(cid:56)(cid:54)(cid:3)(cid:51)(cid:68)(cid:87)(cid:72)(cid:81)(cid:87)(cid:3)(cid:9)(cid:3)(cid:55)(cid:85)(cid:68)(cid:71)(cid:72)(cid:80)(cid:68)(cid:85)(cid:78)(cid:3)(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:72)
`
`(cid:56)(cid:54)(cid:3)(cid:25)(cid:19)(cid:18)(cid:19)(cid:22)(cid:19)(cid:15)(cid:25)(cid:22)(cid:28)
`(cid:56)(cid:54)(cid:51)(cid:55)(cid:50)(cid:3)(cid:55)(cid:85)(cid:68)(cid:81)(cid:86)(cid:68)(cid:70)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:44)(cid:81)(cid:73)(cid:82)(cid:85)(cid:80)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:13)
`
`(cid:54)(cid:40)(cid:52)(cid:17)(cid:71)
`
`(cid:39)(cid:36)(cid:55)(cid:40)
`
`(cid:39)(cid:40)(cid:54)(cid:38)(cid:53)(cid:44)(cid:51)(cid:55)(cid:44)(cid:50)(cid:49)
`
`(cid:20)
`(cid:21)
`(cid:22)
`(cid:23)
`(cid:24)
`(cid:25)
`(cid:26)
`(cid:27)
`
`(cid:54)(cid:72)(cid:87)(cid:3)(cid:36)(cid:83)(cid:83)(cid:79)(cid:76)(cid:70)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:54)(cid:87)(cid:68)(cid:87)(cid:88)(cid:86)
`(cid:21)(cid:20)(cid:3)(cid:54)(cid:72)(cid:83)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:55)(cid:72)(cid:85)(cid:80)(cid:76)(cid:81)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:82)(cid:73)(cid:3)(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:54)(cid:72)(cid:68)(cid:85)(cid:70)(cid:75)
`(cid:21)(cid:22)(cid:3)(cid:48)(cid:68)(cid:92)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:21)(cid:22)(cid:3)(cid:48)(cid:68)(cid:92)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20) (cid:38)(cid:68)(cid:86)(cid:72)(cid:3)(cid:41)(cid:82)(cid:88)(cid:81)(cid:71)
`(cid:19)(cid:26)(cid:3)(cid:48)(cid:68)(cid:92)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:55)(cid:72)(cid:85)(cid:80)(cid:76)(cid:81)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:82)(cid:73)(cid:3)(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:54)(cid:72)(cid:68)(cid:85)(cid:70)(cid:75)
`(cid:20)(cid:21)(cid:3)(cid:36)(cid:83)(cid:85)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:54)(cid:72)(cid:68)(cid:85)(cid:70)(cid:75)(cid:3)(cid:38)(cid:82)(cid:81)(cid:71)(cid:88)(cid:70)(cid:87)(cid:72)(cid:71)
`(cid:20)(cid:21)(cid:3)(cid:36)(cid:83)(cid:85)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:38)(cid:68)(cid:86)(cid:72)(cid:3)(cid:53)(cid:72)(cid:83)(cid:82)(cid:85)(cid:87)(cid:72)(cid:71)(cid:3)(cid:47)(cid:82)(cid:86)(cid:87)
`(cid:19)(cid:22)(cid:3)(cid:45)(cid:68)(cid:81)(cid:3)(cid:20)(cid:28)(cid:28)(cid:26)
`(cid:51)(cid:85)(cid:72)(cid:72)(cid:91)(cid:68)(cid:80)(cid:76)(cid:81)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:47)(cid:82)(cid:70)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:38)(cid:75)(cid:68)(cid:81)(cid:74)(cid:72)
`(cid:19)(cid:22)(cid:3)(cid:39)(cid:72)(cid:70)(cid:3)(cid:20)(cid:28)(cid:28)(cid:25)
`(cid:44)(cid:81)(cid:76)(cid:87)(cid:76)(cid:68)(cid:79)(cid:3)(cid:40)(cid:91)(cid:68)(cid:80)(cid:3)(cid:55)(cid:72)(cid:68)(cid:80)(cid:3)(cid:81)(cid:81)
`
`(cid:13) (cid:39)(cid:82)(cid:70)(cid:88)(cid:80)(cid:72)(cid:81)(cid:87)(cid:3)(cid:74)(cid:72)(cid:81)(cid:72)(cid:85)(cid:68)(cid:87)(cid:72)(cid:71)(cid:3)(cid:82)(cid:81)(cid:3)(cid:19)(cid:25)(cid:18)(cid:20)(cid:23)(cid:18)(cid:21)(cid:19)(cid:20)(cid:26)(cid:3)(cid:73)(cid:85)(cid:82)(cid:80)(cid:3)(cid:82)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:56)(cid:54)(cid:51)(cid:55)(cid:50)(cid:3)(cid:85)(cid:72)(cid:70)(cid:82)(cid:85)(cid:71)(cid:86)(cid:15)(cid:3)(cid:72)(cid:91)(cid:87)(cid:72)(cid:85)(cid:81)(cid:68)(cid:79)(cid:3)(cid:87)(cid:82)(cid:3)(cid:87)(cid:75)(cid:76)(cid:86)(cid:3)(cid:73)(cid:76)(cid:79)(cid:72)(cid:17)
