PATENT TRANSMITTA LETTER
`~
`Attorney Docket No.
`~~~~------------------~S~M~A~LL~EN~T~I~TY~----------------------~--4_3_42_6_.0_0_0_14 __ ~1
`TO THE COMMISSIONER FOR PATENTS:
`
`--~
`
`Transmitted herewith for filing under 35 U.S.C. 111 and 37 C.F.R. is the patent application of:
`Yigal Edery, Nimrod Vered and David Kroll
`
`FOR:
`Malicious Mobile Code Runtime Monitoring System and Methods:
`f3l
`f3l
`
`Certificate of Mailing with Express Mailing Label No.: EL 701364 462 US;
`10
`Informal Sheets of Drawings: FIGS la-lc; 2, 3, 4; 5, 6a and 6b; 7a-7b and 8; 910A-10B; 11; 12a-12b
`
`1.8]
`
`1.8]
`i:¥l;
`
`~::::~
`
`Unsigned Combined Declaration and Power of Attorney;
`General Authorization and Request to Petition for Extension of Time; and
`
`Return Receipt ~ostcard
`
`FILED
`
`76
`
`CLAIMS AS FILED
`ALLOWED
`Extra
`
`-20
`-3
`D
`
`56
`8
`
`Rate
`
`X $ 9.00
`X $40.00
`
`Additional
`Fee
`$ 504.00
`$ 320.00
`$
`$ 355.00
`$1,179.00
`
`No additional fee is required for amendment.
`Please charge Deposit Account No. 05-0150 in the amount of $ 1,179.00
`The Commissioner is hereby authorized to charge and credit Deposit Account No .. 05-0150
`As described below. A duplicate copy of this sheet is enclosed.
`
`1:8J Charge the amount of $1,179.00 as filing fee.
`[8] Credit any overpayment.
`I:8J Charge any additional filing fees required under 37 C. F. R. 1.16.
`I:8J Charge any patent application proce sing fees under 37 C.F.R. 1.17.
`D Charge the issue fee set in 37 C. F
`. 1.18 at the mailing of the Notice of Allowance, pursuant
`to 37 C.F.R.
`.3 1(b).
`
`Date: ------,S:r-~-'l+-/o___.{ __
`I
`I
`
`Daryl C. Jos
`Attorney for Applican
`Squire, Sanders & D
`600 Hansen Way
`Palo Alto, CA 94304-1 043
`Telephone: (650) 856-6500
`Facsimile:
`(650) 856-3619
`
`H,\\IR\fi .. I lll\,hilPliilMMIA,Iii ,QILIJIIII&iiiliiii!SZIIJ II
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 1
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`APPLICATION FOR
`
`UNITED STATES PATENT
`
`IN THE NAME OF
`
`Yigal Edery, Nimrod Vered and David Kroll
`
`OF
`
`FINJAN SOFTWARE, LTD.
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING
`
`SYSTEM AND METHODS
`
`DOCKET NO. 43426.00014
`
`Please direct communications to:
`
`Intellectual Property Department
`Squire, Sanders & Dempsey L.L.P.
`600 Hansen Way
`Palo Alto, CA 94304-1043
`(650) 856-6500
`
`Express Mail Number EL 701 364 624
`
`1 o£59
`
`21
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 2
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING
`
`SYSTEM AND METHODS
`
`PRIORITY REFERENCE TO RELATED APPLICATIONS
`
`5
`
`This application claims benefit of and hereby incorporates by reference
`
`provisional application serial number 60/205,591, entitled "Computer Network Malicious
`
`Code Run-time Monitoring," filed on May 17, 2000 by inventors Nimrod Itzhak Vered, et
`
`al. This application is also a Continuation-In-Part of and hereby incorporates by
`
`reference patent application serial number 09/539,667, entitled "System and Method for
`
`10
`
`Protecting a Computer and a Network From Hostile Downloadables" filed on March 30,
`
`2000 by inventor Shlomo Touboul. This application is also a Continuation-In-Part of and
`
`hereby incorporates by reference patent application serial number 09/551,302, entitled
`
`"System and Method for Protecting a Client During Runtime From Hostile
`
`Downloadables", filed on April18, 2000 by inventor Sh1omo Touboul.
