throbber
, OCT 8 1 2007
`
`
`IN THE UNIZED STATES PATENT AND TRADEMARK OFFICE
`
`€ Traverse”
`In re Applicant:
`
`43o
`
`n
`
`§ §
`
`Group Art Unit: 2134
`
`AttorneyDocket:
`01/22067
`
`§ §
`
`§ §
`
`Ariel PELEDetal
`
`Serial No.:
`
`10/003,269
`
`Filed:
`
`For:
`
`Examiner:
`
`December 6, 2001
`



`A System and Method for
`Monitoring Unauthorized Transport §
`of Digital Content




`
`BROWN,ChristopherJ.
`
`Mail Stop AF
`Commissionerfor Patents
`PO Box 1450
`Alexandria, VA 22313-1450
`
`RESPONSE TO FINAL
`
`Sir:
`
`This is in response to the United States Patent and Trademark Final Office
`
`Action of June 25, 2007, which response is being made before November 25, 2007,
`
`and for which a two-month extension is requested and paid for herewith.
`
`A Request for Continued Examination (RCE)is also enclosed herewith.
`
`Applicant submits this response for entry into the record, in which:
`
`Amendments to the Claims begin on page 2.
`
`Remarks begin on page 32.
`
`Please amend the above-identified application as follows:
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 1
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 1
`
`

`

`In the Claims:
`
`
`
`1. (Currently Amended) A system for network content monitoringofa
`
`local or organizational network, comprising:
`
`a transport data monitor, connectable to a point in a-saidnetwork, for
`
`monitoring data being transported past said point,
`
`a description extractor, associated with said transport data monitor, for
`
`extracting descriptions of said data being transported,
`
`a database ofat least one preobtained description of known content
`
`whose movementsit is desired to monitor,
`
`said content being internally generated in the network in advanceof said
`
`extracting,said preobtained description being obtained in advance ofsaid extracting
`
`descriptions, and
`
`a comparator, configured to determine whether said extracted description
`
`correspondsto anyofsaid at least one preobtained descriptions, said determination
`
`further including a confidence level, and to decide, using said determination including
`
`
`said confidence level, whether said data being transported comprises any of said
`
`content whose movementsit is desired to monitor according to said determining.
`
`2. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract a pattern identifiably descriptive of said data being
`
`transported.
`
`3. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract a signature of said data being transported.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 2
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 2
`
`

`

`oD
`
`4.
`
`(Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract characteristics of said data being transported.
`
`5. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract encapsulated meta information of said data being
`
`transported.
`
`6. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract multi-level descriptions of said data being transported.
`
`7. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises of a pattern identifiably descriptive of said data being
`
`transported.
`
`8. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises a signature of said data being transported.
`
`9. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises characteristics of said data being transported.
`
`10. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises encapsulated meta-information of said data being transported.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 3
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 3
`
`

`

`11. (Original) A system according to claim 1, wherein said description
`
`extractor is a signature extractor, for extracting a derivation of said data, said
`
`derivation being a signature indicative of content of said data being transported, and
`
`wherein said at least one preobtained description is a preobtained signature.
`
`12. (Previously Presented) A system according to claim 1, said network
`
`being a packet-switched network and said data being transported comprising passing
`
`packets.
`
`13. (Previously Presented) A system according to claim 1, said network
`
`being a packet-switched network, said data being transported comprising passing
`
`packets and said transport data monitor being operable to monitor header content of
`
`said passing packets.
`
`14.(Previously Presented) A system according to claim 1, said network
`
`being a packet-switched network,said data being transported comprising passing
`
`packets, and said transport data extractor being operable to monitor header content
`
`and data content of said passing packets.
`
`15.(Original) A system according to claim 1, wherein said transport data
`
`monitor is a software agent, operable to place itself on a predetermined nodeofsaid
`
`network.
`
`16.(Original) A system according to claim 1, comprising a plurality of
`
`transport data monitors distributed over a plurality of points on said network.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 4
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 4
`
`

