USOOS677494BZ
`
`(12) United States Patent
`
`US 8,677,494 32
`(45) Date of Patent:
`*Mar.18, 2014
`Edery et at.
`
`(10) Patent No.:
`
`(54)
`
`(75)
`
`(73)
`
`(*1
`
`MALICIOUS MOBILE CODE RUNTIME
`MONITORING SYSTEM AND METHODS
`
`lnventors: Yigal Mnrdcchai Edery, Pardesia (1L);
`Nirmrod ltzhak Vered. (ioosh
`Tel—Mond (IL): David R. Kroll. San
`Jose, CA (US); Shlomo Toulmul.
`Kelar-llaim ([1,)
`
`Assignee: Finjan, Inc.. Wilmington. DE (US)
`
`Notice:
`
`Subject to any disclaimer. the term ol‘this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`This patent is subject to a terminal dis-
`claimer.
`
`(21)
`
`Appl. No: 137290.703
`
`(22)
`
`Filed:
`
`Nov. 7, 2011
`
`<65)
`
`Prior Publication Data
`
`US 20127011765] Al
`
`May 10. 2012
`
`Related U.S. Application Data
`
`(63)
`
`Continuation 01‘ application No. 127471.942. liled on
`May 26. 2009. now Pat. No. 8.079.086. which is a
`
`(Continued)
`
`(51)
`
`Int. Cl.
`
`(2006.01)
`(2006.01)
`(2006.01)
`
`HM}. 29/06
`0‘06!" ”/30
`006!" 75/16
`U.S. Cl.
`USPC
`Field of Classification Search
`None
`
`(52)
`
`(53)
`
`72672417137175
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4.562.305 A
`5.077.677 A
`
`12-1985 Gaffneer.
`1271991 Murphyeral.
`
`(Continued)
`
`1"(JRIEI( iN PA'l'liN'I‘ DOCUMENTS
`
`PP
`EP
`
`063 6977
`1021276
`
`771994
`7.-"2000
`
`((I‘ontinuod)
`OT] 11 ER PUBLICA'l‘lONS
`
`Zhong. el 31.. “&enrily in the Large: is Java‘s Sandbox Scalable’?."
`Severn}: {FEE Symlrmxr'rrm (m Rcr’r'abr'e Divrr'r'brrred SJ-a't‘ems. pp. 1—6.
`Oct. 1998.
`
`(Continued)
`
`Christopher Revak
`Priirmriv Examiner
`(74) .Ilrromej', Agent. or Mimi
`Bey & (Totrtopia Pl .l.(‘
`
`ABSTRACT
`(57)
`Protection systems and methods provide for protecting one or
`more personal computers (“PCs”) anda’or other intermittently
`or persistently network accessible devices or processes from
`undesirable or otherwise malicious operations of Java TN
`applets. ActiveXTM controls, JavaScriptTM scripts, Visual
`Basic scripts. add—ins. downloadedhlploaded programs or
`other “1 )twv‘nloadables” or “mobile code“ in whole or part. A
`protection engine embodiment provides for monitoring infor-
`mation received. determining whether received information
`does or is likely to include executable code. and if so. causes
`mobile protection code (M PC) to be transferred to and ren-
`dered operable within a destination device of the received
`information. An MPC embodiment further provides. within a
`Down]oadable—destination. for initiating the Downloadable.
`enabling malicious Downloadable operation attempts to be
`received by the MPC, and causing (predetermined) corre-
`sponding operations to be executed in response to the
`attempts.
`
`See application file for complete search history.
`
`18 Claims, 10 Drawing Sheets
`
`
`
`l
`
`{
`l
`
`Retrieve prEtectiori parameters and term
`mobile protection code accordng to the
`parameters
`
`1011
`
`
`
`iRe'Jieve protection parameters and term
`protection policies aocmdtng t2: the
`pastorate!!!
`
`1013
`
`Cuupls the stable protection code.
`protection policies and received—
`intorrnation in farm a protection agent [9.9.
`MP1: first. policies second. and RI third]
`_ __ _ 1—
`
`
`
`/_1_
`t5
`
`CS-1001
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 1
`
`CS-1001
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 1
`
`

`

`US 8,677,494 B2
`
`Page 2
`
`5.960.170 A
`5.963.742 A
`5.964.889 A
`5.974.549 A
`5.978.484 A
`5.983.348 A
`5,987.61 1 A
`6.070.239 A
`6.088.801 A
`6.088.803 A
`6.092.194 A
`6.125.390 A
`6.154.844 A
`6.167.520 A
`6.263.442 B1
`6.339.829 B1
`6.351.816 Bl
`6.425.058 B1
`6.434.668 B1
`6.434.669 Bl
`6.480.962 131
`6.487.666 Bl
`6.519.679 B2
`6.571.338 B1
`6.598.033 B2
`6.643.696 B2
`6.732.179 Bl
`6.804.780 131
`6.917.953 B2
`7.058.822 B2
`7.143.444 B2
`7.210.041 B1
`7.308.648 B1
`7.343.604 B2
`7.418.731 132
`7.613.926 B2
`7.647.633 B2
`8.079.086 B1 "
`200310014662 AI
`200310074190 Al
`2003101013 58 Al
`
`20041007381 1 Al
`200410088425 A1
`200510050338 Al
`200510172338 A1
`200610031207 AI
`200610048224 Al
`200 810066 1 60 Al
`201010195909 A 1
`
`911999 Chen et al.
`1011999 Williams
`1011999 Nachenberg
`1011999 Golan
`1171999 Appersun el al.
`1111999 .11
`I [11999 Freund
`512000 McManis
`712000 Grecsek
`712000 150 et a1.