`
`BACKGROUND OF THE INVENTION
`
`Field of the Invention
`
`This invention relates generally to computer networks, and more particularly
`
`20
`
`provides a system and methods for protecting network-connectable devices from
`
`undesirable downloadable operation.
`
`Description of the Background Art
`
`2 o£59
`
`lilt~ II 111 Ill; 1 ll'f,. iili DiMilfiina;,;;
`
`.a::umsa:am '"'"'" :::aa&
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 3
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`Advances in networking technology continue to impact an increasing number and
`
`diversity of users. The Internet, for example, already provides to expert, intermediate and
`
`even novice users the informational, product and service resources of over 100,000
`
`interconnected networks owned by governments, universities, nonprofit groups,
`
`5
`
`companies, etc. Unfortunately, particularly the Internet and other public networks have
`
`also become a major source of potentially system-fatal or otherwise damaging computer
`
`code commonly referred to as "viruses."
`
`Efforts to forestall viruses from attacking networked computers have thus far met
`
`with only limited success at best. Typically, a virus protection program designed to
`
`10
`
`identify and remove or protect against the initiating of known viruses is installed on a
`
`network firewall or individually networked computer. The program is then inevitably
`
`surmounted by some new virus that often causes damage to one or more computers. The
`
`damage is then assessed and, if isolated, the new virus is analyzed. A corresponding new
`
`virus protection program (or update thereof) is then developed and installed to combat the
`
`:;.•-r:
`
`~:~·
`
`j,dJ5
`
`new virus, and the new program operates successfully until yet another new virus appears
`
`- and so on. Of course, damage has already typically been incurred.
`
`To make matters worse, certain classes of viruses are not well recognized or
`
`understood, let alone protected against. It is observed by this inventor, for example, that
`
`Downloadable information comprising program code can include distributable
`
`20
`
`components (e.g. Java™ applets and JavaScript scripts, ActiveX™ controls, Visual
`
`Basic, add-ins and/or others). It can also include, for example, application programs,
`
`Trojan horses, multiple compressed programs such as zip or meta files, among others.
`
`U.S. Patent 5,983,348 to Shuang, however, teaches a protection system for protecting
`
`3 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 4
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`against only distributable components including "Java applets or ActiveX controls", and
`
`further does so using resource intensive and high bandwidth static Downloadable content
`
`and operational analysis, and modification of the Downloadable component; Shuang
`
`further fails to detect or protect against additional program code included within a tested
`
`5 Downloadable. U.S. Patent 5,974,549 to Golan teaches a protection system that further
`
`focuses only on protecting against ActiveX controls and not other distributable
`
`components, let alone other Downloadable types. U.S. patent 6,167,520 to Touboul
`
`enables more accurate protection than Shuang or Golan, but lacks the greater flexibility
`
`and efficiency taught herein, as do Shuang and Golan.
`
`Accordingly, there remains a need for efficient, accurate and flexible protection of
`
`computers and other network connectable devices from malicious Downloadables.
`
`SUMMARY OF THE INVENTION
`
`The present invention provides protection systems and methods capable of
`
`:::15
`
`protecting a personal computer ("PC") or other persistently or even intermittently
`
`network accessible devices or processes from harmful, undesirable, suspicious or other
`
`"malicious" operations that might otherwise be effectuated by remotely operable code.
`
`While enabling the capabilities of prior systems, the present invention is not nearly so
`
`limited, resource intensive or inflexible, and yet enables more reliable protection. For
`
`20
`
`example, remotely operable code that is protectable against can include downloadable
`
`application programs, Trojan horses and program code groupings, as well as software
`
`"components", such as Java™ applets, ActiveX™ controls, JavaScript™Nisual Basic
`
`scripts, add-ins, etc., among others. Protection can also be provided in a distributed
`
`4 o£59
`
`I 1,1 filii ih I II I , ill, I J lit II Ml 1£2, iii Mill ltd! IIEi!li £!2122iii& II
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 5
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`interactively, automatically or mixed configurable manner using protected client, server
`
`or other parameters, redirection, local/remote logging, etc., and other server/client based
`
`protection measures can also be separately and/or interoperably utilized, among other
`
`examples.
