Ex Parte Khan et alDownload PDFPatent Trial and Appeal BoardMar 31, 201411522462 (P.T.A.B. Mar. 31, 2014) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte FAUD AHMAD KHAN, DMITRI VINOKUROV, and VINOD KUMAR CHOYI ____________ Appeal 2011-012251 Application 11/522,462 Technology Center 2400 ____________ Before ST. JOHN COURTENAY III, THU A. DANG, and LARRY J. HUME, Administrative Patent Judges. COURTENAY, Administrative Patent Judge. DECISION ON APPEAL Appeal 2011-012251 Application 11/522,462 2 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from a final rejection of claims 1-5, 7-12, 14-17, and 19-25. Claims 6, 13, 18 and 26 stand objected to as being dependent upon rejected claims. Claim 27 was allowed by the Examiner. (Ans. 3). We have jurisdiction under 35 U.S.C. § 6(b). We affirm. INVENTION Appellants’ claimed invention is directed to “storage and analysis of network traffic intercepted by a law enforcement agency” (Spec., [01]). Independent claim 1, reproduced below, is representative of the subject matter on appeal: 1. A system for processing network traffic for lawful intercept surveillance, the system comprising: an archive for storing intercepted network traffic traversing a communications network, said intercepted network traffic comprising benign traffic and malicious traffic, said intercepted traffic received at said archive from a service provider; a traffic separator for separating said benign traffic of said archive from said malicious traffic of said archive, tagging each benign packet of the benign traffic with an associated indicator, and generating clean traffic from said benign traffic; and an analysis application for receiving said clean traffic and for analyzing said clean traffic. (Contested limitations emphasized). Appeal 2011-012251 Application 11/522,462 3 REJECTION Claims 1-5, 7-12, 14-17, and 19-25 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Frattura et al. (US Pub. 2006/0059163 A1) in view of Hiscock (US Pub. 2007/0192860 A1) and in view of Beser (US Pub. 2009/0245132 A1) and further in view of Spatscheck et al. (US Pub. 2006/01850l4 A1). GROUPING OF CLAIMS Based on Appellants’ arguments, we decide the appeal of the obviousness rejection of: independent claims 1 and 14 on the basis of representative claim 1, claims 2, 10, 15, and 23 on the basis of representative claim 2, claim 3, claims 7 and 20 on the basis of representative claim 7, and claims 11 and 24 on the basis of representative claim 11. See 37 C.F.R. § 41.37(c)(1)(vii)(2004).1 1 Appellants filed a Notice of Appeal on April 22, 2011. The date of filing the Notice of Appeal determines which set of rules applies to an ex parte appeal. If a Notice of Appeal is filed prior to January 23, 2012, then the 2004 version of the Board Rules last published in the 2011 edition of Title 37 of the Code of Federal Regulations (37 C.F.R. § 41.1) applies to the appeal. See also MPEP 1220, Rev. 8, July 2010. Appeal 2011-012251 Application 11/522,462 4 ANALYSIS We disagree with Appellants' contentions set forth in the Briefs regarding the Examiner's obviousness rejection of the claims. We adopt as our own: (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken (Final 2-6), and (2) the reasons set forth by the Examiner in the Answer in response to arguments made in Appellants' Appeal Brief. (Ans. 10-16). We highlight and address specific findings and arguments below. Claim Construction As an initial matter of claim construction, we conclude claims 1-5 and 7-12 are system claims that contain statements of intended use. Appellants’ arguments urging patentability are directed to limitations that may not be accorded patentable weight (e.g. at claim 1, “a traffic separator for separating . . . tagging . . . and generating”). “An intended use or purpose usually will not limit the scope of the claim because such statements usually do no more than define a context in which the invention operates.” Boehringer Ingelheim Vetmedica, Inc. v. Schering-Plough Corp., 320 F.3d 1339, 1345 (Fed. Cir. 2003). Although “[s]uch statements often . . . appear in the claim's preamble . . .” In re Stencel, 828 F.2d 751, 754 (Fed. Cir. 1987), a statement of intended use or purpose can appear elsewhere in a claim. Id. Even if we assume arguendo the aforementioned statements of intended use may be accorded patentable weight by our reviewing court, we find the weight of the evidence supports the Examiner's underlying factual findings and ultimate legal conclusion of obviousness for the reasons discussed below. Appeal 2011-012251 Application 11/522,462 5 Representative Independent Claim 1 Issue: Under § 103, did the Examiner err in finding the cited combination of references would have taught or suggested “separating said benign traffic of said archive from said malicious traffic of said archive, tagging each benign packet of the benign traffic with an associated indicator, and generating clean traffic from said benign traffic,” within the meaning of representative claim 1 (emphasis added)? Appellants argue that no single reference teaches tagging each benign packet with an associated indicator. Appellants contend: paragraph [0024] of Beser actually discloses packets that are tagged with "proper