Alan Dabbiere et al.Download PDFPatent Trials and Appeals BoardAug 30, 201913839112 - (D) (P.T.A.B. Aug. 30, 2019) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/839,112 03/15/2013 ALAN DABBIERE W008 (500102-1180) 6421 152577 7590 08/30/2019 Thomas | Horstemeyer, LLP (VMW) 3200 Windy Hill Road, SE Atlanta, GA 30339 EXAMINER FAROOQUI, QUAZI ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 08/30/2019 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): docketing@thomashorstemeyer.com ipadmin@vmware.com uspatents@thomashorstemeyer.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte ALAN DABBIERE and ERICH STUNTEBECK ____________ Appeal 2018-000329 Application 13/839,1121 Technology Center 2400 ____________ Before ELENI MANTIS MERCADER, CATHERINE SHIANG, and SCOTT E. BAIN, Administrative Patent Judges. BAIN, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s Final Rejection of claims 1, 4–10, and 12–23, which constitute all claims pending in the application. Claims 2, 3, and 11 have been cancelled. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 Appellants identify Airwatch LLC and VMware, Inc. as the real parties in interest. App. Br. 2. Appeal 2018-000329 Application 13/839,112 2 STATEMENT OF THE CASE The Claimed Invention Appellants’ claimed invention relates to controlling access to computing resources through the use of compliance rules (authorization rules). Spec. ¶ 1. Claims 1, 10, and 19 are independent. Claim 1 is illustrative of the invention and the subject matter of the appeal, and reads as follows (with disputed limitations emphasized): 1. A method comprising: associating, using at least one computing device, a compliance rule with a client device; determining, using the at least one computing device, whether the compliance rule is violated; responsive to determining that the compliance rule is violated, determining, using the at least one computing device, whether the compliance rule is associated with an alternative setting that is more stringent than a current setting associated with the client device; responsive to determining that the compliance rule is associated with the alternative setting that is more stringent than the current setting associated with the client device, changing, using the at least one computing device, the current setting to the alternative setting, wherein changing the current setting to the alternative setting comprises increasing a password complexity requirement, wherein increasing the password complexity requirement causes access to at least one of the client device, a network, a client device resource, or a network resource to be restricted until a user of the client device has configured a new password that complies with the password complexity requirement; and, responsive to determining that the compliance rule is not associated with the alternative setting that is more stringent than the current setting associated with the client device, causing, using the at least one computing device, access to at least one of Appeal 2018-000329 Application 13/839,112 3 the client device, the network, the client device resource, or the network resource to be restricted. App. Br. 21 (Claims App’x) (emphases added). The Rejections on Appeal Claims 1, 5–11, 15, 16, 18, 19, 22, and 23 stand rejected under pre- AIA 35 U.S.C. § 103(a) as being unpatentable over Malik et al. (US 2013/0007245 A1; Jan. 3, 2013) (“Malik”), Kulkarni et al. (US 2008/0244690 A1; Oct. 2, 2008) (“Kulkarni”), and Chien (US 2014/0033326 A1; Jan. 30, 2014). Final Act. 4–18. Claims 4 and 12 stand rejected under pre-AIA 35 U.S.C. § 103(a) as being unpatentable over Malik, Kulkarni, Chien, and Zises (US 2014/0155094 A1; June 5, 2014). Final Act. 18–20. Claims 13, 14, and 17 stand rejected under pre-AIA 35 U.S.C. § 103(a) as being unpatentable over Malik, Kulkarni, Chien, Zises, and Barry et al. (US 7,225,249 B1; May 29, 2007) (“Barry”). Final Act. 20–26. Claims 20 and 21 stand rejected under pre-AIA 35 U.S.C. § 103(a) as being unpatentable over Malik, Kulkarni, Chien, Zises, and Lawson et al. (US 2012/0207285 A1; Aug. 16, 2012) (“Lawson”). Final Act. 26–28. ANALYSIS We have reviewed the Examiner’s rejections in light of Appellants’ arguments presented in this appeal. Arguments that Appellants could have made but did not make in the briefs are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(iv). On the record before us, we are not persuaded the Examiner erred. We adopt as our own the findings and reasons set forth in Appeal 2018-000329 Application 13/839,112 4 the rejections from which the appeal is taken and in the Examiner’s Answer, and provide the following discussion for highlighting and emphasis. Appellants argue the Examiner erred in finding the prior art teaches