`

`17.(Original) A system according to claim 1, said transport data monitor
`
`further comprising a multimediafilter for determining whether passing content
`
`comprises multimedia data andrestricting said signature extraction to said multimedia
`
`data.
`
`18.(Original) A system according to claim 1, said data being transported
`
`comprising a plurality of protocol layers, the system further comprising a layer
`
`analyzer connected between said transport data monitor and said signature extractor,
`
`said layer analyzer comprising analyzer modules for at least two of said layers.
`
`19.(Original) A system according to claim 18, said layer analyzer
`
`comprising separate analyzer modules for respective layers.
`
`20.(Original) A system according to claim 18, further comprisinga traffic
`
`associator, connected to said analyzer modules, for using output from said analyzer
`
`modules to associate transport data from different sources as a single communication.
`
`21.(Original) A system according to claim 20, wherein said sourcesare at
`
`least one of a group comprising: data packets, communication channels, data
`
`monitors, and pre correlated data.
`
`22.(Original) A system according to claim 18, comprisinga traffic state
`
`associator connected to receive output from said layer analyzer modules, and to
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 5
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 5
`
`

`

`associate together output, of different layer analyzer modules, which belongs to a
`
`single communication.
`
`23.(Original) A system according to claim 18, wherein at least one of said
`
`analyzer modules comprises a multimedia filter for determining whether passing
`
`content comprises multimedia data and restricting said signature extraction to said
`
`multimedia data.
`
`24.(Original) A system according to claim 18, wherein at least one of said
`
`analyzer modules comprises a compression detector for determining whethersaid
`
`extracted transport data is compressed.
`
`25. (Original)
`
`A system according to claim 24, further comprising a
`
`decompressor, associated with said compression detector, for decompressing said data
`
`if it is determined that said data is compressed.
`
`26. (Original)
`
`A system according to claim 24, further comprising a
`
`description extractor for extracting a description directly from said compressed data.
`
`27. (Original)
`
`A system according to claim 18, wherein at least one of
`
`said analyzer modules comprises an encryption detector for determining whether said
`
`transport data is encrypted.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 6
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 6
`
`

`

`a
`
`28. (Original)
`
`A system according to claim 27, wherein said
`
`encryption detector comprises an entropy measurementunit for measuring entropy of
`
`said monitored transport data.
`
`29. (Original)
`
`A system according to claim 28, wherein said
`
`encryption detector is set to recognize a high entropy as an indication that encrypted
`
`data is present.
`
`30. (Original)
`
`A system according to claim 29, wherein said
`
`encryption detector is set to use a height of said measured entropy as a confidence
`
`level of said encrypted data indication.
`
`31. (Original)
`
`A system according to claim 18, further comprising a
`
`format detector for determining a format of said monitored transport data.
`
`32. (Original)
`
`A system according to claim 31, further comprising a
`
`media player, associated with said format detector, for rendering and playing said
`
`monitored transport data as media according to said detected format, thereby to place
`
`said monitored transport data in condition for extraction of a signature which is
`
`independentof a transportation format.
`
`33. (Original)
`
`A system according to claim 31, further comprising a
`
`parser, associated with said format detector, for parsing said monitored transport
`
`media, thereby to place said monitored transport data in condition for extraction of a
`
`signature which is independent ofa transportation format.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 7
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 7
`
`

`

`ad
`
`34.(Original) A system according to claim 1, comprising a payload
`
`extractor located between said transport monitor and said signature extractor for
`
`extracting content carrying data for signature extraction.
`
`35.(Original) A system according to claim 1, wherein said signature
`
`extractor comprises a binary function for applying to said monitored transport data.
`
`36. (Original)
`
`A system according to claim 1, wherein said network is
`
`a packet network, and wherein a buffer is associated with said signature extractor to
`
`enable said signature extractor to extract a signature from a buffered batch of packets.
`
`37. (Original)
`
`A system according to claim 35, wherein said binary
`
`function comprises at least one hash function.
`
`38. (Original)
`
`A system according to claim 37, wherein said binary
`
`function comprisesa first, fast, hash function to identify an offset in said monitored
`
`transport data and a second,full, hash function for application to said monitored
`
`transport data using said offset.
`
`39. (Original)
`
`A system according to claim 11, wherein said signature
`
`extractor comprises an audio signature extractor for extracting a signature from an
`
`audio part of said monitored data being transported.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 8
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 8
`
`