VLAN identification." Beser is entirely silent regarding tagging of each benign packet with an associated indicator. Thus, Beser cannot remedy the admitted deficiencies of the other references. (Reply Br. 3). However, the Examiner’s rejection of claim 1 (Ans. 5), is based on the combined teachings and suggestions of the cited references. The Examiner finds “Frattura is silent on intercepted benign traffic, and separating benign traffic. Hiscock discloses intercepted benign traffic, and separating benign traffic [0049].” (Ans. 5). The Court of Appeals for the Federal Circuit has determined that one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 426 (CCPA 1981); In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). We agree with the Examiner that Hiscock would have taught or suggested separating benign traffic, as claimed. (Ans. 11; Final 2). Hiscock Appeal 2011-012251 Application 11/522,462 6 expressly discloses “thoroughly evaluate the suspicious traffic in order to separate out and return the benign portion of the suspicious traffic to the data flow” ([0049], emphasis added). We find no deficiencies in Hiscock regarding the contested limitation of “separating said benign traffic of said archive from said malicious traffic of said archive.” (Claim 1, emphasis added). Furthermore, Beser discloses tagging of packets with an associated indicator (Ans. 11, 12; Final 3). Appellants acknowledge that “paragraph [0024] of Beser discloses packets that are tagged with ‘proper VLAN identification.’” (Reply Br. 3). Thus, we find no deficiencies in Beser regarding the claimed tagging each packet with an associated indicator. The Appellants further contend “Spatscheck fails to tag benign packets. Consequently, Spatscheck cannot generate clean traffic in the recited manner” (App. Br. 11). Again, Appellants are attacking the teachings of the cited references in isolation, without considering the combined teachings and suggestions shown by the Examiner. We find the combination of Beser and Hiscock teaches tagging benign packets, as discussed supra. Furthermore, Spatscheck teaches generating scrubbed “clean traffic” (Ans. 12, citing Spatscheck [0024]). In summary, Examiner relies on Frattura and Hiscock as teaching identifying and separating benign from malicious packets, Beser as teaching tagged packets, and Spatscheck as teaching generating clean traffic. The cited art must be read, not in isolation, but for what it fairly teaches in combination with the prior art as a whole. See Merck, 800 F.2d at 1097 (Fed. Cir. 1986). Accordingly, on this record, we are not persuaded the Examiner erred. We sustain the Examiner’s § 103 rejection of representative claim 1, and Appeal 2011-012251 Application 11/522,462 7 grouped claim 14 (not argued separately) which falls therewith. See 37 C.F.R. § 41.37(c)(1)(vii)(2004). Representative Claim 2 Issue: Under § 103, did the Examiner err in finding the cited combination of references would have taught or suggested “a tagging module . . . for receiving the benign traffic and the malicious traffic from said attack detection module, tagging each malicious packet of said malicious traffic with an associated indicator indicating that said malicious packet is malicious,” within the meaning of representative claim 2 (emphases added)? The Appellants contend “Frattura is silent regarding any tagging of malicious packets. Moreover, Frattura fails to associate any indicators with malicious packets” (App. Br. 12). Appellants again are attacking each reference in isolation. As we discussed supra regarding claim 1, Beser teaches tagging packets with a VLAN tag (Beser 0024; Ans. 11, 12; Reply Br. 3). The Examiner further points out that: Frattura discloses the mirrored network traffic can include malicious, unauthorized, unauthenticated, or suspect data [0024]. Frattura discloses the network devices support the ability to mirror network traffic remotely over a network by utilizing the VLAN tag of the frame in a virtual LAN environment. Frattura discloses in a VLAN environment, remotely mirrored network traffic may have a specific VLAN tag the network devices on the network have been configured to direct the mirrored network traffic to specified portions[0070]. This is consistent with the specification that discloses that tagging can be one of VLAN tagging (see page 6 of Applicant's specification). Appeal 2011-012251 Application 11/522,462 8 (Ans. 14). Beser was relied upon for tagging packets, because Frattura nor Hiscock disclosed tagging packets (see previous rejection page 3). Beser discloses tagging a packet with an associated indicator [0024]. (Ans. 14). We agree with the Examiner. The Examiner relies upon the combined teachings and suggestions of the cited references in support of the ultimate legal conclusion of obviousness. (See Final 3, “Same [m]otivation as claim 1.”). Accordingly, on this record, we are not persuaded the Examiner erred. We sustain the Examiner’s § 103 rejection of representative claim 2, and grouped claims 10, 15, and 23 (not argued separately) which fall therewith. See 37 C.F.R. § 41.37(c)(1)(vii)(2004). Claim 3 Issue: Under § 103, did the Examiner err in finding the cited combination of references would have