United States Patent
`Freund
`
`[19]
`
`[54] SYSTEM AND METHODOLOGY FOR
`INTERNET ACCESS ON A PER
`MANAGING
`APPLICATION BASIS FOR CLIENT
`COMPUTERS CONNECTED TO THE
`INTERNET
`
`[75]
`
`Inventor: Gregor Frennd, San Francisco, Calif.
`
`[73] Assignee: Zone Labs, Inc. , San Francisco, Calif.
`
`[21] Appl. No. : 08/851, 777
`May 6, 1997
`
`[22] Filed:
`
`Related U. S. Application Data
`[60] Provisional application No. 60/033, 975, Dec. 31, 1996.
`[51] Int. Cl. ' .
`G06F 13/00
`[52] U. S. Cl. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713/201
`[58] Field of Search
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395/187. 01, 186;
`364/222. 5, 286. 4, 286. 5; 711/163; 707/9,
`10, 203; 713/200, 201
`
`[56]
`
`References Cited
`
`U. S. PATENT DOCUMENTS
`
`4, 914, 586
`5, 475, 817
`5, 586, 260
`5, 623, 601
`5, 764, 887
`5, 815, 574
`5, 828, 833
`5, 832, 211
`5, 838, 903
`5, 857, 191
`5, 864, 665
`5, 875, 296
`5, 881, 230
`
`4/1990
`12/1995
`12/1996
`4/1997
`6/1998
`9/1998
`10/1998
`11/1998
`11/1998
`1/1999
`1/1999
`2/1999
`3/1999
`
`Swinehart et al. . . . . . .
`Waldo et al.
`Hu
`Vu . . . . . . . . . . . . . . . . . . . . . . . . . .
`Kells et al.
`. . . . . . . . . . . . . . .
`Fortinsky
`Belville et al.
`Blakley, HI et al.
`Blakely, HI et al.
`Blackwell, Jr. et al.
`. . . . . . . . . . . . . . . . . . . . . . .
`Tran
`Shi et al.
`Christensen et al. . . .
`
`. . . . . . . . 364/200
`. . . . . . . . 395/650
`395/200. 2
`. . . . 395/187. 01
`. . . . . . . . 395/186
`. . . . . . . . . . . 380/25
`. . . 395/187. 01
`395/188. 01
`395/188. 01
`707/10
`. . . . 395/187. 01
`. . . 395/188. 01
`. . . 395/200. 33
`
`OTHER PUBLICATIONS
`
`"Distributed Systems", Second Edition, ACM
`Mullender,
`Press New York, Addison — Wesley, pp. 3. 12 — 13, 543 — 578,
`Dec. 1993.
`ORFALI et al. , "Essential Client/Server Survival Guide",
`Van Nostrand Reinhold, pp. 153 — 154, Dec. 1994.
`
`IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
`US005987611A
`5, 987, 611
`[11] Patent Number:
`Nov. 16, 1999
`[45] Date of Patent:
`Postel, J. , "RFC 821 — Simple Mail Transfer Protocol, "
`Information Science Institute, University of Southern Cali-
`fornia, Aug. 1982, pp. 1 — 68.
`
`(List continued on next page. )
`
`Primary Examiner~Robert W. Beausoliel, Jr.
`
`Assistant Examiner — Stephen C. Elmore
`Attovney, Agent, or Fivm — John A. Smart
`ABSTRACT
`
`[57]
`
`A computing
`for monitoring
`environment with methods
`access to an open network, such as a WAN or the Internet,
`is described. The system includes one or more clients, each
`operating applications or processes (e. g. , Netscape Naviga-
`tor™ or Microsoft Internet Explorer™ browser software)
`Internet (or other open network) access (e. g. , an
`requiring
`to one or more Web servers). Client-
`Internet connection
`filtering of access is provided
`based monitoring
`in
`and
`conjunction with a centralized enforcement supervisor. The
`supervisor maintains access rules for the client-based
`filter-
`the existence and proper operation of the
`ing and verifies
`filter application. Access rules which can be
`client-based
`defined can specify criteria such as total time a user can be
`to the Internet (e. g. , per day, week, month, or the
`connected
`like), time a user can interactively use the Internet (e. g. , per
`day, week, month, or the like), a list of applications or
`application versions that a user can or cannot use in order to
`access the Internet, a list of URLs (or WAN addresses)
`that
`a user application can (or cannot) access, a list of protocols
`(such as Java Script™) that a user
`or protocol components
`application can or cannot use, and rules to determine what
`events should be logged (including how long are logs to be
`kept). By intercepting process loading and unloading
`and
`a list of currently-active
`processes, each client
`keeping
`process can be checked for various characteristics,
`including
`executable
`checking executable names, version numbers,
`file checksums, version header details, configuration
`settings, and the like. With this information,
`the system can
`if a particular process in question
`determine
`should have
`access to the Internet and what kind of access (i. e. , protocols,
`time limitations, and the like) is permis-
`Internet addresses,
`sible for the given specific user.
`
`30 Claims, 38 Drawing Sheets
`
`220
`
`243
`
`Vxo
`INTERFACE
`
`WINSOCK
`DRIVER
`
`241
`
`240
`
`225
`
`245
`
`260
`
`INTERNET
`ACCESS MONITOR
`
`APPLICATION
`PROGRAM(S)
`
`~BROWSER
`
`WINDOWS
`SHELL
`
`USER
`INTERFACE
`
`OPERATING SYSTEM
`
`250
`
`USER
`
`Unified Patents Ex. 1004, pg. 1
`
`
`Freund
`
`[19]
`
`[54] SYSTEM AND METHODOLOGY FOR
`INTERNET ACCESS ON A PER
`MANAGING
`APPLICATION BASIS FOR CLIENT
`COMPUTERS CONNECTED TO THE
`INTERNET
`
`[75]
`
`Inventor: Gregor Frennd, San Francisco, Calif.
`
`[73] Assignee: Zone Labs, Inc. , San Francisco, Calif.
`
`[21] Appl. No. : 08/851, 777
`May 6, 1997
`
`[22] Filed:
`
`Related U. S. Application Data
`[60] Provisional application No. 60/033, 975, Dec. 31, 1996.
`[51] Int. Cl. ' .
`G06F 13/00
`[52] U. S. Cl. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713/201
`[58] Field of Search
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395/187. 01, 186;
`364/222. 5, 286. 4, 286. 5; 711/163; 707/9,
`10, 203; 713/200, 201
`
`[56]
`
`References Cited
`
`U. S. PATENT DOCUMENTS
`
`4, 914, 586
`5, 475, 817
`5, 586, 260
`5, 623, 601
`5, 764, 887
`5, 815, 574
`5, 828, 833
`5, 832, 211
`5, 838, 903
`5, 857, 191
`5, 864, 665
`5, 875, 296
`5, 881, 230
`
`4/1990
`12/1995
`12/1996
`4/1997
`6/1998
`9/1998
`10/1998
`11/1998
`11/1998
`1/1999
`1/1999
`2/1999
`3/1999
`
`Swinehart et al. . . . . . .