`(cid:71) (cid:55)(cid:85)(cid:68)(cid:81)(cid:86)(cid:68)(cid:70)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:54)(cid:72)(cid:84)(cid:88)(cid:72)(cid:81)(cid:70)(cid:72)(cid:3)(cid:49)(cid:88)(cid:80)(cid:69)(cid:72)(cid:85)(cid:3)(cid:11)(cid:54)(cid:40)(cid:52)(cid:17)(cid:12)(cid:3)(cid:76)(cid:86)(cid:3)(cid:88)(cid:81)(cid:85)(cid:72)(cid:79)(cid:68)(cid:87)(cid:72)(cid:71)(cid:3)(cid:87)(cid:82)(cid:3)(cid:51)(cid:68)(cid:83)(cid:72)(cid:85)(cid:3)(cid:49)(cid:88)(cid:80)(cid:69)(cid:72)(cid:85)(cid:3)(cid:76)(cid:81)(cid:3)(cid:41)(cid:76)(cid:79)(cid:72)(cid:3)(cid:55)(cid:68)(cid:69)(cid:79)(cid:72)(cid:3)(cid:82)(cid:73)(cid:3)(cid:70)(cid:82)(cid:81)(cid:87)(cid:72)(cid:81)(cid:87)(cid:86)(cid:17)
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 1
`
`
`
`(cid:56)(cid:54)(cid:3)(cid:25)(cid:19)(cid:18)(cid:19)(cid:22)(cid:19)(cid:15)(cid:25)(cid:22)(cid:28)
`(cid:56)(cid:54)(cid:51)(cid:55)(cid:50)(cid:3)(cid:55)(cid:85)(cid:68)(cid:81)(cid:86)(cid:68)(cid:70)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:44)(cid:81)(cid:73)(cid:82)(cid:85)(cid:80)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:13)
`
`(cid:54)(cid:40)(cid:52)(cid:17)(cid:71)
`
`(cid:39)(cid:36)(cid:55)(cid:40)
`
`(cid:39)(cid:40)(cid:54)(cid:38)(cid:53)(cid:44)(cid:51)(cid:55)(cid:44)(cid:50)(cid:49)
`
`(cid:20)
`(cid:21)
`(cid:22)
`(cid:23)
`(cid:24)
`(cid:25)
`(cid:26)
`(cid:27)
`
`(cid:54)(cid:72)(cid:87)(cid:3)(cid:36)(cid:83)(cid:83)(cid:79)(cid:76)(cid:70)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:54)(cid:87)(cid:68)(cid:87)(cid:88)(cid:86)
`(cid:21)(cid:20)(cid:3)(cid:54)(cid:72)(cid:83)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:55)(cid:72)(cid:85)(cid:80)(cid:76)(cid:81)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:82)(cid:73)(cid:3)(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:54)(cid:72)(cid:68)(cid:85)(cid:70)(cid:75)
`(cid:21)(cid:22)(cid:3)(cid:48)(cid:68)(cid:92)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:21)(cid:22)(cid:3)(cid:48)(cid:68)(cid:92)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20) (cid:38)(cid:68)(cid:86)(cid:72)(cid:3)(cid:41)(cid:82)(cid:88)(cid:81)(cid:71)
`(cid:19)(cid:26)(cid:3)(cid:48)(cid:68)(cid:92)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:55)(cid:72)(cid:85)(cid:80)(cid:76)(cid:81)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:82)(cid:73)(cid:3)(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:54)(cid:72)(cid:68)(cid:85)(cid:70)(cid:75)
`(cid:20)(cid:21)(cid:3)(cid:36)(cid:83)(cid:85)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:50)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:54)(cid:72)(cid:68)(cid:85)(cid:70)(cid:75)(cid:3)(cid:38)(cid:82)(cid:81)(cid:71)(cid:88)(cid:70)(cid:87)(cid:72)(cid:71)
`(cid:20)(cid:21)(cid:3)(cid:36)(cid:83)(cid:85)(cid:3)(cid:21)(cid:19)(cid:19)(cid:20)
`(cid:38)(cid:68)(cid:86)(cid:72)(cid:3)(cid:53)(cid:72)(cid:83)(cid:82)(cid:85)(cid:87)(cid:72)(cid:71)(cid:3)(cid:47)(cid:82)(cid:86)(cid:87)
`(cid:19)(cid:22)(cid:3)(cid:45)(cid:68)(cid:81)(cid:3)(cid:20)(cid:28)(cid:28)(cid:26)
`(cid:51)(cid:85)(cid:72)(cid:72)(cid:91)(cid:68)(cid:80)(cid:76)(cid:81)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:47)(cid:82)(cid:70)(cid:68)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:38)(cid:75)(cid:68)(cid:81)(cid:74)(cid:72)