`712000 Touhoul
`912000 Touboul
`1112000 Tuuhoul e1 211.
`1212000 Touhoul
`712001 Mueller et al.
`112002 Beadlect a1.
`212002 Mueller et a1.
`712002 Ariinilli et a1.
`812002 AIimilli el al.
`812002 AIill'Iilli et a1.
`1 112002 Touboul
`1112002 Shanklin et al.
`212003 Devireddy et a1.
`512003 Shaio et at.
`712003 Ross et a1.
`1 112003 Davis et a].
`512004 Brown el al.
`1012004 Touboul
`712005 Simon etal.
`612006 L-‘deiy et al.
`1112006 Porras cl 7]].
`412007 Gryaznov et a1.
`1212007 Buchthal el 211.
`312008 Grabnrnik et a1.
`812008 Touboul
`1112009 Edcry et a1.
`112010 Edcry et al.
`1212011 Ellery et a1.
`112003 Gupta et a1.
`412003 Allison
`512003 Porras ct a1.
`
`..................... 726124
`
`412004 Sanin
`5.12004 Rubinstein et a].
`312005 Liang Ct at.
`812005 Sandu et a1.
`212006
`szu'nestzun el al.
`. 12006 Duncan el al.
`312008 Becker et a1.
`812010 Wasson et a1.
`
`FORl-EK 1N PA'l‘l-EN'I‘ [IXTUMIEN'I‘S
`
`1091276
`EP
`I 132796
`EP
`08—263447
`JP
`95127249
`WU
`95133237
`WU
`9812 1683
`WO
`20041063948
`WU
`W0 W0 20041063948
`
`412001
`912001
`1011996
`1011995
`1211995
`511998
`712004
`712004
`
`................ G06F 1100
`
`.............. ("1061: [7130
`
`011 111R PU BI .ICA'I‘IONS
`
`Rubin. et al.. “Mobile Code Security." 113275 1771677767. pp. 30-34. Dec.
`1998.
`Schmid. et al. “Protecting Dala From Malicious Software.“ Proceed—
`ing 631-11764 18"” .477771701 Conwm‘er Security Appflrrarirms (277512467763.
`pp. [-10 2002.
`Corradi. et a].. “A Flexible Access Control Service for Java Mobile
`Code.” ”SEE. pp. 356—365. 2000.
`Inlemationa] Search Report for Application No. PCT1IB97101626. 3
`pp.. May 14. 1998 (mailing date).
`International Search Report for Application No. PC'1'11L0510091 5. 4
`pp.. dated M21. 3. 2006.
`Written Opinion for Application No. P(_‘.'171L05100915. 5 pp.. dated
`Mar. 3. 2006 (mailing date).
`Inlemationa] Search Report for Application No. PCT1IBD 1101 138. 4
`pp.. Sep. 20. 2002 (mailing dale).
`
`CS-1001
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 2
`
`Related U.C. Application Data
`
`continuation of application No. 111370.114. filed on
`Mar. 7. 2006. now Pat. No. 7,613,926. which is a con-
`tinuation of application No. 091861.229. filed on May
`17. 2001. now Pat. No. 7.058.822. which is a continu—
`ation-in-pan of application No. 091539.667. filed on
`Mar. 30. 2000, now Pat. No. 6.804.780, which is a con-
`tinuation ol‘appl ication No. 081964.388, filed on Nov. 6.
`1997. now Pat. No. 6.092.194. said application No.
`091861.229 is a continuation—in—part of application No.
`091551.302, filed on Apr. 18. 2000. now Pat. No. 6.480.
`962. and a continuation of application No. 081790.097.
`filed on Jan. 29. 1997. now Pat. No. 6.167.520.
`
`(60) Provisional application No. 601205.591. filed 011 May
`17. 2000. provisional application No. 601030.639. filed
`on Nov. 8. 1996.
`
`(56)
`
`References Cited
`
`U .S. PATl'lN‘l‘ DOCUMENTS
`
`.7
`vvvvv 709143
`
`I 111993
`11 I994
`511994
`611994
`1011994
`I 111994
`31 I995
`511995
`511995
`811995
`911995
`111996
`111996
`11 I996
`611996
`1 111996
`1 111996
`211997r
`411997
`411997
`41 I997
`611997
`1011997
`1 111997
`1 11199?Ir
`[211997
`211998
`31 I998
`411998
`411998
`611998
`611998
`611998
`711998
`81 I998
`911998
`911998
`1011998
`1 111998
`I 111998
`[211998
`[211998
`111999
`111999
`211999
`311999
`311999
`311999
`311999
`411999
`911999
`911999
`911999
`
`Francisco e1 21.].
`Shieh et a1.
`Fischer
`Ilile et a].
`Rosenthal
`Tajalli et al.
`C hambers
`Fischer
`Hershey et a1.
`Arnold et al.
`Kephart
`Kuznetsov et a].
`Gupta el 21].
`Chess et at.
`Miller el al.
`Judson ....................
`Funney et at.
`Shwed
`[compote-tux et a1.
`.0 et a1.
`V11
`Rubin
`chhart et a1.
`McManis
`IIolden et a].
`Nachenberg
`Dan
`Chang (:1 at.
`Fieres et al.
`Yellin et a].
`Van IIoft‘et a1.
`Nachenbcrg et a1.
`Breslau et a1.
`Davarakonda el at.
`Davis el al.
`Cohen et a1.
`Pereira
`Dan et 81.
`Chen et al.
`Cutler el 21].
`Angelo et a].
`Nachenberg
`lIayman et a1.
`Boebert et a1.
`Dan et a].
`Pizi el 21].
`Yamamoto
`Dnvall et a].
`1i et al.
`Atkinson et a].
`Chen et a1.
`Walsh et al.
