Cisco Technology, Inc.Download PDFPatent Trials and Appeals BoardDec 29, 20212020006075 (P.T.A.B. Dec. 29, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/215,023 07/20/2016 Derrick Pallas 543222(1004012-US.01) 6141 115932 7590 12/29/2021 Cisco Technology, Inc. c/o Polsinelli PC PO Box 140310 Kansas City, MO 64114-0310 EXAMINER MALINOWSKI, WALTER J ART UNIT PAPER NUMBER 2439 NOTIFICATION DATE DELIVERY MODE 12/29/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): CiscoMail@polsinelli.com patentdocketing@polsinelli.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE _______________ BEFORE THE PATENT TRIAL AND APPEAL BOARD _______________ Ex parte DERRICK PALLAS and MATTHEW LANDRY _______________ Appeal 2020-006075 Application 15/215,023 Technology Center 2400 _______________ Before JAMES B. ARPIN, HUNG H. BUI, and SCOTT RAEVSKY, Administrative Patent Judges. BUI, Administrative Patent Judge. DECISION ON APPEAL Appellant1 seeks our review under 35 U.S.C. § 134(a) from the Examiner’s Final rejection of claims 1–20, all the pending claims. Appeal Br. 9–15 (Claims App.). We have jurisdiction under 35 U.S.C. § 6(b). We affirm.2 1 Appellant refers to “applicant(s)” as defined in 37 C.F.R. § 1.42. Appellant identifies the real party in interest as Cisco Technology Inc. Appeal Br. 2. 2 Our Decision refers to Appellant’s Appeal Brief filed May 14, 2020 (“Appeal Br.”); Reply Brief filed August 24, 2020 (“Reply Br.”); Examiner’s Answer mailed June 22, 2020 (“Ans.”); Final Office Action mailed January 17, 2020 (“Final Act.”); and original Specification filed July 20, 2016 (“Spec.”). Appeal 2020-006075 Application 15/215,023 2 STATEMENT OF THE CASE Appellant’s claimed invention relates to “efficiently detecting when a rogue device has connected to the network and accurately identifying which wired port on the network is connected to the rogue device [shown in Figures 1A–1B].” Spec. ¶ 20. Figure 1A, depicting a network environment for rogue device detection and port identification, is reproduced below with our annotations for illustration: Figure 1A depicts network 100 including one or more controller(s) 102–104, one or more network devices 106 each including one or more switches 108– 112 to enable client devices (e.g., smart phones, laptops, desktops, access points, etc.) to connect to network 110, via wired or wireless connection, and, more importantly, detect when unauthorized rogue devices 152–154 have connected to network 100 and identify which specific port of switch Appeal 2020-006075 Application 15/215,023 3 112 on network 100 is connected to rogue devices 152–154. Id. ¶¶ 21, 29– 36. For example, if the administrator can detect the specific port which the rogue device 152 has connected to on the switch 112, the administrator may be able to disconnect that particular port and/or apply a particular security policy to that port to prevent or limit access by the rogue devices 152, 154 to the network 100, without also affecting the other ports on the switch 112 — and consequently any of devices connected to the network 100 and switch 112 through those ports. Id. ¶ 36. As shown in Figure 1, controller 102 can send a specific, predetermined traffic pattern to rogue device 152 and determine if the traffic pattern associated with signals received from rogue device 152 are consistent with the predetermined traffic pattern (e.g., match or meet a threshold similarity) to infer if rogue device 152 is unauthorized. Id. ¶ 45. According to Appellant, traffic patterns may include “the duty cycle, the time intervals, the type of packets/traffic, the sequence of traffic, the behavior or characteristics of the traffic (e.g., bursting behavior, protocols, data size, etc.), and so forth.” Id. ¶ 55 (emphasis added). Claims 1, 13, and 17 are independent. Claim 1 is representative, as reproduced below with disputed limitations emphasized: 1. A method comprising: determining a wireless device has connected to one of a plurality of ports on a network device associated with a network; determining which of the plurality of ports on the network device is connected to the wireless device by: determining one or more predetermined traffic patterns to be transmitted