10431032 (P.T.A.B. Jan. 10, 2013)

Ex Parte Millar

Patent Trial and Appeal BoardJan 10, 2013

10431032 (P.T.A.B. Jan. 10, 2013)

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte KEITH MILLAR ____________ Appeal 2010-008217 Application 10/431,032 Technology Center 2400 ____________ Before ERIC B. CHEN, HUNG H. BUI, and MIRIAM L. QUINN, Administrative Patent Judges. QUINN, Administrative Patent Judge. DECISION ON APPEAL Appellant appeals under 35 U.S.C. § 134(a) (2002) from a final rejection of claims 1-30, all the claims pending in the application. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. Appeal 2010-008217 Application 10/431,032 2 STATEMENT OF THE CASE Appellant’s Invention According to Appellant, the invention relates to a method of assessing security of information technology and a method of developing a solution for operation on an information technology system. (App. Br. 5.) Exemplary Claim Exemplary independent claim 1 reads as follows: 1. A method of assessing security of information technology, said method comprising: accessing a list comprising a plurality of security aspects for an information technology development process at a computer system; performing a first evaluation of said list comprising said plurality of security aspects with respect to previously defined security aspects during a design phase of said development process at said computer system; selectively revising an information technology solution design during said design phase of said development process based on a result of said first evaluation at said computer system; performing a second evaluation of said list comprising said plurality of security aspects with respect to said previously defined security aspects during a test phase of said development process at said computer system; selectively detecting and correcting security problems in said information technology solution design during said test phase based on a result of said second evaluation at said computer system; Appeal 2010-008217 Application 10/431,032 3 performing a third evaluation of said list comprising said plurality of security aspects with respect to said previously defined security aspects during an implementation phase of said development process at said computer system; and selectively intervening and mitigating security problems in said information technology solution design during said implementation phase based on a result of said third evaluation at said computer system. References The prior art relied upon by the Examiner in rejecting the claims on appeal is: Bowman-Amuah US 6,256,773 B1 Jul. 3, 2001 Ginter US 5,892,900 Apr. 6, 1999 Winston W. Royce, Managing the Development of Large Software Systems in PROCEEDINGS, IEEE WESCON 1-9 (1970). The Department of Justice Systems Development Life Cycle Guidance Document (2003), http://www.usdoj.gov/jmd/irm/lifecycle/table.htm. Examiner’s Rejections (1) Claims 1-30 stand rejected under 35 U.S.C. § 102(e) as being anticipated by Bowman-Amuah. (Ans. 3-8.) (2) Claims 1-30 stand rejected, in the alternative to (1) above, under 35 U.S.C. § 103(a) as being unpatentable over Bowman-Amuah and Ginter. (Ans. 3-8.) Appeal 2010-008217 Application 10/431,032 4 APPELLANT’S CONTENTIONS 1. Rejection under 35 U.S.C. § 102(e) Appellant contends that the Examiner erred in rejecting claim 1 because Bowman-Amuah fails to disclose “accessing a list comprising a plurality of security aspects for an information technology development process at a computer system” because Bowman-Amuah does not disclose, expressly or inherently, the recited “list.” (App. Br. 9-16.) 2. Rejection under 35 U.S.C. § 103(a) Appellant contends the Examiner erred in rejecting claim 1 because Ginter does not teach, describe or suggest “accessing a list,” and because Ginter teaches away from “accessing a list,” as recited. (App. Br. 17-18.) ISSUE Based on Appellant’s arguments, the dispositive issue on appeal is whether the Examiner has erred in rejecting claims 1-30 under 35 U.S.C. §102(e) as being anticipated by Bowman-Amuah. (App. Br. 9-15.) In particular, the issue turns on whether Bowman-Amuah discloses or suggests “accessing a list comprising a plurality of security aspects for an information technology development process at a computer system” as recited in claims 1 and 16. ANALYSIS We have reviewed the Examiner’s rejections in light of Appellant’s contentions that the Examiner has erred. Further, we have reviewed the Examiner’s response to Appellant’s arguments. Appeal 2010-008217 Application 10/431,032 5 Concerning the first contention, we do not agree with Appellant. Appellant argues that the Examiner’s reliance in Bowman-Amuah as teaching, describing, or suggesting the recited “list” is in error because “Bowman-Amuah mentions no list