`Waldo et al.
`Hu
`Vu . . . . . . . . . . . . . . . . . . . . . . . . . .
`Kells et al.
`. . . . . . . . . . . . . . .
`Fortinsky
`Belville et al.
`Blakley, HI et al.
`Blakely, HI et al.
`Blackwell, Jr. et al.
`. . . . . . . . . . . . . . . . . . . . . . .
`Tran
`Shi et al.
`Christensen et al. . . .
`
`. . . . . . . . 364/200
`. . . . . . . . 395/650
`395/200. 2
`. . . . 395/187. 01
`. . . . . . . . 395/186
`. . . . . . . . . . . 380/25
`. . . 395/187. 01
`395/188. 01
`395/188. 01
`707/10
`. . . . 395/187. 01
`. . . 395/188. 01
`. . . 395/200. 33
`
`OTHER PUBLICATIONS
`
`"Distributed Systems", Second Edition, ACM
`Mullender,
`Press New York, Addison — Wesley, pp. 3. 12 — 13, 543 — 578,
`Dec. 1993.
`ORFALI et al. , "Essential Client/Server Survival Guide",
`Van Nostrand Reinhold, pp. 153 — 154, Dec. 1994.
`
`IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
`US005987611A
`5, 987, 611
`[11] Patent Number:
`Nov. 16, 1999
`[45] Date of Patent:
`Postel, J. , "RFC 821 — Simple Mail Transfer Protocol, "
`Information Science Institute, University of Southern Cali-
`fornia, Aug. 1982, pp. 1 — 68.
`
`(List continued on next page. )
`
`Primary Examiner~Robert W. Beausoliel, Jr.
`
`Assistant Examiner — Stephen C. Elmore
`Attovney, Agent, or Fivm — John A. Smart
`ABSTRACT
`
`[57]
`
`A computing
`for monitoring
`environment with methods
`access to an open network, such as a WAN or the Internet,
`is described. The system includes one or more clients, each
`operating applications or processes (e. g. , Netscape Naviga-
`tor™ or Microsoft Internet Explorer™ browser software)
`Internet (or other open network) access (e. g. , an
`requiring
`to one or more Web servers). Client-
`Internet connection
`filtering of access is provided
`based monitoring
`in
`and
`conjunction with a centralized enforcement supervisor. The
`supervisor maintains access rules for the client-based
`filter-
`the existence and proper operation of the
`ing and verifies
`filter application. Access rules which can be
`client-based
`defined can specify criteria such as total time a user can be
`to the Internet (e. g. , per day, week, month, or the
`connected
`like), time a user can interactively use the Internet (e. g. , per
`day, week, month, or the like), a list of applications or
`application versions that a user can or cannot use in order to
`access the Internet, a list of URLs (or WAN addresses)
`that
`a user application can (or cannot) access, a list of protocols
`(such as Java Script™) that a user
`or protocol components
`application can or cannot use, and rules to determine what
`events should be logged (including how long are logs to be
`kept). By intercepting process loading and unloading
`and
`a list of currently-active
`processes, each client
`keeping
`process can be checked for various characteristics,
`including
`executable
`checking executable names, version numbers,
`file checksums, version header details, configuration
`settings, and the like. With this information,
`the system can
`if a particular process in question
`determine
`should have
`access to the Internet and what kind of access (i. e. , protocols,
`time limitations, and the like) is permis-
`Internet addresses,
`sible for the given specific user.
`
`30 Claims, 38 Drawing Sheets
`
`220
`
`243
`
`Vxo
`INTERFACE
`
`WINSOCK
`DRIVER
`
`241
`
`240
`
`225
`
`245
`
`260
`
`INTERNET
`ACCESS MONITOR
`
`APPLICATION
`PROGRAM(S)
`
`~BROWSER
`
`WINDOWS
`SHELL
`
`USER
`INTERFACE
`
`OPERATING SYSTEM
`
`250
`
`USER
`
`Unified Patents Ex. 1004, pg. 1
`
`
`
`5, 987, 611
`Page 2
`
`OTHER PUBLICATIONS
`
`for
`
`Croker, D. , "RFC 822 — Standard
`for the format of ARPA
`Internet Text Messages, " Department of Electrical Engineer-
`ing, University of Delaware, Aug. 13, 1982, pp. 1 — 47.
`Postel, J. and Reynolds, J. , "RFC 959 — File Transfer Pro-
`tocol (FTP), " Information Science Institute, University of
`Southern California, Oct. 1985, pp. 1 — 47.
`Kantor, B. (U. C. San Diego) and Lapsley, P. (U. C. Berke-
`ley), "RFC 977 — Network News Transfer Protocol, " Feb.
`1986, pp. 1 — 27.
`Berners — Lee, T. , "RFC 1630 — Universal Resource Identifi-
`ers in WWW, " Jun. 1994, pp. 28.
`Klensin, J. , Freed, N. , Rose, M. , Stelferud, E. and Crocker,
`D. , "RFC 1869 — SMTP Service Extensions, " Nov. 1995,
`pp. 1 — 11.
`Kessler, G. and Shepard, S. , "RFC 1739 — A Primer On
`Internet And TCP/IP Tools, " Hill Associates,
`Inc. , Dec.
`1994, pp. 1-46.
`Myers, J. (Carnegie Mellon) and Rose, M. (Dover Beach
`Inc. ), "RFC 1939 — Post OIfice Protocol — Ver-
`Consulting,
`sion 3, " May 1996, pp. 1 — 23.
`Freed, N. , "RFC 2034 — SMTP Service Extension
`Returning Enhanced Error Codes, " Innosoft, Oct. 1996, pp.
`1 — 6.
`Freed, N. , Borenstein, N. , Moore, K. , Klensin, J. and Postel,
`J. , "RFC 2045/2046/2047/2048/2049 — Multipurpose
`Inter-
`(MIME), Part 1: Format of Internet
`net Mail Extensions
`Message Bodies, Part 2: Media Types, Part 3: Message
`Header Extensions for Non — ASCII Text, Part 4: Registration
`Procedures, Part 5: Conformance Criteria and Examples, "
`Nov. 1996, Part 1: pp. 1 — 31, Part 2: pp. 1 — 44, Part 3: pp.
`1 — 15, Part 4: pp. 1 — 21, Part 5: pp. 1 — 24.
`Crispin, M. , "RFC 2060 — Internet Message Access Proto-
`col — Version 4rev1, " University of Washington, Dec. 1996,
`pp. 1 — 82.
`Palme, J. (Stockholm University)
`"RFC 2110 — MIME E — mail
`(Microsoft Corporation),
`of Aggregate Documents,
`Encapsulation
`(MHTML), " Mar. 1997, pp. 1 — 19.
`
`and Hopmann, A.
`
`such as HTML
`
`Fielding, R. (U. C. Irvine), Gettys, J. (DEC), Mogul, J.
