Alan Dabbiere et al.

Patent Trials and Appeals Board

Aug 30, 2019

13839112 - (D) (P.T.A.B. Aug. 30, 2019)

UNITED STATES PATENT AND TRADEMARK OFFICE
UNITED STATES DEPARTMENT OF COMMERCE
United States Patent and Trademark Office
Address: COMMISSIONER FOR PATENTS
P.O. Box 1450
Alexandria, Virginia 22313-1450
www.uspto.gov
APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO.
13/839,112 03/15/2013 ALAN DABBIERE W008 (500102-1180) 6421
152577 7590 08/30/2019
Thomas | Horstemeyer, LLP (VMW)
3200 Windy Hill Road, SE
Atlanta, GA 30339
EXAMINER
FAROOQUI, QUAZI
ART UNIT PAPER NUMBER
2491
NOTIFICATION DATE DELIVERY MODE
08/30/2019 ELECTRONIC
Please find below and/or attached an Office communication concerning this application or proceeding.
The time period for reply, if any, is set in the attached communication.
Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the
following e-mail address(es):
docketing@thomashorstemeyer.com
ipadmin@vmware.com
uspatents@thomashorstemeyer.com
PTOL-90A (Rev. 04/07)
UNITED STATES PATENT AND TRADEMARK OFFICE
____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD
____________

Ex parte ALAN DABBIERE and ERICH STUNTEBECK
____________

Appeal 2018-000329
Application 13/839,1121
Technology Center 2400
____________

Before ELENI MANTIS MERCADER, CATHERINE SHIANG, and
SCOTT E. BAIN, Administrative Patent Judges.

BAIN, Administrative Patent Judge.

DECISION ON APPEAL
Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s
Final Rejection of claims 1, 4–10, and 12–23, which constitute all claims
pending in the application. Claims 2, 3, and 11 have been cancelled. We
have jurisdiction under 35 U.S.C. § 6(b).
We affirm.

1 Appellants identify Airwatch LLC and VMware, Inc. as the real parties in
interest. App. Br. 2.
Appeal 2018-000329
Application 13/839,112
2

STATEMENT OF THE CASE
The Claimed Invention
Appellants’ claimed invention relates to controlling access to
computing resources through the use of compliance rules (authorization
rules). Spec. ¶ 1. Claims 1, 10, and 19 are independent. Claim 1 is
illustrative of the invention and the subject matter of the appeal, and reads as
follows (with disputed limitations emphasized):
1. A method comprising:
associating, using at least one computing device, a
compliance rule with a client device;
determining, using the at least one computing device,
whether the compliance rule is violated;
responsive to determining that the compliance rule is
violated, determining, using the at least one computing device,
whether the compliance rule is associated with an alternative
setting that is more stringent than a current setting associated
with the client device;
responsive to determining that the compliance rule is
associated with the alternative setting that is more stringent than
the current setting associated with the client device, changing,
using the at least one computing device, the current setting to the
alternative setting, wherein changing the current setting to the
alternative setting comprises increasing a password complexity
requirement, wherein increasing the password complexity
requirement causes access to at least one of the client device, a
network, a client device resource, or a network resource to be
restricted until a user of the client device has configured a new
password that complies with the password complexity
requirement; and,
responsive to determining that the compliance rule is not
associated with the alternative setting that is more stringent than
the current setting associated with the client device, causing,
using the at least one computing device, access to at least one of
Appeal 2018-000329
Application 13/839,112
3

the client device, the network, the client device resource, or the
network resource to be restricted.
App. Br. 21 (Claims App’x) (emphases added).

The Rejections on Appeal
Claims 1, 5–11, 15, 16, 18, 19, 22, and 23 stand rejected under pre-
AIA 35 U.S.C. § 103(a) as being unpatentable over Malik et al. (US
2013/0007245 A1; Jan. 3, 2013) (“Malik”), Kulkarni et al. (US
2008/0244690 A1; Oct. 2, 2008) (“Kulkarni”), and Chien (US
2014/0033326 A1; Jan. 30, 2014). Final Act. 4–18.
Claims 4 and 12 stand rejected under pre-AIA 35 U.S.C. § 103(a) as
being unpatentable over Malik, Kulkarni, Chien, and Zises (US
2014/0155094 A1; June 5, 2014). Final Act. 18–20.
Claims 13, 14, and 17 stand rejected under pre-AIA
35 U.S.C. § 103(a) as being unpatentable over Malik, Kulkarni, Chien,
Zises, and Barry et al. (US 7,225,249 B1; May 29, 2007) (“Barry”). Final
Act. 20–26.
Claims 20 and 21 stand rejected under pre-AIA 35 U.S.C. § 103(a) as
being unpatentable over Malik, Kulkarni, Chien, Zises, and Lawson et al.
(US 2012/0207285 A1; Aug. 16, 2012) (“Lawson”). Final Act. 26–28.
ANALYSIS
We have reviewed the Examiner’s rejections in light of Appellants’
arguments presented in this appeal. Arguments that Appellants could have
made but did not make in the briefs are deemed to be waived. See 37 C.F.R.
§ 41.37(c)(1)(iv). On the record before us, we are not persuaded the
Examiner erred. We adopt as our own the findings and reasons set forth in
Appeal 2018-000329
Application 13/839,112
4