`Grillin et a].
`
`AA1
`
`‘
`t\
`
`5.263.147
`52 78.901
`5.3 1 1 .591
`5.319.776
`5.359.659
`5.361.359
`5.398. 196
`5.4 12.7 17
`5.414.833
`5.440.723
`5.452.442
`5.483.649
`5.485.409
`5.485.575
`5.524.238
`5.572.643
`5.579.509
`5.606.668
`5.621.889
`5.623.600
`5.623.601
`5.638.446
`5.675.71 1
`5.692.047
`5.692.124
`5.696.822
`5.720.033
`5.724.425
`5.740.248
`5.740.441
`5.761.421
`5.765.030
`5.765.205
`5.784.459
`5.796.952
`5.805.829
`5.809.230
`5.825.877
`5.832.208
`5.832.274
`5.856.559
`5.8.54.9 16
`5.859.966
`5.864.683
`5.867.651
`5.878.258
`5.881 . 1 5 1
`5.884033
`5.889.943
`5.892.904
`5.951.698
`5.956.481
`5.958.050
`
`CS-1001
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 2
`
`

`

`US 8,677,494 B2
`
`Page 3
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`International Preliminary Examination Report for Application No.
`I’C'IZ’IBUIIUI 138. 2 pp.. dated Dec. 19.2002.
`Sitaker. Kragen. “Rapid Genetic Evolution of Regular Expressions"
`[online]. TherUr'afArflrive. Apr. 24. 2004 (retrieved on Dec. 7. 2004).
`5 pp.. Retrieved from the Internet: http:wawmail-archive.comi'
`kragen-tol@canonical.org-"msg00097.htm1.
`“Lexical Analysis: DFA Minimization & Wrap Up” [online]. Fall.
`2004 [retrieved on Mar. 2. 2005]. 8 pp.. Retrieved from lhe Inlernet:
`http:.-".-'www.owlnet.rice.edu»"—~comp4 12.!‘Lecturesi'L06Lex Wrapup4.
`f.
`E:r'Iinilni'zation ol‘DFA” [online]. [retrieved on Dec. 2. 2004]. 2 pp..
`Relrieved from Ihe Internet: hltp:.-'r'www.cs.odu.edw’mtoidar’ner/jcr'
`390teched.-"regulai'.-"fa"inin-fa.hhnl.
`“Algorithm: NI‘S -> DI-'A" [online]. Copyright 1999-2001 [retrieved
`on Dec. '1. 2004]. 4 pp.. Retrieved from the Internet: hllp:.*'.'rw4.cs.
`uni —sb.de.“’-‘ganill'Ial.-’t'3ANIFA:fpage 16_e.hlln.
`“CS 3813: Introduction to Formal Languages and Automata State
`Minimization and OtherAlgorithms for IiiniteAutomata." 3 pp.. May
`1 1. 2003. Retrieved from the Internet: hllp:.-"r'Ww.cs.msstale.
`edu.-’~hansen.-’classe s38] 3fall0 I Islides-"06Minilnizepdl‘.
`Watson. Bnlce W.. “Constructing Minimal Acyclic Deterministic
`l--'i.nite Automata.“ [retrieved on Mar. 20. 2005]. 38 pp.. Retrieved
`from the Internet:
`htlp:.".-"Ww.win.lue.nl.’~walson.-"2R870.-’down—
`loadsr'rnadfa_algs.pd.l'.
`Chang. Chia-lIsiang. “l-‘rom Regular Expressions to DliA‘s Using
`Compressed NI‘A‘s." Oct. 1992.
`1 12 pp.. htlp:.-".-'www.cs.nyuedu.-’
`web-"Research*"Theses."char1g_chia—h siang.pd[
`"Products.” Articles published on the Inlemel. “Revolutionary Secu—
`rity for a New Computing Paradigm” regarding SurfinGateT'“. 7 pp.
`“Release Notes for the Microsoft ActiveX Development Kit." Aug.
`I3. 1996. aclivex.adsp.or.jp.-"inetsd.ldreadrne.lxt. pp. 1-10.
`Doyle. el al.. “Microsoft Press Computer Dictionary." Microsoft
`Press. 2d Edition. pp. 137-138, 1993.
`Iiinjan Software Ltd.. “Powerfill PC Security for the New World of
`.IavaTM and Downloadables. Surfin Shieldm.” Arlicle published on
`the Internet by 1'-'i.njan Software Ltd.. 2 pp. 1996.
`l--'i.njan Sofrtware Ltd.. “I'-'injan Announces a Personal JavaTM liirewall
`for Web Browsers—the SurlinShieldTM |.6 (Tonnerly known as
`SurfinBoard)." Press Release ol'Finjan Releases SltrlinShieltl 1.6. 2
`pp.. Oct. 21. 1996.
`Finjan Software Ltd .. “l-'injan Announces Maior Power Boost and
`New Features for SurlinShieldTM 2.0.” Las Vegas Convenl ion Centerr'
`Pavillion 5 PSSSI. 3 pp.. Nov. I8. I996.
`Iiinjan Software Ltd.. "l-'injan Software Releases SurfinBoard. Indus-
`try‘s 1"irst JAVA Security Product for the World Wide Web." Article
`published on the Internet by Finjan Software [.tcl..
`l p.. .Iul. 29. 1996.
`Finjan fi'dlware I.ld.. “Java Security: Issues 8: Solutions.” Anicle
`published on the Internet by ["injan Software Ltd.. 8 pp. 1996.
`Iiinjan Software Ltd.. Company Profile. “I"injan Safe Surfing. The
`Java &curily %lutions Provider.” Arlicle published on the Internet
`by Finjzm Software l..ld.. 3 pp.. Oct. 31. 1996.