`(DEC), Frystyk, H. (MIT/LCS) and Berers — Lee, T. (MIT/
`LCS), "Hypertext Transfer Protocol — HTI'P/1. 1, " Internet
`Engineering Task Force (IETF) — Internet Draft, Aug. 12,
`1996, pp. 1 — 52.
`Marsh, K. , "Win32 Hooks, " Microsoft Developer Network
`Technology Group, Jul. 29, 1993 (revised Feb. 1994), pp.
`1 — 14.
`Dawson, D. , "Firewalls 101 — A Introduction
`to Ascend
`Secure Access, " Ascend Network Secure Business Unit,
`Sep. 4, 1996, pp. 1 — 6.
`Semeria, C. , "Internet Firewalls and Security — A Technol-
`ogy Overview, " 3Com Corporation, Sep. 4, 1996, pp. 1 — 16.
`Felten, E. , Balfanz, D. , Dean, D. and Wallach, D. , "Web
`Internet Con Game — Technical Report
`Spoofing: An
`540 — 96, " Department of Computer Science, Princeton Uni-
`versity, 1996, pp. 1 — 9
`"Microsoft Technical Notes—
`Microsoft Corporation,
`Browsing and Windows 95 Networking, " 1995, pp. 1 — 38.
`Windows Networking Design Team — Microsoft Corpora-
`tion, "Microsoft TCP/IP VxD Interface Specification, " Oct.
`24, 1994, pp. 1 — 23.
`TechNet/Corp. Network Systems/Bus. Systems Div. — Mi-
`crosoft Corporation, "MS Windows NT 3. 5/3. 51: TCP/IP
`Implementation Details, " May 22, 1996, pp. 1 — 65.
`in Windows 95 — SunWorld Online,
`Shah, R. , "Networking
`"Nov. 1, 1995, pp. 1 — 6.
`Rickard, J. , "Internet Architecture, " Boardwatch Magazine,
`1996, pp. 1 — 11.
`"Active Directory Design Specifi-
`Microsoft Corporation,
`cation, Version 1. 0, " Oct. 25, 1996, pp. 1 — 111.
`IP Addressing — Everything
`Semeria, C. , "Understanding
`You Ever Wanted To Know, " NDS Marketing, 3Com Cor-
`poration, Apr. 26, 1996, pp. 1 — 62.
`Hall, M. et al, "Windows Sockets 2 Service Provider Inter-
`face, Revision 2. 2. 0, " Stardust Technologies, May 10, 1996,
`pp. 1 — 200.
`
`Unified Patents Ex. 1004, pg. 2
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 1 of 38
`
`5, 9S7, 611
`
`104
`
`105
`
`106
`
`107
`
`108
`
`KEYBOARD
`
`POINTING
`DEVICE
`
`SCREEN
`DISPLAY
`
`MASS
`STORAGE
`
`OUTPUT
`DEVICE
`
`$00
`
`102
`
`103
`
`MAIN
`MEMORY
`
`I/O
`CONTROLLER
`
`NETWORK
`CONTROLLER
`(e. g. , ETHERNET)
`
`112
`
`MODEM
`
`110
`
`101
`
`CENTRAL
`PROCESSOR
`
`CACHE
`MEMORY
`
`109
`
`Unified Patents Ex. 1004, pg. 3
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 2 of 38
`
`5, 9S7, 611
`
`CD
`CO
`CV
`
`UJ (3
`m cC
`N cL ~ UJ I—
`
`O~ a~
`Z co
`
`0 CO
`
`o O
`CL OC
`
`CL O I—
`UJ Z
`ZO
`UJ co +co
`Z' . UJ 0
`
`C3
`
`UJ (3
`a~~
`
`I—
`
`OUJ
`u) &
`Z CL
`CI
`
`CD
`LA
`CV
`
`I—
`co
`co
`(3
`
`O
`
`CD
`
`CV
`
`(3
`U
`
`Unified Patents Ex. 1004, pg. 4
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 3 of 38
`
`CL ~ LLI
`
`UJ )
`CL ~ LU
`
`UJ )
`
`CCI UJ
`
`I—
`LU
`
`UJ I— Z
`
`CL
`
`&~+0 Z
`
`Z
`
`Q
`
`I— pm
`Z ~
`
`UJ
`
`C5 0
`Z p
`
`I—
`
`LU
`O
`
`p
`Z
`
`I—
`
`LU
`
`I—
`
`LU
`
`C3
`O
`
`I—
`p
`UJ
`
`CO )
`
`~ O
`UJ CL
`UJ
`CL
`0 Z
`LLI I—
`co 0
`CO
`
`IX p
`
`Unified Patents Ex. 1004, pg. 5
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 4 of 38
`
`5, 9S7, 611
`
`CQ LU
`y CL
`
`0
`& CL'
`V LU
`Z CL'
`LU LLI
`Z CQ
`I-
`
`0 ~
`Q ) )
`M CL' ~
`LU LU
`CL rn
`
`CQ
`
`0
`CQ )
`
`P)
`
`Q
`
`(fl
`
`X 0
`CQ ~
`z
`
`VJ
`
`k
`
`I
`
`I
`I
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`I
`I
`
`I
`
`I
`
`I—
`LLI
`
`CL
`
`LU I— Z
`
`I—
`
`U
`CL O
`
`LU
`
`Z 0
`Z LL LU 0
`p 0 cO CL
`
`LU
`
`Q
`
`CL
`
`I— 0 m
`Z p
`
`I—
`
`LU
`
`0 ~
`Z p
`
`LU
`
`I— o
`0
`
`I—
`
`LU
`
`Unified Patents Ex. 1004, pg. 6
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 5 of 38
`
`5, 9S7, 611
`
`CO
`
`o o
`R co
`O Z
`
`O o
`
`O
`
`O
`UJ O
`
`Cf)
`
`UJ
`
`0 IJJ
`I — (/) O
`O&O o~
`
`CV
`
`Z Z 0 O
`I—
`o o
`
`cC
`
`CL
`CL
`
`I—
`
`LU
`
`Unified Patents Ex. 1004, pg. 7
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 6 of 38
`
`5, 9S7, 611
`
`UJ
`
`IZI
`
`UJ (3
`
`CO
`CO
`UJ
`O
`
`UJ
`CO
`
`(3
`CI
`
`O
`
`CO
`
`CO
`
`CO
`Ci
`
`OC
`LU
`Q
`
`CO
`
`O
`CO +Z
`CO ~
`UJ ~
`O UJ
`O CO
`
`UJ
`
`Ci
`O
`
`O
`I—
`M
`
`CI
`
`hC O
`O
`
`O
`O
`CO
`5
`
`O
`O
`
`O
`O
`
`CO
`
`O
`O
`
`CL
`
`UJ (3
`
`UJ
`
`CIC
`
`UJ I-
`K
`CL
`LU
`U
`
`CXI
`
`C)
`LA
`
`CD
`LCt
`
`lA
`C)
`LA
`
`C3
`LA
`
`UJ
`
`CI O
`
`O
`I—
`I—
`IU
`CL
`CL
`LU I—
`
`CI
`
`C9 O
`
`O
`I—
`CL
`LU
`X
`UJ
`
`(3
`O
`I—
`Cl
`
`Unified Patents Ex. 1004, pg. 8
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 7 of 38
`
`5, 9S7, 611
`
`640
`
`Unified Patents Ex. 1004, pg. 9
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 8 of 38
`
`5, 9S7, 611
`
`6 l1;' ,
`
`)
`
`. '
`
`'vA'rrdrme
`
`Irrrerrret Eqabrer
`
`: :-+ DNS . Direeirrry Serrri"e
`
`g Wekrrrrrrp. @if
`
`''hajj &rrdekee. gif
`i. y't
`fd prrklNer
`'gg@ fd urete. yf
`
`edtrertiserrrertr
`
`gji
`
`fXB Rec'Ni
`
`5:8 Ree::;. :;
`4KB R ee::. '::'.