of any sort in relation to security or in relation to ‘security controls’ [] or for that matter anywhere within Bowman- Amuah.” (App. Br. 10-11.) The Examiner points out that Bowman-Amuah states that security requirements are “defined,” and as such they must be listed. (Ans. 4, 9.) First, we decide the meaning of the term “list.” We note that, in the specification, Appellant does not define the term “list.” We thus construe the term according to its plain and ordinary meaning, giving it the broadest reasonable interpretation consistent with the specification. As evidence of that interpretation, one definition of “list” is “a simple series of words or numerals.” WEBSTER’S THIRD NEW INTERNATIONAL DICTIONARY, UNABRIDGED (1993). We adopt that definition. Guided by that definition, we note that Bowman-Amuah, in the section describing “Security Management,” provides a series of processes to put into place “to ensure security is properly designed and built,” namely:  Definition of security requirements based on business risk,  Development of security standards, guidelines and procedures,  Implementation of security controls,  Security validation, and  Security Requirement Definition. Bowan-Amuah, col. 17, lines 49-57. The Examiner found that in describing the definition of the security requirements, first item in the list above, Bowman-Amuah defined the claimed “security aspects.” (Ans. 11.) For Appeal 2010-008217 Application 10/431,032 6 example, the Examiner found that Bowman-Amuah discloses the recited “security aspects” as specific “confidentiality, integrity, and availability requirements.” (Ans. 11 (citing Bowman-Amuah, col. 17, line 56 – col. 18, line 13.)) We agree with the Examiner’s finding that Bowman-Amuah discloses the claimed “security aspects.” In particular, the Examiner reasoned that Bowman-Amuah “does not explicitly disclose that the security aspects (i.e. ‘security controls’) are enumerated in a list in those exact words,” but that, nevertheless, “some enumeration (i.e. ‘listing’) of those security controls” must be present “if it is to be possible to follow the security controls.” (Ans. 4.) Appellant argues that defining the “confidentiality, integrity and availability requirements” in Bowman-Amuah is not equivalent to, either explicitly or inherently, to the recited “list.” (App. Br. 12.) Appellant proffers that the Examiner’s assertions to the contrary are “suggestions” – not implicit or inherent teachings – and constitute mere “conjecture.” (App. Br. 13-14.) Appellant also argues that Bowman-Amuah discloses other “lists,” such as the list of examples of redundant tasks to be eliminated, but not a “list of security aspects.” (App. Br. 14-15.) We are not persuaded. Appellant’s arguments do not show the error in the Examiner’s finding that Bowman-Amuah discloses “a list.” The Examiner finds that “the list of security requirements that are defined must necessarily be accessed and evaluated.” (Ans. 9 (emphasis in original).) Considering our construction of the claim term “list,” we are persuaded by the Examiner’s finding that Bowman-Amuah necessarily makes use of a “list,” as recited, and, thus, the limitation is inherently disclosed therein. Being unpersuaded Appeal 2010-008217 Application 10/431,032 7 by Appellant’s argument and based on the Examiner’s findings, we sustain the Examiner’s rejection of claim 1 under 35 U.S.C. §102(e). We further note that Bowman-Amuah discloses broadly the security requirements in a series commensurate with the scope of the claim. For example, the sentence where Bowman-Amuah describes the definition of confidentiality and integrity constitutes a series of security aspects in accordance with our construction of the term “list.” We, therefore, do not agree with Appellant’s argument that Bowman-Amuah “mentions no list of any sort in relation to security or in relation to ‘security controls’.” (App. Br. 10-11.) For the reasons as set forth, we sustain the Examiner’s rejection of claims 1 and 16 under 35 U.S.C. § 102(e). Dependent claims 2-15 and 17- 30 depend from claims 1 and 16, respectively. Therefore, we also sustain the rejection of those dependent claims for the same reasons discussed with respect to the independent claims 1 and 16. CONCLUSION On the record before us, we conclude that the Examiner did not err in rejecting claims 1-30 under 35 U.S.C. § 102(e). Having decided to sustain the Examiner’s rejection under 35 U.S.C. § 102(e), we need not reach the alternative grounds of rejection under 35 U.S.C. § 103(a). DECISION We affirm the Examiner’s decision to reject claims 1-30 under 35 U.S.C. § 102(e). Appeal 2010-008217 Application 10/431,032 8 No time for taking any action connected with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(1)(iv) (2012). AFFIRMED tj