`(cid:19)(cid:22)(cid:3)(cid:39)(cid:72)(cid:70)(cid:3)(cid:20)(cid:28)(cid:28)(cid:25)
`(cid:44)(cid:81)(cid:76)(cid:87)(cid:76)(cid:68)(cid:79)(cid:3)(cid:40)(cid:91)(cid:68)(cid:80)(cid:3)(cid:55)(cid:72)(cid:68)(cid:80)(cid:3)(cid:81)(cid:81)
`
`(cid:13) (cid:39)(cid:82)(cid:70)(cid:88)(cid:80)(cid:72)(cid:81)(cid:87)(cid:3)(cid:74)(cid:72)(cid:81)(cid:72)(cid:85)(cid:68)(cid:87)(cid:72)(cid:71)(cid:3)(cid:82)(cid:81)(cid:3)(cid:19)(cid:25)(cid:18)(cid:20)(cid:23)(cid:18)(cid:21)(cid:19)(cid:20)(cid:26)(cid:3)(cid:73)(cid:85)(cid:82)(cid:80)(cid:3)(cid:82)(cid:73)(cid:73)(cid:76)(cid:70)(cid:76)(cid:68)(cid:79)(cid:3)(cid:56)(cid:54)(cid:51)(cid:55)(cid:50)(cid:3)(cid:85)(cid:72)(cid:70)(cid:82)(cid:85)(cid:71)(cid:86)(cid:15)(cid:3)(cid:72)(cid:91)(cid:87)(cid:72)(cid:85)(cid:81)(cid:68)(cid:79)(cid:3)(cid:87)(cid:82)(cid:3)(cid:87)(cid:75)(cid:76)(cid:86)(cid:3)(cid:73)(cid:76)(cid:79)(cid:72)(cid:17)
`(cid:71) (cid:55)(cid:85)(cid:68)(cid:81)(cid:86)(cid:68)(cid:70)(cid:87)(cid:76)(cid:82)(cid:81)(cid:3)(cid:54)(cid:72)(cid:84)(cid:88)(cid:72)(cid:81)(cid:70)(cid:72)(cid:3)(cid:49)(cid:88)(cid:80)(cid:69)(cid:72)(cid:85)(cid:3)(cid:11)(cid:54)(cid:40)(cid:52)(cid:17)(cid:12)(cid:3)(cid:76)(cid:86)(cid:3)(cid:88)(cid:81)(cid:85)(cid:72)(cid:79)(cid:68)(cid:87)(cid:72)(cid:71)(cid:3)(cid:87)(cid:82)(cid:3)(cid:51)(cid:68)(cid:83)(cid:72)(cid:85)(cid:3)(cid:49)(cid:88)(cid:80)(cid:69)(cid:72)(cid:85)(cid:3)(cid:76)(cid:81)(cid:3)(cid:41)(cid:76)(cid:79)(cid:72)(cid:3)(cid:55)(cid:68)(cid:69)(cid:79)(cid:72)(cid:3)(cid:82)(cid:73)(cid:3)(cid:70)(cid:82)(cid:81)(cid:87)(cid:72)(cid:81)(cid:87)(cid:86)(cid:17)
`
`(cid:51)(cid:68)(cid:74)(cid:72)(cid:3)(cid:20)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 1
`
`
`
`
`
`Best Available CopyBest Available Copy
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 2
`
`
`
`
`
`Best Available CopyBest Available Copy
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 3
`
`
`
`POSITION
`
`ID NO.
`
`DATE
`
`——
`
`—_-—
`W-m—m
`m—lgm
`———_—
`———_
`_—
`——
`
`[LEFT INSiDE}
`
`CSj1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 4
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 4
`
`
`
`EAR CODE LABEL
`
`IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
`
`Us. PATENT APPLICATION
`
`SERIAL NUMBER
`
`60f030.639
`PROVISIONAL
`
`FILING DATE
`
`llfOB/QS
`
`GROUP ART UNIT
`
`SHLOMO TOUBOUL, KEFAR HAIM,
`
`ISRAEL.
`
`APPLICANT
`
`**CONTINUING DATmuxmu***x**r**th**wt
`VERIFIED
`
`**FOREIGN/PCT APPLICATIONS** **** ** * ***
`VERIFIED
`
`
`
`DRAWING
`
`1'
`
`INDEPENDENT
`CLAIMS
`
`FILING FEE
`RECEIVED
`
`ATTORNEY DOCKET NO.
`
`$150.00
`
`D-SSB
`
`EPPA HITE
`CARTER DEFILIPPO 81 FERRELL
`SUITE 200
`2225 EAST BAYSHORE ROAD
`PALO ALTO CA 94303
`
`ADDRESS
`
`SYSTEM AND METHOD FOR PROTECTING A COMPUTER FROM HOSTILE
`DOWNLOADABLES
`
`that annexed hereto is {a Inge co y from the records of the United States
`This is to certii
`Patent and Tra emark Office of the application w lab is Identlfled above.
`By authariw of the
`COMMISSIONER OF PATENTS AND TRADEMARKS
`
`Data
`
`Can'rfving Offlcar
`
`CS-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 5
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 5
`
`
`
`
`
`worsens (11.95)
`Patent and Trademark Office: us DEPARTMENT OF COMMERCE
`PROVISIONAL APPLICATION FOR PATENT COVER SHEET
`
`60/03 0639
`
`.