`::, :
`GKG:Re@!:!,
`Flee ', "",
`OK8
`
`Unified Patents Ex. 1004, pg. 10
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 9 of 38
`
`5, 9S7, 611
`
`83. :
`
`unix
`
`'Ne5Fecet
`
`o ath
`Nf F30 meyseeZ. yY
`@meR218 braw~er. git
`bVBCPibBJ. g4
`
`piekg4
`bmpe5. gii
`gFIVgplkei. g4
`bumpe8 g4
`
`X8 Re"::, :', ' '';.
`2' Rea;:. :;. ';::;", .
`5KB Re@ '':: .
`2KB Re@:, . :: . . . ;
`
`6KB Rec '
`7KB ReI::' 'i
`6KB Rca, :, ::;
`0KB Rec:~ '
`
`. :Qg(jp54184+//~@~,
`
`, „, Q"-:, :, ~, ";, . :, I;:::"-"
`
`RG. 6C
`
`Unified Patents Ex. 1004, pg. 11
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 10 of 38
`
`5, 9S7, 611
`
`jj&p~:; «+:. :; ~:::~:
`: " """', '. :eS Apglmi
`i'i:, ', :llio'0'ii', : r ~ F d
`
`NRr
`
`', i, ":, ':maitre
`
`r de
`'I%i(cid:30)'l7
`
`i iii ilia!QQ. '!
`
`lrtteirtet E'rsrlorer
`Wirtdrrrvs
`DMS - Directory Service
`rrrrsrvr. stertirtrsottrrrsre
`gg
`
`col,
`
`Mise, D rke Activity
`~i'-'. t'r'a %~V - War W 'Wide 'v) eh
`
`l~) . 4 Viiorrirr WetrFeifet
`
`205. 21 7. 1!%13
`215 21 7. 1%. 18
`2rK217.
`2r5, 21r 7. 1%. 21
`Z5. 21 7. 1is 26
`
`Unified Patents Ex. 1004, pg. 12
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 11 of 38
`
`5, 9S7, 611
`
`Unified Patents Ex. 1004, pg. 13
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 12 of 38
`
`5, 9S7, 611
`
`: I Restrict greb access to. latest release version olf Internet E'rrplorer
`
`Disable any server activllies
`Restrict web access to sites rrrrvw' nests. cont. vrvrwrrrsnbc. corn. vrvAw. cn
`, DorA altorv dovrntoading ol executable Qes jdrsabledj
`Disable Rea@udlo access rrseekdays
`frorrl 8afrr to Eprrr
`Run virus check on all downtaoded
`files
`
`724
`
`8fl2ÃIRS
`'I 87 I /1 88b
`1 9r'I ~'I 8%
`171/1887
`1r'171887
`3r"271 887
`371 87) 887
`
`I lever
`
`I'revel
`
`never
`8)3 IÃ887
`
`1. The role trrrsts access to the World vAde u/eb to 1 hour psa day.
`2. This rule ts valid from 8. 133888 from SWH to 6PH on vreekdays.
`3. This rule applies to att user and computer ervept Ior Irteketing„Adrrrtnetratfon. R7 9, IrIIS
`'"vrreb8rvver" and users "'6Freund"' and "CHerrrnann".
`4. This rule can be modified and7or suspended by deparbnent and workgroup supervisors
`5. If tkis rute has beeni vrotated. Interrret Irtonttor @rill redirect web traffic to page
`"http 8127. 8. 0. 1Awe expirecthtrnt", vrhenever applicable.
`
`Unified Patents Ex. 1004, pg. 14
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 13 of 38
`
`~ 742
`
`Llrrrlt whar fifes tripes can 48 dcwnlaarfezl
`Ljrrrit tfie arrroont of tirrre that users can spend an the Internet
`
`Restrrct access ta certain Internet utes
`Disabfa Actjveki contrqfs
`I heck far knot secrrrity. problems
`Enforce sires checking
`Expert rute (restrict ports anci prataaaisI
`
`This rute can specify ssbat appkatfans cari da an the
`Internet ffar masipfe +bat proiaccts they can rrseI.
`
`'. A;::;::
`
`Unified Patents Ex. 1004, pg. 15
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 14 of 38
`
`5, 9S7, 611
`
`Unified Patents Ex. 1004, pg. 16
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 15 of 38
`
`5, 9S7, 611
`
`Unified Patents Ex. 1004, pg. 17
`
`
`
`U S. Patent
`
`Nov. 16, 1999
`
`Sheet 16 of 38
`
`5,987,611
`
`756
`
`7405
`
`75?
`
`755
`
`777
`
`FIG. 75
`
`Unified Patents Ex. 1004, pg. 18
`
`Unified Patents Ex. 1004, pg. 18
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 17 of 38
`
`5, 9S7, 611
`
`Flo. 7F
`
`Unified Patents Ex. 1004, pg. 19
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 18 of 38
`
`5, 9S7, 611
`
`4 Disa'@
`t'3 5 top the ectivity, redirect user tc error page w'hen passible
`4 Del. !;. ', I
`8 Step the ectivity generate appticeticn error
`e hVern user ~eish dialog
`9 RurI;, ":;::;. ":
`e &Warn vser vkth dialog. user cen deWs tult&ve warnings
`Generate entry in ever« log onty
`Z. rh'&:. ". ': '"'::":""': ':::::": ''::':':'::: '''':::::::" ':::::::::: "':::::::::::-"::
`'::::::::::'::::::
`'::::::"::::::':::'::::::::::
`"':::::::":
`that «eppnelne» hes acctMsed the internet
`tnternet 5/l&l«or hes det«vF&«red
`tn violation cf the access po!acies set by peur MS department
`ate «sitenarrte»
`4 This. ', :;:;::;; t he connectiprr tc « s«enema&& witt be terrrvneted, Please ccnntect yes
`g if th, , '$ sys!ere, edmmstretor
`. :::::::
`if yeu have any quesgons
`in regard &rl this poticy
`':':::::::::::::':':::::::::;:::::::::::::::::::::::::::::::::::::::::::::
`
`''htt
`
`Unified Patents Ex. 1004, pg. 20
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 19 of 38
`
`5, 9S7, 611
`
`Unified Patents Ex. 1004, pg. 21
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 20 of 38
`
`5, 9S7, 611
`
`Unified Patents Ex. 1004, pg. 22
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 21 of 38
`
`5, 9S7, 611
`
`~ C
`
`':" ':iii':: i '::i':: 'i:: . 'i iiti' '::i!i'Ai: i(iiiiitif 'T ii. "::::%i !W""ii ilia':":::::i' !ilia:". e'iii, :::, :::: "::. '::::-".
