!..W
`500
`
`EXAMINATION FEES
`Small Entity
`Fees Paid ($)
`~
`~
`1000
`200
`100
`
`Design
`
`Plant
`
`Reissue
`
`Provisional
`2. EXCESS CLAIM FEES
`
`200
`
`200
`
`300
`
`200
`
`100
`
`100
`
`150
`
`100
`
`100
`
`300
`
`500
`
`0
`
`50
`
`150
`
`250
`
`0
`
`130
`
`160
`
`600
`
`0
`
`65
`80
`300
`0
`
`Fee Description
`Each claim over 20 or, for Reissues, each claim over 20 and more than in the original patent
`Each independent claim over :3 or, for Reissues, each independent claim more than in the original patent
`Multiple dependent claims
`Extra Claims
`Total Claims
`§§.
`75
`-20 or HP :::
`X
`HP "'highest number of total claims paid for, if greater than 20.
`.E!!..{il
`lndep. Claims
`Extra Claims
`-3 or HP =
`1§
`200
`21
`X
`HP = highest number of independent claims pald for, if greater than 3.
`
`Fee Paid 1$)
`.lliQ
`
`Fee Paid($)
`3600
`
`Small Entity
`~ fH1il
`25
`50
`200
`100
`180
`360
`Multiple Dependent Claims
`~ Fee Paid($)
`Q
`
`3. APPLICATION SIZE FEE
`If the specification and drawings exceed 100 sheets of paper, the application size fee due is $250 ($125 for small entity) for each
`additional 50 sheets or fraction thereof. See 35 U.S.C. 41(a)(1)(G) and 37 CFR 1.16(s).
`Number of each additional 50 or fraction thereof
`Total Sheets
`Extra Sheets
`x
`___ (round up to a whole number)
`
`llili}
`=
`
`Fee Paid 1$)
`
`-100
`
`/50=
`
`4. OTHER FEE{S)
`Non-English Specification, $130 fee (no small entity discount)
`Other fees:
`
`Fee Paid($)
`
`r, nn A ~ 1..--v
`J .. v
`.
`.......
`This collection of information l_s 1equ red by 37 CFR 1.136. The Information is required to obtain or retain a benefit by the public which Is to file (and by the
`USPT? to process) an ap~lic_+l n. Confl~entiality is governed by ~5 U.S.C. 122 and 37 CFR 1.14. T~is collection ~ estimated to ta~~ 30 minutes to complete,
`1ncludmg gathering, prepanng, and submitting the completed appliCation form to the USPTO. Time w1ll vary dependmg upon the indiVIdUal case. Any comments
`on the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief InformatiOn Officer, U.S. Patent
`and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
`
`SUBMITIEDBY
`Name (Print !Type)
`
`Signature
`
`1 1
`
`n
`
`Tally Eitan
`
`1 Registration No. 1
`(Attorney/Aqenl)
`
`Com~ Jete {if applicable)
`Telephone
`
`(212) 490-3285
`
`Date
`
`March 7, 2006
`
`If you need assistance In completing the form, ca/11-BOO·PT0-9199 and select option 2.
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 3
`
`

`
`.....
`
`Attorney docket no. ELG-P-9139US2
`
`~
`0
`.p,.
`w
`~
`~ 0
`c
`())- 0
`1:1 Applicants
`b
`
`U.S. Serial No.
`
`Filed
`
`Title
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Yigal Mordechai Edery et al.
`
`unknown
`
`herewith
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING
`SYSTEM AND METHODS
`
`V1'
`::::J/
`rrl'
`...D
`Ltl
`...D
`;:r-
`cr
`
`[]""'
`[]""'
`rn
`~ w
`. :
`
`\._
`
`Group Art Unit
`
`Examiner
`
`unknown
`
`unknown
`
`EXPRESS MAIL MAILING LABEL NUMBER EO 399946563 US, Date of Deposit: March 7. 2006
`
`I hereby certify that this paper or fee is being deposited with the United States Postal Service "Express Mail Post Office to Addressee"
`Service under 37 CFR 1.10 on the date indicated above and is addressed to the Commissioner for Patents, P.O. Box 1450, Alexandria, VA
`22313-1450.