`This 15a request for filing a PROVISIONAL APPLICATION FOR PATENT under 37 CFR 1.53 . 2 I: 1.51 a 2 i
`Docket NOD-558
`Type a plus sign {+)
`inside this box ->
`
`+
`
`INVENTORIS) ! APPLICANTIs)
`
`MIDDLE
`RESIDENCE {CITY AN D EITHER STATE OR FOREIGN
`LAST NAME.
`FIRST NAME
`INITIAL
`COUNTRY}
`
`---—
`TITLE OF INVENTION (230 characters max)
`
`System and Method for Protecting a Computer from Hostile Downloadables
`
`CORRESPONDENCE ADDRESS
`Eppa Hite
`Carr, DeFilippo 8.: Ferrell LLP
`2225 East Bayshore Road, Suite 200
`Palo Alto
`STATE:
`
`Tel;
`Fax:
`
`(415) 812-3428
`(415) 812-3444
`
`comm:
`ENCLOSED APPLICATION PARTS (check all that a . I I
`
`[ X ] Specification
`
`Number of Pages
`
`{ 23 I
`
`[
`
`] Small Entity Statement
`
`'[X] Drawings)
`Number of Sheets
`[ 7]
`[X ] Other (specify): 9 page ”Appendix”
` METHOD OF PAYMENT OF FILING FEES FOR THIS PROVISIONAL APPLICATION FOR PATENT
`[ X] A check or money order is enclosed to cover the filing fees.
`
`[
`] The Commissioner is hereby authorized to charge d1e filing fees and credit
`
`Filing Fee
`Deposit Account No. 0641600.
`
`[ X ] The Commissioner is hereby authorized to charge payment of the following Amount ($}:
`
`fees associated with this communication or credit any overpayment to Deposit
`
`
`Account No. 0641600. A delicate co 0 this sheet is attached.
`The invention was made by an agency of die United States Government or under a contract with an agency of the
`United States Government.
`{ X] No.
`I
`] Yes, the name of the US. Govemment agency and the Government contract member are:
`
`$150.00
`
`Respectfully submitted,
`Shlorno Touboul
`#1
`
`
`
`Eppa I-Ii e, Reg. No. 30,266
`Carr, DeFilippo & Ferrell LLP
`2225 East Bayshore Road, Suite 200
`Paio Alto, CA 94308
`Tel.: (415) 812-3428
`Fax: {415) 812-3444
`
`Date: Z/wfffié
`
`SendTo:
`
`Box Provisional Application
`Assistant Commissioner for Patents
`
`Washington, DC. 20231
`
`I
`
`] Additional inventors are being named on separately numbered sheets attached hereto.
`
`CS-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 6
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 6
`
`
`
`
`
`W
`
`1.
`
`Field rat
`
`the IDIEDI’JQD
`
`This invention relates generally to computer networks, and
`
`more particularly to a system and method for protecting computers
`
`from hostile Downloadables.
`
`10
`
`2me
`
`The Internet
`
`is a collection of currently over 100,000
`
`individual computer networks owned by governments. universities,
`
`nonprofit groups and companies. and is expanding at an accelerating
`
`rate. Because the Internet
`
`is public.
`
`the Internet has become a major
`
`15
`
`20
`
`source of many system damaging and system fatal application
`
`programs, commonly referred to as “viruses.”
`
`Accordingly. programmers continue to design computer
`
`security systems for blocking these viruses from attacking both
`
`individual and network computers. On the most part,
`
`these security
`
`systems have been relatively successful. However,
`
`these security
`
`systems are not configured to recognize computer viruses which
`
`have been attached to Downloadable application programs.
`
`-1-
`
`CS-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 7
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 7
`
`
`
`P ATE NT
`
`commonly referred to as “applets" or “Downloadebles.” A
`
`Downloadable is an executable application program which is
`
`automatically downloaded from a source computer and run on the
`
`destination computer.
`
`Examples of Downloadables include applets
`
`designed for use in the Java.TM distributing environment produced by
`
`Sun Microsystems or for use in the Active X distributing
`
`environment produced by Microsoft Corporation.
`
`Therefore. a
`
`system and method are needed to protect computers from viruses
`
`attached to these Downloadables.
`
`08-1 021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 8
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 8
`
`
`
`PATENT
`
`W
`
`The present
`
`invention provides a system for protecting a
`
`computer from hostile Downloadables.
`
`The system comprises an
`
`interface for receiving a Downloadable, a first memory portion
`
`storing security policies and a second memory portion storing known
`
`hostile Downloadables.
`
`The system further comprises a first
`
`comparator. coupled to the interface and to the first memory portion,
`
`for discarding the received Downioadable when it matches one of the
`
`known hostile Dowuloadables.
`
`The system further comprises a
`
`second comparator, coupled to the first comparator and to the second
`
`memory portion, for discarding the received Downioadable if it
`
`violates one of security policies.
`
`The present
`
`invention further provides a method for protecting
`
`a computer from hostile Downloadables.
`
`The method comprises the
`
`steps of receiving a Downloadable, discarding the received
`
`Dowuloadable when the received Downloadable matches a
`
`predetermined hostile Downloadable, obtaining Downloadable
`
`security profile data on the received Downloadable when the
`
`Downloadable does not match a predetermined hostile Downloadable
`
`and discarding the received Downloadable when the Downloadable
`
`security profile data violates a predetermined security policy.
