`
`
`IN THE UNIZED STATES PATENT AND TRADEMARK OFFICE
`
`€ Traverse”
`In re Applicant:
`
`43o
`
`n
`
`§ §
`
`Group Art Unit: 2134
`
`AttorneyDocket:
`01/22067
`
`§ §
`
`§ §
`
`Ariel PELEDetal
`
`Serial No.:
`
`10/003,269
`
`Filed:
`
`For:
`
`Examiner:
`
`December 6, 2001
`
`§
`§
`§
`A System and Method for
`Monitoring Unauthorized Transport §
`of Digital Content
`§
`§
`§
`§
`
`BROWN,ChristopherJ.
`
`Mail Stop AF
`Commissionerfor Patents
`PO Box 1450
`Alexandria, VA 22313-1450
`
`RESPONSE TO FINAL
`
`Sir:
`
`This is in response to the United States Patent and Trademark Final Office
`
`Action of June 25, 2007, which response is being made before November 25, 2007,
`
`and for which a two-month extension is requested and paid for herewith.
`
`A Request for Continued Examination (RCE)is also enclosed herewith.
`
`Applicant submits this response for entry into the record, in which:
`
`Amendments to the Claims begin on page 2.
`
`Remarks begin on page 32.
`
`Please amend the above-identified application as follows:
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 1
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 1
`
`
`
`In the Claims:
`
`
`
`1. (Currently Amended) A system for network content monitoringofa
`
`local or organizational network, comprising:
`
`a transport data monitor, connectable to a point in a-saidnetwork, for
`
`monitoring data being transported past said point,
`
`a description extractor, associated with said transport data monitor, for
`
`extracting descriptions of said data being transported,
`
`a database ofat least one preobtained description of known content
`
`whose movementsit is desired to monitor,
`
`said content being internally generated in the network in advanceof said
`
`extracting,said preobtained description being obtained in advance ofsaid extracting
`
`descriptions, and
`
`a comparator, configured to determine whether said extracted description
`
`correspondsto anyofsaid at least one preobtained descriptions, said determination
`
`further including a confidence level, and to decide, using said determination including
`
`
`said confidence level, whether said data being transported comprises any of said
`
`content whose movementsit is desired to monitor according to said determining.
`
`2. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract a pattern identifiably descriptive of said data being
`
`transported.
`
`3. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract a signature of said data being transported.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 2
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 2
`
`
`
`oD
`
`4.
`
`(Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract characteristics of said data being transported.
`
`5. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract encapsulated meta information of said data being
`
`transported.
`
`6. (Original) A system according to claim 1, wherein said description
`
`extractor is operable to extract multi-level descriptions of said data being transported.
`
`7. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises of a pattern identifiably descriptive of said data being
`
`transported.
`
`8. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises a signature of said data being transported.
`
`9. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises characteristics of said data being transported.
`
`10. (Original) A system according to claim 6, wherein said multi-level
`
`description comprises encapsulated meta-information of said data being transported.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 3
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 3
`
`
`
`11. (Original) A system according to claim 1, wherein said description
`
`extractor is a signature extractor, for extracting a derivation of said data, said
`
`derivation being a signature indicative of content of said data being transported, and
`
`wherein said at least one preobtained description is a preobtained signature.
`
`12. (Previously Presented) A system according to claim 1, said network
`
`being a packet-switched network and said data being transported comprising passing
`
`packets.
`
`13. (Previously Presented) A system according to claim 1, said network
`
`being a packet-switched network, said data being transported comprising passing
`
`packets and said transport data monitor being operable to monitor header content of
`
`said passing packets.
`
`14.(Previously Presented) A system according to claim 1, said network
`
`being a packet-switched network,said data being transported comprising passing
`
`packets, and said transport data extractor being operable to monitor header content
`
`and data content of said passing packets.
`
`15.(Original) A system according to claim 1, wherein said transport data
`
`monitor is a software agent, operable to place itself on a predetermined nodeofsaid
`
`network.
`
`16.(Original) A system according to claim 1, comprising a plurality of
`
`transport data monitors distributed over a plurality of points on said network.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 4
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 4
`
`
`
`17.(Original) A system according to claim 1, said transport data monitor
`
`further comprising a multimediafilter for determining whether passing content
`
`comprises multimedia data andrestricting said signature extraction to said multimedia
`
`data.