`
`Andrew L. Tia'oloff
`(Name of person mailing paper or fee)
`
`March 7 2006
`Date
`
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`/
`
`PATENT APPLICATION TRANSMITTAL LETTER
`
`Sir:
`
`Attorney for the above-captioned applicants transmits herewith the following:
`
`1. a fee transmittal sheet (1 page);
`
`2. an application data sheet (3 pages);
`
`3.
`
`the application, which is a copy of the parent application as filed, comprising a
`
`cover sheet (1 page), specification (42 pages), claims (15 pages), drawings (10
`
`pages), and abstract (1 page);
`
`ELG-P-9139US2
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 4
`
`

`
`4. a copy of an executed declaration of the inventors from the parent application;
`
`and
`
`5. a Preliminary Amendment and Information Disclosure Statement.
`
`PLEASE ASSOCIATE THIS APPLICATION WITH CUSTOMER NUMBER
`
`43214.
`
`Should any questions arise, the Patent Office is invited to telephone attorney for
`
`applicants at 212-490-3285.
`
`CUSTOMER NUMBER
`
`43214
`
`U.S. PATENT TRADEMARK OFFICE
`
`Tiajoloff & Kelly
`Chrysler Building, 37th floor
`405 Lexington A venue
`New York, NY 10174
`
`tel. 212-490-3285
`fax 212-490-3295
`
`Respectfully submitted,
`
`Andrew L. Tiajoloff
`Registration No. 31,575
`
`ELG-P-9139US2
`
`2
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 5
`
`

`
`Approved for use through 07/3112006. OMB 0651-0032
`Patent and Trademark Office: U.S. DEPARTMENT OF COMMERCE
`to a collection of information unless it
`a valid OMB control number.
`
`0
`w
`0
`""""' 0
`0>
`
`Under the
`
`Reduction Act of 1995, no
`
`EE TRANSMITTAL
`for FY 2005
`
`Effective 12/0812004
`
`TOTAL AMOUNT OF PAYMENT
`
`($)7350
`
`METHOD OF PAYMENT (check all that apply)
`D Check D Credit Card 0 Money Order D None 0 Other (please spec i fy ) : - - - - - - - - - - -
`[8] Deposit Account Number 50-3400
`Deposit Account Name: Eltan Law Group
`For the above-identified deposit account. the Director is hereby authoriZed to: (check all that apply)
`D Charge fee(s) indicated below, except for the filing fee
`[8] Charge fee(s) indicated below
`!8J Charge any additional fee(s) or underpayments of fee(s)
`[8l Credit any overpayments
`under 37 CFE 1.16 and 1.17
`WARNING: Information on this form may become public. Credit card Information should not be Included on this form. Provide credit card
`information and authorization on PT0-2038.
`
`FEE CALCULATION
`1. BASIC FILING, SEARCH, AND EXAMINATION FEES
`FILING FEES
`Small Entity
`~
`~
`300
`150
`
`Application Type
`Utility
`
`SEARCH FEES
`Small Entltv
`Ett.ru
`250
`
`f!!!!..W
`500
`
`EXAMINATION FEES
`Small Entity
`Fees Paid ($)
`~
`~
`1000
`200
`100
`
`Design
`
`Plant
`
`Reissue
`
`Provisional
`2. EXCESS CLAIM FEES
`
`200
`
`200
`
`300
`
`200
`
`100
`
`100
`
`150
`
`100
`
`100
`
`300
`
`500
`
`0
`
`50
`
`150
`
`250
`
`0
`
`130
`
`160
`
`600
`
`0
`
`65
`80
`300
`0
`
`Fee Description
`Each claim over 20 or, for Reissues, each claim over 20 and more than in the original patent
`Each independent claim over :3 or, for Reissues, each independent claim more than in the original patent
`Multiple dependent claims
`Extra Claims
`Total Claims
`§§.
`75
`-20 or HP :::
`X
`HP "'highest number of total claims paid for, if greater than 20.
