14320582 - (D) (P.T.A.B. Feb. 14, 2020)

Azeem Feroz et al.

Patent Trials and Appeals BoardFeb 14, 2020

14320582 - (D) (P.T.A.B. Feb. 14, 2020)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/320,582 06/30/2014 Azeem Feroz N162.06 (B839.06) (P0286) 1063 109858 7590 02/14/2020 ADELI LLP 11859 Wilshire Blvd. Suite 408 Los Angeles, CA 90025 EXAMINER CAREY, FORREST L ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 02/14/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com mail@adelillp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte AZEEM FEROZ, KIRAN KUMAR THOTA, and JAMES C. WIESE ____________________ Appeal 2018-007782 Application 14/320,582 Technology Center 2400 ____________________ Before JOHNNY A. KUMAR, LINZY T. McCARTNEY, and MATTHEW J. McNEILL, Administrative Patent Judges. KUMAR, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1, 8, 11–12, 17, 27, 29–34, 36–43. Appeal Br. 2. Claims 2–7, 9–10, 13–16, 18–26, 28, 35 have been cancelled (Final Act. 2). We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 Appellant identifies the real party in interest as Nicira, Inc. Appeal Br. 2. Appeal 2018-007782 Application 14/320,582 2 CLAIMED SUBJECT MATTER Claims 1 and 11 are illustrative of the claimed subject matter: 1. A method of providing encryption services on a computer which executes a plurality of software machines including first and second machines, the method comprising: defining at least one encryption group that comprises a set of machines that transmit unencrypted data messages that need to be encrypted; at the computer: receiving information about a dynamically detected event that relates to the first machine from an introspection agent installed on the first machine; based on the received information, dynamically adding the second machine as a member of the encryption group; based on the addition of the second machine to the encryption group, generating an encryption rule to specify that unencrypted data messages transmitted by the second machine to a machine operating outside of the computer have to be encrypted, wherein before adding the second machine to the encryption group, no encryption rule enforced outside of the second machine specified that unencrypted data messages transmitted by the second machine to the machine operating outside of the computer had to be encrypted; and based on the generated rule, encrypting unencrypted data messages transmitted by the second machine. 11. The method of claim 1, wherein the received information is used to determine that the first machine is infected with malware. Appeal 2018-007782 Application 14/320,582 3 REFERENCES2 The prior art relied upon by the Examiner is3: Name Reference Date Chopra US 2014/0226820 A1 Aug. 14, 2014 Baliga US 2012/0331545 A1 Dec. 27, 2012 Bhalero US 2015/0150073 A1 May 28, 2015 REJECTION4 The Examiner rejects claims 1, 8, 11–12, 17, 27, 29–34, 36–43, under 35 U.S.C. § 103 as being unpatentable over the combination of Chopra, Baliga, and Bhalerao. Final Act. 5–16. Appellant argues separate patentability for claims 1, 11, 17, and 37. Appellant does not present separate arguments for claims 8, 12, 27, 29–34, 36, and 38–43. We select claims 1 and 11 as the representative claims for this rejection. Except for our ultimate decision, we do not address claims 8, 12, 27, 29–34, 36, and 38–43 further herein. 2 All citations herein to patent and pre-grant publication references are by reference to the first named inventor only. 3 For convenience, we refer to all 35 U.S.C. § 103(a) rejections herein as rejections under 35 U.S.C. § 103. 4 The 35 U.S.C. § 101 and the 35 U.S.C. § 112(b) rejections have been withdrawn by the Examiner. Advisory Act. 2. Appeal 2018-007782 Application 14/320,582 4 OPINION We have reviewed the Examiner’s rejections in light of Appellant’s Appeal Brief and Reply Brief arguments. Appellant raises the following argument in contending that the Examiner erred in rejecting claim 1 under 35 U.S.C. § 103. Baliga discloses a virtual private mobile network that can be created to “process and/or route unsecure, suspect, and/or otherwise high risk communications.” See, e.g., , ¶ ¶ 18, 32, and 40. The Office Action identifies elements 108-112 in Figure 1 (reproduced above) as using “security rules to identify problematic communications.” Office Action, page 6. However, the cited paragraphs make it clear that the problematic communications originate from mobile device 106 and not from network elements 108-112. See, e.g., ¶ 38 (“To determine which communications from, for example, the mobile device 106 are potentially problematic..., the example VPMN controller 116 of FIG. 1 