‘11:“-
`
`Our Ref:
`
`8955-13
`
`a ‘3',” HT;
`
`US. PATENT APPLICATION
`
`Invention:
`
`SYSTEMS AND METHODS FOR SECURE TRANSACTION
`MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION
`
`NIXON & VANDERHYE P. C'.
`ATTORNEYS ATIAW
`HOE) NORTH GLEBE ROAD
`3TH FLOOR
`ARLINGTON, VIRGINIA 22201-4714
`(7'03) SIG-4900
`Telex 290797 NIXN UR
`Telecopier (703) MCI-4100
`
`SPECIFICATION
`
`CS—1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 001
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 001
`
`
`
`Our Ref:
`
`8955-13
`
`a ‘3',” HT;
`
`US. PATENT APPLICATION
`
`Invention:
`
`SYSTEMS AND METHODS FOR SECURE TRANSACTION
`MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION
`
`NIXON & VANDERHYE P. C'.
`ATTORNEYS ATIAW
`HOE) NORTH GLEBE ROAD
`3TH FLOOR
`ARLINGTON, VIRGINIA 22201-4714
`(7'03) SIG-4900
`Telex 290797 NIXN UR
`Telecopier (703) MCI-4100
`
`SPECIFICATION
`
`CS—1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 001
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 001
`
`
`
`In the preferred embodiment, SPU 500 uses three general
`
`kinds of memory:
`
`(1)
`
`internal ROM 532;
`
`(2)
`
`internal RAM 534; and
`
`(3) external memory (typically RAM andfor disk supplied by
`
`a hest electronic appliance).
`
`The internal ROM 532 and RAM 534 within SPU 500
`
`provide a secure operating environment and execution space.
`
`10
`
`Because of cast limitations, chip fabrication size, complexity and
`
`other limitations, it may not be possible to provide suificient
`
`memory within SPU 500 to store all information that an SPU
`
`needs to process in a secure manner. Due to the practical limits
`
`on the amount of ROM 532 and RAM 534 that may be included
`
`within SPU 500, SPU 500 may store information in memory
`
`external to it, and move this information into and out of its secure
`
`internal memory space on an as needed basis.
`
`In these cases,
`
`secure processing steps performed by an SPU typically must be
`
`segmented into small, securely packaged elements that may be
`
`"paged in" and ”paged out“ of the limited available internal
`
`memory space. Memory external to an SPU 500 may not be
`
`secure. Since the external memory may not be secure, SPU 500
`
`may encrypt and cryptographically seal code and other information
`
`before storing it in ext6rnal memory. Similarly, SPU 500 must
`
`typically decrypt code and other information obtained from
`
`external memory in encrypted form before processing (e.g.,
`
`20
`
`25
`
`_ 172 _
`
`(006150331)
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 002
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 002
`
`
`
`executing) based on it.
`
`In the preferred embodiment, there are
`
`two general approaches used to address potential memory
`
`limitations in a SPU 500.
`
`In the first case, the small, securely
`
`packaged elements represent information contained in secure
`
`database 610.
`
`In the second case, such elements may represent
`
`protected (e.g., encrypted) virtual memory pages. Although Virtual
`
`memory pages may correspond to information elements stored in
`
`secure database 610, this is not required in this example of a SPU
`
`memory architecture.
`
`10
`
`The following is a more detailed discussion of each of these
`
`three SPU memory resources.
`
`SPU Internal ROM
`
`SPU 500 read only memory {ROM} 532 or comparable
`
`purpose (lax-ice provides secure internal non-volatile storage for
`
`certain programs and other information. For example, ROM 532
`
`may store ”kernel“ programs such as SPU control firmware 508
`
`and, if desired, encryption key information and certain
`
`20
`
`fundamental ”load modules.“ The ”kernel“ programs, load module
`
`information, and encryption key information enable the control of
`
`certain basic functions of the SPU 500. Those components that
`
`are at least in part dependent on device configuration (e.g., POST,
`
`memory allocation, and a dispatcher] may be loaded in ROM 532
`
`along with additional load modules that have been determined to
`
`he required for specific installations or applications.
