13426205 (P.T.A.B. Jun. 26, 2018)

Ex Parte ALY et al

Patent Trial and Appeal BoardJun 26, 2018

13426205 (P.T.A.B. Jun. 26, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 13/426,205 03/21/2012 HOSAMALY 73109 7590 06/28/2018 Cuenot, Forsythe & Kim, LLC 20283 State Road 7 Ste. 300 Boca Raton, FL 33498 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. CA920100030US2_8150-0202 4377 EXAMINER W ALIULLAH, MOHAMMED ART UNIT PAPER NUMBER 2498 NOTIFICATION DATE DELIVERY MODE 06/28/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): ibmptomail@iplawpro.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte HOSAM ALY, CRAIG R. CONBOY, IOSIF V. ONUT, and GUY PODJARNY Appeal2018-000083 Application 13/426,205 1 Technology Center 2400 Before JASON V. MORGAN, JOSEPH P. LENTIVECH, and DAVID J. CUTITTA II, Administrative Patent Judges. CUTITTA, Administrative Patent Judge. DECISION ON APPEAL This is an appeal under 35 U.S.C. Â§ 134(a) from the Examiner's final decision rejecting claims 28-34. 2 Appellants identify Application No. 13/213,595 (Appeal No. 2017-011790) as related. See Appeal Br. 1. We have jurisdiction over this appeal under 35 U.S.C. Â§ 6(b ). We AFFIRM. 1 According to Appellants, the real party in interest is IBM Corporation. See Appeal Br. 1. 2 Claims 1-27 are cancelled. See Appeal Br. 2. Appeal2018-000083 Application 13/426,205 STATEMENT OF THE CASE Introduction According to Appellants, the invention relates to a computer- implemented process for two-tier deep analysis of hypertext transport protocol data that monitors Web traffic. See Spec. i-f 8. 3 The process receives a packet of Web traffic from a network, determines whether the Web traffic is suspicious using a first-tier analysis, and, responsive to a determination that the Web traffic is suspicious, analyzes the Web traffic using a deep analysis module, which drops packets determined as malicious. Id. Exemplary Claims Claim 28 is independent. Claims 28, 29, and 34 are exemplary and are reproduced with key limitations emphasized: 28. A method, comprising: intercepting, from the network, a packet from the Web traffic; first analyzing the packet to determine whether the packet is suspicious; flagging, upon the packet determined to be suspicious by the first analyzing, the packet to a deep analysis module; second analyzing, based upon the flagging and by the deep analysis module, the packet to determine whether the packet is malicious; and 3 Throughout this Decision, we refer to ( 1) Appellants' Specification filed March 21, 2012 ("Spec."), (2) the Final Rejection ("Final Act.") mailed December 20, 2016, (3) the Appeal Brief ("Appeal Br.") filed May 11, 2017, (4) the Examiner's Answer ("Ans.") mailed July 31, 2017, and (5) the Reply Brief ("Reply Br.") filed September 25, 2017. 2 Appeal2018-000083 Application 13/426,205 dropping, only upon the packet determined to be malicious by the second analysis, the packet. 29. The method of claim 28, wherein the first analyzing is a network level analysis, and the second analyzing is an application level analysis. 34. The method of claim 28, wherein the application level analysis is configured to identifY an attack directed to exploiting a vulnerability of a web application. Appeal Br. 21, 22. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal: Waisman et al. ("Waisman") Kapoor et al. ("Kapoor") US 2005/0262556 Al US 2008/0134330 Al REJECTIONS Nov. 24, 2005 June 5, 2008 Claims 28 and 32 are rejected under 35 U.S.C. Â§ 102(b) as being anticipated by Waisman. Final Act. 9-12. Claims 29-31, 33, and 34 are rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Waisman in view of Kapoor. Final Act. 12-15. Claims 28-33 4 are provisionally rejected for obviousness-type double patenting based on claims 35--46 of U.S. Patent Application No. 13/213,595. Final Act. 4--9. 4 The Examiner provides analysis for the double patenting rejection of claims 28-33 but not for claim 34 (see Final Act. 5-9). 3 Appeal2018-000083 Application 13/426,205 Our review in this appeal is limited only to the above rejections and the issues raised by Appellants. Arguments not made are waived. See Manual of Patent Examining Procedure ("MPEP") Â§ 1205.02; 37 C.F.R. Â§Â§ 41.37(c)(l)(iv), 41.39(a)(l) (2016). ANALYSIS Rejection Under 35 U.S.C. Â§ 102(b) Claims 28 and 32 Issue: Does the Examiner err in finding Waisman discloses "second analyzing, based upon the flagging and by the deep analysis module, the packet to determine whether the packet is malicious," as set forth in exemplary claim 28? Appellants argue Waisman does not disclose determining whether the packet is malicious because, in claim 28, "'malicious' refers to actual harm while [Waisman's] 'risky' refers to potential harm." Appeal Br. 10; Reply Br. 2-3. We are unpersuaded of error in the Examiner's rejection. During examination, "the PTO must give claims their broadest reasonable construction consistent with the specification. . . . Therefore, we look to the specification to see if it provides a definition for claim terms, but otherwise apply a broad interpretation." In re ICON Health & Fitness, Inc., 496 F.3d 1374, 1379 (Fed. Cir. 2007). "[A]s applicants may amend claims to narrow their scope, a broad construction during prosecution creates no unfairness to the applicant or patentee." Id. Appellants