taught or suggested “a replay engine for accessing both said benign traffic and said malicious traffic stored in said archive, wherein said traffic separator is coupled to an output of said replay engine” within the meaning of claim 3 (emphases added)? The Appellants contend “Frattura fails to show a replay engine having an output coupled to a traffic separator.” (App. Br. 13). The Examiner disagrees: Frattura discloses the network tap device (i.e. traffic separator) may be connectable to a mirroring port of a network relay device (i.e. replay engine) [0026]. Frattura discloses the Appeal 2011-012251 Application 11/522,462 9 network tap device directs the traffic it receives at its combiner function and passes it to a mirror monitor function, and transmits into the network destined to a mirror destination [0082]. (Ans. 14 and 15). We agree with the Examiner. We find no deficiencies in Frattura regarding the claimed traffic separator (Frattura, “network tap device”) coupled to an output (Frattura, “mirroring port”) of said replay engine (Frattura, “network relay device”). Accordingly, on this record, we are not persuaded the Examiner erred. We sustain the Examiner’s § 103 rejection of claim 3. Representative Claim 7 Issue: Under § 103, did the Examiner err in finding the cited combination of references would have taught or suggested “an attack detection module . . . identifying said benign traffic as benign, and identifying said malicious traffic as malicious,” within the meaning of claim 7 (emphasis added)? The Appellants contend “Frattura is silent regarding separate identification of both benign and malicious traffic” (App. Br. 14). However, The Examiner’s final rejection sets forth the basis for the rejection: Same Motivation as claim 3. As per claim 7, Frattura discloses an attack detection module coupled to said archive for receiving from said archive malicious traffic and for identifying said malicious traffic as malicious [0007, 0023-0024, 0046, 0057]. Frattura does not disclose benign traffic, and identifying benign traffic. Hiscock discloses benign traffic [0049]. Appeal 2011-012251 Application 11/522,462 10 (Final 5). We find no deficiencies regarding the Examiner’s analysis. Accordingly, on this record, we are not persuaded the Examiner erred. We sustain the Examiner’s § 103 rejection of representative claim 7, and grouped claim 20 (not argued separately) which falls therewith. See 37 C.F.R. § 41.37(c)(1)(vii)(2004). Representative Claim 11 Issue: Under § 103, did the Examiner err in finding the cited combination of references would have taught or suggested “wherein the tagging module is for sending said benign traffic and each respective tagged malicious packet to said archive for storage,” within the meaning of claim 11 (emphasis added)? The Appellants again contend Frattura is silent regarding tagging of malicious traffic (App. Br. 15). The tagging mechanism of base claim 1 has been discussed supra with regard to claim 1, from which claim 11 indirectly depends. Therefore, Appellants’ contentions are not persuasive. The Appellants further contend that Frattura fails to disclose storage of both tagged malicious packets and benign traffic (App. Br. 15). With regard to the storage of both tagged malicious packets and benign traffic, Appellants’ argument attacks Frattura in isolation, whereas the Examiner’s rejection relies on the combined teachings and suggestions of Frattura, Hiscock, Beser, and Spatscheck. As noted with regard to claim 7 supra, we agree with the Examiner’s finding that the combination of Frattura and Hiscock would have taught or suggested identifying both malicious and benign packets, as claimed. Appeal 2011-012251 Application 11/522,462 11 Accordingly, on this record, we are not persuaded the Examiner erred. We sustain the Examiner’s § 103 rejection of representative claim 11, and grouped claim 24 (not argued separately) which falls therewith. See 37 C.F.R. § 41.37(c)(1)(vii)(2004). Remaining Dependent Claims Appellants contend that the dependent claims, not otherwise argued, are allowable due to their respective dependencies from allowable base claims (App. Br. 16). We agree with the Examiner’s rejection of independent claims 1 and 14 under §103, for the reasons discussed supra. Therefore, we sustain the Examiner’s rejection of the remaining dependent claims 4, 5, 8, 9, 12, 16, 17, 19, 21, 22, and 25, under § 103. Reply Brief To the extent Appellants’ advance new arguments in the Reply Brief not in response to a shift in the Examiner’s position in the Answer, we note that “[a]ny bases for asserting error, whether factual or legal, that are not raised in the principal brief are waived.” Ex parte Borden, 93 USPQ2d 1473, 1474 (BPAI 2010) (informative). Cf. with Optivus Tech., Inc. v. Ion Beam Appl’ns. S.A., 469 F.3d 978, 989 (Fed. Cir. 2006) (“[A]n issue not raised by an appellant in its opening brief . . . is waived.”) (Citations and quotation marks omitted). Appeal 2011-012251 Application 11/522,462 12 DECISION We affirm the Examiner’s decision rejecting claims 1-5, 7-12, 14-17, and 19-25 under § 103. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 41.50(f). AFFIRMED tj Copy with citationCopy as parenthetical citation