`
`5
`
`In one aspect, embodiments of the invention provide for determining, within one
`
`or more network "servers" (e.g. firewalls, resources, gateways, email relays or other
`
`devices/processes that are capable of receiving-and-transferring a Downloadable) whether
`
`received information includes executable code (and is a "Downloadable"). Embodiments
`
`also provide for delivering static, configurable and/or extensible remotely operable
`
`10
`
`protection policies to a Downloadable-destination, more typically as a sandboxed package
`
`including the mobile protection code, downloadable policies and one or more received
`
`Downloadables. Further client-based or remote protection code/policies can also be
`
`utilized in a distributed manner. Embodiments also provide for causing the mobile
`
`protection code to be executed within a Downloadable-destination in a manner that
`
`j,~~ 15
`
`enables various Downloadable operations to be detected, intercepted or further responded
`
`to via protection operations. Additional server/information-destination device security or
`
`other protection is also enabled, among still further aspects.
`
`A protection engine according to an embodiment of the invention is operable
`
`within one or more network servers, firewalls or other network connectable information
`
`20
`
`re-communicating devices (as are referred to herein summarily one or more "servers" or
`
`"re-communicators"). The protection engine includes an information monitor for
`
`monitoring information received by the server, and a code detection engine for
`
`determining whether the received information includes executable code. The protection
`
`5 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 6
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`engine also includes a packaging engine for causing a sandboxed package, typically
`
`including mobile protection code and downloadable protection policies to be sent to a
`
`Downloadable-destination in conjunction with the received information, if the received
`
`information is determined to be a Downloadable.
`
`5
`
`A sand boxed package according to an embodiment of the invention is receivable
`
`by and operable with a remote Downloadable-destination. The sandboxed package
`
`includes mobile protection code ("MPC") for causing one or more predetermined
`
`malicious operations or operation combinations of a Downloadable to be monitored or
`
`otherwise intercepted. The sand boxed package also includes protection policies (operable
`
`10
`
`alone or in conjunction with further Downloadable-destination stored or received
`
`policies/MPCs) for causing one or more predetermined operations to be performed if one
`
`or more undesirable operations of the Downloadable is/are intercepted. The sandboxed
`
`package can also include a corresponding Downloadable and can provide for initiating the
`
`Downloadable in a protective "sandbox". The MPC/policies can further include a
`
`jd 15
`
`communicator for enabling further MPC/policy information or "modules" to be utilized
`
`and/or for event logging or other purposes.
`
`A sandbox protection system according to an embodiment of the invention
`
`comprises an installer for enabling a received MPC to be executed within a
`
`Downloadable-destination (device/process) and further causing a Downloadable
`
`20
`
`application program, distributable component or other received downloadable code to be
`
`received and installed within the Downloadable-destination. The protection system also
`
`includes a diverter for monitoring one or more operation attempts of the Downloadable,
`
`an operation analyzer for determining one or more responses to the attempts, and a
`
`6 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 7
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`security enforcer for effectuating responses to the monitored operations. The protection
`
`system can further include one or more security policies according to which one or more
`
`protection system elements are operable automatically (e.g. programmatically) or in
`
`conjunction with user intervention (e.g. as enabled by the security enforcer). The security
`
`5
`
`policies can also be configurable/extensible in accordance with further downloadable
`
`and/or Downloadable-destination information.
`
`A method according to an embodiment of the invention includes receiving
`
`downloadable information, determining whether the downloadable information includes
`
`executable code, and causing a mobile protection code and security policies to be
`
`10
`
`communicated to a network client in conjunction with security policies and the
`
`downloadable information if the downloadable information is determined to include
`
`executable code. The determining can further provide multiple tests for detecting, alone
`
`or together, whether the downloadable information includes executable code.
`
`A further method according to an embodiment of the invention includes forming a
`
`15
`
`sandboxed package that includes mobile protection code ("MPC"), protection policies,
`
`and a received, detected-Downloadable, and causing the sandboxed package to be
`
`communicated to and installed by a receiving device or process ("user device") for
`
`responding to one or more malicious operation attempts by the detected-Downloadable
`
`from within the user device. The MPC/policies can further include a base "module" and
`
`20
`
`a "communicator" for enabling further up/downloading of one or more further "modules"
`
`or other information (e.g. events, user/user device information, etc.).