`“IBM AntiVinls User‘s Guide. Version 2.4.". International Business
`Machines Corporation. pp. 6-2. Nov. 15. 1995.
`Khare. R.. “Microsofl Authenticode Analyzed" [online]. Jul. 22.
`I996 [retrieved on Jun. 25. 2003]. 2 pp.. Retrieved from the Inlernet:
`http:.-".-'www.xent.comf'l'ioRK-archive.-"s1mne196.-"0338.htm1.
`LaDuc. M.. Online Business Consultant: Java Security: Whose Bu si-
`ness is It’?. Article published on [he Internet. Home Page Press. Inc..
`4 pp.. 1996.
`Microsoft. "Microsoft ActiveX Sofiware Development Kit" [online].
`Aug. 12. 1996 [retrieved on Jun. 25. 2003]. pp. 1-6. Retrieved from
`the Internet: activex.adsp.or.jp.l'inel'sdkr'helpfoven’iew.htrn.
`Microsottli‘ Authenticode Technology. "Ensuring Accountability
`and Aud1enticity for Software Components on the Internet.“
`Microsoft Corporation. Del. 1996.
`including Abstract. Contents.
`Introduction. and pp.
`1— 10.
`
`Microsoft Corporation. Web Page Article “Frequently Asked Ques-
`lions About Authenticode." last updated Feb. 17. 1997. printed Dec.
`23.
`1998. URL:
`hllp:.’.’ww.lr|icrosoflcom-“workshop“security."
`authcode.tsignfaq.asp#9. pp. 1-13.
`Okamoto. E.. et al.. “ID-Based Authentication System for Computer
`Virus Detection.” JEEEHEE Electronic Library airline, Electronics
`Letters. vol. 26. Issue I5. ISSN 0013-5194. Jul. I9. 1990. Abstract
`and pp. 1 169-1170. URL: http:.-".*'iel.ihs.com:80!'cgi-bin-"iel cg'?se...
`2ehts%26View1emplate%3ddocvim%5fb%2ehts.
`Omura. J. K.. “Novel Appliczuions oI'Cryptography in Digital Com—
`mimicalions.” IEEE Cornmnaimriaas Magazine. pp. 21—29. May
`1990.
`Zhang, X. N.. “Secure Code Distribution." {£527.1le Eicc‘rr'om'c‘
`Lr'br'mj' (mime, Corriprrrer'. vol. 30. Issue 6. pp. 76—79. Jim. 1997.
`D. Grune. et al.. “Parsing Techniques: A Practical Guide.” John Wiley
`8.: Sons. Inc.. New York. New York. USA. pp. 1-326. 2000.
`Scott. et al.. “AbstractingApplication-Level Web Security.“AC‘M. pp.
`396—407. 2002.
`ThunderByte Antivirus for Windows.
`InterScan Vll’llSWaJI from Trend Micro.
`ViniSafe from Eliashi m.
`Inlel LAN—Protect from Intel.
`The Java Security Manager from Sun Microsystems.
`McAfee Web Shield.
`McAfee WebScan.
`McAfee VinisScan.
`McAfee N etShield.
`Dr. Solomon’s Antivirus Toolkit For WindoWs 95.
`Dr. %lorn0n’s Antivinls Toolkit for Windows NT.
`Dr. Solomon‘s WinGuard.
`Dr. Solomon‘s Virus Guard.
`Dr. %lomon’s Virus Shield.
`Dr. Solomon‘s Virex.
`Dr. Solomon‘s “Merlin“ Anti-Virus Engine.
`Dr. %lomon’sIMcA1ee “Olympus” Anti—Virus Engine.
`ActiveX Web Tulorial.
`Java FAQ (1995-1998).
`Norton AntiVirus '[LIt‘or Windows@95 User‘s Guide. Published by
`Symanlec in 1995. (179 pages).
`Jaeger. at al .. "Build ing Systems that 1"lexibly Control Downloadable
`Executable Content.“ Proceedian of the Sixth LISENIX UNIX
`%curity Symposium. Jill. 1996. {19 paQes).
`Rasmusson. Andreas and Jan ssorl. Sverker. “Personal SecurilyAssis—
`tance for Secure Internet Commerce." Sep. 15. 1996. [12 pages).
`Bharal et al. Migratory Applications' Nov. 15. 1995. {10 oaoes).
`Dean. Drew. et al.. “Java Security: From HolJava to Netscape and
`Beyond.” 1996 Ilils'E Symposium on Security and Privacy. May 6.
`1996. (1 1 pages).
`Slerben'z. Andreas.An Evaluation ofthe Java Security Model.‘ IF.F.F..
`Dec. 1996. ['13pages).
`Iiritzingcr. J. Steven. et al.. Java Security: Sun Microsystems. Dec.
`19% (a paQes).
`Bank Joseoh A. “Java Security.” Dec. 8. 1.9.95. (14 paoes).
`Claunch. “Java Blocking." http:-".th'01|ps.google.eom-“groupf'muc.
`lists.firewalls.-"insg"2aScc02eUOa37071. Sep. 25. 1996. Accessed
`date: May 10. 20] l. (2 paces).
`Chappell. 'Understanding Activex and OLE: A Guide for Develop-
`ers and Managers (Strategic Technology). Sep. 1. 1996. Microsoft
`Press. (91 pages).
`Crosbie. el al.. “Active Del'enseol'a Computer System UsingAulono—
`mous Agents”. Feb. 15. 1995. (14 pages).
`“Trend Micro’s \r’inls Protection Added to Sun Microsystems Netra
`lnlernel Servers.”Business Wire. Oct. 1.
`I996. available at htlp:.-’.-'
`\Wiwcsindiana. cduf ~kinzler.-"pubse'viruswaILhtml.
