13213595 (P.T.A.B. Jun. 26, 2018)

Ex Parte ALY et al

Patent Trial and Appeal BoardJun 26, 2018

13213595 (P.T.A.B. Jun. 26, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 13/213,595 08/19/2011 HOSAMALY 73109 7590 06/28/2018 Cuenot, Forsythe & Kim, LLC 20283 State Road 7 Ste. 300 Boca Raton, FL 33498 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. CA920100030US1_8150-0108 8566 EXAMINER W ALIULLAH, MOHAMMED ART UNIT PAPER NUMBER 2498 NOTIFICATION DATE DELIVERY MODE 06/28/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): ibmptomail@iplawpro.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte HOSAM ALY, CRAIG R. CONBOY, IOSIF V. ONUT, and GUY PODJARNY Appeal2017-011790 Application 13/213,595 1 Technology Center 2400 Before JASON V. MORGAN, JOSEPH P. LENTIVECH, and DAVID J. CUTITTA II, Administrative Patent Judges. CUTITT A, Administrative Patent Judge. DECISION ON APPEAL This is an appeal under 35 U.S.C. Â§ 134(a) from the Examiner's decision rejecting claims 35--48. 2 Appellants identify Application No. 13/426,205 (Appeal No. 2018-000083) as related. See Appeal Br. 2. We have jurisdiction over this appeal under 35 U.S.C. Â§ 6(b). We AFFIRM. 1 According to Appellants, the real party in interest is IBM Corporation. See Appeal Br. 1. 2 Claims 1-34 are cancelled. See Appeal Br. 2. Appeal 2017-011790 Application 13/213,595 STATEMENT OF THE CASE Introduction According to Appellants, the invention relates to a computer- implemented process for two-tier deep analysis of hypertext transport protocol data that monitors Web traffic. See Spec. i-f 8. 3 The process receives a packet of Web traffic from a network, determines whether the Web traffic is suspicious using a first-tier analysis, and, responsive to a determination that the Web traffic is suspicious, analyzes the Web traffic using a deep analysis module, which drops packets determined as malicious. Id. Exemplary Claims Claims 35 and 41 are independent claims. Claims 35, 36, and 47 are exemplary and are reproduced with key limitations emphasized: 35. A computer program product, comprising: a storage hardware device having stored therein computer usable program code for analyzing Web traffic through a network, the computer usable program code, which when executed by the computer hardware system, causes the computer hardware system to perform: intercepting, from the network, a packet from the Web traffic; first analyzing the packet to determine whether the packet 1s susp1c10us; flagging, upon the packet determined to be suspicious by the first analyzing, the packet to a deep analysis module; 3 Throughout this Decision, we refer to ( 1) Appellants' Specification filed March 15, 2012 ("Spec."), (2) the Final Rejection ("Final Act.") mailed December 21, 2016, (3) the Appeal Brief ("Appeal Br.") filed May 11, 2017, (4) the Examiner's Answer ("Ans.") mailed July 28, 2017, and (5) the Reply Brief ("Reply Br.") filed September 25, 2017. 2 Appeal 2017-011790 Application 13/213,595 second analyzing, based upon the flagging and by the deep analysis module, the packet to determine whether the packet is malicious; and dropping, only upon the packet determined to be malicious by the second analysis, the packet. 36. The computer program product of claim 35, wherein the first analyzing is a network level analysis, and the second analyzing is an application level analysis. 4 7. The computer program product of claim 3 6, wherein the application level analysis is configured to identify an attack directed to exploiting a vulnerability of a web application. Appeal Br. 22, 25. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal: Waisman et al US 2005/0262556 Al Nov. 24, 2005 ("Waisman") Kapoor et al. ("Kapoor") US 2008/0134330 Al June 5, 2008 REJECTIONS Claims 35, 39, 41, and 45 are rejected under 35 U.S.C. Â§ 102(b) as being anticipated by Waisman. Final Act. 9-12. Claims 36-38, 40, 42--44, and 46--48 are rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Waisman in view of Kapoor. Final Act. 12-15. 