Ex Parte Strub et alDownload PDFPatent Trial and Appeal BoardJun 7, 201311324648 (P.T.A.B. Jun. 7, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE _____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD _____________ Ex parte LYLE STRUB, ADRIAN GRAH, and BASHAR SAID BOU-DIAB _____________ Appeal 2010-010282 Application 11/324,648 Technology Center 2400 ______________ Before, DAVID M. KOHUT, JASON V. MORGAN and BRYAN F. MOORE, Administrative Patent Judges. KOHUT, Administrative Patent Judge. DECISION ON APPEAL Appeal 2010-010282 Application 11/324,648 2 This is a decision on appeal under 35 U.S.C. § 134(a) of the Final Rejection of claims 1, 2, 4-13, and 16-22. 1 We have jurisdiction under 35 U.S.C. § 6(b). We affirm the Examiner’s rejection of these claims. INVENTION The invention is directed to a method and apparatus for monitoring traffic in communication networks for the detection of malicious traffic. Spec. 1. Claim 1 is representative of the invention and is reproduced below: 1. A method of monitoring data traffic in a communication network, comprising: receiving data traffic at a router connected to said communication network, monitoring at said router information contained in the received data traffic using a first criteria, and based on said information, determining at said router whether data in said traffic is indicative of a malicious threat to one or more resources connected to said communication network and, if said determining step determines that data in said traffic is indicative of a malicious threat, performing said monitoring according to a second criteria, different from said first criteria. REFERENCES Cantrell US 2004/0030776 A1 Feb. 12, 2004 Munson US 2004/0143756 A1 Jul 22, 2004 Portolani US 2006/0095968 A1 May 4, 2006 (filed Mar. 25, 2005) 1 Claims 3, 14, and 15 were previously cancelled. Appeal 2010-010282 Application 11/324,648 3 REJECTIONS AT ISSUE Claims 1, 2, 7, 8, 10-13, 16-19, and 22 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Portolani and Cantrell. Ans. 3-13. Claims 4-6, 9, 20, and 21 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Portolani, Cantrell, and Munson. Ans. 13-18. ISSUE Did the Examiner err in finding that the combination of Portolani and Cantrell teaches or suggests monitoring data traffic using a first criteria and performing the monitoring according to a second criteria in response to a determination that the data traffic indicates a malicious threat, as required by claim 1 and similarly required by claims 12 and 16? ANALYSIS 2 Claims 1, 2, 7, 8, 10-13, 16-19, and 22 Appellants contend that the combination of Portolani and Cantrell fails to teach monitoring data traffic using a first criteria and performing the monitoring according to a second criteria in response to a determination that the data traffic indicates malicious activity, as required by independent claim 1 and similarly required by claims 12 and 16. App. Br. 7-10; Reply Br. 3-5. First, Appellants argue that Cantrell adjusts filtering criteria based on the determined load of the filter, not a determination of malicious threat. App. Br. 8 (citing Cantrell ¶¶ 24 and 25). We disagree. 2 We select claims 1, 12, and 16 as representative of the group of claims comprising claims 1, 2, 7, 8, 10-13, 16-19, and 22 as Appellants have not argued any of the other claims with particularity. 37 C.F.R. § 41.37(c)(1)(vii). Appeal 2010-010282 Application 11/324,648 4 The Examiner finds that Cantrell teaches adjusting the filtering criteria when the system determines that “suspicious packet traffic” exists. Ans. 4 (citing Cantrell ¶¶ 07 and 08) and 18-19. Thus, the Examiner interprets “suspicious packet traffic” as an indication of a “malicious threat.” Since Appellants have neither provided a specific definition nor sufficient evidence to show that a “malicious threat” is a more narrowly-construed term of art, we find the Examiner’s interpretation to be reasonable and consistent with Appellants’ Specification. Thus, we agree with the Examiner (Ans. 4 and 18-19) that Cantrell teaches a determination of a malicious threat. Second, Appellants argue that Cantrell fails to teach that the monitoring is performed according to the second criteria in response to the determination that a malicious threat is indicated because Cantrell teaches that “the first and second filtering are performed in tandem as a series of steps.” App. Br. 9 (citing Cantrell ¶¶ 07 and 08). In other words, Appellants are arguing that Cantrell does not monitor all of the incoming traffic using a second criteria when a malicious threat is detected, but rather only uses the second criteria to monitor traffic that is determined to be suspicious. App. Br. 9. However, this argument is not commensurate in scope with the claims. The claims only require monitoring information contained in the received data traffic using a second criteria in response to a determination that malicious a threat is present. There is nothing in the claims that require all subsequent monitoring to be performed using the second criteria. Therefore, we agree with the Examiner that Cantrell teaches the disputed limitation since, as indicated above, Cantrell teaches monitoring identified suspicious traffic according to a second set of filtered criteria. Ans. 20 (citing Cantrell ¶¶ 24 and 25); see also Cantrell ¶¶ 07 and 08. Appeal 2010-010282 Application 11/324,648 5 Thus, for the reasons stated supra, we sustain the Examiner’s rejection of claims 1, 2, 7, 8, 10-13, 16-19, and 22. Claims 4-6, 9, 20, and 21 Appellants make essentially the same arguments with respect to claims 4-6, 9, 20, and 21 as with claim 1. App. Br. 10-14 and 15-16. As such, we sustain the Examiner’s rejection of claims 4-6, 9, 20, and 21 for the reasons indicated supra with respect to claim 1. CONCLUSION The Examiner did not err in finding that the combination of Portolani and Cantrell teaches or suggests monitoring data traffic using a first criteria and performing the monitoring according to a second criteria in response to a determination that the data traffic indicates a malicious threat, as required by claim 1 and similarly required by claims 12 and 16. DECISION The Examiner’s decision to reject claims 1, 2, 4-13, and 16-22 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED ELD Copy with citationCopy as parenthetical citation