`
`- 173 -
`
`[Norseman
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 003
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 003
`
`
`
`In the preferred embodiment, ROM 532 may comprise a
`combination of a masked ROM 532a and an EEPROM and/or
`
`equivalent ”flash“ memory 532b. EEPROM or flash memory 53%
`
`is used to stone items that need to be updated andfor initialized,
`
`such as for example, certain encryption keys. An additional
`
`benefit of providing EEPROM andIor flash memory 532!) is the
`
`ability to optimize any load modules and library functions
`
`persistently stored within SPU 500 based on typical usage at a
`
`specific site. Although these items could also be stored in
`
`NVRAM 534b, EEPROM andfor flash memory 532b may be more
`cost effective.
`
`Masked ROM 5323 may cost less than flash andfor
`
`EEPROM 532b, and can be used to store permanent portions of
`
`BI’II' soFtwareffirmwaro. Such permanent portions may include,
`
`for example, code that interfaces to hardware elements such as the
`
`RTC 528, encryptionldecryption engine 522, interrupt handlers,
`
`key generators, etc. Some of the operating system, library calls,
`
`libraries, and many of the core services provided by SPU 500 may
`
`also be in masked ROM 532a. In addition, some of the more
`
`commonly used uxocutaiiies are also good candidates for inclusion
`
`in masked ROM 532a. Items that need to be updated or that need
`
`to disappear when power is removed from SPU 500 should not be
`stored in masked ROM 532a.
`
`E11
`
`10
`
`20
`
`25
`
`- 174 -
`
`(oomeosm:
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 004
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 004
`
`
`
`Under some circumstances, RAM 534a andz’or NVRAM 534i]
`
`(NVRAM 534b may, for example, he constantly powered
`
`conventional RAM) may perform at least part of the role of ROM
`532.
`
`SPU Internal RAM
`
`SPU 500 general purpose RAM 534 provides, among other
`
`things, secure execution space for secure processes. In the
`
`preferred embodiment, RAM 534 is comprised of different types of
`
`10
`
`RAM such as a combination of high-speed RAM 534a and an
`
`NVRAM (”non—volatile RAM“) 5341:. RAM 534a may be volatile,
`
`while NVRAM 5341) is preferably battery hacked or otherwise
`
`arranged so as to be nonwolatile (i.e., it does not lose its contents
`
`when power is turned off).
`
`High-speed RAM 534a stores active code to be executed and
`associated data structures.
`
`NVRAM 53% preferably contains certain keys and summary
`
`20
`
`values that are preloaded as part of an initialization process in
`
`which SPU 500 communicates with a VDE administrator, and may
`
`also store changeable or changing information aesociated with the
`
`operation of SPU 500. For security reasons, certain highly
`
`sensitive information (e.g., certain load modules and certain
`
`encryption key related information such as internally generated
`
`private keys} needs to be loaded into or generated internally by
`
`. 175 -
`
`(006160101!
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 005
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 005
`
`
`
`SPU 500 from time to time but, once loaded or generated
`
`internally, should never leave the SPU.
`
`In this preferred
`
`embodiment, the SPU 500 non—volatile random access memory
`
`(NVRAM) 53413 may be used for securely storing such highly
`
`sensitive information. NW 5341) is also used by SPU 500 to
`
`' store data that may change frequently but which preferably should
`not be lost in a power down or power fail mode.
`
`10
`
`15
`
`20
`
`25
`
`NVRAM 534k: is preferably a flash memory array, but may
`
`in addition or alternatively be electrically erasable progran'u'nable
`
`read only memory {EEPROM}, static RAM (SRAM), bubble
`
`memory, three dimensional holographic or other electronptical
`
`memory, or the like, or any other writable {e.g., randomly
`
`accessible) non-volatile memory of sufficient speed and
`cost-effectiveness.
`
`SPU External Memory
`
`The SPU 500 can store certain information on memory
`
`devices external to the SPU. If available, electronic appliance 600
`
`memory can also be used to support any device external portions
`
`of SPU 500 software. Certain advantages may be gained by
`
`allowing the SPU 500 to use external memory. As one example,
`
`memory internal to SPU 500 may be reduced in size by using
`
`non-volatile readfwrite memory in the host electronic appliance
`
`600 such as a non-volatile portion of RAM 856 andfor ROM 658.