`
`\
`
`:, :::::: Limit Interrret access ta Irrtewet hrrpforer etrd htetscepe htemrftar
`
`gl Did"'. '''.
`9 Rilrn":ti
`
`I
`
`2. This, ::, ':::. :
`3. Tkls
`""grrrr';. :::. :
`4 This':;
`5. Il r1::::. :
`
`1 The rule prohibits ett epplfceborrs errcept far lrrterrret Explorer errd Netscepe
`Neiigaor frorrr eccessing the Intermt.
`r. The rule is v8id from 3r'31/1397 fram 84kl to 5:3GI'M every day.
`3. 1'he rule applies to ell user end computer except fct hterkettng. " VebSenrer'
`encl' uMf 6Freurrd
`.
`4. If tfre rub hes been violated, Internet hfonjtor will dispfey errr error dielog end
`from eccessfng the Internet
`stop the respective eppticetron
`
`Unified Patents Ex. 1004, pg. 23
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 22 of 38
`
`5, 9S7, 611
`
`', ~::;;::;4@fp) Admirristratiorr
`
`+:, ;, ;, ~!' rat!
`:v' I Resbict metr access to latest release version of tntesrret Explorer
`';: + Er !sable arttr ser Yer activities
`; 4 Reetriot Wetr aooeSS to S'iteS YrvrWANlA CON„VrSYVY IrrSnbc Corrr, V4vtriiV Crr . .
`;. :g Don't Btfovv dosIrrrtoadlng of execU4658 l1les fdtsabtedf
`, ;: @ Disable Rea@udio access sveekdays
`:; 9 Rurr Ytrtrs check on 88 dorvntaoded
`
`frorrr 9arrr to Gprrr
`fife
`
`:';e, ', ';, . ;, ;, ;::;:, , ;::, ;:! jg&;: I;-, ;
`
`-
`
`gg
`
`tNt7t996
`t, 0&t /t 9%
`Iirt r ( 997
`3 f't r't 997
`972/t M7
`drt5/t997
`9731 /1997
`
`rrever
`never
`
`rre~i'8I
`5r'3't 7'! 99r":, ,
`never
`
`never
`
`t. TherUte prohiksts all appfcattons except for fnternet Explorer andfletscape Navfpator
`N aa~ator accessrrrg the! nternek
`2. The Brie fs Ye!Id frorrr 3ir35 / t 997 lroa'I !tiki to 5'30PM everfr dati.
`3. Ther' applies to ati user and corrrpoter except for krtarketinrt, " k~/eb9erver'" arrd vser "GFreunrf"
`4. i! ttxs rule has been Y!otated, ! nternet frforrrtor Yrltt dlsptatr arrr error dratog arrd stop the respective
`hcatisxt frorrI accessfI ict tfre Hornet
`
`frorrr
`
`68Aeral
`
`FIG. 7K
`
`Unified Patents Ex. 1004, pg. 24
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 23 of 38
`
`5, 9S7, 611
`
`CLIENT LOADING
`METHOD
`800
`
`BEGIN
`
`CLIENT MONITOR CHECKS IF A SUPERVISOR HAS
`BEEN ASSIGNED FOR THIS CLIENT MONITOR
`
`IF YES, CLIENT MONITORS SEND LOGIN
`REQUEST TO SUPERVISOR
`
`SUPERVISOR CHECKS IF REQUEST
`COMES FROM I/ITHIN THE LAN
`
`SUPERVISOR CHECKS IF CLIENT MONITOR
`HAS ANY INTERNET ACCESS RIGHTS
`
`SUPERVISOR DETERMINES DEPARTMENT OR
`WORKGROUP FOR CLIENT MONITOR
`
`SUPERVISOR FILTERS APPROPRIATE RULES FROM
`DATABASE; TRANSMITS RULES TO CLIENT MONITOR
`
`CLIENT MONITOR CONFIRMS SUCCESSFUL
`RECEPTION OF RULES
`
`CLIENT MONITOR SAVES COPY OF RULES ON TO
`A LOCAL STORAGE MEDIUM
`
`SUPERVISOR CONTACTS FIREWALL TO REQUEST
`INTERNET ACCESS FOR THE CLIENT MONITOR
`
`CONTINUE TO FIG. 8B
`
`EIG BA.
`
`801
`
`802
`
`803
`
`804
`
`805
`
`806
`
`807
`
`808
`
`809
`
`Unified Patents Ex. 1004, pg. 25
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 24 of 38
`
`5, 9S7, 611
`
`CONTINUE FROM FIG. 8A
`
`CONNECTION BETWEEN CLIENT MONITOR AND
`SUPERVISOR REMAINS OPEN
`
`SUPERVISOR REGULARLY SEND CHECK
`MESSAGES TO CLIENT MONITOR
`
`CLIENT MONITOR STORES LOG INFORMATION
`ON LOCAL STORAGE (IF AVAILABLE)
`
`CLIENT MONITOR SENDS LOG MESSAGES
`TO SUPERVISOR
`
`IF SUPERVISOR DETERMINES ANY PROBLEM WITH
`IT NOTIFIES FIREWALL TO
`CLIENT MONITOR,
`DISABLE INTERNET ACCESS FOR CLIENT MONITOR
`
`DONE
`
`810
`
`811
`
`812
`
`813
`
`814
`
`Unified Patents Ex. 1004, pg. 26
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 25 of 38
`
`5, 9S7, 611
`
`CLIENT MONITOR UNABLE
`TO LOCATE SUPERVISOR
`900
`
`BEGIN
`
`CLIENT MONITOR LOADS THE LAST STORED
`APPLICATION, HOST, RULES DATABASE, ETC.