`
`18.(Original) A system according to claim 1, said data being transported
`
`comprising a plurality of protocol layers, the system further comprising a layer
`
`analyzer connected between said transport data monitor and said signature extractor,
`
`said layer analyzer comprising analyzer modules for at least two of said layers.
`
`19.(Original) A system according to claim 18, said layer analyzer
`
`comprising separate analyzer modules for respective layers.
`
`20.(Original) A system according to claim 18, further comprisinga traffic
`
`associator, connected to said analyzer modules, for using output from said analyzer
`
`modules to associate transport data from different sources as a single communication.
`
`21.(Original) A system according to claim 20, wherein said sourcesare at
`
`least one of a group comprising: data packets, communication channels, data
`
`monitors, and pre correlated data.
`
`22.(Original) A system according to claim 18, comprisinga traffic state
`
`associator connected to receive output from said layer analyzer modules, and to
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 5
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 5
`
`
`
`associate together output, of different layer analyzer modules, which belongs to a
`
`single communication.
`
`23.(Original) A system according to claim 18, wherein at least one of said
`
`analyzer modules comprises a multimedia filter for determining whether passing
`
`content comprises multimedia data and restricting said signature extraction to said
`
`multimedia data.
`
`24.(Original) A system according to claim 18, wherein at least one of said
`
`analyzer modules comprises a compression detector for determining whethersaid
`
`extracted transport data is compressed.
`
`25. (Original)
`
`A system according to claim 24, further comprising a
`
`decompressor, associated with said compression detector, for decompressing said data
`
`if it is determined that said data is compressed.
`
`26. (Original)
`
`A system according to claim 24, further comprising a
`
`description extractor for extracting a description directly from said compressed data.
`
`27. (Original)
`
`A system according to claim 18, wherein at least one of
`
`said analyzer modules comprises an encryption detector for determining whether said
`
`transport data is encrypted.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 6
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 6
`
`
`
`a
`
`28. (Original)
`
`A system according to claim 27, wherein said
`
`encryption detector comprises an entropy measurementunit for measuring entropy of
`
`said monitored transport data.
`
`29. (Original)
`
`A system according to claim 28, wherein said
`
`encryption detector is set to recognize a high entropy as an indication that encrypted
`
`data is present.
`
`30. (Original)
`
`A system according to claim 29, wherein said
`
`encryption detector is set to use a height of said measured entropy as a confidence
`
`level of said encrypted data indication.
`
`31. (Original)
`
`A system according to claim 18, further comprising a
`
`format detector for determining a format of said monitored transport data.
`
`32. (Original)
`
`A system according to claim 31, further comprising a
`
`media player, associated with said format detector, for rendering and playing said
`
`monitored transport data as media according to said detected format, thereby to place
`
`said monitored transport data in condition for extraction of a signature which is
`
`independentof a transportation format.
`
`33. (Original)
`
`A system according to claim 31, further comprising a
`
`parser, associated with said format detector, for parsing said monitored transport
`
`media, thereby to place said monitored transport data in condition for extraction of a
`
`signature which is independent ofa transportation format.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 7
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 7
`
`
`
`ad
`
`34.(Original) A system according to claim 1, comprising a payload
`
`extractor located between said transport monitor and said signature extractor for
`
`extracting content carrying data for signature extraction.
`
`35.(Original) A system according to claim 1, wherein said signature
`
`extractor comprises a binary function for applying to said monitored transport data.
`
`36. (Original)
`
`A system according to claim 1, wherein said network is
`
`a packet network, and wherein a buffer is associated with said signature extractor to
`
`enable said signature extractor to extract a signature from a buffered batch of packets.
`
`37. (Original)
`
`A system according to claim 35, wherein said binary
`
`function comprises at least one hash function.
`
`38. (Original)
`
`A system according to claim 37, wherein said binary
`
`function comprisesa first, fast, hash function to identify an offset in said monitored
`
`transport data and a second,full, hash function for application to said monitored
`
`transport data using said offset.
`
`39. (Original)
`
`A system according to claim 11, wherein said signature
`
`extractor comprises an audio signature extractor for extracting a signature from an
`
`audio part of said monitored data being transported.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 8
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 8
`
`
`
`40. (Original)
`
`A system according to claim 11, wherein said signature
`
`extractor comprises a video signature extractor for extracting a signature from a video
`
`part of said monitored data being transported.