`
`10
`
`15
`
`20
`
`08-1 021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 9
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 9
`
`
`
`PATENT
`
`The system and method of the present
`
`invention provide
`
`computer protection from potentially hostile computer viruses which
`
`have been attached to Downloadables.
`
`The system and method of
`
`the present
`
`invention advantageously identifies both known hostile
`
`Downloadables and identifies potentially hostile commands by
`
`decomposing unknown Downloadables.
`
`08-1 021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 10
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 10
`
`
`
`PATENT
`
`W
`
`FIG.
`
`1
`
`is a block diagram illustrating a network system in
`
`accordance with the present
`
`invention;
`
`FIG. 2 is a block diagram illustrating the internal network
`
`security system of FIG. 1:
`
`FIG. 3 is a block diagram illustrating the security program of
`
`FIG. 2;
`
`FIG. 4 is a flow chart illustrating an example security policy of
`
`FIG. 2;
`
`10
`
`FIG. 5 is a block diagram illustrating the security management
`
`censole of FIG. 1;
`
`FIG. 6 is a flowchart
`
`illustrating a method for protecting an
`
`internal computer network from hostile Downloadables; and
`
`FIG. 7 is a flowchart illustrating the FIG. 6 method for
`
`15
`
`decomposing a Downloadable.
`
`08-1 021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 11
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 11
`
`
`
`PATENT
`
`
`
`FIG.
`
`1
`
`is a block diagram illustrating a network system 100 in
`
`accordance with the present
`
`invention. Network system 100
`
`includes an external computer network 105, such as
`
`the Wide Area
`
`5 Network (WAN) commonly referred to as the Internet, coupled via a
`
`signal bus 125 to an internal network security system 110. Network
`
`system 100 further
`
`includes an internal computer network 115. such
`
`as a corporate Local Area Network (LAN). coupled via a signal bus
`
`130 to internal network computer system 110 and coupled via a
`
`10
`
`signal bus 135 to a security management console 120.
`
`Internal network security system 110 examines Downloadables
`
`received from external computer network 105, and prevents all
`
`recognizably-hostile Downloadables from reaching internal computer
`
`network 115.
`
`A Downloadable is hostile if it threatens the integrity
`
`15
`
`of an internal computer network 115 component.
`
`Security
`
`management console 120 enables modification of internal network
`
`security system I 10.
`
`FIG. 2 is a block diagram of a internal network security system
`
`20
`
`110 which includes a Central Processing Unit (CPU) 205. such as a
`
`Motorola Power PC® microprocessor or an Intel Pentium‘3
`
`microprocessor, coupled to a signal bus 220.
`
`Internal network
`
`-6-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 12
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 12
`
`
`
`PATENT
`
`security system 110 further
`
`includes an external communications
`
`interface 210 coupled between signal bus 125 and signal bus 220
`
`for receiving the Downloadables from external computer network
`
`105, and an internal communications interface 225 coupled between
`
`Signal bus 220 and signal bus 130 for forwarding non-hostile
`
`Downloadables to internal computer network 115. Alternatively,
`
`external communications interface 210 and internal communications
`
`interface 225 may be functional components of an integral
`
`communications interface (not shown)
`
`for both receiving
`
`Downloadables from external computer network 105 and forwarding
`
`non—hostile Downloadables to internal computer network 115.
`
`Internal netwmk security system 110 further
`
`includes
`
`Inputhutput
`
`([10)
`
`interfaces 215 such as
`
`a keyboard, mouse and
`
`Cathode Ray Tube (CRT) display. a data storage device 230 such as
`
`Read Only Memory (ROM) or magnetic disk, and a Random-Access
`
`Memory (RAM) 235, each being coupled to signal bus 220. Data
`
`storage device 230 stores a security database 240 which includes
`
`10
`
`15
`
`security policies and Downloadable data on for determining whether
`
`a received Downloadable is hostile, and stores an events log 245
`
`20
`
`which includes the determination results for each Downloadable. An
`
`operating system 250 controls processing by CPU 205, and is
`
`typically stored data storage device 230 and loaded into RAM 235
`
`-7.
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 13
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 13
`
`
`
`PATENT
`
`for execution. A security program 255 controls operations of
`
`internal network security system 110, and also may be stored in
`
`data storage device 230 and loaded into RAM 235 for execution by
`
`CPU 205.
`
`FIG. 3 is a block diagram illustrating details of security
`
`pregram 255.
`
`Security program 255 includes an ID generator 315.
`
`a
`
`first comparator 320 coupled to ID generator 315, a code scanner
`
`coupled to first comparator 320,
`
`a second comparator 330 coupled to
`
`code scanner 325 and to first comparator 320, and a record-keeping
`
`engine 335 coupled to first comparator 320 and to second
`
`comparator 330.
`
`Security program 255 operates in conjunction with security
`
`databaSe 240 and events log 245.
`
`Security database 240 stores
`
`security policies 305 in a first data storage device 230 portion.
`
`known Downloadables 30? in a second data storage device 230
`
`portion and Downloadablc Security Profiles (DSPs) data
`
`corresponding to the known Downloadables 310 in a third data
`
`storage device 230 portion.
`
`Security policies 305 include a list of
`
`computer operations which are deemed to be potentially hostile to
`
`the integrity of internal computer network 115.