`
`Another method according to an embodiment of the invention includes installing,
`
`within a user device, received mobile protection code ("MPC") and protection policies in
`
`7 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 8
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`conjunction with the user device receiving a downloadable application program,
`
`component or other Downloadable(s). The method also includes determining, by the
`
`MPC, a resource access attempt by the Downloadable, and initiating, by the MPC, one or
`
`more predetermined operations corresponding to the attempt. (Predetermined operations
`
`5
`
`can, for example, comprise initiating user, administrator, client, network or protection
`
`system determinable operations, including but not limited to modifying the Downloadable
`
`operation, extricating the Downloadable, notifying a user/another, maintaining a
`
`local/remote log, causing one or more MPCs/policies to be downloaded, etc.)
`
`Advantageously, systems and methods according to embodiments of the invention
`
`10
`
`enable potentially damaging, undesirable or otherwise malicious operations by even
`
`unknown mobile code to be detected, prevented, modified and/or otherwise protected
`
`against without modifying the mobile code. Such protection is further enabled in a
`
`manner that is capable of minimizing server and client resource requirements, does not
`
`require pre-installation of security code within a Downloadable-destination, and provides
`
`15
`
`for client specific or generic and readily updateable security measures to be flexibly and
`
`efficiently implemented. Embodiments further provide for thwarting efforts to bypass
`
`security measures (e.g. by 11hiding 11 undesirable operation causing information within
`
`apparently inert or otherwise 11friendly 11 downloadable information) and/or dividing or
`
`combining security measures for even greater flexibility and/or efficiency.
`
`20
`
`Embodiments also provide for determining protection policies that can be
`
`downloaded and/or ascertained from other security information (e.g. browser settings,
`
`administrative policies, user input, uploaded information, etc.). Different actions in
`
`response to different Downloadable operations, clients, users and/or other criteria are also
`
`fi iii Iiiii
`
`I tiP JilL Utlidli!.l1Mih dilliiiiiliiiii.l!d£&&1.&1HLEIE£
`
`IMI
`
`8 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 9
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`enabled, and embodiments provide for implementing other security measures, such as
`
`verifying a downloadable source, certification, authentication, etc. Appropriate action
`
`can also be accomplished automatically (e.g. programmatically) and/or in conjunction
`
`with alerting one or more users/administrators, utilizing user input, etc. Embodiments
`
`5
`
`further enable desirable Downloadable operations to remain substantially unaffected,
`
`among other aspects.
`
`10
`
`15
`
`9 o£59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 10
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. la is a block diagram illustrating a network system in accordance with an
`
`embodiment of the present invention;
`
`FIG. 1 b is a block diagram illustrating a network subsystem example in
`
`5
`
`accordance with an embodiment of the invention;
`
`FIG. lc is a block diagram illustrating a further network subsystem example in
`
`accordance with an embodiment of the invention;
`
`FIG. 2 is a block diagram illustrating a computer system in accordance with an
`
`embodiment of the invention;
`
`10
`
`FIG. 3 is a flow diagram broadly illustrating a protection system host according to
`
`an embodiment of the invention;
`
`FIG. 4 is a block diagram illustrating a protection engine according to an
`
`embodiment of the invention;
`
`FIG. 5 is a block diagram illustrating a content inspection engine according to an
`
`15
`
`embodiment of the invention;
`
`FIG. 6a is a block diagram illustrating protection engine parameters according to
`
`an embodiment of the invention;
`
`FIG. 6b is a flow diagram illustrating a linking engine use in conjunction with
`
`ordinary, compressed and distributable sandbox package utilization, according to an
`
`20
`
`embodiment of the invention;
`
`FIG. 7a is a flow diagram illustrating a sandbox protection system operating
`
`within a destination system, according to an embodiment of the invention;
`
`10 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 11
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`FIG. 7b is a block diagram illustrating memory allocation usable in conjunction
`
`with the protection system of FIG. 7a, according to an embodiment of the invention;
`
`FIG. 7c is a block diagram illustrating a mobile protection code according to an
`
`embodiment of the invention;
`
`5
`
`FIG. 8 is a flowchart illustrating a method for examining a Downloadable in
`
`accordance with the present invention;
`
`FIG. 9 is a flowchart illustrating a server based protection method according to an
`
`embodiment of the invention;
`
`FIG. 1 Oa is a flowchart illustrating method for determining if a potential-
`
`10 Downloadable includes or is likely to include executable code, according to an
`
`embodiment of the invention;
`
`FIG. lOb is a flowchart illustrating a method for forming a protection agent,
`
`according to an embodiment of the invention;
`
`FIG. 11 is a flowchart illustrating a method for protecting a Downloadable
`
`15
`
`destination according to an embodiment of the invention;
`
`FIG. 12a is a flowchart illustrating a method for forming a Downloadable access
`
`interceptor according to an embodiment of the invention; and
`
`FIG. 12b is a flowchart illustrating a method for implementing mobile protection
`
`policies according to an embodiment of the invention.