`
`41. (Original)
`
`A system according to claim 11, said signature extractor
`
`comprising a pre-processor for pre-processing said monitored data being transported
`
`to improvesignature extraction.
`
`42.(Original) A system according to claim 41, said preprocessor operable
`
`to carry out at least one of a group of pre-processing operations comprising: removing
`
`erroneous data, removing redundancy,and canonizing properties of said monitored
`
`data being transported.
`
`43.(Original) A system according to claim 11, wherein said signal
`
`extractor comprises a binary signal extractor for initial signature extraction and an
`
`audio signature extractor for extracting an audio signature in the event said initial
`
`signature extraction fails to yield an identification.
`
`44. (Original)
`
`A system according to claim 11, wherein said signal
`
`extractor comprisesa binary signal extractor for initial signature extraction and a text
`
`signature extractor for extracting a text signature in the eventsaid initial signature
`
`extraction fails to yield an identification.
`
`45.(Original) A system according to claim 11, wherein said signal
`
`extractor comprisesa binary signal extractor for initial signature extraction and a code
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 9
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 9
`
`
`
`10
`
`signature extractor for extracting a code signature in the eventsaid initial signature
`
`extraction fails to yield an identification.
`
`46.(Original)A system according to claim 11, wherein said signal
`
`extractor comprises a binary signal extractor for initial signature extraction and a data
`
`content signature extractor for extracting a data content signature in the event said
`
`initial signature extraction fails to yield an identification.
`
`47. (Original)
`
`A system according to claim 11, wherein said signature
`
`extractor is operable to use a plurality of signature extraction approaches.
`
`48.(Original) A system according to claim 47, further comprising a
`
`combiner for producing a combination of extracted signatures of each of said
`
`approaches.
`
`49.(Original) A system according to claim 47, wherein said comparatoris
`
`operable to compare using signatures of each of said approachesandto use as a
`
`comparison output a highest result of each of said approaches.
`
`$0.(Original) A system according to claim 11, wherein said signal
`
`extractor comprises a binary signal extractor for initial signature extraction and a
`
`video signature extractor for extracting a video signature in the eventsaid initial
`
`signature extraction fails to yield an identification.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 10
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 10
`
`
`
`11
`
`51.(Original) A system according to claim 11, wherein thereis a plurality
`
`of preobtained signatures and wherein said comparatoris operable to compare said
`
`extracted signature with each oneof said preobtained signatures, thereby to determine
`
`whether said monitored transport data belongs to a content source whichis the same
`
`as any of said signatures.
`
`52.(Original) A system according to claim 51, said comparator being
`
`operable to obtain a cumulated number of matchesof said extracted signature.
`
`53. (Original)
`
`A system according to claim 51, wherein said
`
`comparatoris operable to calculate a likelihood of compatibility with each of said
`
`preobtained signatures and to output a highest one ofsaid probabilities to an
`
`unauthorized content presence determinator connected subsequently to said
`
`comparator.
`
`54. (Original)
`
`A system according to claim 52, said comparator being
`
`operable to calculate a likelihood of compatibility with each of said preobtained
`
`signatures and to output an accumulated total of matches which exceed a threshold
`
`probability level.
`
`55. (Original)
`
`A system according to claim 52, said comparator being
`
`operable to calculate the likelihood of compatibility with each of said preobtained
`
`signatures and to output an accumulated likelihood of matches which exceed a
`
`threshold probability level.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 11
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 11
`
`
`
`12
`
`56. (Original)
`
`A system according to claim 51, comprising a
`
`sequential decision unit associated with said comparator, being operable to use a
`
`sequential decision test to update a likelihood of the presence of given content, based
`
`on at least one of the following: successive matches made by said comparator, context
`
`related parameters, other content related parameters and outside parameters.
`
`57. (Original)
`A system according to claim 53, wherein said
`unauthorized content presence determinator is operable to use the output of said
`
`comparator to determine whether unauthorized contentis present in said transport and
`
`to output a positive decision of said presence to a subsequently connected policy
`
`determinator.
`
`58. (Original)
`
`A system according to claim 51, wherein an
`
`unauthorized content presence determinator is connected subsequently to said
`
`comparator and is operable to use an output of said comparator to determine whether
`
`unauthorized content is present in said data being transported, a positive decision of
`
`said presence being output to a subsequently connected policy determinator.