`“Symantec Announces Norton Antivirus 2.0 for Windows NT."
`Symanlec Corporal ion press release. Sep. 16. 1996. available at hllp:.-'
`Iwww.symanlec.com|aboulr'newsr'reIEaser'arlicle.jsp?prid—
`19960916 01.
`to Protected PCs.”
`“Dark Avenger Mutation Engine No Threat
`MeAlee.
`Inc. press elease. May I l. 1992. available at
`hl'lp:..’:"
`securitydigest.orgfvirus.-"mirror.-"ww2phreak.orgvinls1:"1992.-"
`vitt105.191.
`
`CS-1001
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 3
`
`CS-1001
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 3
`
`

`

`US 8,677,494 B2
`Page 4
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`to Protected PCs.“
`“Dark Avenger Mutation Engine No 'l‘hreat
`McAfee.
`Inc. press elease. May I l. 1992. available at http:.fl"
`securitydige st.orgr'virusr'mirrorIWthreak.orgvirus l .-' l 992:“
`vinlflS. l9 1.
`Gryaznov. D.O.. “Scanners ofthc Year 2000: lIeuristics.” Proceed-
`ings otlhe Fi tlh Int'emational Virus Bulletin Conference. pp. 225—234
`([995). available at htlp:."-'\-'xheavens.corn|lib-"adg0{'}_hlml.
`“Syrnantec Announces Norton Internet Email Gateway at Internet
`World Booth t! 369 on Dec. I t. 12. and t3.“ Symantec Corporation
`press release. Dec.
`1 l. 1996. available at hltp:.-" lmsymantec
`.comlabrJuL-“newa’releasetarticlejsp?prid— 1996 12 I I_I'J3.
`“Presenting Java.“ by John Dec. (1995).
`“The Java language Specification” by Gosling. et al. (1996).
`“The Java Programming Language.” by Ken Amotd and James Gos—
`ling (1996).
`"Ihe Java Virtual Machine Specification." by Tim Lindholm and
`FrankYettin (1997).
`“ComputerViruses and Artificial Intelligence.” by David Stang (Sep.
`1995).
`“Java $curity and a Firewall Extension for Authenlicily Control of
`Java Applets." by Magnus Johansson (Jan. 29. I997).
`“Staric Analysis of Programs With Application to Malicious Code
`Detection.“ by Raymond Lo (1992).
`File History ['or US. Patent No. 6.804.780.
`“Vinls Detection Alternatives." by Patrick Min (Jul. 1992).
`“Dynamic Detection and Classification of Computer Viruses Using
`General Behaviour Patterns." by l._eCharlier. el al. (%p. 1995).
`The Giant Black Book ofComputerViruses by Mark I.udwig( I995 ).
`IIotJava: The Security Story.
`The Java Filler.
`"A Java Filter.” by Balfanz. et al.
`“Improved JavaScript and Java Screening Function.” by Claunch
`(May4. 1996).
`"New Version of Java. JavaScripl. ActiveX Screening.“ by Claunch
`(Jul. 3. 1996).
`“A 'l‘oolkit and Methods for Internet Firewalls.” by Ranum. et al.
`"Identifying and Controlling Undesirahle Program Behaviors.” by
`Maria King.
`“PACLl‘s: An Access Control List Approach to Anti-Viral Security.”
`by Wichers. et al.
`Endrijonas. Janet. Rx PC The Ant i—Virus Handbook. Published in the
`US. in 1993 by '['AB Books. a division of McGraw-Ilili. Inc. (201
`paQes).
`_
`“%cure Code Dlslribution.” by X. Nick Zhang (Jun. 1997).
`IBM AntiVinrs User’s Guide (Nov. 15. I995).
`“Breadth of Runtime Environments and Security Make Java a Good
`Choice for fire Internet” (1996].
`Omura. Jim K.. “Novel Applications of Cryptography in Digital
`Communications.“ IEEE Communications Magazine. pp. 2 [-29.
`May 1990.
`Okarnoto. F... et al.. “ID—Based Authentication System for Computer
`Virus Detection.” IEEEJ'IIEF. Electronic Library onliDE. Electronics
`Letters, vol. 26. Issue 15. ISSN 0013-5194. Jul. 19. [990. Abstract
`and pp. [169—1 I70. URI: http:.-".I"iel.ihs.com:80fcgibinliel_ cgi?se
`2ehlSin/026“ewTempIaie%3ddocview°/051b°/02ehts.
`IBM AntiVirus User’s Guide Version 2.4. International Business
`Machines Corporation. pp. 6-7“. Nov. 15. 1995.
`Leach. Norvin. el al.. “IE 3.1.1 Applets Will Earn Certification.” PC
`Week. vol. I3. No. 29.2 pp.. Jul. 22. I996.
`"l‘inja.n Software Releases SurfinBoard. Industry’s First JAVA Secu-
`rity product for Lhe World Wide Web." Article published on the
`Internet by Finjan %llware l_ld..
`I p.. Jul. 29. 1996.
`“Powerful PC Security for
`the New World of JAVAI'M and
`Downloadables. Surfin ShieldTM.” Article published on the Internet
`by Finjan %flware Ltd. 2 pp. [996.
`Microsofifii‘ Authenticode Technology. “Ensuring Accountability
`and Audrenticity for Software Components on the Internet.“
`Microsolt Corporation. including Abstract. Contents. Introduction.
`and pp. 1—10. Oct. 1995.
`
`liinian Announces a Personal Java” l‘irewall for Web Browsers-
`the SurIinShieldTM 1.6 (formerly known as SurfinBoard). Press
`Release of I'-'injan Releases SurfinShield 1.6. 2 pp.. Oct. 21. 1996.
