Ex Parte Gilde et alDownload PDFPatent Trial and Appeal BoardMar 20, 201411336692 (P.T.A.B. Mar. 20, 2014) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte ROBERT G. GILDE and XIN SHEN ____________ Appeal 2011-012641 Application 11/336,692 Technology Center 2400 ____________ Before CARLA M. KRIVAK, JOHN A. EVANS, and J. JOHN LEE, Administrative Patent Judges. EVANS, Administrative Patent Judge. DECISION ON APPEAL Appellants1 seek our review2 under 35 U.S.C. § 134(a) of the Examiner’s final rejection of Claims 1-12 and 14-203 as obvious. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM.4 1 The Real Party in Interest is McAfee, Inc. 2 We have considered in this decision only those arguments Appellants actually raised in the Briefs. Any other arguments which Appellants could have made but chose not to make in the Briefs are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(iv). 3 App. Br. 4. Appeal 2011-012641 Application 11/336,692 2 STATEMENT OF THE CASE The claims relate to network security, particularly to enabling enforcement of access control on a network. Spec. 1:9-10. Claims 1, 10, 17, and 20 are independent. The claims have not been argued separately and therefore stand or fall together. 37 C.F.R. § 41.37(c)(1)(iv). An understanding of the invention can be derived from a reading of exemplary Claim 1, which is reproduced below with disputed limitations italicized: 1. An apparatus for managing access to a network, comprising: a transceiver for receiving and sending information to a computing device; a processor in communication with the transceiver; and a memory in communication with the processor and useable in storing data and machine instructions that cause the processor to perform actions, including: detecting a request to join the network; and if the device is unauthorized: causing the device to be quarantined at a layer two data link layer, wherein a message is sent to the device explaining that the device has been quarantined, and initiating an audit of the device, and if the device is successfully registered and satisfies the audit, enabling the device to access the network by, at least in part, allowing the device to be removed from a quarantined network, wherein the audit is based on a policy that prescribes evaluating whether the device includes an antivirus program and a firewall application, and 4 Our decision refers to Appellants’ Appeal Brief filed January 19, 2011 (“App. Br.”); Reply Brief filed June 13, 2011 (“Reply Br.”); Examiner’s Answer mailed April 15, 2011 (“Ans.”); Final Office Action mailed August 19, 2010 (“Final Rej.”); and the original Specification filed January 19, 2006 (“Spec.”). Appeal 2011-012641 Application 11/336,692 3 wherein the policy prescribes which servers the device is permitted to access while being quarantined. REFERENCES The Examiner relies upon the prior art as follows: Gage et al. US 6,035,405 Issued Mar. 7, 2000 Mullen et al. US 2003/0217148 A1 Pub. Nov. 20, 2003 Vermeulen et al. US 60/570,962 Filed May 12, 2004 Liang et al. US 2005/0050336 A1 Pub. Mar. 3, 2005 Cheng US 7,467,405 B2 Issued Dec. 16, 2008 The claims stand rejected as follows:5 1. Claims 1-7, 9-12, 14-17, 19, and 20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Vermeulen, Gage, and Liang. 2. Claim 8 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Vermeulen, Gage, Liang, and Cheng. 3. Claim 18 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Vermeulen, Gage, Liang, and Mullen. ISSUES ON APPEAL Based on Appellants’ arguments in the Appeal Brief (App. Br. 9-13) and Reply Brief (Reply Br. 2-5) that the Examiner has failed to establish a prima facie case of obviousness, the issues presented on appeal are: 5 Based on Appellants’ arguments in the Appeal Brief, we will decide the appeal on the basis of claims as set forth In the Analysis. See 37 C.F.R. § 41.37(c)(1)(vii). Appeal 2011-012641 Application 11/336,692 4 I. Whether the Examiner erred in finding Vermeulen teaches: A. causing the device to be quarantined at a layer two data link layer; and B. the device is successfully registered and satisfies the audit. II. Whether the Examiner erred in finding Liang teaches: A. a message is sent to the device explaining the device has been quarantined; B. the audit is based on a policy that prescribes evaluating whether the device includes an antivirus program and a firewall application; and C. the policy prescribes which servers the device is permitted to access while being quarantined. THE VERMEULEN PROVISIONAL APPLICATION The Examiner cites the Vermeulen provisional application against Claims 1-12 and 14-20. Ans. 3. Appellants do not challenge the qualifications of Vermeulen. “If an appellant fails to present arguments on a particular issue–or, more broadly, on a particular rejection–the Board will not, as a general matter, unilaterally review those uncontested aspects of the rejection.” Ex parte Frye, 94 USPQ2d 1072, 1075 (BPAI 2010) (precedential). However, given the unusual circumstance here, where claims are rejected over a provisional application, we review, de novo, whether Vermeulen qualifies as a prior-art publication. “[P]reserving a complete de novo review on the one hand, while not diverting Board effort into issues not raised by the appellant on the other hand, preserves the right balance