Ex Parte Norman et alDownload PDFBoard of Patent Appeals and InterferencesFeb 13, 201210287125 (B.P.A.I. Feb. 13, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte ANDREW PATRICK NORMAN, JOHN MELVIN BRAWN, JOHN P. SCRIMSHER, and JONATHAN GRIFFIN ____________ Appeal 2009-013185 Application 10/287,125 Technology Center 2400 ____________ Before MAHSHID D. SAADAT, ALLEN R. MacDONALD, and GREGORY J. GONSALVES, Administrative Patent Judges. GONSALVES, Administrative Patent Judge. DECISION ON APPEAL Appeal 2009-013185 Application 10/287,125 2 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from the final rejection of claims 1-2, 4-23, and 25-29. (App. Br. 2.) Claims 3 and 24 were cancelled. (Id.) We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. The Invention Exemplary claim 1 follows: 1. A method of identifying a software vulnerability on a computer system having software stored thereon, the computer system being connected to a management system over a computer network, the method comprising: selecting one or more computer systems to be scanned for a software vulnerability; applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that a software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system having the software vulnerability; and sending the management information to the management system, wherein the interrogation program is further arranged to remediate the known software vulnerability in response to it being identified. Appeal 2009-013185 Application 10/287,125 3 Exemplary claim 19 follows: 19. A computer program stored on a computer usable medium, the computer program comprising computer-readable instructions arranged to operate under the control of a processing means so as to identify a software vulnerability on a computer system, the computer program performing the steps of: selecting one or more computer systems to be scanned for a software vulnerability; applying an interrogation program to software stored on the computer system, the interrogation program begin capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; and in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived at least the identification of the computer system on which the software vulnerability was exploited, the computer program being capable of sending the generated management information over a computer network, wherein the interrogation program is further arranged to remediate the known software vulnerability in response to it being identified. The Rejection The Examiner rejected claims 1, 2, 4-23, and 25-29 under 35 U.S.C. § 102(b) as being anticipated by Gaul (U.S. 2001/0034847 A1). (Ans. 3-24.) Appeal 2009-013185 Application 10/287,125 4 ISSUES Appellants’ responses to the Examiner’s positions present the following issues: 1. Did the Examiner establish that Gaul discloses a computer program having an interrogation program that “remediates the known software vulnerability in response to it being identified,” as recited in independent claim 19 and as similarly recited in independent claims 20, 26, and 27? 2. Did the Examiner establish that Gaul discloses a method of identifying a software vulnerability comprising the steps recited in claim 1, and similarly recited in claims 4 and 18? ANALYSIS Issue 1 – The Anticipation Rejection of Claims 19-29 The Examiner reasons that Gaul discloses an interrogation program that remediates a software vulnerability, as required by independent claims 19, 20, 26, and 27, because it mentions corrective actions and verification of the corrective actions. (Ans. 15.) As explained by Appellants, however, the “corrective action [in Gaul] is not disclosed to be performed … by an interrogation program. Rather, Gaul discloses that an informed decision may be made by a user in response to receiving the report.” (App. Br. 9-10, citing Gaul, ¶¶ 0074 and 0116.) Thus, we do not sustain the Examiner’s anticipation rejection of independent claims 19, 20, 26, and 27 as well as the claims that depend therefrom (i.e., claims 21-25 and 28-29). Appeal 2009-013185 Application 10/287,125 5 Issue 2 – The Anticipation Rejection of Claims 1-18 Appellants similarly argue that claim 1 is not anticipated because the “corrective action is not disclosed [in Gaul] to be performed … by an interrogation program.” (App. Br. 10.) Unlike claims 19-29, however, claims 1-18 are method claims. Thus, claims 1-18 merely require corrective action to be performed along with other steps. And according to Appellants’ understanding of Gaul, corrective action is performed by a user. (App. Br. 9-10.) In other words, Appellants may not distinguish their method claims from Gaul on the basis that Gaul does not disclose a component of an apparatus (e.g., an interrogation program) that is mentioned in the claims. Thus, we sustain the Examiner’s rejection of claims 1-18. DECISION We affirm the Examiner’s decision rejecting claims 1-18 and reverse the Examiner’s decision rejecting claims 19-29. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART ELD Copy with citationCopy as parenthetical citation