`
`Potentially hostile
`
`operations may include READIWRITE Operations on a system
`
`10
`
`15
`
`20
`
`-3-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 14
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 14
`
`
`
`PATENT
`
`configuration file. READNVRITE operations on a document containing
`
`trade secrets, or any other operation that a user deems potentially
`
`hostile. Known Downloadables 307 may include Downloadables
`
`which Original Equipment Manufacturers (OEMs) know to be hostile,
`
`Downloadables which OEMs know to be non-hostile, Downloadables
`
`which second comparator 330 (described below) has previously
`
`determined to be hostile, and Downloadables which second
`
`comparator 330 (described below) has previously determined to be
`
`non-hostile. DSP data 310 includes the fundamental computer
`
`10-
`
`operations included in each known Downloadable 307. and may
`
`include READS. WRITES. file management operations, system
`
`management operations, memory management operations and CPU
`
`15
`
`20
`
`allocation operations.
`
`ID generator 315 receives Downloadables from external
`
`computer network 105 via external communications interface 210.
`
`and which generates a digital signature for each Downloadable. A
`
`digital signature may include a Downioadable identification number.
`
`the Downloadable type.
`
`the Downloadable source and the
`
`Downloadable destination.
`
`First comparator 320 receives and bit-wise compares the
`
`Downloadables from ID generator 315 with known Dowuloadables
`
`307 stored in security database 240.
`
`If first comparator 320
`
`-9-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 15
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 15
`
`
`
`PATENT
`
`determines a received Downloadable is identical
`
`to a known hostile
`
`Downloadable 307.
`
`then first comparator 320 discards the received
`
`Downloadable, and forwards a non-hostile Dowuloadable to the
`
`intended destination to inform the user
`
`that
`
`internal network
`
`security system 110 discarded the Downloadable.
`
`If first
`
`comparator 320 determines that
`
`the received Downloadable is
`
`identical
`
`to a known non—hostile DownloadabIe 30?,
`
`then first
`
`comparator 320 forwards the received Downloadable and the
`
`corresponding DSP data 310 to second comparator 330.
`
`If first
`
`10
`
`comparator 320 determines that
`
`the received Downloadable does
`
`not match a known Downloadable (i.e., an “unknown Downloadable”),
`
`then first comparator 320 forwards the received Downloadable to
`
`code scanner 325 (described below).
`
`In any case, first comparator
`
`320 then sends a status report
`
`to record-keeping engine 335
`
`15
`
`(described below).
`
`Code scanner 325 receives unknown Downloada‘bles from first
`
`comparator 320 and uses conventional parsing techniques to
`
`decompose the byte code of the unknown Downloadable into DSP
`
`data. Code scanner 325 then sends the Downloadable and the
`
`20
`
`corresponding DSP data to second comparator 330.
`
`Second comparator 330 receives the Downloadable and the
`
`corresponding DSP data either from code scanner 325 or from first
`
`-10-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 16
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 16
`
`
`
`PATENT
`
`comparator 320. and compares the DSP data against security policies
`
`305 stored in security database 305.
`
`If, from the DSP data, second
`
`comparator 330 determines that
`
`the Downloadable includes a
`
`hostile operation,
`
`then second comparator 330 prevents the
`
`Downloadable from passing to internal computer network 115.
`
`Similarly to first comparator 320, second comparator 330 forwards a
`
`non—hostile Downloadable to the intended destination to inform the
`
`10
`
`15
`
`user
`
`that
`
`internal network security system 110 discarded the
`
`Downloadable.
`
`If second comparator 330 determines that
`
`the
`
`received Downloadable does not violate any security policy 305,
`
`then second comparator 330 forwards the received non-hostile
`
`Downloadable to internal computer network 115.
`
`Further.
`
`if second
`
`comparator 330 received the non~hostile Downloadable from code
`
`scanner 325.
`
`then the non—hostile Downloadable is stored in known
`
`Downloadables 307 and its corresponding DSP data is stored in DSP
`
`data 310.
`
`In any case, second comparator 330 sends a status report
`
`to record—keeping engine 335 (described below).
`
`Record-keeping engine 335 receives status reports from first
`
`comparator 320 and from second comparator 330. and stores the
`
`20
`
`reports in events log 245 in data storage device 230.
`
`-11-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 17
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 17
`
`
`
`FIG. 4 is a block diagram illustrating an example security policy
`
`305.
`
`PATENT
`
`FIG. 5 is a block diagram illustrating details of security
`
`management console 120, which includes a security policy generator
`
`505 coupled to signal bus 135, an event
`
`log analysis engine 510
`
`coupled to signal bus 135, a user notification engine 515 coupled to
`
`event
`
`log analysis engine 510 and a Downloadable database review
`
`engine 520 coupled to signal bus 135.
`
`Security management console
`
`120 further
`
`includes computer components similar
`
`to the computer
`
`components illustrated in FIG. 2.
`
`Security policy generator 505 uses an U0 interface similar to
`
`IIO interface 215 for enabling user modification of security policies
`
`305.
`
`Further, security policy generator 505 enables the user to
`
`provide multiple security levels,
`
`i.e.. enables the storage of multiple
`
`sets of security policies 305 (wherein second comparator 330 can
`
`use only a particular set of security policies 305 based on the
`
`destination of a received Downloadable).