by the network device via one or more of the plurality of ports; determining one or more traffic patterns transmitted by the wireless device; Appeal 2020-006075 Application 15/215,023 4 determining the one or more traffic patterns transmitted by the wireless device has a threshold degree of similarity to a matching traffic pattern from the one or more predetermined traffic patterns, to yield a traffic pattern match, the threshold degree of similarity including matching traffic patterns and similar traffic patterns, the similar traffic patterns including variable degrees of similarity and variable confidence levels based on the variable degrees of similarity; based on the traffic pattern match, determining a port from the plurality of ports is associated with the matching traffic pattern is connected to the wireless device, to yield an identified port; and selecting a port policy to be applied to the identified port. Appeal Br. 9 (Claims App.). REJECTIONS AND REFERENCES (1) Claims 1, 10–13, 16–18, and 20 stand rejected under 35 U.S.C. § 103 as obvious over the combined teachings of Atreya et al. (US 2014/0334317 A1; published Nov. 13, 2014; “Atreya”), Bratspiess et al. (US 2016/0173511 A1; published June 16, 2016; “Bratspiess”), and Venable (US 2011/0271319 A1; published Nov. 3, 2011). Final Act. 7–21. (2) Claims 2, 3, 9, 14, 15, and 19 stand rejected under 35 U.S.C. § 103 as obvious over the combined teachings of Atreya, Bratspiess, Venable, and Beskrovny et al. (US 8,645,984 B1; issued Feb. 4, 2014; “Beskrovny”). Final Act. 21–32. (3) Claims 4–8 stand rejected under 35 U.S.C. § 103 as obvious over the combined teachings of Atreya, Bratspiess, Venable, Beskrovny, and Conner et al. (US 2009/0249096 A1; published Oct. 1, 2009; “Conner”). Final Act. 32–36. Appeal 2020-006075 Application 15/215,023 5 ANALYSIS In support of the obviousness rejection, the Examiner finds the combination of Atreya, Bratspiess, and Venable teaches or suggests all of the limitations of Appellant’s claim 1. Final Act. 7–10 (citing Atreya ¶¶ 8, 30–34; Bratspiess ¶¶ 10–11; and Venable ¶ 1). Of particular relevance, the Examiner finds Atreya teaches most limitations of Appellant’s claimed “method” for “determining a wireless device has connected to one of a plurality of ports on a network device associated with a network” and “determining which of the plurality of ports on the network device is connected to the wireless device” by way of “one or more traffic patterns,” including the disputed limitation: determining the one or more traffic patterns transmitted by the wireless device has a threshold degree of similarity to a matching traffic pattern from the one or more predetermined traffic patterns, to yield a traffic pattern match, the threshold degree of similarity including matching traffic patterns and similar traffic patterns. Id. at 7–9 (citing Atreya ¶¶ 8, 30–34). Appeal 2020-006075 Application 15/215,023 6 Atreya teaches a rogue access point (AP) detection process in wireless network 100, shown in Figure 2, as reproduced below: Atreya’s Figure 2 depicts example network provided with wireless intrusion detection and prevention capabilities to detect a rogue device (e.g., Rogue AP 214) by way of injecting a specific type of packets/traffic, i.e., “signature frames” into the wired network and then scanning traffic in various parts of the wired network. Atreya ¶¶ 14–18, 30–34. According to Atreya, [t]he signature frame contains a pattern of data that is known to the authorized APs, which are configured to not bridge the signature frame to the air . . . . Because the rogue AP has not been configured to recognize the signature frames, the rogue AP will not prevent the signature frame from being transmitted wirelessly.” Atreya ¶¶ 30, 31. The Examiner relies upon (1) Bratspiess to teach “selecting a port policy to be applied to the identified port” and (2) Venable to teach “the Appeal 2020-006075 Application 15/215,023 7 similar traffic patterns including variable degrees of similarity and variable confidence levels based on the variable degrees of similarity,” which the Examiner acknowledges are not taught by Atreya, in order to support the conclusion of