`
`59, (Original)
`
`A system according to claim 58, wherein said policy
`
`determinator comprisesa rule-based decision making unit for producing an
`
`enforcementdecision based on output of at least said unauthorized content presence
`
`determinator.
`
`60. (Original)
`
`A system according to claim |, wherein said policy
`
`determinator is operable to use said rule-based decision making unit to select between
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 12
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 12
`
`
`
`13
`
`a set of outputs including at least someof: taking no action, performing auditing,
`
`outputting a transcript of said content, reducing bandwidth assigned to said transport,
`
`using an active bitstream interference technique, stopping said transport, preventing
`
`printing, preventing photocopying, reducing quality of the content, removing sensitive
`
`parts, altering the content, adding a message to the said content, and preventing of
`
`saving on a portable medium,
`
`61. (Original)
`
`A system according to claim 60, wherein said rule-
`
`based decision making unit is operable to use a likelihood level of a signature
`
`identification as an input in order to makesaid selection.
`
`62.(Original) A system according to claim 61, further comprising a
`
`bandwidth managementunit connected to said policy determinator for managing
`
`network bandwidth assignment in accordance with output decisionsof said policy
`
`determinator.
`
`63. (Original)
`
`A system according to claim 1, further comprising an
`
`audit unit for preparing and storing audit reports of transportation of data identified as
`
`corresponding to contentit is desired to monitor.
`
`64. (Original)
`
`A system according to claim 1, comprising a transcript
`
`output unit for producing transcripts of content identified by said comparison.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 13
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 13
`
`
`
`14
`
`65. (Original)
`
`A system according to claim 27, further comprising a
`
`policy determinator connected to receive outcomes of said encryption determinator
`
`and to apply rule-based decision makingto select between a set of outputs including
`
`at least some of: taking no action, performing auditing, outputting a transcript of said
`
`content, reducing bandwidth assigned to said transport, using an active bitstream
`
`interference technique, and stopping said transport.
`
`66. (Original)
`
`A system according to claim 65, wherein said rule-
`
`based decision-making comprises rules based on confidence levels of said outcomes.
`
`67.(Original) A system according to claim 65, wherein said policy
`
`determinator is operable to use an input of an amount of encrypted transport from a
`
`given useras a factor in said rule based decision making.
`
`68. (Original)
`
`A system according to claim 30, further comprising a
`
`policy determinator connected to receive positive outcomes of said encryption
`
`determinator and to apply rule-based decision making to select between a set of
`
`outputs including at least someof: taking no action, performing auditing, outputting a
`
`transcript of said content, reducing bandwidth assigned to said transport, using an
`
`active bitstream interference technique, and stopping said transport, said policy
`
`determinator operable to use:
`
`an input of an amountof encrypted transport from a given user, and
`
`said confidence level, as factors in said rule based decision making.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 14
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 14
`
`
`
`15
`
`69. (Currently Amended) A system for network content control_of a local
`
`or organization network, comprising:
`
`a transport data monitor, connectable to a point in a-saidnetwork, for
`
`monitoring data being transported past said point,
`
`a signature extractor, associated with said transport data monitor, for
`
`extracting a derivation of payload of said monitored data, said derivation being
`
`indicative of content of said data,
`
`a database of preobtained signatures of known content whose movements
`
`it is desired to monitor, said content being internally generated in the network in
`
`advance of said extracting, said preobtained signatures being obtained in advance of
`
`said extracting said derivation of said payload,
`
`a comparator for comparing said derivation with said preobtained
`
`signatures, and to determine whether said monitored data comprises any of said
`
`content whose movementsit is desired to control, said determining further including a
`
`level of confidence,
`
`a decision-making unit for producing an enforcement decision, using the
`
`output of said comparator_including said confidence level, and
`
`a bandwidth managementunit connected to said decision-making unit for
`
`managing network bandwidth assignment in accordance with output decisions of said
`
`policy determinator, thereby to control content distribution over said network.
`
`70. (Original)
`
`A system accordingto claim 69, wherein said decision-
`
`making unit is a rule-based decision-making unit.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 15
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 15
`
`
`
`16
`
`71. (Original)
`
`A system according to claim 70, wherein said transport
`
`data monitor is a software agent, operable to place itself on a predetermined node of
`
`said network.
`
`72.(Original) A system according to claim 70, comprising a plurality of
`
`transport data monitors distributed over a plurality of points on said network.