`
`20
`
`11 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 12
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`DETAILED DESCRIPTION
`
`In providing malicious mobile code runtime monitoring systems and methods,
`
`embodiments of the invention enable actually or potentially undesirable operations of
`
`even unknown malicious code to be efficiently and flexibly avoided. Embodiments
`
`5
`
`provide, within one or more "servers" (e.g. firewalls, resources, gateways, email relays or
`
`other information re-communicating devices), for receiving downloadable-information
`
`and detecting whether the downloadable-information includes one or more instances of
`
`executable code (e.g. as with a Trojan horse, zip/meta file etc.). Embodiments also
`
`provide for separately or interoperably conducting additional security measures within the
`
`10
`
`server, within a Downloadable-destination of a detected-Downloadable, or both.
`
`Embodiments further provide for causing mobile protection code ("MPC") and
`
`downloadable protection policies to be communicated to, installed and executed within
`
`one or more received information destinations in conjunction with a detected(cid:173)
`
`Downloadable. Embodiments also provide, within an information-destination, for
`
`15
`
`detecting malicious operations of the detected-Downloadable and causing responses
`
`thereto in accordance with the protection policies (which can correspond to one or more
`
`user, Downloadable, source, destination, or other parameters), or further downloaded or
`
`downloadable-destination based policies (which can also be configurable or extensible).
`
`(Note that the term "or", as used herein, is generally intended to mean "and/or" unless
`
`20
`
`otherwise indicated.)
`
`FIGS. 1a through 1c illustrate a computer network system 100 according to an
`
`embodiment of the invention. FIG. 1a broadly illustrates system 100, while FIGS. 1b and
`
`12 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 13
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`1 c illustrate exemplary protectable subsystem implementations corresponding with
`
`system 104 or 106 ofFIG. 1a.
`
`Beginning with FIG. 1a, computer network system 100 includes an external
`
`computer network 101, such as a Wide Area Network or "WAN" (e.g. the Internet),
`
`5 which is coupled to one or more network resource servers (summarily depicted as
`
`resource server-1 102 and resource server-N 103). Where external network 101 includes
`
`the Internet, resource servers 1-N (102, 103) might provide one or more resources
`
`including web pages, streaming media, transaction-facilitating information, program
`
`updates or other downloadable information, summarily depicted as resources 121, 131
`
`10
`
`and 132. Such information can also include more traditionally viewed "Downloadables"
`
`or "mobile code" (i.e. distributable components), as well as downloadable application
`
`programs or other further Downloadables, such as those that are discussed herein. (It will
`
`be appreciated that interconnected networks can also provide various other resources as
`
`well.)
`
`15
`
`Also coupled via external network 101 are subsystems 104-106. Subsystems 104-
`
`1 06 can, for example, include one or more servers, personal computers ("PCs"), smart
`
`appliances, personal information managers or other devices/processes that are at least
`
`temporarily or otherwise intermittently directly or indirectly connectable in a wired or
`
`wireless manner to external network 101 (e.g. using a dialup, DSL, cable modem,
`
`20
`
`cellular connection, IRIRF, or various other suitable current or future connection
`
`alternatives). One or more of subsystems 104-106 might further operate as user devices
`
`that are connectable to external network 1 01 via an internet service provider ("ISP") or
`
`13 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 14
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`local area network ("LAN"), such as a corporate intranet, or home, portable device or
`
`smart appliance network, among other examples.