`

`40. (Original)
`
`A system according to claim 11, wherein said signature
`
`extractor comprises a video signature extractor for extracting a signature from a video
`
`part of said monitored data being transported.
`
`41. (Original)
`
`A system according to claim 11, said signature extractor
`
`comprising a pre-processor for pre-processing said monitored data being transported
`
`to improvesignature extraction.
`
`42.(Original) A system according to claim 41, said preprocessor operable
`
`to carry out at least one of a group of pre-processing operations comprising: removing
`
`erroneous data, removing redundancy,and canonizing properties of said monitored
`
`data being transported.
`
`43.(Original) A system according to claim 11, wherein said signal
`
`extractor comprises a binary signal extractor for initial signature extraction and an
`
`audio signature extractor for extracting an audio signature in the event said initial
`
`signature extraction fails to yield an identification.
`
`44. (Original)
`
`A system according to claim 11, wherein said signal
`
`extractor comprisesa binary signal extractor for initial signature extraction and a text
`
`signature extractor for extracting a text signature in the eventsaid initial signature
`
`extraction fails to yield an identification.
`
`45.(Original) A system according to claim 11, wherein said signal
`
`extractor comprisesa binary signal extractor for initial signature extraction and a code
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 9
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 9
`
`

`

`10
`
`signature extractor for extracting a code signature in the eventsaid initial signature
`
`extraction fails to yield an identification.
`
`46.(Original)A system according to claim 11, wherein said signal
`
`extractor comprises a binary signal extractor for initial signature extraction and a data
`
`content signature extractor for extracting a data content signature in the event said
`
`initial signature extraction fails to yield an identification.
`
`47. (Original)
`
`A system according to claim 11, wherein said signature
`
`extractor is operable to use a plurality of signature extraction approaches.
`
`48.(Original) A system according to claim 47, further comprising a
`
`combiner for producing a combination of extracted signatures of each of said
`
`approaches.
`
`49.(Original) A system according to claim 47, wherein said comparatoris
`
`operable to compare using signatures of each of said approachesandto use as a
`
`comparison output a highest result of each of said approaches.
`
`$0.(Original) A system according to claim 11, wherein said signal
`
`extractor comprises a binary signal extractor for initial signature extraction and a
`
`video signature extractor for extracting a video signature in the eventsaid initial
`
`signature extraction fails to yield an identification.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 10
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 10
`
`

`

`11
`
`51.(Original) A system according to claim 11, wherein thereis a plurality
`
`of preobtained signatures and wherein said comparatoris operable to compare said
`
`extracted signature with each oneof said preobtained signatures, thereby to determine
`
`whether said monitored transport data belongs to a content source whichis the same
`
`as any of said signatures.
`
`52.(Original) A system according to claim 51, said comparator being
`
`operable to obtain a cumulated number of matchesof said extracted signature.
`
`53. (Original)
`
`A system according to claim 51, wherein said
`
`comparatoris operable to calculate a likelihood of compatibility with each of said
`
`preobtained signatures and to output a highest one ofsaid probabilities to an
`
`unauthorized content presence determinator connected subsequently to said
`
`comparator.
`
`54. (Original)
`
`A system according to claim 52, said comparator being
`
`operable to calculate a likelihood of compatibility with each of said preobtained
`
`signatures and to output an accumulated total of matches which exceed a threshold
`
`probability level.
`
`55. (Original)
`
`A system according to claim 52, said comparator being
`
`operable to calculate the likelihood of compatibility with each of said preobtained
`
`signatures and to output an accumulated likelihood of matches which exceed a
`
`threshold probability level.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 11
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 11
`
`

`

`12
`
`56. (Original)
`
`A system according to claim 51, comprising a
`
`sequential decision unit associated with said comparator, being operable to use a
`
`sequential decision test to update a likelihood of the presence of given content, based
`
`on at least one of the following: successive matches made by said comparator, context
`
`related parameters, other content related parameters and outside parameters.
`
`57. (Original)
`A system according to claim 53, wherein said
`unauthorized content presence determinator is operable to use the output of said
`
`comparator to determine whether unauthorized contentis present in said transport and
`
`to output a positive decision of said presence to a subsequently connected policy
`
`determinator.
`
`58. (Original)
`
`A system according to claim 51, wherein an
`
`unauthorized content presence determinator is connected subsequently to said
`
`comparator and is operable to use an output of said comparator to determine whether
`
`unauthorized content is present in said data being transported, a positive decision of
`
`said presence being output to a subsequently connected policy determinator.
`
`59, (Original)
`
`A system according to claim 58, wherein said policy
`
`determinator comprisesa rule-based decision making unit for producing an
`
`enforcementdecision based on output of at least said unauthorized content presence
`
`determinator.
`
`60. (Original)
`
`A system according to claim |, wherein said policy
`
`determinator is operable to use said rule-based decision making unit to select between
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 12
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 12
`
`

