Ex Parte OliphantDownload PDFPatent Trial and Appeal BoardMay 13, 201310882852 (P.T.A.B. May. 13, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte BRETT M. OLIPHANT ____________________ Appeal 2010-011505 Application 10/882,852 Technology Center 2400 ____________________ Before: ALLEN R MacDONALD, DEBRA K. STEPHENS, and IRVIN E. BRANCH, Administrative Patent Judges. BRANCH, Administrative Patent Judge. DECISION ON APPEAL Appellant appeals under 35 U.S.C. § 134(a) from a rejection of claims 1-13 and 15-39. We have jurisdiction under 35 U.S.C. § 6(b). Claim 14 is cancelled We Affirm. Appeal 2010-011505 Application 10/882,852 2 STATEMENT OF CASE Introduction The claims are directed to a security information management system. Abstract. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A system, comprising: a plurality of computing devices, each comprising a processor and memory, wherein the memory is encoded with programming instructions executable by the processor; a database of device status information that characterizes zero or more vulnerabilities to which each of the computing devices is subject, wherein the device status information is kept current in substantially real time; and an application that transmits a query signal to the database; receives a result signal, responsive to the query signal, from the database; and makes a security-related determination based on the result signal. References The prior art relied upon by the Examiner in rejecting the claims on appeal is: Shostack Kim Cambridge US 6,298,445 B1 US 2002/0013811 A1 US 7,010,696 B1 Oct. 2, 2001 Jan. 31, 2002 Mar. 7, 2006 Rejections Claims 1-13, 15-21, 23-30, and 36-39 stand rejected under 35 U.S.C §102(e) as being anticipated by Shostack. Ans. 4-16. Appeal 2010-011505 Application 10/882,852 3 Claim 22 stands rejected under 35 U.S.C §103(a) as being unpatentable over Shostack and Kim. Ans. 16-17. Claims 31-35 stand rejected under 35 U.S.C §103(a) as being unpatentable over Shostack and Cambridge. Ans. 18-20. Appellant’s Contentions Appellant argues that the Examiner has erred in rejecting claim 1 as anticipated by Shostack, contending that Shostack’s vulnerabilities database contains different vulnerabilities than those claimed – a database of vulnerabilities to which specific devices are subject. App. Br. 5. Appellant argues further Shostack does not disclose an application that queries a database and makes a security-related determination based on the result signal. Id. at 5-6. With respect to dependent claim 2, which recites the application is “an intrusion detection system,” and the determination is “whether to produce a signal indicating that an intrusion attempt has occurred,” Appellant argues Shostack’s NSD (network security detector) application uses different information than the claimed intrusion detection system application. Appellant’s Reply Brief provides a suitable summary of Appellant’s arguments: One of these issues concerns the content and use of the “database” of the various claims of the present application. Several claims … recite a database containing information about “vulnerabilities … .” The primary reference … includes a generic database of vulnerabilities [that] does not reflect the [recited] vulnerabilities … . Some claims … recite the taking of actions as a function of [information] in a database. While Shostack does describe a Appeal 2010-011505 Application 10/882,852 4 file integrity checker … it does not leverage … information to make … determinations and take … actions …. Reply Br. 1-2. Appellant also argues that the Examiner has not cited a suitable motivation in the art to combine Shostack and Cambridge. App. Br. 22. ANALYSIS We have reviewed the Examiner’s rejections in light of Appellant’s arguments in both the Appeal Brief and Reply Brief that the Examiner has erred. We disagree with Appellant’s conclusions. Appellant’s contentions present us with the following issues: Claims 1, 24, and 36 Issue 1: Has the Examiner erred in finding Shostack discloses “a database of device status information that characterizes zero or more vulnerabilities to which each of the computing devices is subject, wherein the device status information is kept in substantially real time” as recited in claim 1, or in finding Shostack discloses “an application that transmits a query to the database; receives a result signal…; and makes a security-related determination based on the result signal” also as recited in claim 1? We are not persuaded that the Examiner has erred in rejecting claim 1 and adopt the Examiner’s findings and conclusions. Ans. 5, 20-23. We initially note Appellant has not explicitly defined “device status information.” We further find that claim 1’s recitation of, for example, “device status information that characterizes zero or more vulnerabilities to Appeal 2010-011505 Application 10/882,852 5 which each of the computing devices is subject” and “security-related” determination, correspond to labels or names for data and determinations. These labels merely recite what the elements represent. How data and the like may be named does not functionally change the underlying