3 Appeal 2017-011790 Application 13/213,595 Claims 35--464 are provisionally rejected for obviousness-type double patenting based on claims 28-34 of U.S. Patent Application No. 13/426,205. Final Act. 4--9. Our review in this appeal is limited only to the above rejections and the issues raised by Appellants. Arguments not made are waived. See Manual of Patent Examining Procedure ("MPEP") Â§ 1205.02; 37 C.F.R. Â§Â§ 41.37(c)(l)(iv), 41.39(a)(l) (2016). ANALYSIS Rejection Under 35 U.S.C. Â§ 102(b) Claims 35, 39, 41, and 45 Issue: Does the Examiner err in finding Waisman discloses "second analyzing, based upon the flagging and by the deep analysis module, the packet to determine whether the packet is malicious," as set forth in exemplary claim 35? Appellants argue Waisman does not disclose determining whether the packet is malicious because, in claim 35, "'malicious' refers to actual harm while [Waisman's] 'risky' refers to potential harm." Appeal Br. 11; Reply Br. 2-3. We are unpersuaded of error in the Examiner's rejection. During examination, "the PTO must give claims their broadest reasonable construction consistent with the specification . . . . Therefore, we look to the specification to see if it provides a definition for claim terms, but 4 The Examiner incorrectly indicates claims 35--41 are rejected (see Final Act. 5) and provides analysis for the rejection of claims 35--46 but not for claims 4 7 or 48 (see id. at 5-9). 4 Appeal 2017-011790 Application 13/213,595 otherwise apply a broad interpretation." In re ICON Health & Fitness, Inc., 496 F.3d 1374, 1379 (Fed. Cir. 2007). "[A]s applicants may amend claims to narrow their scope, a broad construction during prosecution creates no unfairness to the applicant or patentee." Id. Appellants urge "malicious" should be defined as "having or showing a desire to cause harm to someone: given to, marked by, or arising from malice[] and full of, characterized by, or showing malice; intentionally harmful; spiteful." Appeal Br. 11 (internal quotes omitted) (citing MERRIAM-WEBSTER.COM https://www.merriam-webster.com/ dictionary/ malicious (last visited June 7, 2018) ("malicious")). The Examiner, in tum, interprets Waisman's disclosure of a "risky/harmful transmission as malicious." Ans. 4 (citing Waisman i-f 28) (internal quotes omitted). Specifically, the Examiner states: "Considering one of the meaning of malicious presented by the [A ]ppellant[ s] in page 11, as 'harmful', Waisman [0028] clearly discloses packets of risk points over pre-determined threshold are harmful." Id. Appellants, in essence, argue the Examiner's interpretation of malicious as risky or harmful, based on the dictionary definition, is unreasonably broad and urge that we instead use Appellants' proffered interpretation of the dictionary definition. Appellants, however, fail to establish the Examiner's interpretation is unreasonably broad when read in light of Appellants' Specification. See In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). Under the broadest reasonable interpretation, the words of the claim must be given their ordinary and customary meaning unless the meaning is inconsistent with the specification. Id. at 1365. The presumption that a term is given its ordinary and customary 5 Appeal 2017-011790 Application 13/213,595 meaning may be rebutted by Appellants clearly setting forth a different definition of the term in the specification. In re Morris, 127 F.3d 1048, 1054 (Fed. Cir. 1997). Here, Appellants do not argue that "malicious" is explicitly defined by the Specification, but instead submit the Merriam-Webster.com definition to support Appellants' proffered meaning. Appeal Br. 4--6; Reply Br. 2-5. We are unpersuaded because Appellants have provided insufficient evidence to demonstrate that the proffered dictionary definition requires "actual harm." Appeal Br. 11. To the contrary, "showing a desire to cause harm" as in the proffered dictionary definition does not require actual harm. (emphasis added). Moreover, even assuming Appellants' narrower definition is reasonable, "[a ]bsent an express definition in their specification, the fact that [Appellants] can point to definitions or usages that conform to their