`FROM LOCAL STORAGE
`
`CLIENT MONITOR MAY ATTEMPT TO CONTACT
`THE INTERNET DIRECTLY — THE LAST STORED
`RULES STILL APPLY
`
`901
`
`902
`
`DONE
`
`Unified Patents Ex. 1004, pg. 27
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 26 of 38
`
`5, 9S7, 611
`
`UNLOADING THE
`CLIENT MONITOR
`1000
`
`BEGIN
`
`THE CLIENT MONITOR APPLICATION NOTIFIES THE
`SUPERVISOR THAT IT IS ABOUT TO BE UNLOADED
`
`THE SUPERVISOR CONTACTS THE FIREWALL OF
`THAT CLIENT MONITOR TO STOP INTERNET ACCESS
`FOR THAT CLIENT MONITOR
`
`THE CLIENT MONITOR STORES ANY REMAINING
`LOG INFORMATION ON LOCAL STORAGE
`
`THE CLIENT MONITOR SENDS ANY REMAINING
`LOG MESSAGES TO THE SUPERVISOR
`
`1001
`
`1002
`
`1003
`
`1004
`
`1005
`
`THE CLIENT MONITOR SHUTS DOWN
`
`DONE
`
`Unified Patents Ex. 1004, pg. 28
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 27 of 38
`
`5, 9S7, 611
`
`LOADING THE
`CLIENT MONITOR IN
`AN ISP ENVIRONMENT
`1100
`
`BEGIN
`
`RAS CALLS ISP POP USING SLIP, PPP OR SIMILAR
`PROTOCOL WITH USER ID/PASSWORD
`
`ISP POP SERVER CALLS ISP AUTHENTICATION
`SERVER WITH USER ID/PASSWORD
`
`ISP AUTHENTICATION SERVER CHECKS
`USER ID 8 PASSWORD
`
`IF OK, AUTHENTICATION SERVER CHECKS
`WITH ISP SUPERVISOR IF USER HAS ACCESS
`RULES MECHANISM
`INSTALLED
`(AI YES: CLIENT RESTRICTED TO
`ISP "SANDBOX" SERVER
`(B) NO: CLIENT ACCESS UNRESTRICTED
`
`CLIENT MONITORS SEND LOGIN REQUEST
`TO ISP SUPERVISOR
`
`ISP SUPERVISOR TRANSMITS ACCESS RULES ETC.
`TO CLIENT MONITOR
`
`CLIENT MONITOR SAVES COPY OF RULES ON A
`LOCAL HARD DISK TO A LOCAL STORAGE MEDIUM
`
`ISP SUPERVISOR CONTACTS ISP POP SERVER TO
`REMOVE "SANDBOX" RESTRICTIONS
`
`CONTINUE TO FIG. 11B
`
`FIG 11A.
`
`1101
`
`1102
`
`1103
`
`1104
`
`1105
`
`1106
`
`1107
`
`1108
`
`Unified Patents Ex. 1004, pg. 29
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 28 of 38
`
`5, 9S7, 611
`
`CONTINUE FROM FIG. 11A
`
`CONNECTION BETWEEN CLIENT MONITOR AND
`ISP SUPERVISOR REMAINS OPEN
`
`ISP SUPERVISOR REGULARLY SEND CHECK
`MESSAGES TO CLIENT MONITOR
`
`CLIENT MONITOR STORES LOG INFORMATION
`ON LOCAL STORAGE
`
`CLIENT MONITOR SENDS LOG MESSAGES
`TO ISP SUPERVISOR
`
`IF ISP SUPERVISOR DETERMINES ANY PROBLEM
`WITH CLIENT MONITOR, IT NOTIFIES ISP
`POP SERVER TO RESTRICT ACCESS RIGHTS
`TO "SANDBOX MODE"
`
`1109
`
`1110
`
`1111
`
`1112
`
`1113
`
`DONE
`
`Unified Patents Ex. 1004, pg. 30
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 29 of 38
`
`5, 9S7, 611
`
`IN TERPRETATION
`OF A TYPICAL HTTP
`"GET" REQUEST
`1200
`
`BEGIN
`
`THE APPLICATION CALLS WINSOCK WSAStartup()
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`CHECKS THE RULES AND APPLICATION DATABASE
`IF THE APPLICATION OR SPECIFIC VERSION OF
`THE APPLICATION HAS INTERNET ACCESS RIGHTS
`
`IF NOT, THE CLIENT MONITOR FAILS WASStartup() CALL
`
`APPLICATION CALLS SOCKET()
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`CHECKS IF THE APPLICATION OR USER HAVE RIGHTS
`TO CONTINUED USE OF THE INTERNET
`
`IF NOT, THE CLIENT MONITOR FAILS SOCKET() CALL
`
`THE APPLICATION CONTACTS THE HOST USING
`WINSOCK CONNECT()
`
`CLIENT MONITOR INTERCEPTS THE CALL 8 CHECKS
`THE RULES AND HOST DATABASE IF APPLICATION
`HAS ACCESS RIGHTS TO THE SPECIFIC HOST
`
`THE CLIENT MONITOR CHECKS IF THE APPLICATION
`OR USER HAVE RIGHTS TO CONTINUED USE
`OF THE INTERNET
`
`CONTINUE TO FIG. 12B
`
`FIG $2A.
`
`1201
`
`1202
`
`1203
`
`1204
`
`1205
`
`1206
`
`1207
`
`1208
`
`1209
`
`Unified Patents Ex. 1004, pg. 31
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 30 of 38
`
`5, 9S7, 611
`
`CONTINUE FROM FIG. 12A
`
`IF NO ON PREVIOUS 2 STEPS, THE CLIENT
`MONITOR FAILS OR REDIRECTS CONNECTO CALL
`
`THE APPLICATION CALLS WINSOCK SEND0 WITH
`HTTP COMMAND "GET FOO. HTML"
`
`THE CLIENT MONITOR INTERCEPTS THE CALL AND
`DETERMINES PROTOCOL BASED ON A COMBINATION
`OF THE TCP/IP PORT ADDRESS, ADDRESS
`FAMILY, CONTENTS, ETC.
`
`THE CLIENT MONITOR CHECKS THE RULES AND
`APPLICATON DATABASE IF THE APPLICATION
`HAS THE RIGHT TO USE HTTP
`
`THE CLIENT MONITOR CHECKS THE RULES
`DATABASE IF THE USER/COMPUTER HAS THE RIGHT
`TO DOWNLOAD ", HTML" FILES
`
`IF NO ON THE LAST 2 STEPS, THE CLIENT MONITOR
`FAILS OR REDIRECTS SEND CALL
`
`THE CLIENT MONITOR LOADS THE CONTENT
`DRIVER FOR ". HTML" FILES
`
`THE APPLICATION CALLS WINSOCK RECVO
`
`CONTINUE TO FIG, 12C
`
`1210
`
`1211
`
`1212
`
`1213
`
`1214
`
`1215
`
`1216
`
`1217
`
`Unified Patents Ex. 1004, pg. 32
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 31 of 38
`
`5, 9S7, 611
`
`CONTINUE FROM FIG. 12B
`
`THE HOST SENDS THE CONTENTS OF "FOO. HTML"
`
`THE CLIENT MONITOR INTERCEPTS RETURN OF
`THE RECV() CALL AND PASSES THE CONTENTS
`TO THE CONTENT DRIVER
`
`THE CONTENT DRIVER PARSES CONTENTS OF
`"FOO. HTML" AND CHECKS FOR A NUMBER OF
`COMPONENTS:
`A REFERENCES TO JAVA, ACTIVEX, ETC.