`
`FIG. 1a also broadly illustrates how embodiments of the invention are capable of
`
`selectively, modifiably or extensibly providing protection to one or more determinable
`
`5
`
`ones of networked subsystems 104-106 or elements thereof (not shown) against
`
`potentially harmful or other undesirable ("malicious") effects in conjunction with
`
`receiving downloadable information. "Protected" subsystem 104, for example, utilizes a
`
`protection in accordance with the teachings herein, while "unprotected" subsystem-N 105
`
`employs no protection, and protected subsystem-M 106 might employ one or more
`
`10
`
`protections including those according to the teachings herein, other protection, or some
`
`combination.
`
`System 100 implementations are also capable of providing protection to redundant
`
`elements 107 of one or more of subsystems 104-106 that might be utilized, such as
`
`backups, failsafe elements, redundant networks, etc. Where included, such redundant
`
`15
`
`elements are also similarly protectable in a separate, combined or coordinated manner
`
`using embodiments of the present invention either alone or in conjunction with other
`
`protection mechanisms. In such cases, protection can be similarly provided singly, as a
`
`composite of component operations or in a backup fashion. Care should, however, be
`
`exercised to avoid potential repeated protection engine execution corresponding to a
`
`20
`
`single Downloadable; such "chaining" can cause a Downloadable to operate incorrectly
`
`or not at all, unless a subsequent detection engine is configured to recognize a prior
`
`packaging of the Downloadable ..
`
`14 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 15
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`FIGS. 1 band lc further illustrate, by way of example, how protection systems
`
`according to embodiments of the invention can be utilized in conjunction with a wide
`
`variety of different system implementations. In the illustrated examples, system elements
`
`are generally configurable in a manner commonly referred to as a "client-server"
`
`5
`
`configuration, as is typically utilized for accessing Internet and many other network
`
`resources. For clarity sake, a simple client-server configuration will be presumed unless
`
`otherwise indicated. It will be appreciated, however, that other configurations of
`
`interconnected elements might also be utilized (e.g. peer-peer, routers, proxy servers,
`
`networks, converters, gateways, services, network reconfiguring elements, etc.) in
`
`10
`
`accordance with a particular application.
`
`The FIG. lb example shows how a suitable protected system 104a (which can
`
`correspond to subsystem- I 104 or subsystem-M 106 of FIG. 1) can include a protection(cid:173)
`
`initiating host "server" or "re-communicator" (e.g. ISP server140a), one or more user
`
`devices or "Downloadable-destinations" 145, and zero or more redundant elements
`
`15
`
`(which elements are summarily depicted as redundant client device/process 145a). In this
`
`example, ISP server 140a includes one or more email, Internet or other servers 14la, or
`
`other devices or processes capable of transferring or otherwise "re-communicating"
`
`downloadable information to user devices 145. Server 141a further includes protection
`
`engine or "PE" 142a, which is capable of supplying mobile protection code ("MPC") and
`
`20
`
`protection policies for execution by client devices 145. One or more of user devices 145
`
`can further include a respective one or more clients 146 for utilizing information received
`
`via server 140a, in accordance with which MPC and protection policies are operable to
`
`15 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 16
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`protect user devices 145 from detrimental, undesirable or otherwise "malicious"
`
`operations of downloadable information also received by user device 145.
`
`The FIG. lc example shows how a further suitable protected system 104b can
`
`include, in addition to a "re-communicator", such as server 142b, a firewalll43c (e.g. as
`
`5
`
`is typically the case with a corporate intranet and many existing or proposed home/smart
`
`networks.) In such cases, a server 141 b or firewall 143 can operate as a suitable
`
`protection engine host. A protection engine can also be implemented in a more
`
`distributed manner among two or more protection engine host systems or host system
`
`elements, such as both of server 141 b and firewall 14 3, or in a more integrated manner,
`
`10
`
`for example, as a standalone device. Redundant system or system protection elements
`
`can also be similarly provided in a more distributed or integrated manner (see above).