`
`- 176 _
`
`cocci-303.01:
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 006
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 006
`
`
`
`10
`
`15
`
`20
`
`Such external memory may be used to store SPU programs,
`
`data andJc-r other information. For example, a VDE control
`
`program may be, at least in part, loaded into the memory and
`
`communicated to and decrypted within SPU 500 prior to execution.
`
`Such control programs may be re-encrypted and communicated
`
`back to external memory where they may be stored for later
`
`execution by SPU 500. ”Kernel“ programs andfor some or all of
`
`the non-kernel ”load modules“ may be stored by SPU 500 in
`
`memory external to it. Since a secure database 610 may be
`
`relatively large, SPU 500 can store some or all of secure database
`
`610 in external memory and call portions into the SPU 500 as
`needed.
`
`As mentioned above, memory external to SPU 500 may not
`
`be secure. Therefore, when security is required, SPU 500 must
`
`encrypt secure information before Writing it to external memory,
`
`and decrypt secure informatiOn read from external memory before
`
`using it. Inasmuch as the encryption layer relies on secure
`
`processes and information (c.g., encryption algorithms and keys)
`
`present within SPU 500, the encryption layer effectively ”extends“
`
`the SPU security barrier 502 to protect information the SPU 500
`
`stores in memory external to it.
`
`SPU 500 can use a wide variety of different types of external
`
`memory. For example, external memory may comprise electronic
`appliance secondary storage 852 such as a disk; external EEPROM
`
`_ 177 -
`
`roostrmm]
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 007
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 007
`
`
`
`or flash memory 658; andior external RAM 656. External RAM
`
`656 may comprise an external nonvolatile (e.g. constantly
`
`powered) RAM andfor cache RAM.
`
`Using external RAM local to SPU 500 can significantly
`
`improve access times to information stored externally to an SPU.
`
`For example, external RAM may be used:
`
`-
`
`-
`
`-
`
`-
`
`to buffer memory image pages and data structures prior to
`
`their storage in flash memory or on an external hard disk
`
`(assuming transfer to flash or hard disk can occur in
`
`significant power or system failure cases);
`
`provide encryption and decryption buffers for data being
`released from VDE objects 300.
`
`to cache ”swap blocks“ and VDE data structures currently in
`
`use as an aspect of providing a secure virtual memory
`
`environment for SPU 500.
`
`to cache other information in order to, for example, reduce
`
`frequency of access by an SPU to secondary storage 652
`andfor for other reasons.
`
`Dual ported external RAM can be particularly effective in
`
`improving SPU 500 performance, since it can decrease the data
`movement overhead of the SPU bus interface unit 530 and SPU
`
`microprocessor 520.
`
`Using external flash memory local to SPU 500 can be used
`
`to significantly improve access times to virtually all data
`
`- 173 -
`
`(commie!)
`
`10
`
`15
`
`20
`
`25
`
`_
`
`..__ —.-
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 008
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 008
`
`
`
`structures. Since most available flash storage devices have limited
`
`Write lifetimes, flash storage needs to take into account the
`
`number of writes that will occur during the lifetime of the [lash
`
`memory. Hence, flash storage of frequently written temporary
`
`items is not recommended.
`
`If external RAM is nonvvolatile, then
`
`transfer to flash (or hard disk) may not be necessary.
`
`External memory used by SPU 500 may include two
`categories:
`
`-
`
`-
`
`external memory dedicated to SPU 500, and
`
`memory shared with electronic appliance 600.
`
`For some VDE implementations, sharing memory (e.g.,
`
`electronic appliance RAM 656, ROM 658 andXor secondary storage
`
`652} with CPU 654 or other elements of an electronic appliance
`
`600 may be the most cost effective way to store VDE secure
`
`database management files 610 and information that needs to be
`
`stored external to SPU 500. A host system hard disk secondary
`
`memory 652 used for general purpose file storage can, for example,
`
`also be used to store VDE management files 610. SPU 500 may be
`
`given exclusive access to the external memory (e.g., over a local
`
`bus high speed connection provided by BIU 530]. Both dedicated
`
`and shared external memory may be provided.