`
`73.(Original) A system according to claim 70, said transport data monitor
`
`further comprising a multimediafilter for determining whether passing content
`
`comprises multimedia data andrestricting said signature extraction to said multimedia
`
`data.
`
`74. (Original)
`
`A system according to claim 70, said transport data
`
`comprising a plurality of protocol layers, the system further comprising a layer
`
`analyzer connected betweensaid transport data monitor and said signature extractor,
`
`said layer analyzer comprising analyzer modulesfor at least two ofsaid layers.
`
`75. (Original)
`
`A system according to claim 74, comprising a traffic
`
`state associator connected to receive output from said layer analyzer modules, and to
`
`associate together output of different layer analyzer modules which belongsto a
`
`single communication.
`
`76. (Original)
`
`A system according to claim 74, one of said analyzer
`
`modules comprising a multimediafilter for determining whether passing content
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 16
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 16
`
`
`
`17
`
`comprises multimedia data andrestricting said data extraction to said multimedia
`
`data.
`
`77. (Original)
`
`A system accordingto claim 74, one of said analyzer
`
`modules comprising a compression detector for determining whether said monitored
`
`transport data is compressed.
`
`78. (Original)
`
`A system according to claim 77, further comprising a
`
`decompressor, associated with said compression detector, for decompressing said data
`
`if it is determined that said data is compressed.
`
`79. (Original)
`
`A system according to claim 74, one of said analyzer
`
`modules comprising an encryption detector for determining whether said monitored
`
`transport data is encrypted.
`
`80. (Original)
`
`A system according to claim 79, wherein said
`
`encryption detector comprises an entropy measurement unit for measuring entropy of
`
`said monitored transport data.
`
`81. (Original)
`
`A system according to claim 80, said encryption
`
`detector being set to recognize a high entropy as an indication that encrypted data is
`
`present.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 17
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 17
`
`
`
`18
`
`82. (Original)
`
`A system according to claim 81, said encryption
`
`detector being set to use a height of said measured entropy as a confidencelevel of
`
`said encrypted data indication.
`
`83. (Original)
`
`A system accordingto claim 74, further comprising a
`
`format detector for determining a format of said monitored transport data.
`
`84. (Original)
`
`A system according to claim 83, further comprising a
`
`media player, associated with said format detector, for rendering and playing said
`
`monitored transport data as media according to said detected format, thereby to place
`
`said extracted transport data in condition for extraction of a signature whichis
`
`independentofa transportation format.
`
`85. (Original)
`
`A system according to claim 83, further comprising a
`
`parser, associated with said format detector, for parsing said monitored transport
`
`media, thereby to place said extracted transport data in condition for extraction of a
`
`signature which is independentof a transportation format.
`
`86. (Original)
`
`A system according to claim 70, wherein said signature
`
`extractor comprises a binary function for applying to said extracted transport data.
`
`87.(Original) A system according to claim 86, wherein said binary
`
`function comprisesat least one hash function.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 18
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 18
`
`
`
`19
`
`88. (Original)
`
`A system according to claim 87, wherein said binary
`
`function comprisesa first, fast, hash function to identify an offset in said extracted
`
`transport data and a second,full, hash function for application to said extracted
`
`_
`
`transport data using said offset.
`
`89. (Original)
`
`A system according to claim 70, wherein said signature
`
`extractor comprises an audio signature extractor for extracting a signature from an
`
`audio part of said extracted transport data.
`
`90. (Original)
`
`A system according to claim 70, wherein said signature
`
`extractor comprises a video signature extractor for extracting a signature from a video
`
`part of said extracted transport data.
`
`91. (Original)
`
`A system according to claim 70, wherein said
`
`comparatoris operable to comparesaid extracted signature with each one ofsaid
`
`preobtained signatures, thereby to determine whether said monitored transport data
`
`belongs to a content source whichis the sameas any of said signatures.
`
`92. (Original)
`
`A system according to claim 91, wherein said
`
`comparatoris operable to calculate a likelihood of compatibility with each of said
`
`preobtained signatures and to output a highest one of said probabilities to an
`
`unauthorized content presence determinator connected subsequently to said
`
`comparator.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 19
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 19
`
`
`
`20
`
`93. (Original)
`
`A system according to claim 92, wherein said
`
`unauthorized content presence determinatoris operable to use the outputof said
`
`comparator to determine whether unauthorized content is present in said transport and
`
`to output a positive decision of said presence to a subsequently connected policy
`
`determinator.