`

`13
`
`a set of outputs including at least someof: taking no action, performing auditing,
`
`outputting a transcript of said content, reducing bandwidth assigned to said transport,
`
`using an active bitstream interference technique, stopping said transport, preventing
`
`printing, preventing photocopying, reducing quality of the content, removing sensitive
`
`parts, altering the content, adding a message to the said content, and preventing of
`
`saving on a portable medium,
`
`61. (Original)
`
`A system according to claim 60, wherein said rule-
`
`based decision making unit is operable to use a likelihood level of a signature
`
`identification as an input in order to makesaid selection.
`
`62.(Original) A system according to claim 61, further comprising a
`
`bandwidth managementunit connected to said policy determinator for managing
`
`network bandwidth assignment in accordance with output decisionsof said policy
`
`determinator.
`
`63. (Original)
`
`A system according to claim 1, further comprising an
`
`audit unit for preparing and storing audit reports of transportation of data identified as
`
`corresponding to contentit is desired to monitor.
`
`64. (Original)
`
`A system according to claim 1, comprising a transcript
`
`output unit for producing transcripts of content identified by said comparison.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 13
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 13
`
`

`

`14
`
`65. (Original)
`
`A system according to claim 27, further comprising a
`
`policy determinator connected to receive outcomes of said encryption determinator
`
`and to apply rule-based decision makingto select between a set of outputs including
`
`at least some of: taking no action, performing auditing, outputting a transcript of said
`
`content, reducing bandwidth assigned to said transport, using an active bitstream
`
`interference technique, and stopping said transport.
`
`66. (Original)
`
`A system according to claim 65, wherein said rule-
`
`based decision-making comprises rules based on confidence levels of said outcomes.
`
`67.(Original) A system according to claim 65, wherein said policy
`
`determinator is operable to use an input of an amount of encrypted transport from a
`
`given useras a factor in said rule based decision making.
`
`68. (Original)
`
`A system according to claim 30, further comprising a
`
`policy determinator connected to receive positive outcomes of said encryption
`
`determinator and to apply rule-based decision making to select between a set of
`
`outputs including at least someof: taking no action, performing auditing, outputting a
`
`transcript of said content, reducing bandwidth assigned to said transport, using an
`
`active bitstream interference technique, and stopping said transport, said policy
`
`determinator operable to use:
`
`an input of an amountof encrypted transport from a given user, and
`
`said confidence level, as factors in said rule based decision making.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 14
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 14
`
`

`

`15
`
`69. (Currently Amended) A system for network content control_of a local
`
`or organization network, comprising:
`
`a transport data monitor, connectable to a point in a-saidnetwork, for
`
`monitoring data being transported past said point,
`
`a signature extractor, associated with said transport data monitor, for
`
`extracting a derivation of payload of said monitored data, said derivation being
`
`indicative of content of said data,
`
`a database of preobtained signatures of known content whose movements
`
`it is desired to monitor, said content being internally generated in the network in
`
`advance of said extracting, said preobtained signatures being obtained in advance of
`
`said extracting said derivation of said payload,
`
`a comparator for comparing said derivation with said preobtained
`
`signatures, and to determine whether said monitored data comprises any of said
`
`content whose movementsit is desired to control, said determining further including a
`
`level of confidence,
`
`a decision-making unit for producing an enforcement decision, using the
`
`output of said comparator_including said confidence level, and
`
`a bandwidth managementunit connected to said decision-making unit for
`
`managing network bandwidth assignment in accordance with output decisions of said
`
`policy determinator, thereby to control content distribution over said network.
`
`70. (Original)
`
`A system accordingto claim 69, wherein said decision-
`
`making unit is a rule-based decision-making unit.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 15
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 15
`
`