`
`System 104b also includes internal network 144 and user devices 145. User
`
`devices 145 further include a respective one or more clients 146 for utilizing information
`
`received via server 140a, in accordance with which the MPCs or protection policies are
`
`15
`
`operable. (As in the previous example, one or more of user devices 145 can also include
`
`or correspond with similarly protectable redundant system elements, which are not
`
`shown.)
`
`It will be appreciated that the configurations of FIGS la-Ic are merely exemplary.
`
`Alternative embodiments might, for example, utilize other suitable connections, devices
`
`20
`
`or processes. One or more devices can also be configurable to operate as a network
`
`server, firewall, smart router, a resource server servicing deliverable third(cid:173)
`
`party/manufacturer postings, a user device operating as a firewalVserver, or other
`
`information-suppliers or intermediaries (i.e. as a "re-communicator" or "server") for
`
`16 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 17
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`servicing one or more further interconnected devices or processes or interconnected levels
`
`of devices or processes. Thus, for example, a suitable protection engine host can include
`
`one or more devices or processes capable of providing or supporting the providing of
`
`mobile protection code or other protection consistent with the teachings herein. A
`
`5
`
`suitable information-destination or "user device" can further include one or more devices
`
`or processes (such as email, browser or other clients) that are capable of receiving and
`
`initiating or otherwise hosting a mobile code execution.
`
`FIG. 2 illustrates an exemplary computing system 200, that can comprise one or
`
`more of the elements of FIGS. la through lc. While other application-specific
`
`10
`
`alternatives might be utilized, it will be presumed for clarity sake that system 100
`
`elements (FIGS. la-c) are implemented in hardware, software or some combination by
`
`one or more processing systems consistent therewith, unless otherwise indicated.
`
`Computer system 200 comprises elements coupled via communication channels
`
`(e.g. bus 201) including one or more general or special purpose processors 202, such as a
`
`15
`
`Pentium® or Power PC®, digital signal processor ("DSP"), etc. System 200 elements
`
`also include one or more input devices 203 (such as a mouse, keyboard, microphone, pen,
`
`etc.), and one or more output devices 204, such as a suitable display, speakers, actuators,
`
`etc., in accordance with a particular application.
`
`System 200 also includes a computer readable storage media reader 205 coupled
`
`20
`
`to a computer readable storage medium 206, such as a storage/memory device or hard or
`
`removable storage/memory media; such devices or media are further indicated separately
`
`as storage device 208 and memory 209, which can include hard disk variants,
`
`floppy/compact disk variants, digital versatile disk ("DVD") variants, smart cards, read
`
`17 of 59
`
`BLUE COAT SYSTEMS - Exhibit 1070 Page 18
`
`

`
`ATTORNEY DOCKET 43426.00014
`
`only memory, random access memory, cache memory, etc., in accordance with a
`
`particular application. One or more suitable communication devices 207 can also be
`
`included, such as a modem, DSL, infrared or other suitable transceiver, etc. for providing
`
`inter-device communication directly or via one or more suitable private or public
`
`5
`
`networks that can include but are not limited to those already discussed.
`
`Working memory further includes operating system ("OS") elements and other
`
`programs, such as application programs, mobile code, data, etc. for implementing system
`
`1 00 elements that might be stored or loaded therein during use. The particular OS can
`
`vary in accordance with a particular device, features or other aspects in accordance with a
`
`\:~!: 10
`
`particular application (e.g. Windows, Mac, Linux, Unix or Palm OS variants, a
`
`proprietary OS, etc.). Various programming languages or other tools can also be utilized,
`
`such as C++, Java, Visual Basic, etc. As will be discussed, embodiments can also include
`
`a network client such as a browser or email client, e.g. as produced by Netscape,
`
`Microsoft or others, a mobile code executor such as an OS task manager, Java Virtual
`
`15 Machine ("JVM"), etc., and an application program interface ("API"), such as a
`
`Microsoft Windows or other suitable element in accordance with the teachings herein. (It
`
`will also become apparent that embodiments might also be implemented in conjunction
`
`with a resident application or combination of mobile code and resident application
`
`components.)
`
`20
`
`One or more system 200 elements can also be implemented in hardware, software
`
`or a suitable combination. When implemented in software (e.g. as an