`
`E11
`
`10
`
`20
`
`25
`
`- 179 -
`
`{0061603.011
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 009
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 009
`
`
`
`The hardware configuration of an example of electronic
`
`appliance 600 has been described above. The following section
`
`describes an example of the software architecture of electronic
`
`appliance 600 provided by the preferred embodiment, including
`
`the structure and operation of preferred embodiment ”Rights
`
`Operating System“ (”ROS“) 602.
`
`Rights Operating System 602
`
`Rights Operating System (”ROS") 602 in the preferred
`
`embodiment is a compact, secure, event—driven, services-based,
`
`”component" oriented, distributed multiprocessing operating
`
`system environment that integrates VDE information security
`
`control information, components and protocols with traditional
`
`operating system concepts. Like traditional operating systems,
`
`ROS 602 provided by the preferred embodiment is a piece of
`
`software that manages hardware resources of a computer system
`
`and extends management functions to input andfor output devices,
`
`including communications devices. Also like traditional operating
`
`systems. preferred embodiment R08 602 provides a coherent set of
`
`basic functions and abstraction layers for hiding the differences
`
`between, and many of the detailed complexities of, particular
`
`hardware implementations. In addition to these characteristics
`
`found in many or most operating systems, R08 602 provides
`
`secure VDE transaction management and other advantageous
`
`features not found in other operating systems. The following is a
`
`10
`
`20
`
`25
`
`- 180 -
`
`[006 1603.01!
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 010
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 010
`
`
`
`of functionality can remain unexploited until market realities
`
`dictate the implementation of corresponding VDE application
`
`functionality. As a result, initial product implementation
`
`investment and complexity may be limited. The process of
`
`"surfacing“ the full range of capabilities provided by R08 602 in
`
`terms of authoring, administrative, and artificial intelligence
`
`applications may take place over time. Moreover, already»
`
`designed functionality of R05 602 may be changed or enhanced at
`
`any time to adapt to changing needs or requirements.
`
`More Detailed Discussion of Rights Operating System 602
`Architecture
`
`Figure 12 shows an example of a detailed architecture of
`
`R03 602 shown in Figure 10. ROS 602 may include a file system
`
`687 that includes a com mercia] database manager 730 and
`
`external object repositories 728. Commercial database manager
`
`730 may maintain secure database 610. Object repository 728 may
`
`store, provide access to, and/or maintain VDE objects 300.
`
`Figure 12 also shows that R08 602 may provide one or more
`SPEs 503 andZor one or more HPEs 655. As discussed above, HPE
`
`655 may ”emulate" an SPU 500 device, and such HPEs 655 may be
`
`integrated in lieu of (or in addition to) physical SPUs 500 for
`systems that need higher throughput. Some security may he lost
`since HPEs 655 are typically protected by operating system
`
`security and may not provide truly secure processing. Thus, in the
`
`— 221 -
`
`(006160301)
`
`10
`
`15
`
`20
`
`25
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 011
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 011
`
`
`
`732. All user API requests are built on top of this basic interface.
`
`The API Service Manager 742 preferably provides a service
`
`instance for each running user application 608.
`
`Most RFC calls to ROS functions supported by API Service
`
`Manager 742 in the preferred embodiment may map directly to
`
`service calls with some additional parameter checking. This
`
`mechanism permits developers to create their own extended API
`
`libraries with additional or changed functionality.
`
`In the scenario discussed above in which ROS 602 is formed
`
`by integrating ”add one“ with a preexisting operating system, the
`
`API service 742 code may be shared {e.g., resident in a host
`
`environment like a Windows DLL}, or it may be directly linked
`
`with an applications's code~— depending on an application
`
`programmer's implementation decision, andfor the type of
`
`electronic appliance 600. The Notification Service Manager 740
`
`may be implemented within API 682. These components interface
`
`with Notification Service component 686 to provide a transition
`
`between system and user space.