`

`16
`
`71. (Original)
`
`A system according to claim 70, wherein said transport
`
`data monitor is a software agent, operable to place itself on a predetermined node of
`
`said network.
`
`72.(Original) A system according to claim 70, comprising a plurality of
`
`transport data monitors distributed over a plurality of points on said network.
`
`73.(Original) A system according to claim 70, said transport data monitor
`
`further comprising a multimediafilter for determining whether passing content
`
`comprises multimedia data andrestricting said signature extraction to said multimedia
`
`data.
`
`74. (Original)
`
`A system according to claim 70, said transport data
`
`comprising a plurality of protocol layers, the system further comprising a layer
`
`analyzer connected betweensaid transport data monitor and said signature extractor,
`
`said layer analyzer comprising analyzer modulesfor at least two ofsaid layers.
`
`75. (Original)
`
`A system according to claim 74, comprising a traffic
`
`state associator connected to receive output from said layer analyzer modules, and to
`
`associate together output of different layer analyzer modules which belongsto a
`
`single communication.
`
`76. (Original)
`
`A system according to claim 74, one of said analyzer
`
`modules comprising a multimediafilter for determining whether passing content
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 16
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 16
`
`

`

`17
`
`comprises multimedia data andrestricting said data extraction to said multimedia
`
`data.
`
`77. (Original)
`
`A system accordingto claim 74, one of said analyzer
`
`modules comprising a compression detector for determining whether said monitored
`
`transport data is compressed.
`
`78. (Original)
`
`A system according to claim 77, further comprising a
`
`decompressor, associated with said compression detector, for decompressing said data
`
`if it is determined that said data is compressed.
`
`79. (Original)
`
`A system according to claim 74, one of said analyzer
`
`modules comprising an encryption detector for determining whether said monitored
`
`transport data is encrypted.
`
`80. (Original)
`
`A system according to claim 79, wherein said
`
`encryption detector comprises an entropy measurement unit for measuring entropy of
`
`said monitored transport data.
`
`81. (Original)
`
`A system according to claim 80, said encryption
`
`detector being set to recognize a high entropy as an indication that encrypted data is
`
`present.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 17
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 17
`
`

`

`18
`
`82. (Original)
`
`A system according to claim 81, said encryption
`
`detector being set to use a height of said measured entropy as a confidencelevel of
`
`said encrypted data indication.
`
`83. (Original)
`
`A system accordingto claim 74, further comprising a
`
`format detector for determining a format of said monitored transport data.
`
`84. (Original)
`
`A system according to claim 83, further comprising a
`
`media player, associated with said format detector, for rendering and playing said
`
`monitored transport data as media according to said detected format, thereby to place
`
`said extracted transport data in condition for extraction of a signature whichis
`
`independentofa transportation format.
`
`85. (Original)
`
`A system according to claim 83, further comprising a
`
`parser, associated with said format detector, for parsing said monitored transport
`
`media, thereby to place said extracted transport data in condition for extraction of a
`
`signature which is independentof a transportation format.
`
`86. (Original)
`
`A system according to claim 70, wherein said signature
`
`extractor comprises a binary function for applying to said extracted transport data.
`
`87.(Original) A system according to claim 86, wherein said binary
`
`function comprisesat least one hash function.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 18
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 18
`
`

`

`19
`
`88. (Original)
`
`A system according to claim 87, wherein said binary
`
`function comprisesa first, fast, hash function to identify an offset in said extracted
`
`transport data and a second,full, hash function for application to said extracted
`
`_
`
`transport data using said offset.
`
`89. (Original)
`
`A system according to claim 70, wherein said signature
`
`extractor comprises an audio signature extractor for extracting a signature from an
`
`audio part of said extracted transport data.
`
`90. (Original)
`
`A system according to claim 70, wherein said signature
`
`extractor comprises a video signature extractor for extracting a signature from a video
`
`part of said extracted transport data.
`
`91. (Original)
`
`A system according to claim 70, wherein said
`
`comparatoris operable to comparesaid extracted signature with each one ofsaid
`
`preobtained signatures, thereby to determine whether said monitored transport data
`
`belongs to a content source whichis the sameas any of said signatures.
`
`92. (Original)
`
`A system according to claim 91, wherein said
`
`comparatoris operable to calculate a likelihood of compatibility with each of said
`
`preobtained signatures and to output a highest one of said probabilities to an
`
`unauthorized content presence determinator connected subsequently to said
`
`comparator.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 19
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 19
`
`

