Elizabeth Ann. Crowley et al.Download PDFPatent Trials and Appeals BoardOct 1, 201914709099 - (D) (P.T.A.B. Oct. 1, 2019) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/709,099 05/11/2015 Elizabeth Ann Crowley B86918 1900US.1 (0073.4) 4655 128836 7590 10/01/2019 WOMBLE BOND DICKINSON (US) LLP Attn: IP Docketing P.O. Box 7037 Atlanta, GA 30357-0037 EXAMINER SIMITOSKI, MICHAEL J ART UNIT PAPER NUMBER 2493 NOTIFICATION DATE DELIVERY MODE 10/01/2019 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipdocketing@wbd-us.com patentadmin@Boeing.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ________________ Ex parte ELIZABETH ANN CROWLEY, RAJPREET AHNUWALIA, KEVIN, NIKKEL, and DANIEL O. ROTHGEB1 ________________ Appeal 2019-000669 Application 14/709,099 Technology Center 2400 ________________ Before BRADLEY W. BAUMEISTER, STACEY G. WHITE, and KEVIN W. CHERRY, Administrative Patent Judges. BAUMEISTER, Administrative Patent Judge. DECISION ON APPEAL Appellant appeals under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1–4, 7–11, 14–18, and 21–24, which constitute all the claims pending in this application. Appeal Br. 1.2 We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies the real party in interest as The Boeing Company. Appeal Brief filed June 26, 2018 (“Appeal Br.”) 1. 2 Rather than repeat the Examiner’s positions and Appellant’s arguments in their entirety, we refer to the above mentioned Appeal Brief, as well as the following documents for their respective details: the Final Action mailed March 8, 2018 (“Final Act.”); the Examiner’s Answer mailed September 4, 2018 (“Ans.”); and the Reply Brief filed November 2, 2018 (“Reply Br.”). Appeal 2019-000669 Application 14/709,099 2 STATEMENT OF THE CASE Appellant describes the present invention as follows: An apparatus is provided for implementation of a system for screening electronic mail messages [to identify links to malicious Internet resources]. The apparatus may receive an electronic mail message, and scan the electronic mail message for a uniform resource identifier (URI) of an Internet resource embedded therein. In an instance in which a URI is embedded in the electronic mail message, the apparatus may query a WHOIS server3 for a created date of the Internet resource. In this regard, the WHOIS server may be queried using a domain name of the Internet resource included in the URI. And the apparatus may determine an age of the Internet resource from the created date, and perform a remedial action in an instance in which the age of the Internet resource is less than a threshold age. Abstract; Spec ¶ 1. Independent claim 1, reproduced below with relevant claim language emphasized, illustrates the subject matter of the appealed claims: 1. An apparatus for implementation of a system for screening electronic mail messages, the apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to implement at least: a scanner configured to receive an electronic mail message, and scan the electronic mail message for a uniform resource identifier (URI) of an Internet resource embedded therein; 3 “WHOIS is a query and response protocol whereby information regarding registered domain names and their respective registrants may be accessed from one or more databases in which that information may be stored. The protocol may be implemented by server computers sometimes referred to as WHOIS servers[, which] maintain respective databases of this information.” Spec. ¶ 20. Appeal 2019-000669 Application 14/709,099 3 a WHOIS client coupled to the scanner and configured to query a WHOIS server for a created date of the Internet resource in an instance in which a URI is embedded in the electronic mail message, the WHO IS server being queried using information contained in the URI from which the Internet resource is identifiable, the WHOIS client being configured to receive a corresponding response from the WHO IS server and interpret the corresponding response for the created date of the Internet resource; and a control coupled to the WHO IS client and configured to determine an age of the Internet resource from the created date, perform a comparison of the age of the Internet resource and a threshold age, and responsive to only the comparison in an instance in which the age of the Internet resource is less than a threshold age, delete the URI from the electronic mail message, wherein the control is further configured to deliver the electronic mail message to a recipient to which the electronic mail message is addressed, the electronic mail message being delivered after deletion of the URI in the instance in which the age of the Internet resource is less than the threshold age, and without deletion of the URI in another instance in which the age of the Internet resource is greater than the threshold age. Claims 1, 2, 4, 7–9, 11, 14–16, 18, and 21–24 stand rejected under 35 U.S.C. § 103 as unpatentable over Mills (US 2009/0222917 A1; published Sept. 3, 2009), Fette et al. Learning to Detect Phishing Emails, Institute for Software Research International School of Computer