`
`Secure Database Service Manager (”SDSM‘] 744
`
`There are at least two ways that may be used for managing
`secure database 600:
`
`.
`
`-
`
`a commercial database approach, and
`
`a site record number approach.
`
`_ 253 _
`
`loos [6:13.011
`
`10
`
`15
`
`20
`
`25
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 012
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 012
`
`
`
`Cl
`
`10
`
`15
`
`20
`
`25
`
`Which way is chosen may be based on the number of records that
`a VDE site stores in the secure database 610.
`
`The commercial database approach uses a commercial
`
`database to store securely wrappered records in a commercial
`
`database. This way may be preferred when there are a large
`number of records that are stored in the secure database 610.
`
`This way provides high speed access, efficient updates, and easy
`
`integration to host systems at the cost of resource usage (most
`
`commercial database managers use many system resources).
`
`The site record number approach uses a ”site record
`
`number" (”SEN“) to locate records in the system. This scheme is
`
`preferred when the number of records stored in the secure
`
`database 610 is small and is not expected to change extensively
`
`over time. This way provides efficient resources use with limited
`
`update capabilities. SRNs permit further grouping of similar data
`
`records to speed accesa and increase performance.
`
`Since VDE 100 is highly scalable, different electronic
`
`appliances 600 may suggest one way more than the other. For
`
`example, in limited environments like a set top, PDA, or other low
`
`end electronic appliance, the SEN scheme may he preferred
`
`because it limits the amount of resources (memory and processor)
`
`required. When VDE is deployed on more capable electronic
`
`appliances 600 such as desktop computers, servers and at
`
`_ 254 -
`
`(oosisoacn
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 013
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 013
`
`
`
`clearinghouses, the commercial database scheme may be more
`
`desirable because it proVides high performance in environments
`where resources are not limited.
`
`One difference between the database records in the two
`
`approaches is whether the records are specified using a full VDE
`
`ID or SRN. To translate between the two schemes, a SRN
`
`reference may be replaced with a VDE TD database reference
`
`wherever it occurs. Similarly, VDE IDs that are used as indices or
`
`references to other items may be replaced by the appropriate SRN
`value.
`
`In the preferred embodiment, a commercially available
`
`database manager 730 is used to maintain secure database 610.
`
`ROS 602 interacts with commercial database manager 730
`
`through a database driver 750 and a database interface 748. The
`
`database interface 748 between R03 602 and external, third party
`
`database vendors’ commercial database manager 730 may be an
`
`open standard to permit any database vendor to implement a VDE
`
`compliant database driver 750 for their products.
`
`5
`
`10
`
`15
`
`20
`
`ROS 602 may encrypt each secure database 610 record so
`
`that a VDE-provided security layer is ”on top of“ the commercial
`
`database structure. In other words, SPE 736 may write secure
`
`'25
`
`records in sizes and formats that may be stored within a database
`
`record structure supported by commercial database manager 730.
`
`. 255 -
`
`(00615030 ll
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 014
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 014
`
`
`
`U!
`
`1.0
`
`15
`
`20
`
`25
`
`Commercial database manager 730 may then be used to organize,
`
`store, and retrieve the records. In some embodiments, it may be
`
`desirable to use a proprietary andfor newly created database
`
`manager in place of commercial database manager r1’30. However,
`
`the use of commercial database manager 730 may provide certain
`
`advantages such as, for example, an ability to use already existing
`
`database management productfs).
`
`The Secure Database Services Manager (”SDSM“) 744
`
`makes calls to an underlying commercial database manager 7 30 to
`
`obtain, modify, and store records in secure database 610.
`
`In the
`
`preferred embodiment, ”SDSM“ 744 provides a layer ”on top of"
`
`the structure of commercial database manager 730. For example,
`
`all VDE—secure information is sent to commercial database
`
`manager 730 in encrypted form. SDSM 744 in conjunction with
`
`cache manager 746 and database interface 748 may provide record
`
`management, caching (using cache manager 746}, and related
`
`services (on top of) commercial database systems 730 andfor record
`
`managers. Database Interface 748 and cache manager 746 in the
`
`preferred embodiment do not present their own RSI, but rather
`
`the RFC Manager 732 communicates to them through the Secure
`
`Database Manager RSI 7443.