`
`94. (Original)
`
`A system according to claim 91, wherein an
`
`unauthorized content presence determinator is connected subsequently to said
`
`comparatorandis operable to use an output of said comparator to determine whether
`
`unauthorized content is present in said transport, a positive decision of said presence
`
`being output to a subsequently connected policy determinator.
`
`95. (Original)
`
`A system according to claim 94, wherein said policy
`
`determinator comprisessaid rule-based decision making unit for producing an
`
`enforcement decision based on output of at least said unauthorized content presence
`
`determinator.
`
`96. (Original)
`
`A system according to claim 70, wherein said policy
`
`determinator is operable to use said rule-based decision making unit to select between
`
`a set of outputs including at least someof: taking no action, performing auditing,
`
`outputting a transcript of said content, reducing bandwidth assignedto said transport,
`
`using an active bitstream interference technique, stopping said transport, not allowing
`
`printing of said content, not allowing photocopying of said content and not allow
`
`saving of said content on portable media.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 20
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 20
`
`
`
`21
`
`97. (Original)
`
`A system according to claim 96, said rule-based
`
`decision making unit is operable to use a likelihood of a signature identification as an
`
`input in order to make said selection.
`
`98. (Original)
`
`A system accordingto claim 70, further comprising an
`
`audit unit for preparing and storing audit reports of transportation of data identified as
`
`corresponding to contentit is desired to monitor.
`
`99. (Original)
`
`A system according to claim 79, further comprising a
`
`policy determinator connected to receive positive outcomesof said encryption
`
`determinator and to apply rule-based decision of said rule-based decision making unit
`
`to select between a set of outputs including at least someof: taking no action,
`
`performing auditing, outputting a transcript of said content, reducing bandwidth
`
`assigned to said transport, using an active bitstream interference technique, stopping
`
`said transport, reducing quality of the content, removing sensitive parts, altering the
`
`content, adding a messageto said content, not allowing printing of said content, not
`
`allowing photocopying of said content and notallow saving of said content on
`
`portable media.
`
`100. (Original) A system according to claim 99, said policy
`
`determinator being operable to use an input of an amountof encrypted transport from
`
`a given useras a factorin said rule based decision making.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 21
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 21
`
`
`
`22
`
`101. (Original) A system according to claim 82, further comprising a
`
`policy determinator connected to receive positive outcomesof said encryption
`
`determinator and to apply rule-based decision making of said rule-based decision-
`
`making unit to select between a set of outputs including at least some of: taking no
`
`action, performing auditing, outputting a transcript of said content, reducing
`
`bandwidth assignedto said transport, using an active bitstream interference technique,
`
`stopping said transport, reducing quality of the content, removing sensitive parts,
`
`altering the content, adding a messageto said content, not allowing printing of said
`
`content, not allowing photocopying ofsaid content, and not allowing saving of said
`
`content on portable media.
`
`102. (Original) A system according to claim 101, said policy
`
`determinator being operable to use:
`
`an input of an amount of encrypted transport from a given user, and
`
`said confidencelevel,
`
`as factors in said rule based decision making.
`
`103. (Original) A system according to claim 69, comprised within a
`
`firewall.
`
`104. (Original) A system according to claim 103, said transport data
`
`monitor being operable to inspect incoming and outgoing data transport crossing said
`
`firewall.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 22
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IPR 2017-01342
`Page 22
`
`
`
`23
`
`105. (Original) A system according to claim 69, operable to define a
`
`restricted network zone within said network by inspecting data transport outgoing
`
`from said zone.
`
`106. (Original) A system according to claim 69, comprising
`
`certification recognition functionality to recognize data sources as being trustworthy
`
`and to allow data transport originating from said trustworthy data sources to pass
`
`through without monitoring.
`
`107. (Original) A system according to claim 69, comprising
`
`certification recognition functionality to recognize data sources as being trustworthy
`
`and to allow data transport originating from said trustworthy data sources to pass
`
`through with monitoring modified on the basis of said data source recognition.
`
`108. (Original) A system according to claim 69, comprising
`
`certification recognition functionality to recognize data sources as being trustworthy
`
`and to allow data transport originating from said trustworthy data sources to pass
`
`through with said decision making being modified on the basis of said data source
`
`recognition.
`
`Symantec Exhibit 2004
`Zscaler v. Symantec, IP