`.E!!..{il
`lndep. Claims
`Extra Claims
`-3 or HP =
`1§
`200
`21
`X
`HP = highest number of independent claims pald for, if greater than 3.
`
`Fee Paid 1$)
`.lliQ
`
`Fee Paid($)
`3600
`
`Small Entity
`~ fH1il
`25
`50
`200
`100
`180
`360
`Multiple Dependent Claims
`~ Fee Paid($)
`Q
`
`3. APPLICATION SIZE FEE
`If the specification and drawings exceed 100 sheets of paper, the application size fee due is $250 ($125 for small entity) for each
`additional 50 sheets or fraction thereof. See 35 U.S.C. 41(a)(1)(G) and 37 CFR 1.16(s).
`Number of each additional 50 or fraction thereof
`Total Sheets
`Extra Sheets
`x
`___ (round up to a whole number)
`
`llili}
`=
`
`Fee Paid 1$)
`
`-100
`
`/50=
`
`4. OTHER FEE{S)
`Non-English Specification, $130 fee (no small entity discount)
`Other fees:
`
`Fee Paid($)
`
`r, nn A ~ 1..--v
`J .. v
`.
`.......
`This collection of information l_s 1equ red by 37 CFR 1.136. The Information is required to obtain or retain a benefit by the public which Is to file (and by the
`USPT? to process) an ap~lic_+l n. Confl~entiality is governed by ~5 U.S.C. 122 and 37 CFR 1.14. T~is collection ~ estimated to ta~~ 30 minutes to complete,
`1ncludmg gathering, prepanng, and submitting the completed appliCation form to the USPTO. Time w1ll vary dependmg upon the indiVIdUal case. Any comments
`on the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief InformatiOn Officer, U.S. Patent
`and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
`
`SUBMITIEDBY
`Name (Print !Type)
`
`Signature
`
`1 1
`
`n
`
`Tally Eitan
`
`1 Registration No. 1
`(Attorney/Aqenl)
`
`Com~ Jete {if applicable)
`Telephone
`
`(212) 490-3285
`
`Date
`
`March 7, 2006
`
`If you need assistance In completing the form, ca/11-BOO·PT0-9199 and select option 2.
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 6
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`APPLICATION FOR
`
`UNITTEDSTATESPATENT
`
`IN THE NAME OF
`
`Yigal Edery, Nimrod Vered and David Kroll
`
`OF
`
`FINJAN SOFTWARE, LTD.
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING
`
`SYSTEM AND METHODS
`
`DOCKET NO. 43426.00014
`
`Please direct communications to:
`
`Intellectual Property Department
`Squire, Sanders & Dempsey L.L.P.
`600 Hansen Way
`Palo Alto, CA 94304-1043
`(650) 856-6500
`
`Express Mail Number EL 701 364 624
`
`1 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 7
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING
`
`SYSTEM AND METHODS
`
`PRIORITY REFERENCE TO RELATED APPLICATIONS
`
`5
`
`This application claims benefit of and hereby incorporates by reference
`
`provisional application serial number 60/205,591, entitled "Computer Network Malicious
`
`Code Run-time Monitoring," filed on May 17, 2000 by inventors Nimrod Itzhak Vered, et
`
`al. This application is also a Continuation-In-Part of and hereby incorporates by
`
`reference patent application serial number 09/539,667, entitled "System and Method for
`
`~::.c.
`
`:~ 10
`
`Protecting a Computer and a Network From Hostile Downloadables" filed on March 30,
`
`2000 by inventor Shlomo Touboul. This application is also a Continuation-In-Part of and
`
`hereby incorporates by reference patent application serial number 09/551,302, entitled
`
`"System and Method for Protecting a Client During Runtime From Hostile
`
`Downloadables", filed on Apri118, 2000 by inventor Shlomo Touboul.
`
`BACKGROUND OF THE INVENTION
`
`Field of the Invention
`
`This invention relates generally to computer networks, and more particularly
`
`20
`
`provides a system and methods for protecting network-connectable devices from
`
`undesirable downloadable operation.
