11920903 (P.T.A.B. Jun. 21, 2016)

Ex Parte Maher

Patent Trial and Appeal BoardJun 21, 2016

11920903 (P.T.A.B. Jun. 21, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 111920,903 11/21/2007 25223 7590 06/23/2016 WHITEFORD, TAYLOR & PRESTON, LLP ATTN: GREGORY M STONE SEVEN SAINT PAUL STREET BALTIMORE, MD 21202-1626 FIRST NAMED INVENTOR Thomas Maher UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 081196/00004 9299 EXAMINER LE,CANH ART UNIT PAPER NUMBER 2439 NOTIFICATION DATE DELIVERY MODE 06/23/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): patents@wtplaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte THOMAS MAHER Appeal2015-000369 Application 11/920,903 Technology Center 2400 Before JOHN A. EV ANS, MIRIAM L. QUINN, and ALEX S. YAP, Administrative Patent Judges. YAP, Administrative Patent Judge. DECISION ON APPEAL Appellant 1 appeals under 35 U.S.C. Â§ 134(a) from the Examiner's final rejection of claims 1--4, 6-8, 10, 13, 15-19, 21-23, 25, and 28-30. 2 We have jurisdiction under 35 U.S.C. Â§ 6(b ). We affirm. 1 According to Appellant, the real party in interest is Asavie R&D Limited of Dublin, Ireland. (App. Br. 1.) 2 Claims 5, 9, 11, 12, 14, 20, 24, 26, and 27 were previously canceled. (App. Br. 12-17.) Appeal2015-000369 Application 11/920,903 STATEivIENT OF THE CASE Introduction Appellant's invention relates to "a communication system and method to enable secure clients to obtain secure and transparent access to a remote server over an insecure network." (Spec. 1.) Claim 1 is illustrative of Appellant's invention, and is reproduced below: 1. A data transmission system for secure data exchange using transmission control protocol between a client and a server, the system comprising: a broker connected to a client; an agent connected to a server; and an unsecured network link between the broker and agent, wherein the agent and broker are connected through at least a firewall device to exchange data over the unsecured network link, in which: the agent establishes a secure control session with the broker using a secure transport over the unsecured network link; upon receipt of a TCP SYN packet from the client over a secure network, the broker is operative to capture the TCP SYN packet and send a modified control packet to the agent using the secure control session; the agent is operative to receive the modified control packet from the broker and to generate its own TCP SYN packet and to send its own TCP SYN packet to the server; upon receipt of a response packet from the server, the agent is operative to send a response packet to the broker using the secure control session; and upon receipt of a response packet from the agent, the broker is operative to send a response packet to the client; 2 Appeal2015-000369 Application 11/920,903 wherein in the case that an exchange of TCP control packets between the agent and the server indicates establishment of a TCP session, the agent is operative to establish a data channel between the agent and the broker to create a transparent TCP channel between the client and the server and in the case that an exchange of TCP control packets between the agent and the server indicates failure to establish a TCP session, the response packet forwarded by the broker to the client indicates that the connection has failed. Rejections on Appeal Claims 1-3, 10, 13, 15-18, 25, and 28-30 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Shukla (US 2002/0042875 Al; pub. Apr. 11, 2002) ("Shukla") in view of Demmer et al. (US 2004/0243703 Al; pub. Dec. 2, 2004) ("Demmer"), and further in view of Xie et al. (US 7,107,612 Bl; iss. Sept. 12, 2006) ("Xie"). (See Final Office Action (mailed October 3, 2013) ("Final Act.") 6-12.) Claims 4 and 19 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentabie over Shukia in view of Demmer and Xie, and further in view of Shaw et al. (US 7,661,131 Bl; iss. Feb. 9, 2010) ("Shaw"). (See Final Act. 12-13.) Claims 6, 7, 21, and 22 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Shukla in view of Demmer, Xie, and Shaw, and further in view ofBavadekar (US 2003/0009571 Al; pub. Jan. 9, 2003) ("Bavadekar"). (See Final Act. 13-14.) Claims 8 and 23 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Shukla in view of Demmer and Xie, and further in view of Hughes et al. (US 2002/0064128 Al; pub. May 30, 2002) ("Hughes"). (See Final Act. 14--15.) 3 Appeal2015-000369 Application 11/920,903 ANALYSIS We have reviewed the Examiner's rejections in light of Appellant's arguments that the Examiner has erred. We are not persuaded by Appellant's arguments. Argument One Shukla Does not Perform its Operations on Layer 5 The Examiner finds that "Shukla teaches [a] data transmission method for secure data exchange using transmission control protocol ... between a client ... and a server ... using a broker [(gateway GA)] and an agent [(gateway GB)]." (Final Act. 7 (internal citations omitted).) Appellant argues that Shukla fails to disclose that "the agent establishes a secure control session with the broker using a secure transport over the unsecured network link," as recited in independent claims 1 and 16. (App. Br. 6.) Appellant argues that "Shukla never establishes a separate secure control session between gateways GA and GB" because the session created between the gateways is not "a session layer 5 operation." (App. Br. 6-8.) According to Appellant, Shukla teaches operating on session layer 3 instead. (Id.) We are not persuaded by these arguments because Appellant does not offer persuasive evidence or argument that the claims require the recited operations to be performed on session level 5. Even assuming arguendo, that the recited limitation must be performed at layer 5, we agree with the Examiner's findings that Shukla teaches that control sessions between gateways GA and GB can be performed on session layer 5 (e.g., Secure Socket Layer (SSL)). (Ans. 3, 5---6; see also Shukla Figs. 2, 4, 5; i-fi-14, 9, 60, 61, 73.) 4 Appeal2015-000369 Application 11/920,903 Appellant further argues that "the instant invention": â€¢ "implements a proxy that operates at layer 5 (i.e., the session layer), above both TCP and UDP" (App. Br. 7), â€¢ "relies on the isolation of three networks - the client I broker network, the broker I agent network, and the agent I server network " (id. at 8), â€¢ "recognizes that connections between the broker and agent must be initiated by the agent in order to traverse firewalls and NATs" (id.). The argument is unpersuasive because it is not commensurate with claim scope. For example, Appellant's argument suggests that claims 1 and 16 require, without support in the claim language, "a proxy" that operates at layer 5. Further, Appellant has not offered persuasive argument that the Examiner's interpretation is either overbroad or unreasonable. (Ans. 3, 6.) See In re Zietz, 893 F.2d 319, 321 (Fed. Cir. 1989) (holding that although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims). Thus, we are not persuaded that the Examiner erred. Argument Two Shukla Does Not Teach or Suggest the Creation of a New Control Packet Appellant contends that Shukla fails to disclose that "upon receipt of a TCP SYN packet from the client over a secure network, the broker is operative to capture the TCP SYN packet and send a modified control packet to the agent using the secure control session," are recited in claims 1 5 Appeal2015-000369 Application 11/920,903 and 16. (App. Br. 6-7.) 3 Specifically, Appellant argues that this limitation "requires the creation of a separate control packet ... and Shukla never suggests the creation of a new control packet at gateway GA, but merely applies encryption methods and header manipulations to the original packet received from end host A." (Id.) The argument is unpersuasive for two reasons. First, we note that the claim language requires the broker to send "a modified control packet" to the agent, and does not require "the creation of a new control packet," as Appellant argues. Therefore, Appellant's argument is not commensurate with the scope of the claim. Second, we agree with the Examiner's finding that Shukla teaches this limitation. (Ans. 4; see Shukla Figs. 5d, 5e; i-f 78.) Specifically, we agree that adding additional IP and transport layer headers to a control packet and the subsequent encryption of the packet teaches the "modified control packet" limitation in the claims. (Ans. 4.) Furthermore, we are not persuaded by Appellant's argument that Shukla does not teach the "modified control packet." (See App. Br. 6-7.) Specifically, Appellant has not provided persuasive evidence to support its contention that "encryption methods and header manipulations to the original packet" do not teach or suggest the "modified control packet," as recited in the claim. (App. Br. 6---7.) Appellant's assertion in this regard is mere attorney argument and a conclusory statement, which is unsupported by factual evidence, and, thus is entitled to little probative value. In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997); In re De Blauwe, 736 F.2d 3 Appellant also contends that "Demmer fails to cure the above-described shortfalls of Shukla." (App. Br. 8-9.) However, the Examiner is not relying on Demmer for those limitations at issue. (Ans. 7 .) 6 Appeal2015-000369 Application 11/920,903 699, 705 (Fed. Cir. 1984). Accordingly, we are not persuaded that the Examiner erred. Argument Three Shukla Does Not Teach or Suggest the Creation of a New TCP SYN Packet Appellant contends that Shukla fails to disclose that "the agent is operative to receive the modified control packet from the broker and to generate its own TCP SYN packet and to send its own TCP SYN packet to the server," as recited in claims 1 and 16. (App. Br. 7 .) Specifically, similar to the above argument, Appellant contends that this limitation requires the creation of a separate TCP SYN packet by the agent which is then sent to the server [and that] Shukla never suggests the creation of another new control packet at gateway GB, but merely applies encryption methods and header manipulations to the original packet and sends that along to end host B. (App. Br. 7.) We do not agree with Appellant's contentions for the same reasons stated with respect to Argument Two, above. We agree, instead, with the Examiner's finding that Shukla teaches this limitation. (Ans. 4--5; see Shukla i-f 79.) Specifically, we agree that Shukla's descriptions of the "gateway GB 21, strip[ping] off the extra IP and transport layer headers [of the new IP packet,] encrypt[ing] it, and send[ing] ... to the end host B26," teach this limitation. (Ans. 4--5.) Furthermore, we find that Appellant has