interpretation does not make the PTO's definition unreasonable when the PTO can point to other sources that support its interpretation." Morris, 127 F.3d at 1056. Accordingly, because no express definition is provided from the Specification, and because Appellants fail to establish the Examiner's interpretation of "malicious" is inconsistent with the Specification (Am. Acad. Sci., 367 F.3d at 1363---64), we find unpersuasive Appellants' argument that the Examiner's definition is unreasonably broad. In view of the Examiner's interpretation of malicious, we agree with the Examiner's finding that Waisman's description of determining whether a "threshold risk level is set at a low enough level such that it will block harmful [packet] transmissions" discloses "determine whether the packet is malicious," as in claim 35. See Ans. 4--5 (citing Waisman i-fi-125, 27, 28). 6 Appeal 2017-011790 Application 13/213,595 Appellants further argue Waisman "cannot conclusively determine whether the packet is, in fact, malicious" because it is "[ w ]hat is contained within the packet that establishes whether the packet is malicious - not where the packet comes from (i.e., its origination)." Reply Br. 5. Moreover, in Waisman, "whether or not the packet is deemed too risky (or not) is not based upon the packet itself." Reply Br. 5. We find these arguments not commensurate with the scope of claim 3 5 and, thus, unpersuasive because the claim neither recites determining what is contained in the packet nor how the packet is determined as malicious. Accordingly, we sustain the Examiner's 35 U.S.C. Â§ 102(b) rejection of claim 35, and of claims 39, 41, and 45, which Appellants do not argue separately. See Appeal Br. 9. Rejection Under 35 U.S.C. Â§ 103(a) Claims 36-38, 40, 42-44, and 46 Issue: Does the Examiner err in finding the combination of Waisman and Kapoor teaches or suggests "the first analyzing is a network level analysis," as set forth in claim 36? Appellants argue that the cited portion of Waisman "is opposite of what is being claimed" because the intrusion/ detection and prevention ("IDP") system 300 "identified by the Examiner refers to the second level analysis 70 - not the first level analysis 20 of Waisman." Appeal Br. 13-14 (citing Waisman i-fi-130, 31 ). In response, the Examiner clarifies that the "Examiner interpreted 'network level analysis' as broadly [encompassing] any analysis that related to network communications. Waisman [0020] teaches that in first level (ID[S] 200) analysis the system tracks (analyze[s]) 7 Appeal 2017-011790 Application 13/213,595 known threats from hackers that target specific networks which suggest[ s] [the first level system] does network level analysis." Ans. 6. We find Appellants' argument unpersuasive because we agree with the Examiner's finding that Waisman's IDS 200 teaches a first level analysis that performs network level analysis and Appellants fail to address this finding. See Ans. 6 (citing Waisman i-f 20). Appellants argue because the "Examiner is proposing to modify the second analyzing of Waisman, which is a network-level analysis, into an application level analysis," based on Kapoor, the obviousness analysis fails to demonstrate the combination of Waisman and Kapoor "would 'provide more effective unified threat management techniques."' Appeal Br. 16. Appellants further argue the cited combination would "render a prior art device inoperable or fundamentally change the manner of operation of the device" thereby not supporting a finding of obviousness. Appeal Br. 16 (citing In re Ratti, 270 F.2d 810 (CCPA 1959); In re Gordon, 733 F.2d 900 (Fed. Cir. 1984)). Appellants' argument that the combination requires modifying the "second analyzing of Waisman, which is a network-level analysis, into an application level analysis," (Appeal Br. 16) inappropriately requires the bodily incorporation of features from Waisman that are not included in the Examiner's combination, i.e., Waisman's second level analysis (see Final Act. 12). In re Keller, 642 F.2d 413, 425 (CCPA 1981) ("The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference .... "). Rather than assessing obviousness based on the physical incorporation of a structure from one reference into the structure of another reference, the prior 8 Appeal 2017-011790 Application 13/213,595 art should be viewed as a combination of select teachings from different sources, and the use of those teachings by one of ordinary skill in the art. See KSR Int'! Co. v. Teleflex, Inc., 550 U.S. 398, 418 (2007) (The conclusion of obviousness can be based on the "interrelated teachings of multiple patents"). The Examiner's combination relies on Waisman's first level analysis, which is a network level analysis, and Kapoor' s teaching of a second tier analysis, which is an application level analysis. Ans. 6-7; see Final Act. 12-13. Because the Examiner's combination does not incorporate Waisman's second level analysis, the combination would not "require a substantial reconstruction and redesign" and, therefore, would not render Waisman "'inoperable for its intended purpose"' or "fundamentally change the manner of operation of the device," as argued by Appellants. Appeal Br. 17. Appellants further argue that "based upon the Examiner's claim construction, Waisman teaches two network level analysis - not a network level analysis followed by a different application level analysis, as claimed." Reply Br. 6. We find this argument unpersuasive of error because, as noted above, the Examiner's rejection does not incorporate Waisman's second level analysis, but instead combines Waisman's first level analysis with Kapoor's second level analysis. See Final Act. 12-13. Accordingly, we sustain the Examiner's rejection of claim 36 and of claims 37, 38, 40, 42--44, and 46, which Appellants do not argue separately. Appeal Br. 13. 9 Appeal 2017-011790 Application 13/213,595 Rejection Under 35 U.S.C. Â§ 103(a) Claims 47 and 48 Issue: Does the Examiner err in finding the combination of Waisman and Kapoor teaches or suggests "the application level analysis is configured to identify an attack directed to exploiting a vulnerability of a web application," as set forth in claims 47 and 48? Referring to Kapoor, Appellants argue "determining whether a packet includes 'strings that may match a form of invalid application layer packet header' does not correspond to the limitations recited in claims 47 and 48." Appeal Br. 19 (citing Kapoor i-fi-156, 458). We are unpersuaded because Appellants' argument fails to address, and we agree with, the Examiner's finding that Kapoor teaches the disputed limitation because "Kapoor [O 156] discloses, Application processor detecting vulnerabilities in or exploits for ActiveX, Java, Flash, Javascript and also scan HTTP session suggest it also identify vulnerability of a web application." Ans. 7 (citing Kapoor i-f 156). Accordingly, we are not persuaded the Examiner erred in finding Kapoor teaches or suggests the disputed limitations as in claims 4 7 and 48 and we sustain the Examiner's rejection of these claims. 10 Appeal 2017-011790 Application 13/213,595 Obviousness-type Double Patenting Rejections The Examiner rejects claims 35--46 for obviousness-type double patenting based on claims 28-34 of U.S. Patent Application No. 13/426,205. Final Act. 4--9. Appellants do not provide arguments disputing this rejection in the Appeal Brief. See Appeal Br. 4, n.1. Therefore, we summarily affirm the rejection. See Hyattv. Dudas, 551F.3d1307, 1314 (Fed. Cir. 2008). When the appellant fails to contest a ground of rejection to the Board, ... the Board may treat any argument with respect to that ground of rejection as waived. In the event of such a waiver, the PTO may affirm the rejection of the group of claims that the examiner rejected on that ground without considering the merits of those rejections. DECISION We affirm the Examiner's rejections of claims 35, 39, 41, and 45 under 35 U.S.C. Â§ 102(b). We affirm the Examiner's rejection of claims 36-38, 40, 42--44, and 46--48 under 35 U.S.C. Â§ 103(a). We affirm the Examiner's obviousness-type double patenting rejection of claims 35--46. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED 11