`
`Description of the Background Art
`
`2of59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 8
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`Advances in networking technology continue to impact an increasing number and
`
`diversity of users. The Internet, for example, already provides to expert, intermediate and
`
`even novice users the informational, product and service resources of over 100,000
`
`interconnected networks owned by governments, universities, nonprofit groups,
`
`5
`
`companies, etc. Unfortunately, particularly the Internet and other public networks have
`
`also become a major source of potentially system~ fatal or otherwise damaging computer
`
`code commonly referred to as "viruses."
`
`Efforts to forestall viruses from attacking networked computers have thus far met
`
`with only limited success at best. Typically, a virus protection program designed to
`
`identify and remove or protect against the initiating of known viruses is installed on a
`
`network firewall or individually networked computer. The program is then inevitably
`
`surmounted by some new virus that often causes damage to one or more computers. The
`
`damage is then assessed and, if isolated, the new virus is analyzed. A corresponding new
`
`virus protection program (or update thereof) is then developed and installed to combat the
`
`new virus, and the new program operates successfully until yet another new virus appears
`
`tnlO
`~::: ~
`i .. J.
`
`r-~
`
`#~E i:1s
`
`-: and so on. Of course, damage has already typically been incurred.
`
`To make matters worse, certain classes of viruses are not well recognized or
`
`understood, let alone protected against. It is observed by this inventor, for example, that
`
`Downloadable information comprising program code can include distributable
`
`20
`
`components (e.g. Java™ applets and JavaScript scripts, ActiveX™ controls, Visual
`
`Basic, add~ ins and/or others). It can also include, for example, application programs,
`
`Trojan horses, multiple compressed programs such as zip or meta files, among others.
`
`U.S. Patent 5,983,348 to Shuang, however, teaches a protection system for protecting
`
`3 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 9
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`against only distributable components including "Java applets or ActiveX controls", and
`
`further does so using resource intensive and high bandwidth static Downloadable content
`
`and operational analysis, and modification of the Downloadable component; Shuang
`
`further fails to detect or protect against additional program code included within a tested
`
`5 Downloadable. U.S. Patent 5,974,549 to Golan teaches a protection system that further
`
`i~ 10
`~~Tg
`
`:~15
`r-
`
`focuses only on protecting against ActiveX controls and not other distributable
`
`components, let alone other Downloadable types. U.S. patent 6,167,520 to Touboul
`
`enables more accurate protection than Shuang or Golan, but lacks the greater flexibility
`
`and efficiency taught herein, as do Shuang and Golan.
`
`Accordingly, there remains a need for efficient, accurate and flexible protection of
`
`computers and other network connectable devices from malicious Downloadables.
`
`SUMMARY OF THE INVENTION
`
`The present invention provides protection systems and methods capable of
`
`protecting a personal computer ("PC") or other persistently or even intermittently
`
`network accessible devices or processes from harmful, undesirable, suspicious or other
`
`"malicious" operations that might otherwise be effectuated by remotely operable code.
`
`While enabling the capabilities of prior systems, the present invention is not nearly so
`
`limited, resource intensive or inflexible, and yet enables more reliable protection. For
`
`20
`
`example, remotely operable code that is protectable against can include downloadable
`
`application programs, Trojan horses and program code groupings, as well as software
`
`"components11
`
`, such as Java™ applets, ActiveXThl controls, JavaScriptThiNisual Basic
`
`scripts, add-ins, etc., among others. Protection can also be provided in a distributed
`
`4 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 10
`
`

`
`AITORNEY DOCKET 43426.00014
`
`interactively, automatically or mixed configurable manner using protected client, server
`
`or other parameters, redirection, local/remote logging, etc., and other server/client based
`
`protection measures can also be separately and/or interoperably utilized, among other
`
`examples.
`
`5
`
`In one aspect, embodiments of the invention provide for determining, within one
`
`or more network "servers" (e.g. firewalls, resources, gateways, email relays or other
`
`devices/processes that are capable of receiving-and-transferring a Downloadable) whether
`
`received information includes executable code (and is a "Downloadable"). Embodiments
`
`also provide for delivering static, configurable and/or extensible remotely operable
`
`protection policies to a Downloadable-destination, more typically as a sandboxed package
`
`including the mobile protection code, downloadable policies and one or more received
`
`.e
`'b.!