not provided persuasive evidence to support its contention that "merely appl[ying] encryption methods and header manipulations to the original packet" would not satisfy this limitation. (App. Br. 6-7.) As stated above, the statement is conclusory, constitutes attorney argument, and is entitled to little probative value. In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997); 7 Appeal2015-000369 Application 11/920,903 In re De Blauwe, 736 F.2d 699, 705 (Fed. Cir. 1984). Accordingly, we are not persuaded that Appellant has shown the Examiner erred. Argument Four Xie Does Not Teach or Suggest a Firewall as Claimed Claim 1 recites that "the agent and broker are connected through at least a firewall device to exchange data over the unsecured network link." Claim 16 recites a similar limitation. The Examiner states that while "Shukla and Demmer disclose all limitations [they] do not disclose [a] gateway [that] is connected through a firewall." (Ans. 7.) Nevertheless, the Examiner finds that "Xie discloses [at] each gateway between a private 102 and public network 104 there is a firewall 110[, and that i]t is clear that the combination of Shukla, Demmer, and Xie does disclose" the limitations as recited in the claims. (Ans. 8; see Xie, Fig. 1; 1:61-2:6.) Appellant contends that Xie "provides merely an informal definition of a firewall [and] it does not provide any teaching or suggestion in relation to how to establish communications" as claimed. (App. Br. 9.) We agree with the Examiner's findings, and do not find Appellant's arguments persuasive. First, Appellant has not provided persuasive evidence for its contention that the Xie firewall is different from the recited firewall. Specifically, Appellant argues that Xie does not provide any teaching or suggestion in relation to how to establish communications as claimed in the presence of such a firewall, which blocks outside hosts from communicating directly with inside hosts, thus preventing a client from establishing a session with a server as set forth in Applicant's claims (See App. 9.) Claims 1 and 16, however, merely require that the firewall device exchange data over the unsecured network link," which is consistent 8 Appeal2015-000369 Application 11/920,903 with Xie's teaching of a firewall coupled in-line between a public network and a private network for screening packets received from the public network. (See Xie, 1:59-61.) The screening in Xie is not "blocking" as Appellant argues-as Xie discloses that the firewall processes the packets in accordance with access control list rules before routing the packet to the private network. (See Xie, 2: 14-19.) Therefore, arguing that Xie' s firewall fails to establish communications because it prevents a client session with a server is not persuasive. In addition, firewalls are well-known in the art, and are known to be used "to safeguard [] private networks against intrusions through the gateway provided at the interface of the private and public networks." (Xie, 1 :23---61.) We agree, therefore, with the Examiner's findings that the limitation at issue is taught in Xie, and that it would have been obvious to one of ordinary skill in the art at the time of the invention was make to modify the Shukla and Demmer invention by including the teaching of Xie by further including the agent is connected through at least a firewall to the broker to exchange data over the unsecure network to provide the flexibility of the system, and further to enhance end-to-end secure data communication. (Final Act. 9; Ans. 7-8.) Appellant has not shown that the implementation of a firewall to provide enhanced security in the exchange of data as taught in Shukla and Demmer would have been uniquely challenging or otherwise beyond the level of ordinarily skilled artisans. See Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007). Accordingly, we are not persuaded by Appellant's argument that the Examiner erred. 9 Appeal2015-000369 Application 11/920,903 Argument Five Combination of the Cited References Appellant further contends that "no combination of the cited references enables a person of ordinary skill in the art to arrive at this combination of features." (App. Br. 10.) As discussed above with respect to Argument Four, we do not find Appellant's arguments persuasive. We have found that the Examiner's rejection articulates a reasoning with a rational underpinning for why a person of ordinary skill in the art at the time of the invention would combine Shukla, Demmer, and Xie. (Ans. 8-9; Final Act. 8-9.) See KSR Int 'l Co., v. Teleflex, Inc., 550 U.S. 398, 415, 418 (2007). In contrast, Appellant provides attorney argument and a conclusory statement that is unsupported by persuasive evidence. (See App. Br. 10.) Thus, we are not persuaded that Appellant has shown the Examiner erred. For the reasons discussed above, we are not persuaded by Appellant's contentions with respect to claims 1 and 16. Thus, we sustain the Examiner's rejection of these claims under 35 U.S.C. Â§ 103(a). We also sustain the 35 U.S.C. Â§ 103(a) rejection of dependent claims 2--4, 6-8, 10, 13, 15, 17-19, 21-23, 25, and 28-30, which are not argued separately. DECISION The decision of the Examiner to reject claims 1--4, 6-8, 10, 13, 15-19, 21-23, 25, and 28-30 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED 10