13104454 (P.T.A.B. Dec. 28, 2015)

Ex Parte Lippmann et al

Patent Trial and Appeal BoardDec 28, 2015

13104454 (P.T.A.B. Dec. 28, 2015)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/104,454 05/10/2011 19127 7590 12/30/2015 Massachusetts Institute of Technology c/o Daly Crowley Mofford & Durkee LLP 354A Turnpike Street Suite 301A Canton, MA 02021 FIRST NAMED INVENTOR Richard P. Lippmann UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. MIT-185BUS (12095L) 1254 EXAMINER GOLDBERG, ANDREW C ART UNIT PAPER NUMBER 2498 NOTIFICATION DATE DELIVERY MODE 12/30/2015 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): docketing@dc-m.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte RICHARD P. LIPPMANN, KYLE W. INGOLS, and KEITH J. PIWOW ARSKI Appeal2013-008445 Application 13/104,454 Technology Center 2400 Before KAL YANK. DESHPANDE, DAVID M. KOHUT, and JUSTIN T. ARBES, Administrative Patent Judges. KOHUT, Administrative Patent Judge. DECISION ON APPEAL Appeal2013-008445 Application 13/104,454 STATEMENT OF CASE 1 Appellants seek review under 35 U.S.C. Â§ 134(a) of the Examiner's Final Rejection of claims 1-31. We have jurisdiction over the appeal pursuant to 35 U.S.C. Â§ 6(b ). 2:1-3. We REVERSE. INVENTION The invention is directed to the generation of attack graphs. Spec. Claim 1 is illustrative of the invention and is reproduced below: 1. A computer-implemented method to generate an attack graph, the method comprising: using a computer for performing processing, the processmg compnsmg: generating a first state node representing a starting point of a cyber attack and corresponding to access to a first host in a network; generating a first directed edge from the first state node to a first prerequisite node, the first prerequisite node having a first precondition satisfied by the first state node; generating a second directed edge from the first prerequisite node to a first vulnerability instance node, the first vulnerability instance node having a second precondition satisfied by the first prerequisite node; generating a third directed edge from the first vulnerability instance node to a second state node, the second state node having a third precondition satisfied by the first vulnerability node; and 1 Our decision makes reference to Appellants' Appeal Brief ("App. Br.," filed Jan. 14, 2013) and Reply Brief ("Reply Br.," filed June 14, 2013), and the Examiner's Answer ("Ans.," mailed Apr. 15, 2013) and Final Office Action ("Final Act.," mailed Aug. 14, 2012). 2 Appeal2013-008445 Application 13/104,454 determining if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising: the first state node; the first vulnerability instance node; the first prerequisite node; and the second state node. App. Br. 27. Baum-Waidner Lippmann Swiler REFERENCES US 2005/0027981 Al US 2005/0138413 Al US 7,013,395 Bl Feb.3,2005 June 23, 2005 Mar. 14, 2006 Steven Noel et al., Multiple Coordinated Views for Network Attack Graphs, 2005 IEEE Workshop on Visualization for Computer Security, October 26, 2005. REJECTIONS AT ISSUE2 Claims 1--4, 6-9, 13, 14, 16-27, and 29--31 are rejected under 35 U.S.C. Â§ 103(a) as obvious over Noel. Ans. 6-10. Claims 5 and 28 are rejected under 35 U.S.C. Â§ 103(a) as obvious over the combination of Noel and Lippmann. Ans. 10-11. Claims 10-12 are rejected under 35 U.S.C. Â§ 103(a) as obvious over the combination of Noel and Baum-Waidner. Ans. 11-12. Claim 15 is rejected under 35 U.S.C. Â§ 103(a) as obvious over the combination ofNoel and Swiler. Ans. 12-13. Claims 1-16 are rejected under 35 U.S.C. Â§ 101 as being directed to patent-ineligible subject matter. Ans. 4--5, 19. 2 The Examiner has withdrawn the 35 U.S.C. Â§ 112, second paragraph, rejection of claims 1-31. See Ans. 18; Final Act. 3--4. 3 Appeal2013-008445 Application 13/104,454 ISSUES Did the Examiner err in finding that Noel teaches "generating a second directed edge from the first prerequisite node to a first vulnerability instance node," as recited in independent claim 1, and similarly recited in independent claims 1 7, 21, and 24? Did the Examiner err in finding that Noel teaches "each vulnerability instance node on the attack graph ha[ s] a single directed edge from the vulnerability instance node to exactly one state node," as recited in independent claim 30? Did the Examiner err in concluding that claims 1-16 are directed to patent-ineligible subject matter? ANALYSIS Claims 1-29 rejected under 35 U.S.C. Â§ 103(a) Appellants argue the Examiner erred by finding Noel teaches the generation of "a second directed edge from the first prerequisite node to a first vulnerability instance node," as recited in claim 1 and similarly recited in claims 17, 21, and 24. App. Br. 18-19; Reply Br. 2--4. Claims 2-16, 18-20, 22, 23, and 25-29 are dependent upon claims 1, 17, 21, and 24 (respectively). Appellants contend that the Examiner erred in finding that Noel teaches this disputed limitation because the connection indicated by the Examiner is not a directed edge. Id. We agree with Appellants. The Examiner finds that Noel's m3 node serves as the recited first prerequisite node. Final Act. 6---7; Ans. 16-17. Additionally, the Examiner finds that Noel's m8 node corresponds to the first vulnerability node. Id. Thus, the Examiner finds that the connection between m3 and m8 teaches the recited limitation. Id. 4 Appeal2013-008445 Application 13/104,454 However, although the Examiner indicates (Ans. 16-17) that the claim does not require a "direct" connection, the Examiner does not show that Noel teaches a "directed edge," as required by the claims. The specification describes "directed edges" as "connections between nodes." Spec. 9:20---21. The plain and ordinary meaning of a "directed edge" is a line connecting a pair of nodes that is drawn with an arrow to indicate a direction of travel between the nodes, while an undirected edge lacks an arrow to indicate direction. 