obviousness. Final Act. 4–5 (citing Bratspiess ¶¶ 10–11, Venable ¶ 1). Appellant does not dispute the Examiner’s findings regarding Bratspiess’ and Venable’s teachings. Nor does Appellant challenge the Examiner’s rationale for combining the teachings of Atreya, Bratspiess, and Venable. Instead, Appellant contends Atreya does not teach or suggest the disputed limitation: determining the one or more traffic patterns transmitted by the wireless device has a threshold degree of similarity to a matching traffic pattern from the one or more predetermined traffic patterns, to yield a traffic pattern match, the threshold degree of similarity including matching traffic patterns and similar traffic patterns, the similar traffic patterns including variable degrees of similarity and variable confidence levels based on the variable degrees of similarity. Appeal Br. 6–7. Appellant argues, “Atreya is limited to simply matching ‘a pattern of data that is known,’ and is not concerned with similarities” because [m]atching a pattern is not the same as “determining . . . a threshold degree of similarity to a matching traffic pattern from the one or more predetermined traffic patterns, to yield a traffic pattern match, the threshold degree of similarity including matching traffic patterns and similar traffic patterns, the similar traffic patterns including variable degrees of similarity and variable confidence levels based on the variable degrees of similarity,” as recited in independent claims 1, 13, and 17 (emphasis in original). Appeal Br. 6; Reply Br. 1–2. According to Appellant, Appeal 2020-006075 Application 15/215,023 8 Atreya’s matches do not reasonably include a “threshold degree of similarity including matching traffic patterns and similar traffic patterns, the similar traffic patterns including variable degrees of similarity and variable confidence levels based on the variable degrees of similarity” per independent claims 1, 13, and 17. Indeed, Atreya’s signature frame matching process is binary, and Atreya’s matching signature frames do not include both matching signature frames and similar signature frames. Reply Br. 2. Appellant also contends that, as secondary references, neither Bratspiess nor Venable remedies the noted deficiencies of Atreya to achieve Appellant’s claimed methods. Appeal Br. 6–7. Appellant’s contentions are not persuasive of Examiner error. Instead, we find the Examiner’s findings, including the Examiner’s responses to Appellant’s contentions, are supported by a preponderance of the evidence on this record. Ans. 3–10. As such, we adopt the Examiner’s findings provided therein. Id. For additional emphasis, we note that claim terms, during examination, are given their broadest reasonable interpretation consistent with the specification. In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). Under the broadest reasonable interpretation, claim terms are given their ordinary and customary meaning, as would be understood by one of ordinary skill in the art in the context of the entire disclosure. In re Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). Here, the Specification broadly describes the term “one or more traffic patterns” in the context of detecting whether rogue devices 152–154 are connected to network device 106 or switch 112, as shown in Figure 2. For example, the Specification describes that controller 102 sends “a specific, predetermined traffic pattern” to rogue device 152, via ports of switch 112, Appeal 2020-006075 Application 15/215,023 9 and receives one or more signals (e.g., wireless traffic) transmitted from rogue device 152 to determine if there is a traffic pattern match, i.e., if rogue device 152 is an authorized device. Spec. ¶¶ 44–45. According to the Specification, the traffic patterns may include, for example: (1) the unique duty cycle, (2) the time intervals, (3) the type of packets, (4) the sequence of traffic, and (5) the behavior or characteristics of traffic. Id. ¶¶ 53, 68, 72. In particular, the Specification describes the use of a specific type of packets/frames to send to rogue device 152 to determine whether rogue device 152 is authorized. Id. ¶¶ 40, 72. Based on the Specification’s disclosure