`
`Downloadables. Further client-based or remote protection code/policies can also be
`
`utilized in a distributed manner. Embodiments also provide for causing the mobile
`
`protection code to be executed within a Downloadable-destination in a manner that
`
`§:w.g
`
`~:;;;:::$;'
`
`i'* 15
`
`enables various Downloadable operations to be detected, intercepted or further responded
`
`to via protection operations. Additional server/information-destination device security or
`
`other protection is also enabled, among still further aspects.
`
`A protection engine according to an embodiment of the invention is operable
`
`within one or more network servers, frrewalls or other network connectable information
`
`20
`
`re-communicating devices (as are referred to herein summarily one or more "servers" or
`
`"re-communicators"). The protection engine includes an information monitor for
`
`monitoring information received by the server, and a code detection engine for
`
`determining whether the received information includes executable code. The protection
`
`5 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 11
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`engine also includes a packaging engine for causing a sandboxed package, typically
`
`including mobile protection code and downloadable protection policies to be sent to a
`
`Downloadable-destination in conjunction with the received information, if the received
`
`information is determined to be a Downloadable.
`
`5
`
`A sand boxed package according to an embodiment of the invention is receivable
`
`by and operable with a remote Downloadable-destination. The sandboxed package
`
`includes mobile protection code ("MPC") for causing one or more predetermined
`
`malicious operations or operation combinations of a Downloadable to be monitored or
`
`otherwise intercepted. The sand boxed package also includes protection policies (operable
`
`alone or in conjunction with further Downloadable-destination stored or received
`
`j'\J
`
`policies/MPCs) for causing one or more predetermined operations to be performed if one
`
`or more undesirable operations of the Downloadable is/are intercepted. The sandboxed
`
`package can also include a corresponding Downloadable and can provide for initiating the
`
`Downloadable in a protective "sandbox". The MPC/policies can further include a
`
`communicator for enabling further MPC/policy information or "modules" to be utilized
`
`and/or for event logging or other purposes.
`
`A sandbox protection system according to an embodiment of the invention
`
`comprises an installer for enabling a received MPC to be executed within a
`
`Downloadable-destination (device/process) and further causing a Downloadable
`
`20
`
`application program, distributable component or other received downloadable code to be
`
`received and installed within the Downloadable-destination. The protection system also
`
`includes a diverter for monitoring one or more operation attempts of the Downloadable,
`
`an operation analyzer for determining one or more responses to the attempts, and a
`
`6o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 12
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`security enforcer for effectuating responses to the monitored operations. The protection
`
`system can further include one or more security policies according to which one or more
`
`protection system elements are operable automatically (e.g. programmatically) or in
`
`conjunction with user intervention (e.g. as enabled by the security enforcer). The security
`
`5
`
`policies can also be configurable/extensible in accordance with further downloadable
`
`and/ or Downloadable-destination information.
`
`A method according to an embodiment of the invention includes receiving
`
`downloadable information, determining whether the downloadable information includes
`
`executable code, and causing a mobile protection code and security policies to be
`
`communicated to a network client in conjunction with security policies and the
`
`ru.
`
`downloadable information if the downloadable information is determined to include
`
`executable code. The determining can further provide multiple tests for detecting, alone
`
`or together, whether the downloadable information includes executable code.
`
`A further method according to an embodiment of the invention includes forming a
`
`sandboxed. package that includes mobile protection code ("MPC"), protection policies,
`
`and a received, detected-Downloadable, and causing the sandboxed package to be
`
`communicated to and installed by a receiving device or process ("user device") for
`
`responding to one or more malicious operation attempts by the detected-Downloadable
`
`from within the user device. The MPC/policies can further include a base "module" and
`
`20
`
`a "communicator" for enabling further up/downloading of one or more further "modules"
`
`or other information (e.g. events, user/user device information, etc.).