`
`Name Services Manager 752
`
`The Name Services Manager 752 supports three subsen'ices:
`
`user name services, host name services, and services name
`
`- 256 -
`
`{00.315.03.011
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 015
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 015
`
`
`
`used to check further the now-unwrapped object, Assuming this
`
`”checking“ process 1054 does not reveal any improprieties (and
`block 1052 also indicates that the object has not become corrupted
`
`or otherwise damaged}, SPE 503 may then access or otherwise use
`
`the item (block 1058). Once use of the item is completed, SPE 503
`
`may need to store the item back into secure database 610 if it has
`changed. If the item has changed, SPE 503 will send the item in
`
`its changed form to encrypt/decrypt engine 522 for encryption
`
`(block 1060), providing the appropriate necessary information to
`
`the encrypte’decrypt engine (e.g., the appropriate same or different
`
`management file key and data) so that the object is appropriately
`
`encrypted. A unique, new tag andx‘or encryption key may be used
`
`at this stage to uniquely tag andfor encrypt the item security
`
`wrapper [block 1062; see also detailed Figure 3? discussion below).
`
`SPE 503 may retain a copy of the key andfor tag,r within a
`
`protected memory of SPU 500 (block 1064} so that the SPE can
`
`decrypt and validate the object when it is again read from secure
`database 610.
`
`The keys to decrypt secure database 610 records are, in the
`
`preferred embodiment, maintained solely within the protected
`
`memory of an SPU 500. Each index or record update that leaves
`
`the SPU 500 may be time stamped, and then encrypted with a
`
`unique key that is determined by the SPE 503. For example. a
`
`key identification number may be placed ”in plain view" at the
`front of the records of secure database 610 so the SPE 503 can
`
`determine which key to use the next time the record is retrieved.
`
`SPE 503 can maintain the site ID of the record or index, the key
`
`identification number associated with it. and the actual keys in
`
`the list internal to the SPE. At some point, this internal list may
`
`410
`
`(00640011111
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 016
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 016
`
`
`
`fill up. At this point, SPE 503 may call a maintenance routine
`
`that re-encrypts items within secure database 610 containing
`
`changed information. Some or all of the items within the data
`
`structure containing changed information may be read in,
`
`decrypted, and then re-enorypted with the same key. These items
`
`may then be issued the same key identification number. The
`
`items may then be written out of SPE 503 back into secure
`
`database 610. SPE 503 may then clear the internal list of item
`
`IDs and correSponding key identification numbers. It may then
`
`begin again the process of assigning a different key and a new key
`identification number to each new or changed item. By using this
`
`process, SPE 503 can protect the data structures (including the
`
`indexes) of secure database 610 against substitution of old items
`
`and against substitution of indexes for current items. This process
`also alloWs SPE 503 to validate retrieved item IDs against the
`
`encrypted list of expected IDs.
`
`Figure 38 is a flowchart showing this process in more detail.
`
`Whenever a secure database 610 item is updated or modified, a
`
`new encryption key can be generated for the updated item.
`
`Encryption using a new key is performed to add security and to
`
`prevent misuse of backup copies of secure database 610 records.
`
`The new encryption key for each updated secure database 610
`
`record may be stored in SPU 500 secure memory with an
`
`indication of the secure database record or reoord(s) to which it
`
`applies.
`
`SPE 503 may generate a new encryptionldecryption key for
`
`each new item it is going to store within secure database 610
`
`(block 1086). SPE 503 may use this new key to encrypt the record
`
`411
`
`{sometime
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 017
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 017
`
`
`
`made by end users 3310 related to transmissions and or reception
`of information related to the use of author 3306A‘s content (e.g.
`end user reporting of audit information, end user requests for
`
`additional permissions information, etc.)
`
`Some VDE managed content provided to end users 3310
`through the repository may be stored in content storage. Other
`infra-motion may be stored elsewhere, and be referenced through
`the content references.