`Company Profile, “I’injan-Safe Surfing. The Java Security Solutions
`Provider." Anicle published on the Internet by Finjan Sotlware Ltd.
`3 pp.. Oct. 31. I996.
`“Ii'injan Announces Major Power Boost and New Features for
`SurfinShield"M 2.0.“ Las Vegas Convention Center-Pavilion 5 P555 1.
`3 pp.. Nov. 18. [996.
`“Java Security: Issues & Solutions.“ Article published on the Internet
`by liinjan Software Ltd.. 8 pp.. 1996.
`"Products.” Article published on the Internet. 7 pp.
`Mark I.zll)ue. “Online Business Consultant: Java Security: W'hose
`Business Is It‘?." Article published on the Internet. Home Page Press.
`Inc..4 pp.. 1996.
`“Frequently Asked Questions About
`Web
`Page Anicle.
`Audrenticode.” Microsoft Corporation. last updated lieb. 1?. 1997.
`printed Dec. 23. 2998. URL: http:.-".-"www.microsofi.come‘workshopr
`securilya’auflrcodee-"signfaq.asp#9. pp. 1—13.
`7J'lang. X.N.. “Secure Code Distribution.” lEEE.-’IEE Electronic
`Library online. Computer vol. 30. Issue 6. pp. 76-?9, Jun. [9971.
`Binsl‘ock. Andrew. “Multithreading. Hyper—Threadi ng. Multipro—
`cessing: Now. What’s the Di [Terence’i'.” httn‘.1hlv"\v‘-.v—intel.com!cd.-'
`ids!dcvdchr!asrno-na-"enfl.-"20456.htm. Pacific Data Works. LLC.
`downloaded Jul. 7. 2008, '3' pp.
`VirexPC Version 2.0 or later from Microcom.
`AntiVirus Kit From 1 st Aide Software.
`liluShot+ Series of Products by Ross Greenberg.
`Symanlee Antivirus otthe Mac version 3.0 or later.
`“Synthesizing Fasl lnlnrsion Prevention-“Deteclion Systems From
`High-Level Specifications.” by Sekar. et al. (1999).
`Art of Computer Virus Research and Defense b Peter Szor (Feb.
`2005)
`“Process Execution Controls as a Mechanism to Ensure Consis-
`tency.” by Eugen Bacic (1990).
`“Process Execution Controls: RevisitecL” by Bacie ( 1990).
`“A Flexible Access Control %rvice for Java Mobile Code.” by Cor—
`radi.etal.(20t10).
`“Java Security: Issues & Solutions” (1996).
`“Microsoft Authenticode analyzed.” by Rohit Khare (Jul. 22. 1996).
`“Java Security: Whose Business Is It?" by Mark LaDue (1996).
`Microsoft Authenticode Technology (Oct. 1996).
`"Mobile Code %curity.” by Rubin. et al.
`“Protecting Data From Malicious Sottware.“ by Schmid. et at.
`“Security in the Large: ls Java‘s Sandbox Scalable?” by Zhong, et at.
`(Apr. [998).
`“A Domain and type Enforcemenl UNIX Prototype." by Badger. et al.
`(Jun. 1995).
`“I'Ieuristic Anti-Virus Technology." by I‘rans Veldman.
`“Standards For Security in Open Systems.” by Warwick Ford ( l 989).
`“Secure File Transfer Over TCPr'lP.” by Brown. et al. (Nov. 1992).
`“Standards in Commercial Security." by Nick Pope.
`“XAOU Security Features.” by Tony Whyman.
`“Using CASE Tools to lrnprove Lhe Security of Applications Sys—
`tems.” by Hosmer. et al. (1988).
`“Miro: Visual Specification of Security." by lIeydon. et a]. (Oct.
`1990).
`“An Evaluation ofObject-Based Programming with Visual Basic.” by
`Dukovic. et a]. (1995).
`“Visual Basic 5.0 Significantly Improved.” by W. Dennis Swill (Jun.
`199?).
`“Development of an Object Oriented Framework for Design and
`Implementation of Database Powered Distributed Web Applications
`With the DEMETER Project as a Real—Life Example.” by Goschka.
`et a1. (1997).
`Detecting Unusual Program Behavior Using the Statistical Compo-
`nent oflhe Nextgeneration Intrusion Detection Expert System
`(NIDES). by Anderson. el al. (May [995).
`“A Generic Virus Scanner in C++.“ by Kumar. et al. (Sep. 1?. 1992 ).
`“A Model for Detecting the Existence ofSoflware Corrupt ion in Real
`Time.” by Voas. et al. (1993).
`“Protection Against 'I'rojan Horses by Source Code Analysis." by
`Saito. et al. (Mar. 1993).
`
`CS-1001
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 4
`
`CS-1001
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 4
`
`

`

`US 8,677,494 B2
`
`Page 5
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`Intelligence.”
`
`by Righard
`
`“Information Agents for Automated Browsing.“ by Dharap. et al.
`(1996).
`“Slatic Analysis Virus Detection Tools for Unix Systems.“ by
`Kerchen. el al. (1990).
`“Managing Tnlst in an Intormation-Labeling System.” by Blaze. et
`al. (Nov. 4. 1995).
`List of Secure Internet Programming Publications from www.cs.
`printceton.edu.
`“A Guide to the Selection of Anti-Vinls Tools and Techniques.” by
`Polk. et al. (Dec. 2. 1992).
`“An Integrated Toolkit lbr Operating System Security.” by Rabin. el
`al. (Aug. 1988).
`“A Web Navigator Wilh Applets in Carol." by Francois Ronaix (May
`1996).
`“Intel Launches Vinls Counterattack.“ by Charles Bruno (Aug.
`1992).