includes a security processor 130.”). Monitoring communications from mobile device 106 at separate physical devices (i.e., network elements 108-112) to detect suspect events is not relevant to a limitation that recites receiving information about a dynamically detected event that relates to the first machine from an introspection agent installed on the first machine. Thus, the references–individually, and in their combination–fail to disclose or suggest the limitation of receiving information about a dynamically detected event that relates to the first machine from an introspection agent installed on the first machine. Appeal Br. 9–10. We are unpersuaded by Appellant’s argument. The Specification describes introspection as follows: To perform guest introspection, the hypervisor in some embodiments communicates with a thin introspecting Appeal 2018-007782 Application 14/320,582 5 agent that is deployed on each GVM. The thin introspecting agent has a network introspection module that in some embodiments is called by the TCP/IP stack each time the stack processes a new connection request. Through these calls, the network introspection module captures (1) every new connection request (e.g., both incoming and outgoing connection requests) and (2) contextual information (e.g., user identity and application context) for the new connections. In some embodiments, the thin introspecting agent includes other introspection modules that gather other introspection data. Spec. 4, ¶ 12. Thus, the claimed introspection agent relates to a module that includes new connection requests. The Examiner finds, and we agree: As Appellant has noted above, Baliga discloses a virtual private mobile network that can be created to “process and/or route unsecure, suspect, and/or otherwise high risk communications.” (paragraphs 18, 32, and 40). Baliga further discloses elements 108-112 in Figure 1 (reproduced above) as using “security rules to identify problematic communications” (paragraphs 38-40). The events, e.g. security events (paragraph 40), therefore “relate to” the network elements, as well as the mobile device 106. Information “about” the event could be seen as the information about the security event which is broadcast by the network elements 108-112 (paragraph 40), or even the problematic communication itself which was detected to be a security event by being matched to a profile by a security processor (paragraph 100). Introspection refers to “looking within”. Information provided by an agent installed in a machine originates from within the machine, i.e. an “introspection agent”. Therefore, any of the network elements 108-112 or the mobile device 106 could be seen as the first machine, and the processors, controllers, or other software contained Appeal 2018-007782 Application 14/320,582 6 therein (e.g. paragraph 26-31) can be seen as the claimed introspection agent. Therefore, Baliga teaches receiving information about a dynamically detected event that relates to the first machine from an introspection agent installed on the first machine. Examiner’s Ans. 9–10. In other words, the Examiner finds, and we agree, Baliga’s “processors, controllers, or other software” that detect problematic communication correspond to the claimed introspection agent that gathers new connection requests. Also, Appellant raises the following argument in contending that the Examiner erred in rejecting claim 1 under 35 U.S.C. § 103. Baliga describe[s] that a “VPMN controller 116 receives requests from network elements 108-112 to create a VPMN (e.g., a security VPMN) to isolate potentially problematic communications... originating from...the mobile device 106,” ¶ 32 (emphasis added), and that “a VPMN that detected the security event communicatively couples the mobile device 106 to the security VPMN,” ¶ 41 (emphasis added). Baliga clearly discloses that the machine added to the VPMN based on the dynamically detected event is the machine related to the dynamically detected event and not a second machine. Thus, the references-individually, and in their combination fail to disclose or suggest the limitation that based on the received information, a second machine is dynamically added as a member of the encryption group. Appeal Br. 10–11. We note that the Examiner finds: there is nothing in the claim to indicate that the dynamically detected event does not relate to the second machine, or that the first machine is not added to the Appeal 2018-007782 Application 14/320,582 7 group as well. Baliga teaches that a network element detects a security event in a problematic communication originating from the mobile device (paragraph 40). The