Ex Parte Singla et alDownload PDFPatent Trial and Appeal BoardOct 18, 201814773983 (P.T.A.B. Oct. 18, 2018) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 14/773,983 09/09/2015 146568 7590 ENTIT SOFTWARE LLC 500 Westover Drive #12603 Sanford, NC 27330 10/22/2018 FIRST NAMED INVENTOR Anurag Singla UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 90043618 8929 EXAMINER PEARSON, DAVID J ART UNIT PAPER NUMBER 2438 NOTIFICATION DATE DELIVERY MODE 10/22/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): software.ip.mail@microfocus.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ANURAG SINGLA, ROBERT BLOCK and SURANJAN PRMANIK Appeal2018-002702 Application 14/773,983 1 Technology Center 2400 Before: DENISE M. POTHIER, CATHERINE SHIANG and MATTHEW J. McNEILL, Administrative Patent Judges. SHIANG, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner's rejection of claims 1-3, 6-11, 15-16, and 18-22, which are all the claims rejected in the application. 2 We have jurisdiction under 35 U.S.C. § 6(b). We reverse. 1 Appellants identify EntIT Software LLC as the real party in interest. App. Br. 3. 2 The Examiner objects to claims 4, 5, 17, and 23, but indicates such claims are allowable if rewritten in independent form. See Final Act. 10. Therefore, those claims are not before us. Claims 12-14 have been cancelled. Final Act. 1. Appeal2018-002702 Application 14/773 ,983 STATEMENT OF THE CASE3 Introduction According to the Specification, the present invention relates to event correlations based on confidence factors. See Spec. 1. An event correlation system according to an example may correlate events that may be generated by one or more devices to discover certain types of activities associated with the events. Rules including conditions may be stored to correlate the events. The event correlation system can apply the rules to the events to detect certain types of activities. The event correlation system may utilize approximate event matching to determine whether events satisfy conditions of the rules. Spec. ,r 8. Claim 1 is exemplary: 1 An event correlation system comprising: a hardware processor; and a hardware non-transitory machine readable medium storing instructions to: determine a type of a condition for a rule, select, from among different confidence factor functions, a confidence factor function to apply based on the type of the condition, calculate a confidence factor according to the selected confidence factor function, wherein the confidence factor is an approximation of whether an event or a set of events satisfies the condition in the rule, wherein the events or set of events are provided in a log file, and compare the confidence factor to a threshold to determine whether the condition is satisfied. 3 Throughout this opinion, we refer to (1) the Final Rejection dated April 26, 2017 ("Final Act."); (2) the Appeal Brief dated October 5, 2017 ("App. Br."); (3) the Examiner's Answer dated November 16, 2017 ("Ans."); and (4) the Reply Brief dated -January 16, 2018 ("Reply Br."). 2 Appeal2018-002702 Application 14/773 ,983 References and Re} ections Claims 1-3, 7, 10, 11, 15, 16, and 18-22 are rejected under pre-AIA 35 U.S.C. § I02(e) as being anticipated by Ramsey et al. (US 8,621,618 Bl; issued December 31, 2013) ("Ramsey"). Final Act. 3---6. Alternatively, claims 1, 7, 9, 11, 15-16, and 18-20 are rejected under pre-AIA 35 U.S.C. § I02(a) as being anticipated by Singla (WO 2013/019198 Al; published February 7, 2013). 4 Final Act. 6-8. Claim 6 is rejected under pre-AIA 35 U.S.C. § I03(a) as being unpatentable over Ramsey and Shelton et al. (US 2012/0284221 Al; published November 8, 2012) ("Shelton"). Final Act. 8-9. Claim 8 is rejected under pre-AIA 35 U.S.C. § I03(a) as being unpatentable over Ramsey and Lyda et al. (US 2009/0006230 Al; published January 1, 2009) ("Lyda"). Final Act. 9-10. ANALYSIS 5 Rejection I (Citing Ramsey) Anticipation We have reviewed the Examiner's rejection in light of Appellants' contentions and the evidence of record. We concur with Appellants' contention that the Examiner erred in finding the cited portions of Ramsey disclose "select, from among different confidence factor functions, a 4 There is no alternative rejection regarding claim 9. 5 Appellants raise additional arguments. Because the identified issues are dispositive of the appeal, we do not need to reach the additional arguments. 