`Intel I. ANProlect Soflware User’s Guide (1992 ).
`“Parents Can GetPC Cruise Control.” by George Mannes (Jul. 1996).
`“A New Techniques for Detecting Polymorphic Computer Viruses.”
`by Carey Nachenberg (1995 ).
`“Heuristic
`Scanners: Artificial
`Zwienenberg (Sep. 1995).
`Intel LANProtect. 30-Day Test Drive Version User‘s Manual.
`Slade. Robert. "Guide to Computer Viruses: How to a void Them.
`How to Get Rid of'Ihem. and How to Get Help” (Apr. 1996).
`A Pathology ofComputer Viruses by David l-‘erbranche (Nov. 1994).
`Earl Boebert‘s post to the greatcircle firewalls mailing list. Taken
`from
`http:x'x'wwgreatcirclacorn-"lislsx'firewalls."archive’firmalls.
`199419 (Oct. 16. 1994).
`CSI. Bulletin: Connecting to the Internet: Security Considerations.
`Taken
`from http:.-'r'esrc.nist.govtpublicatiorlstnislbulr'es193—07.le
`(Jul. 1993).
`FAQ: Interscan VituswalL Taken from http:.-".-"'-.veb.archive.org-"web.-’
`1997060505033 |twww..antivirus.com.-‘faqx'finterscanfathml
`(last
`updated Aug. 8. [996).
`Network Security and SunScreen SPF-100: Technical White Paper.
`Sun Microsystems. 1995.
`“Why Do We Need Heuristics?” by Frans Veldman (Sep. 1995).
`“Leading Content Security Vendors Announce Support for Check
`Point Firewall
`1.3.0; New Partners forAnti-Vinls Protection. URL
`Screening and Java Security.” Business Wire. Oct. 7. 1.996, available
`at http:aviwnallbusiness.com]technolo gyl
`computernetworks-
`computer -networksecurity172?4315-1 .htmlttixzzl gkaff-tg 1.
`"McAfee Introduces Web shield. Industry‘s First &cure Anti—Virus
`Solution for Network Firewalls: Border Network Technologies and
`Secure Computing to Enter into Web Shield 011M Agreements.“
`Business Wire. May 14. 1996. available at http:1'1'findarticles.comtp.-"
`articles-"mi _InOE[NIis_ l 996_May_ I41’ai_ l 8283456 1.
`“Trend Micro Announces Virus and Security Protection for Microsoft
`Proxy Server; Also Blocks Java Applets. ActiveX.” Business Wire.
`Oct.
`29.
`1996.
`available
`at
`http:.-’.-’wwzthet'reelibrary.
`cornlTrend+Micrcl+ann0unces+virus+and+security+proteclion+
`tor+MicrosofL.-aUISS 105 12.
`Finjan 's Opposil ion to Websen se’s Renewed Mot ion for Judgment as
`a Matter of]..aw. dated Dec. 2 l. 2012. filed in Finjan, Inc. v. .Sjmmm‘ec
`Corp. Sophos. Inc" and Webseuse, Jim. CA. No. 10-cv-593 (OMS).
`Declaration of Paul Batcher Re Webscnse. Inc .s. ProtTer of Evidence
`Re I.a.ches. dated.Dee.
`l9. 20l2. filed in Harrie, Inc. v. .Sjrmamee
`Corp, 50.0.9119, Inc, and Websem‘e, hm. CA. No. [Chev—593 (OMS)
`(Redacted Dec. 26. 2012).
`Opposition to Symantec’s Motion [or JMOI.. dated Dec. 17. 20 [2.
`tiled in Firy'mr, Inc. v. S'ymmrrer.‘ Corp, Squires, 1116., mid Webvense,
`Inc. CA. No. lU-cv-593 (OMS) (Redacted Dec. 27". 2012).
`Omura. Jim K.. “Novel Applications of Crypotgraphy in Digital
`Communications." IEEE Conununicat ions Magazine. pp. 2 [—29.
`May 1999.
`Ukamoto. L".. et al.. “ID-Based Authentication System for Computer
`Virus Detection.” IEEEI IEE Electronic Library online. ElecLlTJnics
`Letters. vol. 26. Issue l5. ISSN 0013—5194. Jul. l9. 1990. Abstract
`
`http:.«'.-'iel.ihs.com:80.-'cgibin.-"iel
`URL:
`[169-1170.
`pp.
`and
`cgi?se .. .2ehts%26‘v'iewTernplate%3ddocview%Stbn/oehts.
`IBM AntiVirus User‘s Guide Version 2.4. International Business
`Machines Corporation. pp. 6-7. Nov. 15. 1995.
`leach. Norvin. el al.. “IE 3.0 Applets Will Earn Certification." PC
`Week. vol. 13. No. 29. 2 pp. Jtll. 22. 1996.
`l‘injan Announces a Personal lava198 Firewall for Web Browsers--
`the SurfinShield"'M 1.6 (formerly known as SurfinBoard). Press
`Release of Finjan Releases SurfinShield [15.2 pp.. Oct. 2 l. [996.
`Web
`Page Article.
`“Frequently Asked Questions About
`Audienticode.” Microsoft Corporation. last updated lieb. 1?. 1997.
`printed Dec. 23. 1998. URL: http:a".-"www.1nicrosotl.c0mtworkshopt
`securitya’authcodee-"signfaq.asp#9. pp. 1—13.
`Binstock.
`.mdrew. “Multidueading. Hyper-Threading. Multipro-
`cessing: New. What‘s the Difference‘h” httpn‘tnwvwintel .comtcdtid s.-"
`developer-"asmo—najengt20456.hlm. Pacific DataWorks. LLC. down—
`loaded Jul. "L 2008.? pp.