`B REFERENCES TO NETSCAPE STYLE PLUG-INS
`C IMBEDDED SCRIPTS SUCH A JAVASCRIPT,
`VBSCRIPT, ETC.
`(D) REFERENCES TO OTHER FILES OR COMPONENTS
`(E) OTHER SYNTAX ELEMENTS THAT ARE KNOWN
`OR SUSPECTED TO CAUSE SECURITY OR
`NETWORK PROBLEMS
`
`THE CONTENTS DRIVER CHECKS THE APPLICATON
`AND RULES DATABASE IF THE SPECIFIC HTML
`COMPONENT IS PERMISSIBLE
`
`IF NOT, THE DRIVER EITHER REMOVES THE HTML
`COMPONENT OR FAILS THE RECV() CALL DEPENDING
`ON THE VIOLATED RULE
`
`THE APPLICATION RECEIVED CONTENTS OF
`"FOO. HTML"
`
`THE CLIENT MONITOR INTERCEPTS FILE I/O CALLS
`FROM THE APPLICATION AND TRIES TO DETERMINE
`WHERE THE APPLICATION HAS SAVED THE
`FILE IT JUST RECEIVED
`
`1218
`
`1219
`
`1220
`
`1221
`
`1222
`
`1223
`
`1224
`
`DONE
`
`Unified Patents Ex. 1004, pg. 33
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 32 of 38
`
`5, 9S7, 611
`
`BANDWIDTH
`AND INTERACTIVE
`USE MONITORING
`1300
`
`BEGIN
`
`THE APPLICATION CALLS WINSOCK SEND() OR
`RECV0 CALLS
`
`CLIENT MONITOR INTERCEPTS THESE CALLS AND:
`(A) MARKS THE TIME OF THE CALL IN THE
`LASTINTERNETACCESS FIELD OF THE
`APPLICATION'S LIST ENTRY
`(B) CHECKS IF THE SENDO OR RECV0 USES AN
`INTERNET PROTOCOL USUALLY ASSSOCIATED
`WITH INTERACTIVE ACTIVITY
`(C) IF YES, MARKS THE TIME OF THE CALL IN THE
`LASTINTERACTIVEACCESS FIELD OF THE
`APPLICATION'S LIST ENTRY
`(D) ADDS THE DATA LENGTHS TO DATAIN OR
`DATAOUT ACCUMULATIVE COUNTER OF THE
`APPLICATION'S LIST ENTRY AND GLOBAL
`ACTIVITY RECORD
`(E) IF DATAIN OR DATAOUT FIELDS EXCEED RULE-
`BASED QUANTITY EITHER FOR THE SPECIFIC
`APPLICATION OR THE USER/WORKSTATION,
`THE CLIENT MONITOR DISABLES FUTURE
`INTERNET ACCESS AND/OR WARNS THE USER
`
`WINDOWS SENDS CERTAIN KEYBOARD AND MOUSE
`MESSAGES TO A WINDOW
`
`CLIENT MONITOR INTERCEPTS THESE MESSAGES
`
`THE CLIENT MONITOR IDENTIFIES THE TARGET
`WINDOW AND APPLICATION OF THE MESSAGE
`AND MARKS THE TIME OF THE LASTINTERACTIVEUSE
`FIELD OF THE APPLICATION'S LIST ENTRY
`
`CONTINUE TO FIG. 13B
`
`1301
`
`1302
`
`1303
`
`1304
`
`1305
`
`Unified Patents Ex. 1004, pg. 34
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 33 of 38
`
`5, 9S7, 611
`
`CONTINUE FROM FIG. 13A
`
`1306
`
`EVERY MINUTE THE CLIENT MONITOR CHECKS
`EACH ENTRY OF THE APPLICATION LIST:
`(A) HAS THE LASTINTERNETACCESS FIELD
`IN THE LAST MINUTE
`CHANGED
`(B} IF YES, ADD ONE MINUTE TO THE
`TOTALINTERNETUSE FIELD OF THE
`APPLICATION'S LIST ENTRY
`(C} HAVE THE LASTINTERACTIVEACCESS AND
`LASTINTERACTIVEUSE FIELDS CHANGED
`IN THE LAST 5 MINUTES
`(D) IF YES, ADD ONE MINUTE TO THE
`TOTALINTERACTIVEUSE FIELD OF THE
`APPLICATION'S LIST ENTRY
`(E) IF THE TOTALINTERNETUSE OR
`TOTALINTERACTIVEUSE FIELDS OF ANY
`APPLICATION'S LIST ENTRY HAVE CHANGED ALSO
`ADD ONE MINUTE TO THE CORRESPONDING
`FIELD OF THE GLOBAL RECORD.
`(F) IF ANY OF THE TOTALINTERNETUSE OR
`TOTALINTERACTIVEUSE FIELDS EXCEED RULE-
`BASED QUANTITY EITHER FOR THE SPECIFIC
`APPLICATION OR THE USER/WORKSTATION,
`THE CLIENT MONITOR DISABLES FUTURE
`INTERNET ACCESS AND/OR WARNS THE USER
`
`DONE
`
`Unified Patents Ex. 1004, pg. 35
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 34 of 38
`
`5, 9S7, 611
`
`MANAGING
`NETWORK
`CONGESTION
`1400
`
`BEGIN
`
`1401
`
`1402
`
`IF THE SUPERVISOR DETERMINES A CONGESTION
`OF INTERNET ACCESS EITHER BY INTERPRETING
`THE LOG MESSAGES FROM THE CLIENT MONITORS,
`ITS OWN MONITORING OF ACCESS SPEED, OR THIRD
`PARTY MONITORING TOOLS, IT NOTIFIES
`THE CLIENT MONITORS OF TEMPORARY
`ACCESS RESTRICTIONS
`
`DEPENDING ON THE SPECIFIC RULES IN THIS CASE,
`THE CLIENT MONITOR CAN EITHER:
`(A) DELAY INTERNET ACCESS FOR NON-CRITICAL
`APPLICATIONS OR PROTOCOLS BY:
`- APPLICATONS CALL WINSOCK SEND0, RECV(),
`CONNECT(), ETC. CALL
`- THE CLIENT MONITOR INTERCEPTS THE CALL
`AND CHECKS RULES AND APPLICATION
`DATABASE IF CALLS RELATE TO NON-
`CRITICAL ACTIVITIES
`- IF YES, DELAY THE SPECIFIC THREAD OF THE
`APPLICATION BY A PREDETERMINED AMOUNT
`- THIS WILL OPEN BANDWIDTH FOR CRITICAL
`ACTIVITIES
`(B) DISABLE INTERNET ACCESS FOR NON-
`CRITICAL APPLICATONS OR PROTOCOLS
`
`DONE
`
`Unified Patents Ex. 1004, pg. 36
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 35 of 38
`
`5, 9S7, 611
`
`INTERCEPTING
`WINSOCK
`MESSAGES
`1500
`
`BEGIN
`
`THE CLIENT MONITOR LOADS OUR CLIENT VxD
`
`THE CLIENT VxD LOADS WSOCK. VXD AND REDIRECTS
`THE DEVICEIOCONTROL CODE POINTER OF
`WSOCK. VXD TO ITS OWN INTERCEPTION ROUTINE
`
`THE APPLICATION CALLS WINSOCK FUNCTION
`IN
`WSOCK32. DLL THAT REQUIRE INTERNET ACCESS
`
`WSOCK32. DLL PROCESSES THE PARAMETERS
`AND CALLS WSOCK. VXD VIA WIN32
`DEVICEIOCONTROLO FUNCTION
`
`CLIENT VxD LOOKS UP THE CALL VIA THE
`"INTERCEPT BEFORE" DISPATCH TABLE
`
`IF THE DISPATCH TABLE REQUIRES AN INTERCEPT,
`THE CLIENT VxD CREATES AN INTERCEPTION
`MESSAGE AND CALLS THE CLIENT MONITOR
`
`IF THE CLIENT MONITOR ALLOWS THE CALL TO GO
`FORWARD, THE CLIENT VxD CALLS THE ORIGINAL
`WSOCK. VXD ROUTINE, OTHERWISE IT RETURNS
`WSOCK32. DLL AND THE APPLICATION
`
`THE CLIENT VxD LOOKS UP THE CALL VIA THE
`"INTERCEPT AFTER" DISPATCH TABLE
`
`CONTINUE TO FIG. 15B
`
`FIG 15A.