3 Appeal2018-002702 Application 14/773 ,983 confidence factor function to apply based on the type of the condition," as recited in independent claim 1. See App. Br. 8-9; Reply Br. 1--4. The Examiner maps the claimed "a type of a condition" to Ramsey's "presence of particular type of network traffic to analyze for an attack." Ans. 4. The Examiner maps the claimed "different confidence factor functions" to Ramsey's different analyzer functions, including the signature analyzer function, reputation analyzer function, behavior analyzer function, and pattern analyzer function. Ans. 4. The Examiner cites Ramsey's column 11, lines 38---60 for disclosing the disputed limitation. See Ans. 4. The Examiner finds: "In one example, network traffic [110] will be fed into the reputation analyzer to analyze the reputation of the device with generated the traffic to see if the network traffic satisfies the 'rule' of determining if there is an attack." Ans. 4. Ramsey teaches applying each of the signature analyzer, reputation analyzer, behavior analyzer, and pattern analyzer functions to network traffic 110--not selecting a confidence factor function to apply based on the type of the condition. See Ramsey 11:13-12:63, Fig. 4. Therefore, the cited Ramsey's excerpts do not disclose "select, from among different confidence factor functions, a confidence factor function to apply based on the type of the condition," as required by claim 1, under the Examiner's mapping. Nor do the Examiner's above findings explain why and how Ramsey discloses the disputed limitation. Because the Examiner fails to provide sufficient evidence or explanation to support the anticipation rejection, we are constrained by the record to reverse the Examiner's rejection of claim 1. 4 Appeal2018-002702 Application 14/773 ,983 Each of independent claims 15 and 20 recites a claim limitation that is substantively similar to the disputed limitation of claim 1. See claims 15 and 20. Therefore, for similar reasons, we reverse the Examiner's rejection of independent claims 15 and 20. We also reverse the Examiner's anticipation rejection of corresponding dependent claims 2, 3, 7, 10, 11, 16, 18, 19, 21, and 22. Obviousness The Examiner cites additional references for the obviousness rejections of claims 6 and 8. The Examiner relies on Ramsey in the same manner discussed above in the context of claim 1, and does not rely on the additional references in any manner that remedies the deficiencies of the underlying anticipation rejection. See Final Act. 8-10. Accordingly, we reverse the Examiner's obviousness rejection of claims 6 and 8. Rejection II (Citing Singla) Anticipation We have reviewed the Examiner's rejection in light of Appellants' contentions and the evidence of record. We concur with Appellants' contention that the Examiner erred in finding the cited portions of Singla disclose "select, from among different confidence factor functions, a confidence factor function to apply based on the type of the condition," as recited in independent claim 1. See App. Br. 14--15; Reply Br. 5---6. The Examiner finds: ... Singla include[ s] a rule where the condition is "failed login attempt" (note paragraph [0018]), fields or properties of a 5 Appeal2018-002702 Application 14/773 ,983 network and asset model (note paragraph [0019]), a data list, such as active list and session list (note paragraph [0020]), dollars spent (note paragraphs [0089]-[0090]). In paragraphs [0089]-[0090], Singla teaches "dollars spent" rule that uses a running total to monitor dollars spent by User A. As noted above, Appellant has no explicit definition of "confidence factor[.]" The "running total" of Singla actively contributes to the production of a state of being certain of the reaching of a credit limit. It is therefore a "confidence factor" of the "credit limit" condition in the rule. Therefore, the addition function that adds "dollars spent" to the "running total" would be a "confidence factor function" that is selected for rules that have a "dollars spent" condition. Thus, Singla teaches "select, from among different confidence factor functions, a confidence factor function to apply based on the type of the condition" as required by the claims. Ans. 11-12. We agree with Appellants that the Examiner has not adequately mapped the disputed limitation. See Reply Br. 6. In particular, it is unclear how the Examiner maps the claimed "different confidence factor functions." See Reply Br. 6. Further, the Examiner's above findings do not explain how Singla discloses the disputed limitation. In addition, we have reviewed the cited Singla's portions, and they do not disclose "select, from among different confidence factor functions, a confidence factor function to apply based on the type of the condition" as required by claim 1. Absent further explanation from the Examiner, we do not see how the cited Singla' s portions disclose the disputed claim limitation. 6 Appeal2018-002702 Application 14/773 ,983 Because the Examiner fails to provide sufficient evidence or explanation to support the anticipation rejection, we are constrained by the record to reverse the Examiner's rejection of claim 1. Each of independent claims 15 and 20 recites a claim limitation that is substantively similar to the disputed limitation of claim 1. See claims 15 and 20. Therefore, for similar reasons, we reverse the Examiner's rejection of independent claims 15 and 20. We also reverse the Examiner's anticipation rejection of corresponding dependent claims 7, 9, 11, 16, 18, and 19. DECISION We reverse the Examiner's decision rejecting claims 1-3, 6-11, 15- 16, and 18-22. REVERSED 7 Copy with citationCopy as parenthetical citation