Science, Carnegie Mellon University, June 2006 (“Fette”), and Adams (US 2013/0103944 A1; published Apr. 25, 2013). Final Act. 5–9.4 4 The summary of the rejection lists only claims 1, 2, 4, 7–9, 11, 14–16, 18, and 21 as being rejected by the combination of Mills, Fette, and Adams. Final Act. 5. However, the body of the rejection clarifies that claims 22–24 also are covered by the rejection. Id. at 8–9. Appeal 2019-000669 Application 14/709,099 4 Claims 3, 10, and 17 stand rejected under 35 U.S.C. § 103 as unpatentable over Mills, Fette, Adams, and Aziz (US 2011/0314546 A1; published Dec. 22, 2011). Final Act. 9. We review the appealed rejections for error based upon the issues identified by Appellant, and in light of the arguments and evidence produced thereon. Ex parte Frye, 94 USPQ2d 1072, 1075 (BPAI 2010) (precedential). THE REJECTION AND CONTENTIONS The Examiner summarizes the basis of the obviousness rejection over Miller, Fette, and Adams, as follows: Mills . . . teach[es] spam filtering, including applying rules to characteristics of incoming messages – where Mills teaches several techniques and message characteristics to analyze to ultimately determine the message is spam. The purpose of Mills’s disclosure is to ensure that a recipient receives safe and/or desirable content and to ensure the recipient does not receive suspicious and/or malicious content. Fette . . . teach[es] detecting phishing emails (“emails purporting to be from a trusted entity that attempt to deceive users into providing account or identity information, commonly known as “phishing” emails”, abstract) including scanning for a uniform resource identifier (URI) of an Internet resource embedded therein (extract features, §3.2.2); using a WHOIS client coupled to the scanner and in an instance in which a URI is embedded in the electronic mail message, configured to query a WHOIS server for a created date of the Internet resource (§3.2.2), the WHOIS server being queried using information contained in the URI from which the Internet resource is identifiable (querying WHOIS on domain name, §3.2.2); and using a control coupled to the WHOIS client and configured to determine an age of the Internet resource from the created date, compare the age of the Internet resource and a threshold age (perform a WHOIS query on each domain name that is linked to; if this date is within 60 days of the date the email was sent, the email is flagged with Appeal 2019-000669 Application 14/709,099 5 the feature of linking to a “fresh” domain) and perform a remedial action in an instance in which the age of the Internet resource is less than a threshold age (flag email, §3.2.2). The purpose of Fette’s disclosure is to ensure that a recipient receives safe and/or desirable content and to ensure the recipient does not receive suspicious and/or malicious content. Adams . . . teach[es] verifying hyperlinks in emails by a messaging gateway, where, upon detecting a phishing link in an email, the gateway generates a “clean email” by removing the hyperlinks (¶23) from the message or replaces links with a notification (¶36) in the message before delivering the message to the recipient (¶23). The purpose of Adams’s disclosure is to ensure that a recipient receives safe and/or desirable content and to ensure the recipient does not receive suspicious and/or malicious content. Ans. 3–4. In response, Appellant acknowledges that “Appellant does not question that the prior art discloses spam filtering in which rules are applied to a message.” Appeal Br. 6. Appellant instead argues that the Examiner errs in finding that the combined cited art teaches the claimed apparatus, including the control configured to at least perform a comparison of the age of the Internet resource and a threshold age, and responsive to only the comparison in an instance in which the age of the Internet resource is less than a threshold age, delete the URI from the electronic mail message. Appeal Br. 5 (emphasis added); see also Reply Br. 2 (presenting a similar argument). Appellant urges that [i]n the purported combination, the Examiner relies on Fette for using the age of an Internet resource to detect phishing emails. One may argue that Fette discloses a comparison of the age of an Internet resource and a threshold age. But Fette does not delete the URI from an email responsive to only this comparison. Fette Appeal 2019-000669 Application 14/709,099 6 in fact does not even characterize an email as a phishing email responsive to only the comparison, instead using a combination of ten features to characterize an email. Appeal Br. 5. Appellant continues this argument in the Reply Brief: Appellant acknowledges that Adams teaches use of one or more link verification techniques, but submits that using any single one of those is far different from using a single, age-based rule. . . . Also according to Fette, its feature that looks at whether an email links to a “fresh” domain only itself provides 12.49% accuracy in detecting a phishing email. [Fette 8, Table 2] (emphasis added). Thus, while one skilled in the