the rejections from which the appeal is taken and in the Examiner’s Answer,
and provide the following discussion for highlighting and emphasis.
Appellants argue the Examiner erred in finding the prior art teaches or
suggests “changing, using the at least one computing device, the current
setting to the alternative setting, wherein changing the current setting to the
alternative setting comprises increasing a password complexity
requirement,” as recited in claim 1. App. Br. 6–8; Reply Br. 3–4.
Specifically, Appellants contend that Chien merely teaches “alternative
settings associated with tiered access,” Malik only teaches “evaluating”
compliance state, and Kulkarni only teaches “scoring a set of security rules.”
Id. The references do not, Appellants contend, teach “changing” the
required setting by “increasing” password complexity. We disagree.
As the Examiner finds, Malik is directed to “rules based actions for
mobile device management” and teaches a “rules-based action framework”
such as requiring a “minimum passcode strength.” Final Act. 6–7 (emphasis
added); Malik Abs., ¶¶ 8, 28, 31. Devices not compliant with the policy are
restricted from access to “resources” or have their access limited. Malik
¶ 31. Kulkarni, in turn, is directed to “deriving remediations from security
compliance rules,” and teaches “chang[ing] . . . password complexity” based
on “conditions of interest” and “generat[ing] remediation processes . . . to
improve and update compliance of a machine with security policies.”
Kulkarni Title, Abs., ¶¶ 37–41 (emphasis added). Chien, a “security
management application,” teaches configuring “access controls and/or other
security settings relating to application programs,” and teaches “modify[ing]
settings.” Chien Abs., Fig. 3, ¶ 76 (emphasis added).
Appeal 2018-000329
Application 13/839,112
5

The foregoing teachings, in our view, sufficiently support the
Examiner’s finding that the combination of references teaches the disputed
limitation of claim 1, i.e., “changing, using the at least one computing
device, the current setting to the alternative setting” by “increasing a
password complexity requirement.” Kulkarni, for example, expressly
discloses that password complexity can be “set,” and includes “[m]inimum
password” requirements which “expire[]” after a certain time. Kulkarni
¶¶ 37–40. Appellants further contend that none of the references teach or
suggest changing password complexity “responsive to” evaluating a device’s
settings as compared to compliance rules, Reply Br. 5, but this argument is
not persuasive because it relies on arguing the references individually rather
than addressing the Examiner’s combination of references. In re Merck &
Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986) (“Non-obviousness cannot
be established by attacking references individually where the rejection is
based upon the teachings of a combination of references.”). Moreover, as
the Examiner finds, Malik teaches evaluating a compliance state of the
settings on a mobile device, as compared to corporate security policies. Ans.
11–12; Malik Fig. 3, ¶¶ 7, 31; see also Kulkarni Fig. 4, ¶ 31.
We, therefore, are not persuaded of error regarding the Examiner’s
rejection of claim 1.
Appellants additionally argue the Examiner erred in rejecting
dependent claim 7, because none of the cited references teach or suggest that
password complexity is increased by “at least one instruction” by a server, as
recited in the claim. App. Br. 10. Appellants’ argument regarding claim 7
essentially is redundant to the argument regarding claim 1, asserting that
“Kulkarni fails to show . . . ‘increas[ing] the required password
Appeal 2018-000329
Application 13/839,112
6

complexity.’” Id. (emphasis omitted). For the reasons discussed above, we
are not persuaded by Appellants’ argument. Moreover, the additional
element of “at least one instruction” recited in claim 7 is unhelpful to
Appellants’ position, because all of the references cited by the Examiner are
directed to server-client security interactions that include instructions from a
remote server. See, e.g., Malik Abs. (“server-based rules-based action
framework . . . causing administrator-selected rules to be evaluated to
determine if an action should automatically be initiated”), Fig. 1, ¶¶ 6, 11
(“providing device management services . . . accessible by a server and
computer readable instructions for execution on the server”) (emphasis
added); Kulkarni Fig. 11 (remote servers); Chien ¶¶ 48, 88.
Appellants’ arguments regarding the remaining claims are redundant
to the arguments regarding claims 1 and 7, discussed above. App. Br. 11–
20. For the foregoing reasons, we are not persuaded of error.
Accordingly, we sustain the obviousness rejections of claims 1, 4–10,
and 12–23.
DECISION
We affirm the Examiner’s decision rejecting claims 1, 4–10, and 12–
23.
No time period for taking any subsequent action in connection with
this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R.
§ 41.50(f).

AFFIRMED