method (or apparatus) utilizing it. The acts of storing data in a database, keeping data in a database current, transmitting a query signal to the database, receiving a result signal from the database, and making a determination based on the result data are the same regardless of how the data, signals, applications, and determinations may be named, and mere labeling does not further distinguish the claimed invention either functionally or structurally. The informational content of the data and labeling of elements represent non- functional descriptive material entitled to no weight in the patentability analysis. See Ex parte Curry, 84 USPQ2d 1272, 1274 (BPAI 2005) (informative), aff’d, No. 06-1003 (Fed. Cir. June 12, 2006) (Rule 36) (“wellness-related” data in databases and communicated on distributed network did not functionally change either the data storage system or the communication system used in the claimed method). See also In re Ngai, 367 F.3d 1336, 1339 (Fed. Cir. 2004); Ex parte Nehls, 88 USPQ2d 1883, 1887-90 (BPAI 2008) (precedential) (discussing non-functional descriptive material). In addition, we emphasize the following. We find Shostack discloses a database of device status information which is kept current in “substantially real-time” (col. 2, ll. 35-38; col. 4, ll. 1-4, 10-12, 33-35, and 41-43). The database of security vulnerabilities includes a list of techniques used by hackers to gain unauthorized access to the network and a catalog of known security weaknesses in software programs (col. 4, ll. 39-43). Appeal 2010-011505 Application 10/882,852 6 Shostack further discloses an application that transmits a query signal to the database (col. 6, ll. 42-43 and 51-52); and receives a result signal, responsive to the query signal, from the database and makes a security-related determination based on the result signal (col. 3, ll. 31-34; col. 12, ll. 7-9; see also col. 13, ll. 1-6). Therefore, we find Shostack discloses “a database of device status information that characterizes zero or more vulnerabilities to which each of the computing devices is subject, wherein the device status information is kept in substantially real time” and “an application that transmits a query to the database; receives a result signal…; and makes a security-related determination based on the result signal” as recited in claim 1. Dependent claim 7 was not separately argued. Therefore, we sustain the rejection of claims 1 and 7. With respect to claim 24 and claim 36, we again find Appellant’s arguments unpersuasive. We agree with the Examiner’s findings and adopt them as our own (Ans. 39-40 and 44-45) and further emphasize the analysis set forth above. Appellant does not separately argue claims 29 and 30, and claims 37 and 39, relying on the arguments set forth for claims 24 and 36, respectively, from which they depend (App. Br. 23 and 24). Therefore, we sustain the rejection of claims 24, 29, 30, 36, 37, and 39. Claim 12 Issue 2: Has the Examiner erred in finding Shostack discloses “transferring data including device status information from at least one client computer to a server incorporating a database in substantially real time,” an application “transmitting a query signal ... including information characterizing [a] Appeal 2010-011505 Application 10/882,852 7 connection request,” “transmitting a result signal, responsive to the query signal, from the server to the application, wherein the result signal is produced as a function of the information in the query signal and data in the database,” and “making and executing a security-related determination relating to the connection request, wherein the determination is made as a function of information in the results signal,” as recited in claim 12? We disagree with Appellant that the Examiner erred in rejecting claim 12. We find that Shostack describes a networked computer that, upon experiencing a security breach, reports it, and an appropriate solution thereto is provided based on a database of known security vulnerabilities (col. 7, ll. 20-30). This description meets “transferring data including device status information from at least one client computer to a server incorporating a database in substantially real time,” an application “transmitting a query signal ... including information characterizing [a] connection request,” “transmitting a result signal, responsive to the query signal, from the server to the application, wherein the result signal is produced as a function of the information in the query signal and data in the database,” and “making and executing a security-related determination relating to the connection request, wherein the determination is made as a function of information in the results signal,” as recited in claim 12. Accordingly, we sustain the rejection of claim 12 and of claims 13, 18-20, 22 and 23, which depend therefrom and are not argued separately. Claim 31 Issue 3: Has the Examiner erred in finding the combination of Shostack and Cambridge discloses “receiving updated device status information for one or more computing devices in substantially real time” and “detecting one or Appeal 2010-011505 Application 10/882,852 8 more vulnerabilities of the one or more computing devices based on the updated device status information” as recited in claim 31? Issue 4: Has the Examiner erred in finding motivation in the art to combine Shostack and Cambridge? Regarding Appellant’s contention that the examiner erred in finding that Shostack discloses “receiving updated device status information for one or more computing devices in substantially real time,” and “detecting one or more vulnerabilities of the one or more computing devices based on the updated device status information” (App. Br. 21-22), we refer to our discussion above regarding Shostack’s detection of security breaches and note that these elements are met by Shostack’s “fourth application” monitoring a network for security vulnerabilities and providing a report of all security breaches (col. 7, ll. 23-25). We adopt the Examiner’s findings and conclusions (Ans. 18, 43). We are not persuaded by Appellant’s contention that motivation in the art to combine Shostack and Cambridge is lacking. The Examiner has articulated reasoning with a rational underpinning as to why one of ordinary skill in the art would have found it obvious to combine the teachings of Shostack and Cambridge. Ans. 43. Appellant has not presented sufficient evidence or argument to persuade us of error in the Examiner’s conclusion. Accordingly, we sustain the rejection of claim 31 and of claims 32 and 33, which depend therefrom and are not argued separately. Claims 2, 3, 16, 27, 28, and 38 With respect to claims 2, 3, 16, 27, 28, and 38 we again find Appellant’s arguments non-persuasive (see App. Br. 8-10, 15-16, and 20-21) Appeal 2010-011505 Application 10/882,852 9 and adopt the Examiner’s findings (Ans. 5, 6, 13, 14, 16, and 23-26). Specifically, we find Shostack’s NSD sends an alarm in real time if an intrusion is detected (col. 6, ll. 52-56), which meets the claimed determination to produce a signal indicating an intrusion attempt (claim 2). We additionally emphasize Shostack’s firewall that is supplemented with the NSD (col. 4, ll. 19-21), is connected to the database of security vulnerabilities (col. 4, ll. 33-35), and prevents unauthorized users from accessing the network (col. 4, ll. 22-27), thus meeting the claimed limitation of “the application …consisting of a firewall…; and the security-related determination is whether to allow a connection to pass” (claim 3) and “determination . . . whether to block a connection attempt” (claim 27). Claims 4-6 were not separately argued (App. Br. 10), but rely on the arguments set forth for claim 3 and thus, fall with claim 3. Commensurately recited claims 16, 28, and 38 were argued on the same grounds as claim 2 (see App. Br. 15-16) and thus also fall with claim 2. Accordingly, we are not persuaded the Examiner erred in rejecting claims 2-6, 16, 27, 28, and 38. Claims 8, 10 and 34 With respect to the rejection of claims 8, 10 and 34, we are unpersuaded that the Examiner erred and adopt the Examiner’s findings and conclusions (Ans. 7-8, 19, 26-30, and 43-44). Accordingly, we sustain the rejection of claims 8, 10, and 34, and of claims 9, 11, and 35, which depend therefrom and are not separately argued. Appeal 2010-011505 Application 10/882,852 10 Claims 15, 25, and 26 With respect to claims 15, 25, and 26, we are not persuaded by Appellant’s arguments that the Examiner has erred (see App. Br. 14-15, 19- 20) and adopt the Examiner’s findings (Ans. 9-10, 13, 34-35, 40-41), emphasizing Shostack’s NSD, which operates throughout a network and in conjunction with a server-based database of security vulnerabilities to provide network security (col. 4, ll. 22-46), which meets the claimed “security-related determination,” “relating to [a] connection request,” reflective of content of signals among devices (claims 15, 25, and 26). We sustain the rejection of claims 15, 25, and 26. Claim 17 With respect to claim 17, we are not persuaded that the Examiner erred in finding that the combination of Shostack and Cambridge renders the content of the database obvious (Ans. 10-11, 37-38) and sustain the rejection. Claim 21 Regarding claim 21’s recitation that the connection request of claim 12 is from an external source, we note the Examiner’s finding that Shoestack’s firewall screens unauthorized external users (col. 4, ll. 16-17), which firewall is supplemented with the NSD (col. 4, l. 21), having the functionality recited in claim 12 and discussed supra. We therefore sustain the rejection of claim 21. Appellant does not separately argue the obviousness rejection of claim 22 apart from the anticipation rejection of its parent claim 12. Appeal 2010-011505 Application 10/882,852 11 CONCLUSIONS On the record before us, we conclude the Examiner has not erred in rejecting claims 1-13, 15-21, 23-30, 36-39 as anticipated by Shostack nor in rejecting claims 31-35 as obvious in view of the combination of Shostack and Cambridge. DECISION For the above reasons, the Examiner’s rejection of claims 1-13 and 15-39 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv) (2011). AFFIRMED tj Copy with citationCopy as parenthetical citation