`
`1501
`
`1502
`
`1503
`
`1504
`
`1505
`
`1506
`
`1507
`
`1508
`
`Unified Patents Ex. 1004, pg. 37
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 36 of 38
`
`5, 9S7, 611
`
`CONTINUE FROM FIG. 15A
`
`IF THE DISPATCH TABLE REQUIRES AN INTERCEPT,
`THE CLIENT VxD CREATES AN INTERCEPTION
`MESSAGE AND CALLS THE CLIENT MONITOR
`
`THE CLIENT VxD RETURNS TO WSOCK32. DLL WITH
`EITHER THE ORIGINAL RETURN RESULTS OR
`RESULTS MODIFIED BY THE CLIENT MONITOR
`
`1509
`
`1510
`
`DONE
`
`Unified Patents Ex. 1004, pg. 38
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 37 of 38
`
`5, 9S7, 611
`
`TRANSMITTING MESSAGES
`FROM RING 0 TO RING 3
`1600
`
`BEGIN
`
`1601
`
`1602
`
`1603
`
`1604
`
`1605
`
`FILE, WINSOCK OR THREAD COMPONENTS OF
`CLIENT VxD CALL THE MESSAGE DISPATCHER
`
`THE DISPATCHER DETERMINES IF ANY ADDITIONAL
`DATA IS REQUIRED:
`(A) IF YES, THE DISPATCHER DETERMINES IF
`ADDITIONAL DATA FITS INTO EXTRA SPACE
`- IF YES, THE DISPATCHER COPIES DATA INTO
`ADDITIONAL SPACE
`(B) IF NO, THE DISPATCHER DETERMINES IF DATA
`IS ALREADY MAPPED INTO GLOBAL SPACE
`- IF NO, THE DISPATCHER ALLOCATES GLOBAL
`MEMORY POINTER TO DATA AND PUTS
`POINTER INTO MESSAGE BODY
`
`THE DISPATCHER COPIES MESSAGE TO ARRAY
`
`THE DISPATCHER DETERMINES IF IT NEEDS
`TO WAIT FOR MESSAGE PROCESSING BECAUSE:
`(A) IT MIGHT NEED TO FREE THE GLOBAL MEMORY
`POINTER
`(B) THE CLIENT MONITOR NEEDS TO APPROVE THE
`UNDERLYING ACTION
`(C) THE CLIENT MONITOR MIGHT PATCH ANY OF THE
`PARAMETERS
`
`IF THE DISPATCHER NEEDS TO WAIT, IT:
`(A) TELLS WINDOWS TO SWITCH TO THE
`RING 3 CLIENT MONITOR'S MESSAGE THREAD
`(B) PUTS ITSELF INTO SLEEP MODE OTHERWISE IT
`RETURNS IMMEDIATELY TO THE CALLER
`
`CONTINUE TO FIG. 16B
`
`Unified Patents Ex. 1004, pg. 39
`
`
`
`U. S. Patent
`
`Nov. 16, 1999
`
`Sheet 38 of 38
`
`5, 9S7, 611
`
`CONTINUE FROM FIG. 16A
`
`1606
`
`AFTER THE CLIENT MONITOR PROCESSED THE
`MESSAGE, THE DISPATCHER DOES ONE OR MORE
`OF THE FOLLOWING ACTIONS:
`(A} DE-ALLOCATES GLOBAL MEMORY POINTER, IF
`PREVIOUSLY ALLOCATED
`{B} COPIES ANY PATCHED MEMORY TO CORRECT
`DATA
`
`DONE
`
`Unified Patents Ex. 1004, pg. 40
`
`
`
`SYSTEM AND METHODOLOGY FOR
`INTERNET ACCESS ON A PER
`MANAGING
`APPLICATION BASIS FOR CLIENT
`COMPUTERS CONNECTED TO THE
`INTERNET
`
`The present application claims priority from commonly-
`owned provisional patent application Ser. No. 60/033, 975,
`filed Dec. 31, 1996, entitled SYSTEM AND METHODS
`INTERNET ACCESS, and listing as
`FOR MONITORING
`inventor Gregor P. Freund, the disclosure of which is hereby
`incorporated by reference.
`
`COPYRIGHT NOTICE
`A portion of the disclosure of this patent document
`is subject to copyright protection.
`contains material which
`The copyright owner has no objection
`to the facsimile
`reproduction by anyone of the patent document or the patent
`disclosure as it appears
`in the Patent and Trademark Office
`patent file or records, but otherwise
`reserves all copyright
`rights whatsoever.
`
`BACKGROUND OF THE INVENTION
`
`to information
`relates generally
`The present
`invention
`to system and methods for
`processing and, more particularly,
`security of individual
`access and maintaining
`regulating
`(LANs) con-
`local area networks
`computer
`systems and
`(Wide Area Networks or
`nected
`to larger open networks
`the Internet.
`WANs), including
`stand-alone
`The first personal computers were
`largely
`or
`units with no direct connection
`to other computers
`computer networks. Data exchanges between computers
`were mainly accomplished by exchanging magnetic or opti-
`cal media such as floppy disks. Over time, more and more
`to each other using Local Area
`computers were connected
`Networks or "LANs. " In both cases, maintaining
`security
`a user of a personal
`and controlling what
`information
`can access was relatively
`simple because
`computer
`the
`overall computing
`environment was
`and clearly
`limited
`defined.
`popularity of the Internet, par-
`With the ever-increasing
`the World Wide Web ("Web") portion of the
`ticularly
`Internet, however, more and more personal computers are
`connected to larger networks. Providing access to vast stores
`of inform
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