`“Frequently Asked Questions About Authenticode.“ Microsoft Cor-
`poration. updated Feb. [7. I997.
`“WWWProxyto Cut OII'Java.” by Carl Claunch (Apr. 12. 1996).
`“Combating Viruses IIeuristically.” by [Trans Veldman (Sep. 1993).
`“MCF: A Malicious (lode Filter.” by I.o. et al. (May 4. I994).
`Anti—Virus Tools and Techniques for Computer Systems by Polk. et
`al. (1995).
`“Dynamic Detection and Classification of Computer Vinlses Using
`General Behaviour Patterns.” by I_eCharlier. et al. (Jul. 2. 1995).
`“Towards a Testbed for Malicious Code Detection.” by Lu. el al.
`(1991).
`“Blocking Java Applets at the Firewall.“ by Martin. el al.
`Vinls Detection and Elimination by Rune Skardharnar (1996).
`Computer Vinlses and Anti-Virus Warfare by Jan IIniska (1992).
`“Active Content Security.“ by Brady. et al. (Dec. 13. 1999).
`“Low Level &curity in Java.” by Frank Yellin.
`“Limail With a Mind oflts Own: The Sate-'l'cl Language for Enabled
`Mail.” by Nathaniel Borenstein.
`“Mobile Agents: Are They a Good Idea?” by Chess. el al. (Dec. 2 I.
`1994).
`“Remote Evaluation.“ by Stamos. et at. (Oct. 1990).
`“Active Message Processing: Messages as Messengers.” by John
`Vit‘lal (1981).
`“Programming Languages for Distributed Computing Systems.” by
`Ba]. et al. (Sep. 1989).
`“Scripts and Agents: The New Software High Ground.” by John
`Ousterhuut (Oct. 20. I995).
`“The I-IotJava Browser: A White Paper".
`The JavaVi rtual Machine Speci ficalion. Sun Microsyslems (Aug. 2 l.
`1995).
`“Security of Web Browser Scripting Languages: Vulnerabilities.
`Attacks and Remedies.” by Anupam. et at. (Jan. 1998).
`“Active)( and Java: The Next Virus Carriers?“.
`“Gateway I.evel Corporate Security for the New World of Java and
`Downloadables" (1996).
`“Practical Domai n and Type Enforcement for UNIX.” by Badger. et
`al. (1995).
`“A Sense of Self for Unix Processes.” by I‘orrest. et al. (1996).
`“Antivirus Scanner Analysis 1995.“ by Marko [Ielenius (1995).
`“State Transition Analysis: A Rule—Based Intrusion Detection
`Approach.” by Ilgun. et al. (Mar. 1995).
`“Automated Detection of Vulnerabilities in Privileged Programs by
`Execution Monitoring.” by K0. et al. (1994).
`“Exeeut ion Monitoring of Security—Critical Programs in Distributed
`Systems: A Specification-Based Approach.” by Ko. et al. (1997).
`“Classification and Detection of Computer Intrusions.” by Sandeep
`Ktunar (Aug. I995).
`'IhunderBY'I'L‘ Anti-Virus Utilities User Manual (1995).
`Doyle. et al.. “Microsoft Press Computer Dictionary.” Microsoft
`Press. 2nd Edition. pp. I37—l38. I993.
`$h1nitt. D. A.. “.EXE files. OS—Z style.” PC Tech Journal. vol. 6. No.
`11. 11. 76(13). Nov. 1988.
`International Search Report for Application No. PCT-"IB9THUI626.
`dated May [4. 1999.2 pp.
`Supplementary European Search Report for Application No. EP 9'?
`950351. dated Nov. 17. 2004.2 pp.
`
`CS-1001
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 5
`
`CS-1001
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 5
`
`

`

`US 8,677,494 B2
`
`Page 6
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`1" ile History for Canadian Application No. 2.2?5.??1._ 84 pp.
`File History for European Application No. 9?950351.3. 58 pp.
`File History for Japanese Application No. [Li—522345.48 pp.
`Lemay. Laura. et a] .. “Approach ofJava Language. Applet. A WT and
`Advanced Apparatus." l-'irst Edition. 25 pp. (translated). Aug. 20.
`1096 (CS-N'B—l999~00238—00| ).
`Order Construing the Terms of US. Patent Nos. 6.092.194;
`6.804.?80; 7.058.822; 6.351010; and ?.185.351.4 pp.. Dec. 11.
`2007.
`Plaintif‘IFinjan Sottware. Ltd. ’5 Opening Claim Construction Brief.
`38 pp.. Sep. 7. 2007.
`Defendant Secure Computing Corporation’s Opening Claim Con-
`slntction Brief. 46 pp.. Sep. 7. 200?.
`PlaintiIlFinjan Software. I.ld.
`‘s Answering Claim Construction
`Brief (Public Version), 45 pp.. Sep. 28. 200?.
`Defendant Secure Computing Corporation's Responsive Claim Con—
`stntction Brief(Public Version). 3? pp.. Sep. 28. 200?.
`Secure Computing Corporation‘s Disclosure of Prior Art Pursuant to
`35 U.S.c. § 282. 6 pp.. I-‘eb. 1. 2008.
`Slang. David J.. “Compuler Viruses and Artificial Intelligence.”Virus
`Bulletin Conference. pp. 235—257. &p. [995.
`Johannsen. Magnus. “Java Security and a Firewall Extension for
`Authenticity Control of Java Applets.” Thesis Proposal. Computer
`Science Department. University of Colorado at Colorado Springs. 5
`pp.. Jan. 29. 199?.
`Joint Appendix oflntrinsic and Extrinsic Evidence Regarding Claim
`Construction Briefing. vol. 1. Oct. 4. 200?.
`J