art may use a technique expected to provide a high degree of accuracy as in Adams, it does not further stand to reason that one skilled in the art would be motivated to instead use a single rule that provides much lower accuracy. This is especially so given that Fette itself uses its “fresh” domain feature in combination with other features to achieve an overall high degree of accuracy. Reply Br. 3 “Appellant . . . question[s] the unsubstantiated finding that it was a common technique before the claimed invention to utilize a single spam rule for characterizing a message or URL.” App. Br. 6 (citing Final Act. 2–3). According to Appellant, Adams teaching use of “one or more” link verification techniques [does not] substantiate the finding that one skilled in the art would [have been] motivated to modify Mills in view of Fette and Adams to limit its applicability to only a single, age- based rule as per the claimed invention – especially knowing that it would allow a known malicious URL (i.e., “a URL that is old, but known to be malicious”), as found by the Examiner. Id. at 6–7. Appellant alleges that “[t]he Examiner has simply taken Appellant’s disclosure as a blueprint for piecing together the prior art to Appeal 2019-000669 Application 14/709,099 7 defeat patentability, without sufficient articulated reasoning with some rational underpinning to support the legal conclusion.” Id. at 8. ANALYSIS Appellant’s arguments are unpersuasive. The dispositive issue is not whether “it was a common technique before the claimed invention to utilize a single spam rule for characterizing a message or URL,” as framed by Appellant. App. Br. 6. The issue is not whether one of ordinary skill would have expected that the use of only that particular one of the cited art’s filtering rules would produce results that are as accurate as filtering based upon a combination of rules. The issue is not even whether one of ordinary skill would have found the use of only one of the disclosed rules to be satisfactory for any given filtering application. Rather, the relevant issues are whether “using a single rule, as opposed to Mills, who discloses multiple rules, would have been obvious and [whether] removal of all but one rule in the Mills-Fette-Adams combination would not have risen to the level required for non-obviousness in view of the knowledge of a skilled artisan.” Final Act. 3, cited in Appeal Br. 6. The Examiner stated that “[a] skilled artisan would have recognized that preforming only one ‘check’ on a message (or URI in a message) would be faster and easier to implement than performing a combination of checks, but would have a more limited utility.” Id. at 2. The Examiner went on to state that one of ordinary skill in the art would have been motivated to modify the cited art to scan the hyperlink and analyze the domain age of that hyperlink in an effort “ to achieve a balance between processing time and Appeal 2019-000669 Application 14/709,099 8 scope of characterization, as was known in the art.” Id. at 2–3. We find the Examiner’s analysis to be persuasive. Appellant acknowledges that it was not only obvious, but actually known to filter based on the age of the domain alone, albeit with rather unimpressive results. Reply Br. 3 (citing Fette 8, Table 2) (“[A]ccording to Fette, its feature that looks at whether an email links to a “fresh” domain only itself provides 12.49% accuracy in detecting a phishing email.”). (Emphasis omitted). Stated another way, Appellant’s arguments are not commensurate in scope with the language of claim 1. Appellant effectively argues that it would not have been obvious to filter only on the domain age alone because one of ordinary skill would have expected that filtering by this rule alone would not yield sufficiently accurate results. See generally Appeal Br. But claim 1 does not limit the performance of the claimed apparatus to any specified level of filtering accuracy. For the foregoing reasons, Appellant has not persuaded us of error in the Examiner’s obviousness rejection of independent claim 1. Accordingly, we affirm the Examiner’s rejection of that claim and of claims 2, 4, 7–9, 11, 14–16, 18, and 21–24, which Appellant does not argue separately. Appeal Br. 8; 37 C.F.R. § 41.37(c)(1)(iv). We likewise affirm the Examiner’s obviousness rejection of claims 3, 10, and 17 over Mills, Fette, Adams and Aziz. Appellant has not particularly pointed out errors in the Examiner’s reasoning regarding the additional teachings of Aziz, but merely reiterates the same arguments that are set forth in relation to independent claim 1 regarding the alleged deficiencies of claim 1. Appeal Br. 9. Appeal 2019-000669 Application 14/709,099 9 CONCLUSION In summary: TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Reference(s) Basis Claims Affirmed Reversed Mills, Fette, and Adams § 103 1, 2, 4, 7–9, 11, 14–16, 18, and 21–24 1, 2, 4, 7–9, 11, 14–16, 18, and 21–24 Mills, Fette, Adams, and Aziz § 103 3, 10, and 17 3, 10, and 17 Overall Outcome 1–4, 7–11, 14– 18, and 21–24 Copy with citationCopy as parenthetical citation