`In the case where content references are
`used, the repository may manage the user interactions in such a
`manner that all repository content, whether stored in content
`storage or elsewhere (such as at another site), is presented for
`selection by end users 3310 in a uniform way, such as, for
`example, a consistent or the same user interface. If an end uSer
`requests delivery of content that is not stored in content storage,
`the VDE repository may locate the actual storage site for the
`content using information stored in content references (e.g. the
`network address where the content may be located, a URL, a
`
`filesystem reference, etc.) After the content is located, the content
`ma)r be transmitted across the network to the repository or it may
`be delivered directly from where it is stored to the requesting end
`
`user. In some circumstances (e.g. when container modification is
`
`required, when encryption must be changed, if financial
`transactions are required prior to release, etc.), further processing
`may be required by the repository in order to prepare such VDE
`managed content andfor VDE content container for transmission to
`an end user.
`
`694
`
`:oosaoolm)
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 018
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 018
`
`
`
`' PET-05.9““
`"an“:
`AS 031:.
`
`5%:ammo
`
`_mg88_mazes
`
`FEmemdfi._.Z(._.w_mmm¥Emu—26F
`
`MEQEuOm
`
`
`.--.E.m_Ezbwszwbzfi30.0%Ewbwmmme
`
`mm<0m>mx
`
`mama/En.
`
`mOtZOE
`
`mum—0624.2PEI.m.
`
`.uEmzmwmdm5.2;:”FZMZDEEOUa.EmDOE
`
`.mm9.5.5W62.88%;
`.m«finance"5,54252
`
`
`
` 1."EmomEz.A,8mEma:momzovname"mA.,mn_w..rzmszom_>zwmmhzmfi"ozawmoomn."m88kzm>m#586mun_w
`
`Sm53mg
`
`
`5255mmElsi.
`mmqgaquJo—.0_u—
`
`..................................................cum;
`
`8%«Ea
`025303;mébfim
`
`
`
`stmwmq..............
`
`(PdomDOo
`
`kzwzomzoo
`
`.mzmmx3m
`
`.mmszMp
`
`
`
` _.
`
`“20.29:?
`
`Nmzogozmnz
`
`Z_20FdOEmmd
`
`mme
`
`HzoFian—PDZ
`
`ZOFnEOXm.
`
`modimm‘rg
`
`Fifi-deal
`
`08-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 019
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 019
`
`
`
`
`
`
`
`
`
`
`
`MSE.
`
`Dam»
`
`.2300
`
`Imo<2<2
`
`KIOEMZ
`
`mmwdzdfi
`
`a.__u__
`
`mwo<z<2
`
`
`
`.25.4.4....
`
`L..-_____I
`
`ttllkmmIEIm—hm?wm.=u_IIIIIIIIIIIIIIIomE
`
`mmn
`
`mm<m<k<a
`
`mmo¢z<z
`
`0mm
`
`.33.:anatGuano
`
`._(zmm_,_.xm_
`
`wmozxmmm
`
`mmO<ZdE
`
`
`wt.158.5$9.245.
`
`
`oksbmymotwOQmm
`
`_wO
`
`wmnmom...
`
`02—200;
`
`.Z___2_n_<
`
`whomwmo
`
`Ema/$26.2
`
`01m
`
`mw042<2
`
`H3:ma%was.mm2.05
`mnomw3A35%;.
`
`mmmh
`
`Dwm—m.vb><>>MP<O.=(_>_
`
`
`
`ms;2mmIotgwPowwmo
`moEmmE.—.mm._m<._.02.Dom
`
`mammmu‘mmw
`
`EfiEmawn
`
`55.".ES:
`
`8h
`
`£8.$9
`
`mm.”
`
`hzmozmmwfl2_
`
`
`
`moEmmE...5224....
`
`Emma$2528
`
`Tmmpz..25.m
`
`
`.Emu$.59.
`
`
`
`owwJMZEMX
`
`FOMnm—O
`
`.deEmDm
`
`mum:
`
`20.20.25
`
`zopnmuxm.nzd.
`
`mofimmhz.
`
`Eamon...
`
`CS-1005
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 020
`
`CS-1005
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 020
`
`
`
`
`
`
`
`
`
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