event therefore relates to at least the network element which detected it, and the originating mobile device. As a result of the detection, any of the mobile device 106 and/or network elements 108-112 have the security VPMN provisioned (paragraph 41). As discussed above, since the dynamically detected event relates to multiple elements/machines, any of these can be seen as the first machine, such as the mobile device 106 or network element 108. Therefore, any other element can be considered to be the second machine which is added to the VPMN with the first machine. Examiner’s Ans. 11. We are unpersuaded by Appellant’s argument. We agree with the Examiner that “any other element can be considered to be the second machine which is added to the VPMN with the first machine.” (Examiner’s Ans. 11). Further, Appellant argues the Examiner uses impermissible hindsight. Appeal Br. 11–12. We are cognizant that our reviewing courts have not established a bright-line test for hindsight. In KSR International Co. v. Teleflex, Inc., 550 U.S. 398 (2007), the Supreme Court guides that “[a] factfinder should be aware, of course, of the distortion caused by hindsight bias and must be cautious of argument reliant upon ex post reasoning.” KSR, 550 U.S. at 421 (citing Graham v. John Deere Co. of Kansas City, 383 U.S. 1, 36 (1966)). Nevertheless, the Supreme Court qualified the issue of hindsight by stating, “[r]igid preventative rules that deny factfinders recourse to common sense, Appeal 2018-007782 Application 14/320,582 8 however, are neither necessary under our case law nor consistent with it.” Id. In reviewing the record here, we find Appellant has not identified any knowledge relied upon by the Examiner that was gleaned only from Appellant’s disclosure and that was not otherwise within the level of ordinary skill in the art at the time of invention. See In re McLaughlin, 443 F.2d 1392, 1395 (CCPA 1971). Moreover, Appellant has not provided persuasive evidence that combining the respective teachings of the references (as proffered by the Examiner — Final Act. 5–7) would have been “uniquely challenging or difficult for one of ordinary skill in the art,” or that such a combination would have “represented an unobvious step over the prior art.” Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007). Nor has the Appellant provided any objective evidence of secondary considerations, which our reviewing court guides “operates as a beneficial check on hindsight.” Cheese Sys., Inc. v. Tetra Pak Cheese & Powder Sys., Inc., 725 F.3d 1341, 1352 (Fed. Cir. 2013). Appellant raises the following argument in contending that the Examiner erred in rejecting dependent claim 11 under 35 U.S.C. § 103. Claims 11 and 37 recite that the received information is used to determine that the first machine is infected with malware and are patentable under 35 U.S.C. § 103(a) over Chopra, Baliga, and Bhalerao. In rejecting this limitation, the Office Action cites to portions of Baliga (¶¶ 38-40). The cited portions of Baliga relate to network elements monitoring traffic passing through the network elements to determine if any communications represent “potentially problematic communications.” ¶ 40. There is no disclosure of Appeal 2018-007782 Application 14/320,582 9 determining that the mobile device from which the communications originates is infected with malware. Thus, the Office Action has failed to adequately address the limitation that the received information is used to determine that the first machine is infected with malware. Appeal Br. 13 (emphasis added). In response, the Examiner finds, and we agree: Baliga teaches determining identification of a virus in a communication and a list of identifiers and/or addresses known to be associated with the virus (paragraph 68), and detecting malicious applications on the mobile device (paragraph 58). Therefore, in the case that the mobile device is considered the first machine, Baliga teaches determining that the first machine contains malware. Examiner’s Ans. 14. We have considered Appellant’s arguments in the Reply Brief, but find them unpersuasive to rebut the Examiner’s responses. Appeal 2018-007782 Application 14/320,582 10 CONCLUSION The Examiner has not erred in rejecting 1, 8, 11–12, 17, 27, 29–34, 36–43 as being unpatentable under 35 U.S.C. § 103. The Examiner’s rejections of claims 1, 8, 11–12, 17, 27, 29–34, 36–43 as being unpatentable under 35 U.S.C. § 103 are affirmed. DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1, 8, 11–12, 17, 27, 29– 34, 36–43 103 Chopra, Baliga, Bhalero 1, 8, 11–12, 17, 27, 29– 34, 36–43 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED