Ex Parte Liu et alDownload PDFPatent Trial and Appeal BoardSep 26, 201814330722 (P.T.A.B. Sep. 26, 2018) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 14/330,722 07/14/2014 97698 7590 09/28/2018 Huawei Technologies Co., Ltd. c/o Conley Rose, P.C. 5601 Granite Parkway, Suite 500 Plano, TX 75024 FIRST NAMED INVENTOR Gaoqiang Liu UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 4202-59400 1066 EXAMINER SALEHI, HELAI ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 09/28/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): dallaspatents@dfw.conleyrose.com uspatent@huawei.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte GAOQIANG LIU, YONGBO PAN, and LI YANG Appeal2018-002798 Application 14/330,722 1 Technology Center 2400 Before ELENI MANTIS MERCADER, CARL W. WHITEHEAD JR., and BETH Z. SHAW, Administrative Patent Judges. MANTIS MERCADER, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134 from a rejection of claims 1, 5, 6, 15, 19, 21, 22, 24, and 25. We have jurisdiction under 35 U.S.C. § 6(b ). We affirm. 1 According to Appellants the real party in interest is Huawei Technologies Co., Ltd. App. Br. 3. Appeal2018-002798 Application 14/330,722 CLAIMED SUBJECT MATTER The claims are directed to attack defense method and device. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. An attack defense method implemented by a network device deployed between a client and a server, the method comprising: monitoring a transmission control protocol (TCP) connection established between the client and the server; counting a number of negotiation packets transmitted over the TCP connection, wherein the negotiation packets are of a Change Cipher Spec type used in a secure socket layer (SSL) handshake process; obtaining a number of renegotiations over the TCP connection by subtracting one from the number of negotiation packets of the change cipher specification type; determining that the TCP connection is abnormal when the number of the renegotiations over the TCP connection is greater than a first threshold preset in a memory of the network device; and disconnecting the TCP connection when the TCP connection is abnormal. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Swander Hsu Zhang MATSUO US 2004/0133798 Al Jul. 8, 2004 US 2008/0082658 Al Apr. 3, 2008 US 2010/0064366 Al Mar. 11, 2010 US 2012/0250866 Al Oct. 4, 2012 2 Appeal2018-002798 Application 14/330,722 REJECTIONS Claims 1, 15, and 22 stand rejected under 35 U.S.C § 103(a) as being unpatentable over Matsuo in view of Swander. Claims 5, 6, 19, 21, 24 and 25 stand rejected under 35 U.S.C § 103(a) as being unpatentable over Matsuo in view of Swander and further in view of Zhang. OPINION We adopt the Examiner's findings and conclusions in the Answer and Final Action. We add the following primarily for emphasis. Appellants argue the combination of Matsuo and Swander does not teach or suggest the limitation of "obtaining a number of renegotiations over the TCP connection" as recited in claim 1. App. Br. 8-10. In particular Appellants argue that Swander never mentions that the IKE [key management and exchange protocol] packets are transmitted over a TCP connection. App. Br. 8. According to Appellants, Swander' s paragraphs 9- 11 state that NAT [network address translation device] can change the source port in UDP [User Datagram Protocol] headers during DOS [denial- of-service] attacks because IKE negotiation process only involve UDP header. App. Br. 9. The Examiner finds, and we agree, that Swander teaches "responder limits the maximum number of IKE negotiations for source IP address . . . 6 per port ... 30 for IP address" (para. 47), and "sets limit on number of process IKE negotiations on a per port basis or per IP address ... [ o ]nee the responder 134 sets the limit on the number of in process IKE negotiations .. . determines whether the maximum number has been reached ... If the 3 Appeal2018-002798 Application 14/330,722 maximum has been reached, the responder 134 does not maintain state and does not process with the IKE main mode negotiation" (para. 50). Ans. 16. Swander further teaches, "the NAT may also change a source port in a transport layer header, e.g. TCP header or UDP header, within the IP packet to ensure that each initiator sends packets with a unique combination of IP addresses and ports over the external network" (Ans. 16 citing para. 9). We agree with the Examiner that Swander does suggest that the transport layer can be a TCP header in paragraph 9 and paragraph 11 does not teach away from using a TCP header simply because UDP headers are addressed. See Ans. 16. Nor are we persuaded by Appellants' arguments that paragraph 11 teaches that the "NAT can change the source port in UDP headers during DOS attacks because IKE negotiation process only involve UDP header" (App. Br. 9) because paragraph 9 states: The NAT may also change a source port in a transport layer header, e.g. TCP or UDP header, within the IP packet to ensure that each initiator sends packets with a unique combination of IP addresses and ports over the external network. Thus, when the initiator is behind a NAT and sends an IKE packet destined for a responder on the external network, the NAT typically changes the source port from 5 00 to some other value, which may be selected from one of over 64,000 ports. See Para. 9. Thus, contrary to Appellants' argument, the NAT can change the source port not only when UDP headers are involved, but also when TCP headers are involved. Thus, we agree with the Examiner's conclusion that there is no reason that the TCP could not be used (based on para. 9) within the NAT, and hence Swander does associate the in-process IKE negotiations with a particular TCP connection. See Ans. 17. 4 Appeal2018-002798 Application 14/330,722 We note that our reviewing Court stated: A reference may be said to teach away when a person of ordinary skill, upon reading the reference, would be discouraged from following the path set out in the reference, or would be led in a direction divergent from the path that was taken by the applicant. The degree of teaching away will of course depend on the particular facts; in general, a reference will teach away if it suggests that the line of development flowing from the reference's disclosure is unlikely to be productive of the result sought by the applicant. In re Gurley, 27 F.3d 551, 553 (Fed. Cir. 1994) (citing United States v. Adams, 383 U.S. 39, 52 (1966)). In the instant case, neither reference discourages a person of ordinary skill in the art from using the TCP protocol rather than the UDP protocol in IKE negotiations. Furthermore, "one cannot show non-obviousness by attacking references individually where ... the rejections are based on combinations of references." In re Keller, 642 F.2d 413,426 (CCPA 1981). We note that Matsuo teaches denial of service attacks when monitoring a TCP connection having Change Cipher Spec type packets and Swander teaches determining that a connection is abnormal when the number of the renegotiations is greater than a threshold. See Final Action 4--5. As we stated above, while Swander teaches in paragraph 9, the "NAT may also change a source port in a transport layer header, e.g. TCP or UDP header within the IP packet," nothing precludes the suggestion of TCP packets being used. Accordingly, we affirm the Examiner's rejection of claim 1 and for the same reasons the rejections of claims 5, 6, 15, 19, 21, 22, 24, and 25. 5 Appeal2018-002798 Application 14/330,722 DECISION The Examiner's rejection of claims 5, 6, 15, 19, 21, 22, 24, and 25 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 6 Copy with citationCopy as parenthetical citation