between thorough review and administrative efficiency.” David Kappos, Ex Parte Frye: BPAI’s Standard of Review of Examiners’ Rejections (Mar. 9, Appeal 2011-012641 Application 11/336,692 5 2010), http://www.uspto.gov/blog/director/entry/ex_parte_frye_bpai_s (citing Frye). The question of whether a reference represents a “printed publication” is a question of law that is reviewed de novo. See In re Cronyn, 890 F.2d 1158, 1159 (Fed. Cir. 1989); In re Klopfenstein, 380 F.3d 1345, 1347 (Fed. Cir. 2004). “The statutory phrase ‘printed publication’ has been interpreted to mean that before the critical date the reference must have been sufficiently accessible to the public interested in the art; dissemination and public accessibility are the keys to the legal determination whether a prior art reference was ‘published.’” Cronyn, 890 F.2d at 1160 (quoting Constant v. Advanced Micro-Devices, Inc., 848 F.2d 1560, 1568 (Fed. Cir. 1988)). The Vermeulen provisional application forms the basis of non- provisional application US 11/568,914, filed November 10, 2006, which was published August 16, 2007, as US 2007/0192862 A1. The Examiner could have rejected the claims over the Vermeulen pre-grant publication by associating the pre-grant publication with the effective date of the underlying provisional application.6 A patent publication “‘shall have the same effect,’ including a patent-defeating effect, as to the claimed invention as though it was filed on the date of the . . . provisional” application. In re Giacomini, 612 F.3d 1380, 1384 (Fed. Cir. 2010). Although the Vermeulen provisional application was not published, it became disseminated and available for public inspection upon the publication of the Vermeulen pre-grant document. We hold the Vermeulen 6 Appellants have not challenged whether the non-provisional publication contains the same disclosure as the provisional document. Appeal 2011-012641 Application 11/336,692 6 provisional application to be a valid prior-art reference against the presently rejected claims. ANALYSIS “causing the device to be quarantined at a layer two data link layer” Appellants contend that there is no disclosure of layer two quarantining in Vermeulen. App. Br. 10. Appellants argue the central management node (CMN) quarantining a device in a penalty virtual local area network (VLAN) in Vermeulen is merely a simple recitation of a VLAN activity, which does not provide support for quarantining at a layer two data link layer. App. Br. 10-11. The Examiner finds the CMN gathers data, including a media access control (MAC) address, from the network to identify an offending device, and then creates a MAC rule to quarantine an offending device by automatically placing traffic with the device’s MAC address in a penalty VLAN. Ans. 14-15. The Examiner relies upon Newton’s Telecom Dictionary to show that a MAC address is a sublayer of the layer two data link layer in the Open Systems Interconnection (OSI) model. Ans. 15. We agree with the Examiner that the OSI model is a well-known industry standard.7 Thus, quarantining an offending device using its MAC address teaches quarantining at a layer two data link layer. Appellants’ Reply Brief failed to address these findings by the Examiner. We do not find error in these findings. 7 See ISO/IEC Standard 7498-1, http://standards.iso.org; MICROSOFT COMPUTER DICTIONARY (5th ed. 2002). Appeal 2011-012641 Application 11/336,692 7 “the device is successfully registered and satisfies the audit” Appellants contend there is no evidence that Vermeulen teaches any type of successful registration of the device. App. Br. 11. Appellants argue that downloading software to remove a problem on a quarantined device is not analogous to registering an offending device. Id. The Examiner finds the software download inherently requires identification of the device or user, and thus the broadest reasonable interpretation of “registration” includes “software download registration” of a device. Ans. 16. The Examiner also finds checking the device to ensure the downloaded software corrected the offending problem is analogous to “satisfies the audit . . . allowing the device to be removed from a quarantined network.” Id. Appellants reply that the Examiner is essentially taking Official Notice of registration activities, inferring that user and device identification would be inherent in any file downloading. Reply Br. 4-5. Appellants contend that this Official Notice has no basis in any reference or any technology being cited by the Examiner. Reply Br. 5. First, we agree with the Examiner’s finding Vermeulen teaches or suggests the device “satisfies the audit.” The Specification describes an “audit” as essentially determining vulnerabilities on a quarantined device and resolving the vulnerabilities so that the device may be accepted onto the network. Spec. 4:22-29. Vermeulen discloses checking an offending device to ensure the downloaded software corrected a problem, thus we find this to be analogous to the claimed “audit.” Next, we agree with the Examiner Vermeulen teaches or suggests “registering” the device. The Specification’s description of “register” is Appeal 2011-012641 Application 11/336,692 8 essentially a server checking the validity of user credentials and/or device credentials to allow a device access