`
`For example, Security
`
`policies 305 may enable a corporate manager to receive selected
`
`Downloadables but may prevent
`
`the corporate manager’s Secretary
`
`from receiving those Downloadables.
`
`10
`
`15
`
`20
`
`-12-
`
`CS-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 18
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 18
`
`
`
`PATENT
`
`Event
`
`log analysis engine 510 examines the status reports
`
`stored in events log 245 of data storage device 230.. Event log
`
`analysis engine 510 determines if notification of the user (e.g.,
`
`the
`
`security system manager)
`
`is warranted.
`
`For example, event
`
`log
`
`analysis engine 510 may warrant user notification whenever
`
`ten
`
`(10) hostile Downloadables have been discarded by internal network
`
`security system 110 within a thirty (30) minute period,
`
`thereby
`
`flagging a possible security threat. Accordingly, event
`
`log analysis
`
`engine 510 instructs user notification engine 515 to inform the user.
`
`For example, user notification engine 515 may send an e-mail via
`
`internal communications interface 220 or via external
`
`communications interface 210 to the user. or may display a message
`
`on the user’s display device (not shown).
`
`Downloadable database review engine 520 enables a user (e.g.,
`
`a network security manager)
`
`to examine and modify known
`
`Downloadables 307 and DSP data 310. Thus,
`
`if for example a user
`
`learns of new hosnle Downloadables,
`
`the user can add them to
`
`known Downloadables 30? and the corresponding DSP data to DSP
`
`data 310.
`
`Similarly,
`
`the user can add new non—hostile
`
`Downloadables to known Downloadables 307 and corresponding DSP
`
`data to DSP data 310.
`
`10
`
`15
`
`20
`
`-13-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 19
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 19
`
`
`
`PATENT
`
`FIG. 6 is a flowchart
`
`illustrating a method 600 for protecting an
`
`internal computer network 115 from hostile Downloadables.
`
`Method 600 begins with step 605 by ID generator 315 receiving a
`
`Downloadable.
`
`ID generator 315 in step 610 generates a signature
`
`representing the received Downloadable.
`
`First comparator 320 in
`
`step 615 compares the received Downloadable with known
`
`Downloadables 307 previously-stored in security database 240.
`
`If
`
`first comparator 320 in step 620 determines that
`
`the received
`
`10
`
`Downloadabie is the same as a known hostile Downloadable 307.
`
`then first comparator 320 in step 625 discards the received
`
`Downloadable and in step 630 forwards a substitute non-hostile
`
`Downloadable to the intended destination to inform the user.
`
`First
`
`comparator 320 in step 635 instructs record-keeping engine 335 to
`
`15
`
`record the findings,
`
`i.c., a status report,
`
`in events log 245. Method
`
`600 then ends.
`
`If first comparator 320 in step 620 did not recognize the
`
`received Downloadable as a hostile Downloadable 307,
`
`then first
`
`comparator 320 in step 640 determines whether
`
`the received
`
`20
`
`Downloadable is a known non-hostile Downloadable 307.
`
`If so,
`
`then
`
`first comparator 320 in step 645 retrieves the DSP data 310
`
`corresponding to the known non-hostile Downloadable and jumps to
`
`.14..
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 20
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 20
`
`
`
`PATENT
`
`step 655. Otherwise.
`
`first comparator 320 forwards the received
`
`Downloadable to code scanner 325, which in step 650 decomposes
`
`the received Downloadable into DSP data and then jumps to step
`
`655.
`
`In step 655, second comparator 330 compares the DSP data,
`
`either retrieved by first comparator 320 from security database 240
`
`or generated by code scanner 325, with security policies 310 stored
`
`in security database 240.
`
`If second comparator 330 in step 660
`
`determines that
`
`the DSP data violates a security policy 310,
`
`then
`
`second comparator 330 proceeds to step 625. Otherwise. second
`
`comparator 330 in step 665 passes the received Downloadable to
`
`internal computer network 115 as a non-hostile Downloadable, and
`
`proceeds to step 635.
`
`FIG. 7 is a flowchart
`
`iliustrating details of method 650 for
`
`decomposing a Downloadable. Method 650 begins in step 705 with
`
`code scanner 325 disassembling the machine code of the
`
`Downloadable. Code scanner 325 in step 710 resolves a respective
`
`command in the machine code. Code scanner 325 in step 715
`
`determines whether
`
`the resolved command is a suspect command.
`
`Examples of suspect commands include a memory allocation
`
`10
`
`15
`
`20
`
`-15-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 21
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 21
`
`
`
`PATENT
`
`command, a loop command such as “goto”, “while", “if". ”than” or the
`
`like.
`
`If not,
`
`then code scanner 325 returns to step 710.
`
`Otherwise. code scanner 325 in step 720 decodes and registers
`
`the command and the command parameters as DSP data. Code
`
`scanner 325 in step 720 registers commands and command
`
`parameters into a format
`
`based on command class, e.g., file system
`
`class, network system class, memory system class and CPU system
`
`class). Code scanner 325 in step 725 determines whether the
`
`machine code includes another command.