3 The edges connecting nodes m3 and m8 of Noel are not directed because they lack an arrow indicating the direction of the edge. See Noel, Fig. 4. As such, at best Noel discloses an "undirected edge," not a "directed edge." Therefore, the Examiner has not shown that there is a directed edge generated from one node to the other. Accordingly, we do not sustain the Examiner's rejection of independent claims 1, 17, 21, and 24, as well as dependent claims 2-16, 18- 20, 22, 23, and 25-29. We also note that Appellants make additional arguments with respect to claims 1-29. App. Br. 13-23; Reply Br. 2-7. However, we need not address the additional arguments because the issues decided herein are dispositive of the appeal. Claims 30 and 31 rejected under 35 U.S.C. Â§ 103(a) Claim 3 0 recites "each vulnerability instance node on the attack graph having a single directed edge from the vulnerability instance node to exactly one state node." Claim 31 is dependent upon claim 30. The Examiner finds that each of Noel's vulnerability nodes, ml-m3, has one directed edge to a 3 Dictionary of Applied Math for Engineers and Scientists (Emma Previato, ed., CRC Press, 2003). 5 Appeal2013-008445 Application 13/104,454 subnet that may serve as state nodes. Ans. 14 (citing Noel, Fig. 2). Additionally, the Examiner finds that Noel teaches, in Figure 2, vulnerability instance nodes (ml-m3) having directed edges to a subnet of machines. Id. Thus, the Examiner finds that Noel teaches vulnerability nodes with directed edges to one state node. Id. We disagree with the Examiner. As argued by Appellants, in Figure 4 of Noel, there is more than one directed edge from m8 to other nodes. App. Br. 11. Similarly, with respect to Noel's Figure 2 and nodes ml-m3, Appellants contend that there are "two edges extending from these nodes." Reply Br. 8. Thus, Appellants argue that Noel fails to teach each node having one directed edge to only one state node, as required by the claim. We agree with Appellants. The figures of Noel cited by the Examiner show either one edge that is not directed or more than one directed edge. Accordingly, we cannot sustain the Examiner's rejection of claim 30 and claim 31, which Appellants contend stands or falls with claim 30. We also note that Appellants make additional arguments with respect to claims 30 and 31. App. Br. 9--12; Reply Br. 7-8. However, we need not address the additional arguments because the issues decided herein are dispositive of the appeal. Claims 1-16 under 35 U.S.C. Â§ 101 The Examiner concludes that claims 1-16 are patent-ineligible because they are directed to an abstract idea comprising mental steps that can be performed by a human with only a nominal recitation of a computer. Ans. 4. The Examiner states: "As claimed it appears that the steps may be performed by a human with a pencil and paper. A human can draw a state 6 Appeal2013-008445 Application 13/104,454 node, directed edges, and determine using his or her mind ... a potential node." Id. at 4--5. We do not find that the Examiner's reasoning is sufficient to sustain the 35 U.S.C. Â§ 101 rejection. We note that the Examiner's analysis predates the 2014 Interim Guidance on Patent Subject Matter Eligibility and July 2015 Update on Subject Matter Eligibility provided by the Office. We recommend that the Examiner review claims 1- 31 in light of the Guidance that describes the required analysis for subject matter eligibility in light of Alice Corp. Pty. Ltd. v. CLS Banklnt'l, 134 S. Ct. 2347 (2014). CONCLUSION The Examiner erred in finding that Noel teaches "generating a second directed edge from the first prerequisite node to a first vulnerability instance node," as recited in independent claim 1, and similarly recited in independent claims 17, 21, and 24. The Examiner erred in finding that Noel teaches "each vulnerability instance node on the attack graph ha[ s] a single directed edge from the vulnerability instance node to exactly one state node," as recited in independent claim 30. The Examiner erred in concluding that claims 1-16 are directed to patent-ineligible subject matter. SUMMARY The Examiner's decision to reject claims 1--4, 6-9, 13, 14, 16-27, and 29-31under35 U.S.C. Â§ 103(a) as obvious over Noel is reversed. 7 Appeal2013-008445 Application 13/104,454 The Examiner's decision to reject claims 5 and 28 under 35 U.S.C. Â§ 103(a) as obvious over the combination of Noel and Lippmann is reversed. The Examiner's decision to reject claims 10-12 under 35 U.S.C. Â§ 103 (a) as obvious over the combination of Noel and Baum-Waidner is reversed. The Examiner's decision to reject claim 15 under 35 U.S.C. Â§ 103(a) as obvious over the combination of Noel and Swiler is reversed. The Examiner's decision to reject claims 1-16 under 35 U.S.C. Â§ 101 for being directed to patent-ineligible subject matter is reversed. REVERSED JRG 8