to the network. Spec. 26:21-25. By allowing the device back on the network after the downloaded software has resolved the offending problem, the CMN of Vermeulen has verified the validity of the device’s credentials. We are not persuaded of Examiner error. “a message is sent to the device explaining that the device has been quarantined” The Examiner finds Liang discloses a virus monitor device that detects a network computer virus in a flow of traffic in the network and provides an early warning of the network computer virus. Ans. 15. In response to the virus outbreak warning, the system isolates a network segment affected by the network computer virus. Id. The Examiner finds isolating a network segment’s infected clients includes informing them they are infected and cordoned off. Id. Appellants reply that an early virus warning sent to the virus warning response unit within the network is not analogous to notifying an actual device that it was quarantined. Reply Br. 3. The Specification indicates the “message” that is “sent to the device explaining that the device has been quarantined” is essentially sending a message to the user of the device explaining the act of quarantining has occurred. Spec. 4:22-24. While the early virus warning message in Liang is sent to a response unit to isolate the affected segment (Liang, ¶ [0040]), we nonetheless find support in the cited portions of Liang for a message that is sent to the user of the device. The Examiner cited Liang ¶ [0053], which discloses a “user interface can be displayed” on an isolated client device Appeal 2011-012641 Application 11/336,692 9 (one that is directed “only to the anti-virus software installation server 138 and no other”), indicating the client device is isolated from communicating with other systems on the network (i.e., quarantined). A user interface display on the device informing the user of the device’s isolation is analogous to a message being sent to the user of a device explaining the device has been quarantined. We are not persuaded of Examiner error. “the audit is based on a policy that prescribes evaluating whether the device includes an antivirus program and a firewall application” The Examiner finds Liang discloses a virus monitor device that detects a network computer virus in a flow of traffic in the network and provides an early warning of the network computer virus. Ans. 17. In response to the virus outbreak warning, the system isolates a network segment affected by the network computer virus. Id. Further, the Examiner finds Liang discloses querying clients to see if they have antivirus and firewall software installed, and in those situations where a client device is found not to have the appropriate antivirus and firewall software installed, the virus monitor will direct the client device to an antivirus installation. Id. We agree with the Examiner’s finding that Liang, ¶¶ [0008] and [0053], teaches and suggests querying client devices for the required antivirus and firewall applications, which is analogous to an audit policy that evaluates whether the device includes antivirus and firewall applications. Appellants’ Reply Brief fails to address these findings by the Examiner regarding the audit policy of Liang. We are not persuaded of Examiner error. Appeal 2011-012641 Application 11/336,692 10 “the policy prescribes which servers the device is permitted to access while being quarantined” Appellants contend the Examiner has failed to provide any evidence that Liang teaches the audit policy to prescribe which servers the device is permitted to access while being quarantined. App. Br. 12. Appellants argue the cited portions of Liang fail to discuss any type of server restriction, but rather discuss HTTPS protocol, which is not relevant to a policy of restricting server access. Id.; Reply Br. 5. The Examiner finds Liang discloses a virus monitor with an audit policy that monitors and isolates infected clients and an accompanying antivirus installation server that fixes the clients that have been segmented off. Ans. 17. The Examiner further finds Liang discloses, while a client is having antivirus software installed, HTTPS transmission protocol can be used to communicate with servers on the network since it is essentially immune from viral infections. Ans. 18. We agree with the Examiner’s finding the audit policy of Liang prescribes which servers the quarantined device is permitted to access. Liang, ¶ [0053], discloses a client without the proper antivirus software is directed only to the antivirus software server and no other. Until such time as the proper software has been installed, that client device will be prevented from communication with other systems. Id. As the Examiner noted, some communications may be still be permitted through a virus-immune protocol, such as HTTPS. Thus, Liang discloses an audit policy prescribing which servers the client can access (e.g., antivirus server and a server using HTTPS) and which server the client cannot access (e.g., any other servers). We are not persuaded of Examiner error. Appeal 2011-012641 Application 11/336,692 11 ORDER The rejection of Claims 1-12 and 14-20 under 35 U.S.C. § 103(a) is AFFIRMED. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED bab Copy with citationCopy as parenthetical citation