urge "malicious" should be defined as "having or showing a desire to cause harm to someone: given to, marked by, or arising from 4 Appeal2018-000083 Application 13/426,205 malice[] and full of, characterized by, or showing malice; intentionally harmful; spiteful." Appeal Br. 9-10 (internal quotes omitted) (citing MERRIAM-WEBSTER.COM, https://www.merriam-webster.com/dictionary /malicious (last visited June 7, 2018) ("malicious")). The Examiner, in tum, interprets Waisman's disclosure of a "risky/harmful transmission as malicious." Ans. 4 (citing Waisman i-f 28) (internal quotes omitted). Specifically, the Examiner states: "Considering one of the meaning of malicious presented by the [A ]ppellant[ s] in page 11, as 'harmful', Waisman [0028] clearly discloses packets of risk points over pre-determined threshold are harmful." Id. Appellants, in essence, argue the Examiner's interpretation of malicious as risky or harmful, based on the dictionary definition, is unreasonably broad and urge that we instead use Appellants' proffered interpretation of the dictionary definition. Appellants, however, fail to establish the Examiner's interpretation is unreasonably broad when read in light of Appellants' Specification. See In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). Under the broadest reasonable interpretation, the words of the claim must be given their ordinary and customary meaning unless the meaning is inconsistent with the specification. Id. at 1365. The presumption that a term is given its ordinary and customary meaning may be rebutted by Appellants clearly setting forth a different definition of the term in the specification. In re Morris, 127 F.3d 1048, 1054 (Fed. Cir. 1997). Here, Appellants do not argue that "malicious" is explicitly defined by the Specification, but instead submit the Merriam-Webster.com definition to support Appellants' proffered meaning. Appeal Br. 9-11; Reply Br. 2-5. 5 Appeal2018-000083 Application 13/426,205 We are unpersuaded because Appellants have provided insufficient evidence to demonstrate that the proffered dictionary definition requires "actual harm." Appeal Br. 10. To the contrary, "showing a desire to cause harm" (emphasis added) as in the proffered dictionary definition does not require actual harm. Moreover, even assuming Appellants' narrower definition is reasonable, "[a]bsent an express definition in their specification, the fact that [Appellants] can point to definitions or usages that conform to their interpretation does not make the PTO' s definition unreasonable when the PTO can point to other sources that support its interpretation." Morris, 127 F.3d at 1056. Accordingly, because no express definition is provided from the Specification, and because Appellants fail to establish the Examiner's interpretation of "malicious" is inconsistent with the Specification (Am. Acad. Sci., 367 F.3d at 1363-64), we find unpersuasive Appellants' argument that the Examiner's definition is unreasonably broad. In view of the Examiner's interpretation of malicious, we agree with the Examiner's finding that Waisman's description of determining whether a "threshold risk level is set at a low enough level such that it will block harmful [packet] transmissions" discloses "determine whether the packet is malicious," as in claim 28. See Ans. 4--5 (citing Waisman i-fi-125, 27, 28). Appellants further argue Waisman "cannot conclusively determine whether the packet is, in fact, malicious" because it is "[ w ]hat is contained within the packet that establishes whether the packet is malicious - not where the packet comes from (i.e., its origination)." Reply Br. 5. Moreover, in Waisman, "whether or not the packet is deemed too risky (or not) is not based upon the packet itself." Reply Br. 4. We find these arguments not 6 Appeal2018-000083 Application 13/426,205 commensurate with the scope of claim 28 and, thus, unpersuasive because the claim neither recites determining what is contained in the packet nor how the packet is determined as malicious. Accordingly, we sustain the Examiner's 35 U.S.C. Â§ 102(b) rejection of claim 28 and of claim 32, which Appellants do not argue separately. See Appeal Br. 8. Rejection Under 35 U.S.C. Â§ 103(a) Claims 29-31 and 33 Issue: Does the Examiner err in finding the combination of Waisman and Kapoor teaches or suggests "the first analyzing is a network level analysis," as set forth in claim 29? Appellants argue that the cited portion of Waisman "is opposite of what is being claimed" because the intrusion/ detection and prevention ("IDP") system 300 "identified by the Examiner refers to the second level analysis 70-not the first level analysis 20 of Waisman." Appeal Br. 12-13 (citing Waisman i-fi-130, 31). In response, the Examiner clarifies that the "Examiner interpreted 'network level analysis' as broadly [encompassing] any analysis that related to network communications. Waisman [0020] teaches that in first level (ID[S] 200) analysis the system tracks (analyze[s]) known threats from hackers that target specific networks which suggest[ s] [the first level system] does network level analysis." Ans. 6. We find Appellants' argument unpersuasive because we agree with the Examiner's finding that Waisman's IDS 200 teaches a first level analysis that performs network level analysis and Appellants fail to address this finding. See Ans. 6 (citing Waisman i120). 