`
`If so.
`
`then code scanner
`
`10
`
`325 returns to step 710. Otherwise, method 650 ends.
`
`-15-
`
`08-1 021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 22
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 22
`
`
`
`PATENT
`
`The foregoing description of the preferred embodiments of the
`
`invention is by way of example only, and other variations of the
`
`above-described embodiments and methods are provided by the
`
`present
`
`invention.
`
`For example, although the invention has been
`
`described in a system for protecting an internal computer network,
`
`the invention can be embodied in a system for protecting an
`
`individual computer. Components of this invention may be
`
`implemented using a programmed general purpose digital computer.
`
`using application specific integrated circuits. or using a network of
`
`10
`
`interconnected conventional components and circuits.
`
`The
`
`embodiments described herein have been presented for purposes of
`
`illustration and are not
`
`intended to be exhaustive or limiting. Many
`
`variations and modifications are possible in light of the foregoing
`
`teaching.
`
`The system is
`
`limited only by the following claims.
`
`-17.
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 23
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 23
`
`
`
`P ATENT
`
`W A I
`
`D
`
`1.
`
`A computer-based method for determining whether a
`
`Downloadable is hostile, comprising the steps of:
`
`receiving a Downloadable;
`
`decomposing.
`
`the Downloadahle into Downloadable security
`
`profile data;
`
`comparing the Downloadable security profile data against
`
`predetermined security policies to determine if a security policy has
`
`been violated; and
`
`discarding the received Downloadablc when a security policy
`
`10
`
`has been violated.
`
`2.
`
`A computer—based method for protecting a computer
`
`from
`
`hostile Downloadables, comprising the steps of:
`
`receiving a Downloadable'.
`
`discarding the received Downloadabie when the received
`
`Downloadable matches a predetermined hastile DOWnloadable;
`
`obtaining Downloadable security profile data on the received
`
`Downloadable when the Downloadable does not match a
`
`predetermined hostile Downloadable; and
`
`-13-
`
`08-1 021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 24
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 24
`
`
`
`discarding the received Downloadable when the Downloadable
`
`10
`
`security profile data violates a predetermined security policy.
`
`PATENT
`
`3.
`
`A system for determining whether a Downloadable is hostile.
`
`comprising:
`
`a security database storing security policies;
`
`an interface for receiving a current Downloadable;
`
`a code scanner, coupled to the interface,
`
`for decomposing the
`
`current Downloadable into Downloadable security profile data; and
`
`a comparator, coupled to the code scanner and to the security
`
`database,
`
`for comparing the security policies against
`
`the
`
`Downloadable security profile data to determine if a security policy
`
`10
`
`has been violated.
`
`4.
`
`A system for protecting a computer from hostile
`
`Downloadables, comprising:
`
`an interface for receiving a Downloadable;
`
`a first memory portion storing security policies;
`
`a second memory portion storing known hostile Downloadables;
`
`a first cemparator, coupled to the interface and to the first
`
`memory portion, for discarding the received Downloadable when "it
`
`matches one of the known hostile Downloadables; and
`
`-19-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 25
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 25
`
`
`
`PATENT
`
`a second comparator. coupled to the first comparator and to the
`
`second memory portion, for discarding the received Downloadable if
`
`it violates one of security policies.
`
`10
`
`11
`
`5.
`
`A system for determining whether a Downloadable is hostile,
`
`comprising:
`
`means for receiving a Downloadable;
`
`means for decomposing the Downloadable into Downloadable
`
`security profile data;
`
`means for comparing the Downloadable security profile data
`
`against predetermined security policies to determine if a security
`
`policy has been violated; and
`
`means for discarding the received Downloadable when a
`
`10
`
`security policy has been violated.
`
`6.
`
`A system for protecting a computer from hostile
`
`Downloadables, comprising:
`
`means for receiving a Downloadable;
`
`means for discarding the received Downloadable when the
`
`received Downloadable matches a predetermined hostile
`
`Downloadable;
`
`-20-
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 26
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 26
`
`
`
`PATENT
`
`means for obtaining Downloadable security profile data on the
`
`received Downloadable when the Downloadable does not match a
`
`predetermined hostile Downloadable; and
`
`means for discarding the received Downloadable when the
`
`Downloadable security profile data violates a predetermined security
`
`policy.
`
`10
`
`11
`
`12
`
`7".
`
`A computer-readable storage medium storing program code for
`
`causing a computer to perform the steps of:
`
`receiving a Downloadable;
`
`decomposing the Downloadable into Downloadable security
`
`profile data;
`
`comparing the Downloadable security profile data against
`
`predetermined secarity policies to determine if a security policy has
`
`been violated; and
`
`discarding the received Downloadable when a security policy
`
`10
`
`has been violated.
`
`8.
`
`A computer-readable storage medium storing program code for
`
`causing a computer to perform the steps of:
`
`receiving a Downloadable;
`
`.21.
`
`08-1021
`
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 27
`
`CS-1021
`Cisco Systems, Inc. v. Finjan, Inc.
`Page 27
`
`
`
`PATENT
`
`discarding the received Downloadable when the received
`
`Downloadable matches
`
`a predetermined hostile Downloadable;
`
`obtaining Downloadable security profile data on the rece
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