and the “general knowledge” of an ordinarily skilled artisan, we agree with the Examiner that Appellant’s recited step of “determining the one or more traffic patterns transmitted by the wireless device has a threshold degree of similarity to a matching traffic pattern from the one or more predetermined traffic patterns, to yield a traffic pattern match” is broadly, but reasonably, interpreted to encompass Atreya’s sending a specific type of packets/traffic, i.e., “signature frames” into the wired network and then scanning traffic in various parts of the wired network for matching purposes. Ans. 5–6 (citing Atreya ¶¶ 8, 29–34). The test for obviousness is not whether the claimed invention is expressly disclosed in the references, but whether the claimed subject matter would have been obvious to those of ordinary skill in the art in light of the combined teachings of those references. In re Keller, 642 F.2d 413, 425 (CCPA 1981). In an obviousness analysis, it is not necessary to find precise disclosure directed to the specific subject matter claimed because inferences and creative steps that a person of ordinary skill in the art would employ can be taken into account. See KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 Appeal 2020-006075 Application 15/215,023 10 (2007). In this regard, “[a] person of ordinary skill is also a person of ordinary creativity, not an automaton.” Id. at 421. As the U.S. Supreme Court has stated, obviousness requires an “expansive and flexible” approach that asks whether the claimed improvement is more than a “predictable variation” of “prior art elements according to their established functions.” Id. at 415, 417. Here, in contrast to that approach, Appellant’s contentions rigidly focus on a narrow reading of individual references, including Atreya, Bratspiess, and Venable, without taking full account of an ordinarily skilled artisan’s “knowledge, creativity, and common sense.” Randall Mfg. v. Rea, 733 F.3d 1355, 1362 (Fed. Cir. 2013). Here, a person skilled in the art would have the “knowledge, creativity, and common sense” to recognize that Atreya’s use of “signature frames” is only one example subset of packets/traffic used to determine whether a wireless device connected to a network is authorized or unauthorized. Other types of traffic irregularities or deviations also may include, for example, (1) Bratspiess ¶¶ 10–11 (“detecting a deviation of traffic of the network passing through a port of the ports from said baseline profile”) and (2) Venable ¶ 1 (“traffic fingerprinting analysis . . . to identify clientless or unmnagement assets (e.g., endpoint devices) in a network with varying degrees of confidence and estimation.”). As a secondary reference, Venable is relied upon to teach “the similar traffic patterns including variable degrees of similarity and variable confidence levels based on the variable degrees of similarity.” Final Act. 10 (citing Venable ¶ 1); Ans. 4–5. Appeal 2020-006075 Application 15/215,023 11 For these reasons, Appellant does not persuade us of Examiner error. Accordingly, we sustain the Examiner’s rejection of independent claims 1, 13, and 17 as obvious over the combination of Atreya, Bratspiess, and Venable and of their dependent claims, which are not argued separately. CONCLUSION On this record, Appellant does not show the Examiner errs in rejecting: (1) claims 1, 10–13, 16–18, and 20 as obvious over the combined teachings of Atreya, Bratspiess, and Venable; (2) claims 2, 3, 9, 14, 15, and 19 as obvious over the combined teachings of Atreya, Bratspiess, Venable, and Beskrovny; or (3) claims 4–8 as obvious over the combined teachings of Atreya, Bratspiess, Venable, Beskrovny, and Conner. DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1, 10–13, 16–18, 20 103 Atreya, Bratspiess, Venable 1, 10–13, 16–18, 20 2, 3, 9, 14, 15, 19 103 Atreya, Bratspiess, Venable, Beskrovny 2, 3, 9, 14, 15, 19 4–8 103 Atreya, Bratspiess, Venable, Beskrovny, Conner 4–8 Overall Outcome: 1–20 Appeal 2020-006075 Application 15/215,023 12 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). See 37 C.F.R. § 1.136(a)(1)(iv) (2019). AFFIRMED Copy with citationCopy as parenthetical citation
