Ex Parte Myers et alDownload PDFBoard of Patent Appeals and InterferencesSep 11, 201210421716 (B.P.A.I. Sep. 11, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________________ Ex parte ROBERT L. MYERS and PAULO NEVES FRANCISCO ____________________ Appeal 2009-015090 Application 10/421,716 Technology Center 2400 ____________________ Before ALLEN R. MacDONALD, ERIC S. FRAHM, and TREVOR JEFFERSON, Administrative Patent Judges. FRAHM, Administrative Patent Judge. DECISION ON APPEAL Appeal 2009-015090 Application 10/421,716 2 STATEMENT OF THE CASE Introduction Appellants appeal under 35 U.S.C. § 134(a) from a final rejection of claims 1-18, 20, and 21, all the claims pending in the application. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Appellants’ Invention Appellants disclose a method of preventing network address spoofing within a wireless network. Abs. More particularly, Appellants claim a method of preventing network address spoofing in respect of a plurality of mobile units including executing an anti-spoofing protocol upon the determination of first and second mobile units having network addresses that match (claim 1), and wireless networks including similarly recited execution of an anti-spoofing protocol (claims 11 and 21). Exemplary Claim An understanding of the invention can be derived from a reading of exemplary claim 1, which is reproduced below with emphases added (parentheses and lettering in original): 1. A method for preventing network address spoofing in respect of a plurality of mobile units within a wireless network, said wireless network including an access controller: (a) registering first and second radio units with the access controller, said access controller providing control and data path linkage to said first and second radio units, packet based communications between said first and second radio units and said access controller having two separate layers, said first and second radio units communicating with said access controller in a first of said two separate layers, Appeal 2009-015090 Application 10/421,716 3 (b) associating in said access controller a first mobile unit to the first radio unit, determining from a second layer of said two separate layers the network address of said first mobile unit and maintaining a connectivity record in said access controller that contains said network address and that indicates an association with said first radio unit; (c) receiving in said access controller an associate request in said second layer from a second mobile unit to associate with the second radio unit and determining from said second layer the network address of said second mobile unit; (d) determining if the network address of the second mobile unit is the same as the network address of the first mobile unit; (e) if the determination in (d) is true then retrieving the connectivity record associated with the network address of said first and second mobile units and determining whether said connectivity record indicates an association with the first radio unit; and (f ) if the determination in (e) is true then executing an anti-spoofing protocol. The Examiner’s Rejection1 The Examiner rejected claims 1-18, 20, and 21 as being anticipated under 35 U.S.C. § 102(e) by Whelan (US 2004/0003285) (Ans. 3-8). 1 In the Final Rejection, claims 1-10 were rejected under 35 U.S.C. § 112, second paragraph, for ambiguities (Final Rej. 2-3). Appellants corrected the ambiguities in an after-Final Amendment that was entered by the Examiner (see Advisory Action mailed Oct. 20, 2008). Thus, the § 112, second paragraph, rejection has been withdrawn. Appeal 2009-015090 Application 10/421,716 4 Appellants’ Contentions Appellants contend (App. Br. 8-13; Reply Br. 3-5) that the Examiner erred in rejecting claims 1-18, 20, and 21 under 35 U.S.C. § 102(e) for numerous reasons, including Whelan does not disclose: (1) executing an anti-spoofing protocol (App. Br. 10-11, 13; Reply Br. 4-5); (2) associating the mobile units with the access controller (App. Br. 10, 12-13); (3) communications between the first and second radio units and the access controller (App. Br. 8-10, 12; Reply Br. 3-5); (4) communication having two separate layers (App. Br. 12; Reply Br. 2-4); and (5) a radio unit layer and a mobile unit layer (App. Br. 12; Reply Br. 1-2). 37 CFR § 41.37(c)(1)(vii) -- Claim Groupings Appellants present two major sets of contentions. A first set of contentions is directed at limitations found in independent claims 1, 11, and 21 (App. Br. 8-13; Reply Br. 2-5). This first set of contentions is generic to all claims, for which claim 1 is representative. The remaining and second set of contentions is directed to limitations found in dependent claim 7, dependent claim 17, and independent claim 21 (App. Br. 12; Reply Br. 1-2). These contentions are exclusive to dependent claim 7 which depends from independent claim 1, dependent claim 17 which depends from independent claim 11, and independent claim 21. Appeal 2009-015090 Application 10/421,716 5 No separate patentability arguments are made for any other dependent claims 2-6, 8-16, 18, and 20. Pursuant to our authority, under 37 C.F.R. § 41.37(c)(1)(vii), we select claims 1 and 7 as representative as follows: We select independent claim 1 as being representative of claims 1-18, 20, and 21 as related to the first group of arguments (App. Br. 8-13; Reply Br. 2-5). We select dependent claim 7 as being representative of claims 7, 17, and 21 as related to the second group of arguments (App. Br. 12; Reply Br. 1-2). Issues on Appeal Based on Appellants’ arguments, the following issues are presented: Did the Examiner err in rejecting claims 1-18, 20, and 21as being anticipated under 35 U.S.C. § 102(e) because Whelan fails to disclose: (1) in the first group of contentions, applicable to all claims: (i) executing an anti-spoofing protocol; (ii) associating the mobile units with the access controller; (iii) communication between the first and second radio units and the access controller; (iv) communication having two separate layers; and (2) in the remaining and second set of contentions, applicable exclusively to claims 7, 17, and 21: (v) a radio unit layer and a mobile unit layer? Appeal 2009-015090 Application 10/421,716 6 ANALYSIS We have reviewed the Examiner’s rejections in light of the Appellants’ contention in the Appeal Brief (App. Br. 8-13) and the Reply Brief (Reply Br. 1-5) that the Examiner has erred. We disagree with Appellants’ conclusions. We adopt as our own (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken and (2) the reasons set forth by the Examiner in the Examiner’s Answer in response to the Appellants’ Appeal Brief (see Ans. 4-5, 9-10). We concur with the conclusion of anticipation reached by the Examiner, and highlight, address, and amplify specific findings and arguments for emphasis as follows. (1) Appellants’ Contentions regarding representative claim 1 (i) Anti-spoofing protocol Appellants argue (App. Br. 10-11, 13; Reply Br. 4-5) that Whelan fails to disclose “executing an anti-spoofing protocol” as required by claim 1(f). We disagree. The “anti-spoofing protocol” required by claim 1(f) must be read in the context of “determining if the network addresses of [the first and] second mobile unit[s] [match]” required by claim 1(d). The Examiner properly rejected claim 1(d) and claim 1(f) with paragraphs [0039] and [0041], respectively (Ans. 5). These paragraphs are reproduced below for convenience: [0039] The network monitor may also attempt to disable communications between the network and the rogue access point from the network in step 250. In one embodiment, the monitor changes the MAC address filter settings on the rogue access point to exclude all MAC addresses, effectively Appeal 2009-015090 Application 10/421,716 7 preventing the use on the rogue access point on the network. In another embodiment, the monitor changes the routing table settings of network devices such as routers or switches to prevent network traffic to and from the rogue access point and thereby minimize the risk to the network. The network monitor may also attempt to disable the radio of rogue access point, or to reset the rogue access point to factory default settings that are more easily managed. Other techniques, such as an echo attack, or sending connection close or reset TCP/IP messages to rogue wireless devices may alternatively be used to disable communications. (Whelan, ¶ [0039] (emphasis added)). [0041] In one preferred embodiment, the network monitor monitors the network for spoofing by checking switch interface tables for MAC addresses that appear on more than one port. If the same MAC address appears on two different ports of a switch, then one of the MAC addresses is a rogue device. (Whelan, ¶ [0041] (emphasis added)). Whelan discloses the network monitor finds rogue wireless devices by checking for MAC spoofing, or i.e., if the network addresses of two wireless devices match, then one of the two is identified as a rogue wireless device (¶ [0041]). Whelan further discloses that the network monitor disables communication between the network and the rogue device (¶ [0039]). Disabling communication is not limited to only rogue access points, but to rogue wireless devices (e.g., ¶ [0039]; also see Fig. 1, element labeled “rogue MU,” which is a rogue mobile unit not a rogue access point). The disabling of communication between the network and a rogue wireless device, that was found during the checking for MAC spoofing, meets the required anti-spoofing protocol (¶¶ [0039], [0041]). Appeal 2009-015090 Application 10/421,716 8 Therefore, we agree with the Examiner (Ans. 5, 10) that Whelan discloses executing an anti-spoofing protocol as required by representative claim 1. (ii) Associating the mobile units with the access controller Appellants’ contentions (App. Br. 10, 12-13) that Whelan does not disclose associating the mobile units with the access controller is unpersuasive because these arguments are not commensurate in scope with the language of representative claim 1. Appellants allege that claim 1(b) requires “associating the mobile units with the access controller” (App. Br. 10). We disagree. Presently, with respect to the first mobile unit, claim 1 requires “associating in said access controller a first mobile unit to the first radio unit” (claim 1(b)). Or in other words, the first mobile unit is associated with the first radio unit, not with the access controller. With respect to the second mobile unit, claim 1 requires “receiving in said access controller an associate request... from a second mobile unit to associate with the second radio unit” (claim 1(c)). Or in short, the access controller receives an associate request to associate with the second radio unit, but does not require associating the second mobile. Therefore, representative claim 1 does not require the argued limitations and these arguments are not commensurate in scope. Appellants argue (App. Br. 10, 12-13) that Whelan does not disclose associating the mobile units with the access controller. These arguments are not commensurate in scope with the language of representative claim 1. Representative claim 1 requires associating a first mobile unit with the first radio unit and maintaining a connectivity record in the access controller. Appeal 2009-015090 Application 10/421,716 9 Insofar that Appellants have argued that Whelan fails to disclose these limitations which are present in the claim, we disagree. Appellants acknowledge that Whelan’s network monitor maintains a database of known and/or authorized wireless devices and known or authorized access points (App. Br. 11). The Examiner asserts that the access points are configured to report all wireless devices heard by the access point and the network monitor receives those reported devices of the access points to verify against the database of known or authorized wireless devices or access points (Ans. 4). Whelan’s network monitor, or “access controller” as claimed, maintains a list of known wireless devices that includes not only the wireless access points, but also the other wireless devices including the mobile units that are connected to the network (see e.g., ¶ [0039]). Therefore, we agree with the Examiner (Ans. 4) that Whelan discloses associating a first mobile unit with the first radio unit and maintaining a connectivity record in the access controller as required by representative claim 1. (iii) Communication between the first and second radio units and the access controller Many of Appellants’ assertions are not commensurate in scope with the claim. As brief examples, Appellants assert, inter alia: (1) Whelan does not disclose the access controller provides a strong control and data path linkage to the registered radio units and not rogue access points (App. Br. 11-12); and (2) the “ID information being reported is not being directly reported to the network monitor” (App. Br. 9). However, representative claim 1 claim requires neither a control and data path linkage nor direct Appeal 2009-015090 Application 10/421,716 10 reporting. Of the limitations that are present, it appears that Appellants argue (App. Br. 8-10, 12; Reply Br. 3-5) that Whelan does not disclose communication between the first and second radio units and the network controller because Whelan's network monitor merely “glean[s] [ID information] from the [network] traffic” (e.g., App. Br. 9). We disagree. The Examiner asserts that Whelan discloses communication between the first and second radio units and the network controller because the “network monitor [is] configured to determine whether the reported wireless devices are connected to the network” (¶ [0024]) (Ans. 4, 9-10). Or in other words, information from communications of other wireless devices, notably other access points, on the network is communicated to the network controller. Therefore, we agree with the Examiner (Ans. 4, 9-10) that Whelan discloses communications between the first and second radio units and the access controller. (iv) Communication having two separate layers Appellants argue (App. Br. 12; Reply Br. 2-4) that Whelan fails to disclose communication having two separate layers. We disagree. Appellants acknowledge that, “[t]he best-known example of a [OSI] [l]ayer 3 protocol is the Internet Protocol (IP)” (Reply Br. 2). Appellants also acknowledge that OSI layer 1 has a data unit of a bit and OSI layer 2 has a data unit of a frame, which includes a plurality of bits (Reply. Br. 3; Reply Br., Ex. J). Appellants further acknowledge that the data unit for OSI layer 3, or i.e. the data unit for IP transmissions, is a packet (Reply Br. 2; Reply. Br., Ex. J). Appeal 2009-015090 Application 10/421,716 11 The Examiner asserts that Whelan discloses the communication between the wirelessly connected devices involves at least two separate layers of the OSI model, namely layer 1 and layer 2 (¶ [0005]) (Ans. 10). We agree. Further, Whelan discloses the network communicates via TCP/IP (see e.g., ¶ [0039]), which, per Appellants’ acknowledgments (Reply Br. 2-3, Ex. J), involves OSI layer 3 because TCP/IP relies upon the Internet Protocol (IP). We note that each subsequent layer of the OSI model builds off of the prior layer (see Reply Br., Ex. J). Or in other words, a packet from layer 3 encapsulates a frame from layer 2, which is a plurality of bits from layer 1. Thus, a packet-based transmission utilizing the Internet Protocol involves OSI model layers 3, 2, and 1. These layers are separate layers and there are at least two. Therefore, we agree with the Examiner that Whelan discloses communication having two separate layers. (2) Appellants’ Contentions exclusive to Claims 7, 17, and 21 (v) a radio unit layer and a mobile unit layer2 Appellants argue (App. Br. 12; Reply Br. 1-2) that Whelan fails to 2 The substantive arguments present for claims 7, 17, and 21 were raised for the first time in the Reply Brief (Reply Br. 1-2) and are not present in the principal brief. The Appeal Brief (App. Br. 12) merely point out select claim language and cite portions of the Appellants’ Specification. Such arguments are not considered arguments for separate patentability. 37 C.F.R. § 41.37(c)(1)(vii). Further, these belated arguments or new arguments, unaccompanied by a showing of good cause, were not raised in response to a change in law or in response to a new ground of rejection. They could have been made in the principal brief, but were not. While technically waived, pursuant to our discretion, we respond to these arguments. Appeal 2009-015090 Application 10/421,716 12 disclose a first layer being a radio unit layer and a second layer being a mobile unit layer. We disagree. We agree with the Examiner (Ans. 9) that Whelan discloses the layer in which the access points communicate with the network monitor involves a radio unit layer (Ans. 9) and the layer in which the mobile unit identification is communicated to the network monitor involves a mobile unit layer (Ans. 10). Whelan incorporates by reference, in entirety, the references cited within the disclosure (¶ [0052]), which includes at very minimum 802.11 (e.g., ¶ [0005]), OSI model (¶ [0005]), and TCP/IP (¶ [0035]). A single prior art document may still be considered for purposes of anticipation if further material, not so expressly disclosed, is incorporated by reference in the single prior art document. Advanced Display Sys., Inc. v. Kent State Univ., 212 F.3d 1272, 1282 (Fed. Cir. 2000) (citing Ultradent Prods., Inc. v. Life-Like Cosmetics, Inc., 127 F.3d 1065, 1069 (Fed. Cir. 1997) (holding that material incorporated by reference into a document may be considered in an anticipation determination)). Whelan discloses utilizing agents that receive wireless packets transmitted on the wireless network (¶ [0043]). These agents that communicate with the network monitor (e.g., ¶ [0043]), in which the network monitor is preferably installed on another computer on the network (e.g., ¶ [0034]). The agents that communicate with the network monitor, communicate via packets (see e.g., ¶ [0034]). This wireless packet will include, inter alia, the source address identifying the agent that is reporting to the computer running the network monitor (see e.g., Reply Br., Ex. J showing the OSI model’s layer 3 function is to provide logical addressing Appeal 2009-015090 Application 10/421,716 13 such as an IP address and the layer 2 function is to provide the physical addressing such as a MAC address). The access point agent’s communication to the computer running the network monitor, thus, includes a layer having the access point agent’s address which would correspond to the “radio unit layer” as required by representative claim 7. Even further, Whelan discloses the network monitor may isolate a rogue mobile unit by changing MAC filter settings in one of the access points (¶ [0047]). In order for the network monitor to do so, it must communicate the address of the access point, in order to properly communicate to that wireless access point, so as to update that access point’s MAC filter settings. Whelan also specifically discloses filtering out the MAC address of the rogue mobile unit (¶ [0047]). When the network monitor communicates with an access point to update the MAC filter settings to exclude the rogue mobile unit, the network monitor communicates the rogue mobile unit’s MAC address such that it can be added to the exclusions list in the MAC filter settings. Therefore, we agree with the Examiner that Whelan discloses a first layer being a radio unit layer and a second layer being a mobile unit layer, as required by representative claim 7. In view of the foregoing, Appellants have not sufficiently shown that Whelan as applied in the rejection fails to disclose the contested subject matter recited in claim 1 or claim 7. Accordingly, we will sustain the rejection of representative claims 1 and 7. For the same reasons as representative claim 1, we will also sustain the rejection of (i) claims 2-6, 8- 10 which depend from independent claim 1; (ii) independent claim 11; and (iii) claims 12-16, 18, and 20 which depend from independent claim 11. For Appeal 2009-015090 Application 10/421,716 14 the same reasons as representative claim 7, we will also sustain the rejection of (i) claim 17 which depends from independent claim 11; and (ii) independent claim 21. CONCLUSIONS (1) The Examiner did not err in rejecting claims 1-18, 20, and 21as being anticipated under 35 U.S.C. § 102(e) because Whelan discloses: (i) executing an anti-spoofing protocol; (ii) associating the mobile units with the access controller; (iii) communication between the first and second radio units and the access controller; (iv) communication having two separate layers; and (v) a radio unit layer and a mobile unit layer (2) Claims 1-18, 20, and 21 are not patentable. DECISION The Examiner's rejection of claims 1-18, 20, and 21 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED msc Copy with citationCopy as parenthetical citation