`
`Another method according to an embodiment of the invention includes installing,
`
`within a user device, received mobile protection code ("MPC") and protection policies in
`
`7 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 13
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`conjunction with the user device receiving a downloadable application program,
`
`component or other Downloadable(s). The method also includes determining, by the
`
`MPC, a resource access attempt by the Downloadable, and initiating, by the MPC, one or
`
`more predetermined operations corresponding to the attempt. (Predetermined operations
`
`5
`
`can, for example, comprise initiating user, administrator, client, network or protection
`
`system determinable operations, including but not limited to modifying the Downloadable
`
`operation, extricating the Downloadable, notifying a user/another, maintaining a
`
`local/remote log, causing one or more MPCs/policies to be downloaded, etc.)
`
`Advantageously, systems and methods according to embodiments of the invention
`
`t~ 10
`
`enable potentially damaging, undesirable or otherwise malicious operations by even
`
`unknown mobile code to be detected, prevented, modified and/or otherwise protected
`
`against without modifying the mobile code. Such protection is further enabled in a
`
`manner that is capable of minimizing server and client resource requirements, does not
`
`require pre-installation of security code within a Downloadable-destination, and provides
`
`15
`
`for client specific or generic and readily updateable security measures to be flexibly and
`
`efficiently implemented. Embodiments further provide for thwarting efforts to bypass
`
`security measures (e.g. by "hiding" undesirable operation causing information within
`
`apparently inert or otherwise "friendly" downloadable information) and/or dividing or
`
`combining security measures for even greater flexibility and/or efficiency.
`
`20
`
`Embodiments also provide for determining protection policies that can be
`
`downloaded and/or ascertained from other security information (e.g. browser settings,
`
`administrative policies, user input, uploaded information, etc.). Different actions in
`
`response to different Downloadable operations, clients, users and/or other criteria are also
`
`8 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 14
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`enabled, and embodiments provide for implementing other security measures, such as
`
`verifying a downloadable source, certification, authentication, etc. Appropriate action
`
`can also be accomplished automatically (e.g. programmatically) and/or in conjunction
`
`with alerting one or more users/administrators, utilizing user input, etc. Embodiments
`
`5
`
`further enable desirable Downloadable operations to remain substantially unaffected,
`
`among other aspects.
`
`10
`
`9 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 15
`
`

`
`A TIORNEY DOCKET 43426.00014
`
`BRIEF DESCRIPTION OF TilE DRAWINGS
`
`FIG. la is a block diagram illustrating a network system in accordance with an
`
`embodiment of the present invention;
`
`FIG. 1 b is a block diagram illustrating a network subsystem example in
`
`5
`
`accordance with an embodiment of the invention;
`
`FIG. lc is a block diagram illustrating a further network subsystem example in
`
`accordance with an embodiment of the invention;
`
`FIG. 2 is a block diagram illustrating a computer system in accordance with an
`
`embodiment of the invention;
`
`10
`
`FIG. 3 is a flow diagram broadly illustrating a protection system host according to
`
`an embodiment of the invention;
`
`FIG. 4 is a block diagram illustrating a protection engine according to an
`
`::
`
`embodiment of the invention;
`
`FIG. 5 is a block diagram illustrating a content inspection engine according to an
`
`15
`
`embodiment of the invention;
`
`FIG. 6a is a block diagram illustrating protection engine parameters according to
`
`an embodiment of the invention;
`
`FIG. 6b is a flow diagram illustrating a linking engine use in conjunction with
`
`ordinary, compressed and distributable sandbox package utilization, according to an
`
`20
`
`embodiment of the invention;
`
`FIG. 7a is a flow diagram illustrating a sandbox protection system operating
`
`within a destination system, according to an embodiment of the invention;
`
`10 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 16
`
`

`
`A TIORNEY DOCKET 43426.00014
`
`FIG. 7b is a block diagram illustrating memory allocation usable in conjunction
`
`with the protection system of FIG. 7a, according to an embodiment of the invention;
`
`FIG. 7c is a block diagram illustrating a mobile protection code according to an
`
`embodiment of the invention;
`
`5
`
`FIG. 8 is a flowchart illustrating a method for examining a Downloadable in
`
`accordance with the present invention;
`
`FIG. 9 is a flowchart illustrating a server based protection method according to an
`
`embodiment of the invention;
`
`FIG. 1 Oa is a flowchart illustrating method for determining if a potential-
`
`10 Downloadable includes or is likely to include executable code, according to an
`
`embodiment of the invention;
`
`FIG. 1 Ob is a flowchart illustrating a method for forming a protection agent,
`
`according to an embodiment of the invention;
`
`FIG. 11 is a flowchart illustrating a method for protecting a Downloadable
`
`15
`
`destination according to an embodiment of the invention;
`
`FIG. 12a is a flowchart illustrating a method for forming a Downloadable access
`
`interceptor according to an embodiment of the invention; and
`
`FIG. 12b is a flowchart illustrating a method for implementing mobile protection
`
`policies according to an embodiment of the invention.