7 Appeal2018-000083 Application 13/426,205 Appellants argue because the "Examiner is proposing to modify the second analyzing of Waisman, which is a network-level analysis, into an application level analysis," based on Kapoor, the obviousness analysis fails to demonstrate the combination of Waisman and Kapoor "would 'provide more effective unified threat management techniques."' Appeal Br. 15. Appellants further argue the cited combination would "render a prior art device inoperable or fundamentally change the manner of operation of the device" thereby not supporting a finding of obviousness. Appeal Br. 16 (citing In re Ratti, 270 F .2d 810 (CCP A 1959); In re Gordon, 733 F .2d 900 (Fed. Cir. 1984)). Appellants' argument that the combination requires modifying the "second analyzing of Waisman, which is a network level analysis, into an application level analysis," (Appeal Br. 15) inappropriately requires the bodily incorporation of features from Waisman that are not included in the Examiner's combination, i.e., Waisman's second level analysis (see Final Act. 12). In re Keller, 642 F.2d 413, 425 (CCPA 1981) ("The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference .... "). Rather than assessing obviousness based on the physical incorporation of a structure from one reference into the structure of another reference, the prior art should be viewed as a combination of select teachings from different sources, and the use of those teachings by one of ordinary skill in the art. See KSR Int'! Co. v. Teleflex, Inc., 550 U.S. 398, 418 (2007) (The conclusion of obviousness can be based on the "interrelated teachings of multiple patents"). The Examiner's combination relies on Waisman's first level analysis, which is a network level analysis, and Kapoor's teaching of a 8 Appeal2018-000083 Application 13/426,205 second tier analysis, which is an application level analysis. Ans. 6-7; see Final Act. 12-13. Because the Examiner's combination does not incorporate Waisman's second level analysis, the combination would not "require a substantial reconstruction and redesign" and, therefore, would not render Waisman "'inoperable for its intended purpose"' or "fundamentally change the manner of operation of the device," as argued by Appellants. Appeal Br. 16. Appellants further argue that "based upon the Examiner's claim construction, Waisman teaches two network level analysis - not a network level analysis followed by a different application level analysis, as claimed." Reply Br. 6. We find this argument unpersuasive of error because, as noted above, the Examiner's rejection does not incorporate Waisman's second level analysis, but instead combines Waisman's first level analysis with Kapoor's second level analysis. See Final Act. 12-13. Accordingly, we sustain the Examiner's rejection of claim 29 and of claims 30, 31, and 33, which Appellants do not argue separately. Appeal Br. 12. Rejection Under 35 U.S.C. Â§ 103(a) Claim 34 Issue: Does the Examiner err in finding the combination of Waisman and Kapoor teaches or suggests "the application level analysis is configured to identify an attack directed to exploiting a vulnerability of a web application," as set forth in claim 34? 9 Appeal2018-000083 Application 13/426,205 Referring to Kapoor, Appellants argue "determining whether a packet includes 'strings that may match a form of invalid application layer packet header' does not correspond to the limitations recited in claim 34." Appeal Br. 18 (citing Kapoor i-fi-1 56, 458). We are unpersuaded because Appellants' argument fails to address, and we agree with, the Examiner's finding that Kapoor teaches the disputed limitation because "Kapoor [O 156] discloses, Application processor detecting vulnerabilities in or exploits for ActiveX, Java, Flash, Javascript and also scan HTTP session suggest it also identify vulnerability of a web application." Ans. 7 (citing Kapoor i-f 156). Accordingly, we are not persuaded the Examiner erred in finding Kapoor teaches or suggests the disputed limitation as in claim 34 and we sustain the Examiner's rejection of this claim. Obviousness-type Double Patenting Rejections The Examiner rejects claims 28-33 for obviousness-type double patenting based on claims 35--46 of U.S. Patent Application No. 13/213,595. Final Act. 4--9. Appellants do not provide arguments disputing this rejection in the Appeal Brief. See Appeal Br. 3, n.1. Therefore, we summarily affirm the rejection. See Hyatt v. Dudas, 551 F.3d 1307, 1314 (Fed. Cir. 2008). When the appellant fails to contest a ground of rejection to the Board, ... the Board may treat any argument with respect to that ground of rejection as waived. In the event of such a waiver, the PTO may affirm the rejection of the group of claims that the examiner rejected on that ground without considering the merits of those rejections. 10 Appeal2018-000083 Application 13/426,205 DECISION We affirm the Examiner's rejections of claims 28 and 32 under 35 U.S.C. Â§ 102(b). We affirm the Examiner's rejection of claims 29-31, 33, and 34 under 35 U.S.C. Â§ 103(a). We affirm the Examiner's obviousness-type double patenting rejection of claims 28-33. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED 11