or suggests “changing, using the at least one computing device, the current setting to the alternative setting, wherein changing the current setting to the alternative setting comprises increasing a password complexity requirement,” as recited in claim 1. App. Br. 6–8; Reply Br. 3–4. Specifically, Appellants contend that Chien merely teaches “alternative settings associated with tiered access,” Malik only teaches “evaluating” compliance state, and Kulkarni only teaches “scoring a set of security rules.” Id. The references do not, Appellants contend, teach “changing” the required setting by “increasing” password complexity. We disagree. As the Examiner finds, Malik is directed to “rules based actions for mobile device management” and teaches a “rules-based action framework” such as requiring a “minimum passcode strength.” Final Act. 6–7 (emphasis added); Malik Abs., ¶¶ 8, 28, 31. Devices not compliant with the policy are restricted from access to “resources” or have their access limited. Malik ¶ 31. Kulkarni, in turn, is directed to “deriving remediations from security compliance rules,” and teaches “chang[ing] . . . password complexity” based on “conditions of interest” and “generat[ing] remediation processes . . . to improve and update compliance of a machine with security policies.” Kulkarni Title, Abs., ¶¶ 37–41 (emphasis added). Chien, a “security management application,” teaches configuring “access controls and/or other security settings relating to application programs,” and teaches “modify[ing] settings.” Chien Abs., Fig. 3, ¶ 76 (emphasis added). Appeal 2018-000329 Application 13/839,112 5 The foregoing teachings, in our view, sufficiently support the Examiner’s finding that the combination of references teaches the disputed limitation of claim 1, i.e., “changing, using the at least one computing device, the current setting to the alternative setting” by “increasing a password complexity requirement.” Kulkarni, for example, expressly discloses that password complexity can be “set,” and includes “[m]inimum password” requirements which “expire[]” after a certain time. Kulkarni ¶¶ 37–40. Appellants further contend that none of the references teach or suggest changing password complexity “responsive to” evaluating a device’s settings as compared to compliance rules, Reply Br. 5, but this argument is not persuasive because it relies on arguing the references individually rather than addressing the Examiner’s combination of references. In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986) (“Non-obviousness cannot be established by attacking references individually where the rejection is based upon the teachings of a combination of references.”). Moreover, as the Examiner finds, Malik teaches evaluating a compliance state of the settings on a mobile device, as compared to corporate security policies. Ans. 11–12; Malik Fig. 3, ¶¶ 7, 31; see also Kulkarni Fig. 4, ¶ 31. We, therefore, are not persuaded of error regarding the Examiner’s rejection of claim 1. Appellants additionally argue the Examiner erred in rejecting dependent claim 7, because none of the cited references teach or suggest that password complexity is increased by “at least one instruction” by a server, as recited in the claim. App. Br. 10. Appellants’ argument regarding claim 7 essentially is redundant to the argument regarding claim 1, asserting that “Kulkarni fails to show . . . ‘increas[ing] the required password Appeal 2018-000329 Application 13/839,112 6 complexity.’” Id. (emphasis omitted). For the reasons discussed above, we are not persuaded by Appellants’ argument. Moreover, the additional element of “at least one instruction” recited in claim 7 is unhelpful to Appellants’ position, because all of the references cited by the Examiner are directed to server-client security interactions that include instructions from a remote server. See, e.g., Malik Abs. (“server-based rules-based action framework . . . causing administrator-selected rules to be evaluated to determine if an action should automatically be initiated”), Fig. 1, ¶¶ 6, 11 (“providing device management services . . . accessible by a server and computer readable instructions for execution on the server”) (emphasis added); Kulkarni Fig. 11 (remote servers); Chien ¶¶ 48, 88. Appellants’ arguments regarding the remaining claims are redundant to the arguments regarding claims 1 and 7, discussed above. App. Br. 11– 20. For the foregoing reasons, we are not persuaded of error. Accordingly, we sustain the obviousness rejections of claims 1, 4–10, and 12–23. DECISION We affirm the Examiner’s decision rejecting claims 1, 4–10, and 12– 23. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 41.50(f). AFFIRMED Copy with citationCopy as parenthetical citation