`

`20
`
`93. (Original)
`
`A system according to claim 92, wherein said
`
`unauthorized content presence determinatoris operable to use the outputof said
`
`comparator to determine whether unauthorized content is present in said transport and
`
`to output a positive decision of said presence to a subsequently connected policy
`
`determinator.
`
`94. (Original)
`
`A system according to claim 91, wherein an
`
`unauthorized content presence determinator is connected subsequently to said
`
`comparatorandis operable to use an output of said comparator to determine whether
`
`unauthorized content is present in said transport, a positive decision of said presence
`
`being output to a subsequently connected policy determinator.
`
`95. (Original)
`
`A system according to claim 94, wherein said policy
`
`determinator comprisessaid rule-based decision making unit for producing an
`
`enforcement decision based on output of at least said unauthorized content presence
`
`determinator.
`
`96. (Original)
`
`A system according to claim 70, wherein said policy
`
`determinator is operable to use said rule-based decision making unit to select between
`
`a set of outputs including at least someof: taking no action, performing auditing,
`
`outputting a transcript of said content, reducing bandwidth assignedto said transport,
`
`using an active bitstream interference technique, stopping said transport, not allowing
`
`printing of said content, not allowing photocopying of said content and not allow
`
`saving of said content on portable media.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 20
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 20
`
`

`

`21
`
`97. (Original)
`
`A system according to claim 96, said rule-based
`
`decision making unit is operable to use a likelihood of a signature identification as an
`
`input in order to make said selection.
`
`98. (Original)
`
`A system accordingto claim 70, further comprising an
`
`audit unit for preparing and storing audit reports of transportation of data identified as
`
`corresponding to contentit is desired to monitor.
`
`99. (Original)
`
`A system according to claim 79, further comprising a
`
`policy determinator connected to receive positive outcomesof said encryption
`
`determinator and to apply rule-based decision of said rule-based decision making unit
`
`to select between a set of outputs including at least someof: taking no action,
`
`performing auditing, outputting a transcript of said content, reducing bandwidth
`
`assigned to said transport, using an active bitstream interference technique, stopping
`
`said transport, reducing quality of the content, removing sensitive parts, altering the
`
`content, adding a messageto said content, not allowing printing of said content, not
`
`allowing photocopying of said content and notallow saving of said content on
`
`portable media.
`
`100. (Original) A system according to claim 99, said policy
`
`determinator being operable to use an input of an amountof encrypted transport from
`
`a given useras a factorin said rule based decision making.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 21
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 21
`
`

`

`22
`
`101. (Original) A system according to claim 82, further comprising a
`
`policy determinator connected to receive positive outcomesof said encryption
`
`determinator and to apply rule-based decision making of said rule-based decision-
`
`making unit to select between a set of outputs including at least some of: taking no
`
`action, performing auditing, outputting a transcript of said content, reducing
`
`bandwidth assignedto said transport, using an active bitstream interference technique,
`
`stopping said transport, reducing quality of the content, removing sensitive parts,
`
`altering the content, adding a messageto said content, not allowing printing of said
`
`content, not allowing photocopying ofsaid content, and not allowing saving of said
`
`content on portable media.
`
`102. (Original) A system according to claim 101, said policy
`
`determinator being operable to use:
`
`an input of an amount of encrypted transport from a given user, and
`
`said confidencelevel,
`
`as factors in said rule based decision making.
`
`103. (Original) A system according to claim 69, comprised within a
`
`firewall.
`
`104. (Original) A system according to claim 103, said transport data
`
`monitor being operable to inspect incoming and outgoing data transport crossing said
`
`firewall.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 22
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 22
`
`

`

`23
`
`105. (Original) A system according to claim 69, operable to define a
`
`restricted network zone within said network by inspecting data transport outgoing
`
`from said zone.
`
`106. (Original) A system according to claim 69, comprising
`
`certification recognition functionality to recognize data sources as being trustworthy
`
`and to allow data transport originating from said trustworthy data sources to pass
`
`through without monitoring.
`
`107. (Original) A system according to claim 69, comprising
`
`certification recognition functionality to recognize data sources as being trustworthy
`
`and to allow data transport originating from said trustworthy data sources to pass
`
`through with monitoring modified on the basis of said data source recognition.
`
`108. (Original) A system according to claim 69, comprising
`
`certification recognition functionality to recognize data sources as being trustworthy
`
`and to allow data transport originating from said trustworthy data sources to pass
`
`through with said decision making being modified on the basis of said data source
`
`recognition.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IP

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket