Ex Parte ShawDownload PDFBoard of Patent Appeals and InterferencesJan 16, 200910264878 (B.P.A.I. Jan. 16, 2009) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________________ Ex parte TERRY D. SHAW ____________________ Appeal 2008-1477 Application 10/264,878 Technology Center 2400 ____________________ Decided: January 16, 2009 ____________________ Before JAMES D. THOMAS, LANCE LEONARD BARRY, and THU A. DANG, Administrative Patent Judges. DANG, Administrative Patent Judge. DECISION ON APPEAL I. STATEMENT OF CASE Appellant appeals under 35 U.S.C. § 134 from a final rejection of claims 1-23. We have jurisdiction under 35 U.S.C. § 6(b). Appeal 2008-1477 Application 10/264,878 2 A. INVENTION According to Appellant, the invention relates generally to computer equipment security, and more specifically, to a method for detecting autonomous usage of a computer system connected to the Internet (Spec. 1, ll. 3-5). B. ILLUSTRATIVE CLAIM Claim 1 is exemplary and is reproduced below: 1. A method for detecting unauthorized usage of a computer system by an unauthorized executable application autonomously using said computer system comprising: monitoring operation of said computer system; monitoring a subscriber’s activity during operation of said computer system; comparing said monitored computer system operation with said monitored subscriber activity to detect computer system operation by an unauthorized executable application autonomously using said computer system; and recording said computer system activity by an unauthorized executable application autonomously using said computer system in a log within said computer system. Appeal 2008-1477 Application 10/264,878 3 C. REJECTIONS The prior art relied upon by the Examiner in rejecting the claims on appeal is: Burgess US 5,758,071 May 26, 1998 Ando US 6,895,432 B2 May 17, 2005 Claims 1-23 stand rejected under 35 U.S.C. § 103(a) over the teachings of Burgess in view of Ando. We affirm. II. ISSUES The issues are whether Appellant has shown that the Examiner erred in finding that claims 1-23 are unpatentable under 35 U.S.C. § 103(a) over the teachings of Burgess and Ando. In particular, the issues turn on: A. whether the combination of Burgess and Ando discloses “monitoring a subscriber’s activity during operation of said computer system” and “comparing said monitored computer system operation with said monitored subscriber activity to detect computer system operation by an unauthorized executable application autonomously using said computer system” (claim 1); and B. whether it would have been obvious for one of ordinary skill in the art to combine the teachings of Burgess and Ando. Appeal 2008-1477 Application 10/264,878 4 III. FINDINGS OF FACT The following Findings of Fact (FF) are shown by a preponderance of the evidence. Burgess 1. Burgess discloses a computer network 10 which comprises a plurality of monitored computers 12 networked to a number of monitoring computers 14 (col. 3, ll. 37-39; Fig. 1). 2. Monitoring and tracking agent 16, which comprises a program that is run by monitored computer 12, monitors the performance of monitored computer 12 (col. 3, ll. 47-49). 3. The performance level desired for a particular server in a particular computer network may vary depending upon the configuration of a network, the types of tasks ordinarily performed by users of the network, usage patterns that may develop over the course of a workday, and other such variables (col. 1, ll. 45-50). 4. Monitoring and tracking agent 16 compares one or more performance parameters to preset thresholds, and if the comparison indicates that performance has become alertable, monitoring and tracking agent 16 generates an event which is sent to the local operating system event log of monitored computer 12 and sends a message to monitoring and tracking listener 18 with the information regarding the alert (col. 11-19). Appeal 2008-1477 Application 10/264,878 5 Ando 5. Ando discloses an IP communication network system having a plurality of autonomous systems, wherein, if the IP packet forward is an unauthorized intrusion packet, the unauthorized packet is discarded when detecting a re-intrusion (Abstract). IV. PRINCIPLES OF LAW "[T]he PTO gives claims their 'broadest reasonable interpretation.'" In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 211 F.3d 1367, 1372 (Fed. Cir. 2000)). "Moreover, limitations are not to be read into the claims from the specification." In re Van Geuns, 988 F.2d 1181, 1184 (Fed. Cir. 1993) (citing In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 1989)). Our reviewing court has repeatedly warned against confining the claims to specific embodiments described in the specification. Phillips v. AWH Corp., 415 F.3d 1303, 1323 (Fed. Cir. 2005) (en banc). One cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). Section 103 forbids issuance of a patent when “the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.” KSR Int'l Co. v. Teleflex Inc., 127 S. Ct. 1727, 1734 (2007). Appeal 2008-1477 Application 10/264,878 6 The Supreme Court emphasized “the need for caution in granting a patent based on the combination of elements found in the prior art,” and discussed circumstances in which a patent might be determined to be obvious. KSR, 127 S. Ct. at 1739 (citing Graham v. John Deere Co., 383 U.S. 1, 12 (1966)). The Court reaffirmed principles based on its precedent that “[t]he combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results.” Id. The Court noted that “[c]ommon sense teaches . . . that familiar items may have obvious uses beyond their primary purposes, and in many cases a person of ordinary skill will be able to fit the teachings of multiple patents together like pieces of a puzzle.” KSR, 127 S. Ct. at 1742. “A person of ordinary skill is also a person of ordinary creativity, not an automaton.” Id. In Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1161 (Fed. Cir. 2007), the Federal Circuit recognized that “[a]n obviousness [determination] is not the result of a rigid formula disassociated from the consideration of the facts of a case. Indeed, the common sense of those skilled in the art demonstrates why some combinations would have been obvious where others would not.” Id. at 1161 (citing KSR, 127 S. Ct. 1727, 1739 (2007)). Appeal 2008-1477 Application 10/264,878 7 V. ANALYSIS A. All Claimed Elements are Taught by Burgess and Ando Appellant does not provide separate arguments with respect to the rejection of claims 1-23. Therefore, we select independent claim 1 as being representative of the cited claims. 37 C.F.R. § 41.37(c)(1)(vii). Appellant argues that “the Burgess Patent is totally devoid of any hint of ‘monitoring a subscriber’s activity during the operation of said computer system’ or ‘comparing said monitored computer system operation with said monitored subscriber activity to detect computer system operation by an unauthorized executable application autonomously using said computer system’” (App. Br. 9). In particular, Appellant contends that “the Burgess patent fails to even hint at ‘unauthorized usage’ or the detection of this ‘unauthorized usage’” (App. Br. 9). The Examiner finds that Burgess in view of Ando discloses the limitations recited in the claims (Ans. 3). Thus, an issue we address on appeal is whether the combination of Burgess and Ando discloses “monitoring a subscriber’s activity during operation of said computer system” and “comparing said monitored computer system operation with said monitored subscriber activity to detect computer system operation by an unauthorized executable application autonomously using said computer system” (Claim 1). Appeal 2008-1477 Application 10/264,878 8 We begin our analysis by giving the claims their broadest reasonable interpretation. See In re Bigio at 1324. Furthermore, our analysis will not read limitations into the claims from the Specification. See In re Van Geuns at 1184. Appellant’s contention that Burgess does not “even hint at ‘unauthorized usage’” is not commensurate with the claimed invention since the claims do not recite such limitation. Appellant’s claims merely recite detecting operation by an “unauthorized executable application,” and simply do not place any limitation on what the term “unauthorized executable application” is to be, to represent, or to mean. In fact, the claims are silent even as to any usage of the “unauthorized executable application,” and thus, does not even discuss who or what performs/uses the unauthorized executable application. We generally agree with the Examiner’s finding that the combined teaching of Burgess and Ando discloses the claimed elements on appeal beginning at page 3 of the Answer, and including the Examiner’s corresponding responsive arguments beginning at page 13 of the Answer. Burgess discloses monitoring the performance of a monitored computer (FF 1-2), wherein the performance level desired depends upon variables such as the types of tasks ordinarily performed by users of the network, or the usage patterns that may develop over the course of a workday (FF 3). An artisan would have understood that, in order to determine the varying performance level in accordance with the user’s Appeal 2008-1477 Application 10/264,878 9 activity, as disclosed by Burgess, the user’s activity must be monitored and the performance and the user’s activities must be compared, because the artisan is also a person of ordinary creativity, not an automaton. See KSR, 127 S. Ct. at 1742. As the Examiner finds, Burgess “discloses client and server relationship” and therefore “Burgess does disclose a subscriber and to show client computer activity and to monitor client activity” (Ans. 14). Furthermore, Burgess discloses using compared performance parameters to indicate whether that performance has become alertable (FF 4), while Ando discloses using autonomous systems to detect unauthorized packets in re-intrusion (FF 5). One of ordinary skill in the art would have found it obvious to use compared performance parameters to detect unauthorized application from the combined teaching of Burgess and Ando. We thus agree with the Examiner that the combined teaching of Burgess and Ando discloses or at the least strong suggests “monitoring a subscriber’s activity during operation of said computer system” and “comparing said monitored computer system operation with said monitored subscriber activity to detect computer system operation by an unauthorized executable application autonomously using said computer system” (claim 1). Though Appellant argues that Burgess does not “even hint at ‘unauthorized usage’” (App. Br. 9), the Appellant appears to be arguing that Burgess alone fails to disclose “unauthorized executable application.” However, the Examiner has rejected the claims based on the combination of Burgess and Ando, and nonobviousness cannot be shown by attacking the Appeal 2008-1477 Application 10/264,878 10 references individually. As discussed above, one of ordinary skill in the art would have found it obvious to use compared performance parameters to detect an unauthorized application from the combined teaching of Burgess and Ando. Appellant also contends that, in Ando, “the packet is prevented from entering the network” and thus “the Ando Patent is directed solely at the network operation external to the computer systems” (App. Br. 11). In particular, Appellant argues that Ando “is totally devoid of any hint of ‘monitoring operation of said computer system’ or ‘monitoring a subscriber’s activity during operation of said computer system’ or ‘comparing said monitored computer system operation with said monitored subscriber activity…’” (App. Br. 10). Appellant appears to be arguing that Ando alone fails to disclose these claimed limitations. However, as discussed above, the Examiner has rejected the claims based on the combination of Burgess and Ando, and nonobviousness cannot be shown by attacking the references individually. Contrary to Appellant’s contention, Ando discloses that if there is an unauthorized intrusion, the unauthorized packet is discarded when detecting a re-intrusion (FF 5). Thus, the unauthorized packet has already intruded and its re-intrusion is then prevented. An artisan would have understood that such authorized intrusion is detected by monitoring the computer system operation. Further, as discussed above, Appellant’s claims merely recite detecting operation by an unauthorized executable application, and simply Appeal 2008-1477 Application 10/264,878 11 do not place any limitation on “unauthorized executable application.” In fact, contrary to Appellant’s contention, the claims are silent even as to whether the network operation is external or internal to the computer system since the claims do not even describe that whether the functions are performed by a single computer system or two separate computer systems. A. It Would Have Been Obvious to Combine Burgess and Ando Appellant also argues that there is “Lack Of Motivation Or Suggestion To Combine References” (App. Br. 16). However, the Examiner finds that it would have been obvious “to provide a safeguard function or secure communication from unauthorized intrusion in communication network by providing a method and system for automatically tracking, configuring and monitoring autonomous computer system coupled to a computer network and detecting unauthorized packet intrusion (Ans. 4-5). Thus, another issue we address on appeal is whether it would have been obvious for one of ordinary skill in the art to combine Burgess and Ando. Burgess discloses monitoring performance which depends on user activities (FF 1-3), wherein performance parameters are used to determine that performance has become alertable (FF 4). Ando discloses determining whether there is unauthorized intrusion (FF 5). We agree with the Examiner’s finding that it would have been obvious to combine the teachings of Burgess and Ando, to monitor system operation and user’s activities, and detect unauthorized executable application. The combination yields an expected result. Appeal 2008-1477 Application 10/264,878 12 Appellant has provided no evidence that incorporating Burgess’ monitoring to Ando’s unauthorized intrusion detection was “uniquely challenging or difficult for one of ordinary skill in the art,” See Leapfrog Enter., Inc. v. Fisher-Price, Inc., 485 F.3d at 1162, nor has Appellant presented evidence that this incorporation yielded more than expected results. Rather, Appellant’s invention is simply an arrangement of the well- known teaching of computer system and user’s activity monitoring with the known teaching of unauthorized intrusion detection. See KSR, 127 S. Ct. at 1742. Therefore, it is our view that a person of ordinary skill would have been able to fit the teachings of the cited references together like pieces of a puzzle. Accordingly, we find that claim 1 would have been obvious over the teachings of Burgess in view of Ando. Thus, we conclude that the Appellant has not shown that the Examiner erred in rejecting claim 1, and claims 2-23 falling with claim 1, under 35 U.S.C. § 103(a). CONCLUSION OF LAW (1) Appellant has not shown that the Examiner erred in finding that claims 1-23 are unpatentable under 35 U.S.C. § 103(a) over the teachings of Burgess in view of Ando. (2) Claims 1-23 are not patentable. Appeal 2008-1477 Application 10/264,878 13 DECISION The Examiner’s rejection of claims 1-23 under 35 U.S.C. § 103(a) is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). AFFIRMED pgc PATTON BOGGS LLP 1801 CALFORNIA STREET SUITE 4900 DENVER CO 80202 Copy with citationCopy as parenthetical citation