`
`20
`
`11 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 17
`
`

`
`A TIORNEY DOCKET 43426.00014
`
`DETAILED DESCRIPTION
`
`In providing malicious mobile code runtime monitoring systems and methods,
`
`embodiments of the invention enable actually or potentially undesirable operations of
`
`even unknown malicious code to be efficiently and flexibly avoided. Embodiments
`
`5
`
`provide, within one or more "servers" (e.g. firewalls, resources, gateways, email relays or
`
`other information re-communicating devices), for receiving downloadable-information
`
`and detecting whether the downloadable-information includes one or more instances of
`
`executable code (e.g. as with a Trojan horse, zip/meta file etc.). Embodiments also
`
`provide for separately or interoperably conducting additional security measures within the
`
`10
`
`server, within a Downloadable-destination of a detected-Downloadable, or both.
`
`Embodiments further provide for causing mobile protection code ("MPC") and
`
`~,g
`
`ill
`
`downloadable protection policies to be communicated to, installed and executed within
`
`one or more received information destinations in conjunction with a detected-
`
`Downloadable. Embodiments also provide, within an information-destination, for
`
`15
`
`detecting malicious operations of the detected-Downloadable and causing responses
`
`thereto in accordance with the protection policies (which can correspond to one or more
`
`user, Downloadable, source, destination, or other parameters), or further downloaded or
`
`downloadable-destination based policies (which can also be configurable or extensible).
`
`(Note that the term "or", as used herein, is generally intended to mean "and/or" unless
`
`20
`
`otherwise indicated.)
`
`FIGS. la through 1c illustrate a computer network system 100 according to an
`
`embodiment of the invention. FIG. 1a broadly illustrates system 100, while FIGS. lb and
`
`12 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1069 Page 18
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`1 c illustrate exemplary protectable subsystem implementations corresponding with
`
`system 104 or 106 of FIG. 1a.
`
`Beginning with FIG. 1 a, computer network system 1 00 includes an external
`
`computer network 101, such as a Wide Area Network or "WAN" (e.g. the Internet),
`
`5 which is coupled to one or more network resource servers (summarily depicted as
`
`resource server-1 102 and resource server-N 103). Where external network 101 includes
`
`the Internet, resource servers 1-N (1 02, 1 03) might provide one or more resources
`
`including web pages, streaming media, transaction-facilitating information, program
`
`updates or other downloadable information, summarily depicted as resources 121, 131
`
`and 132. Such information can also include more traditionally viewed "Downloadables"
`
`or "mobile code" (i.e. distributable components), as well as downloadable application
`
`\~
`
`programs or other further Downloadables, such as those that are discussed herein. (It will
`
`be appreciated that interconnected networks can also provide various other resources as
`
`well.)
`
`15
`
`Also coupled via external network 101 are subsystems 104-106. Subsystems 104-
`
`1 06 can, for example, include one or more servers, personal computers ("PCs"), smart
`
`appliances, personal information managers or other devices/processes that are at least
`
`temporarily or otherwise intermittently directly or indirectly connectable in a wired or
`
`wireless manner to external network 101 (e.g. using a dialup, DSL, cable modem,
`
`20
`
`cellular connection, IRIRF, or various