11632669 (P.T.A.B. Jun. 20, 2016)

Ex Parte Syversen

Patent Trial and Appeal BoardJun 20, 2016

11632669 (P.T.A.B. Jun. 20, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 11/632,669 01/17/2007 Jason M Syversen 22500 7590 06/21/2016 BAE SYSTEMS PO BOX 868 NHQl-719 NASHUA, NH 03061-0868 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 20040103 8096 EXAMINER LEWIS, LISA C ART UNIT PAPER NUMBER 2495 MAILDATE DELIVERY MODE 06/21/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JASON M. SYVERSEN1 Appeal2014-008978 Application 11/632,669 Technology Center 2400 Before CATHERINE SHIANG, TERRENCE W. McMILLIN, and JOYCE CRAIG, Administrative Patent Judges. McMILLIN, Administrative Patent Judge. DECISION ON APPEAL This is a decision2 on appeal under 35 U.S.C. Â§ 134(a) of the final rejection of claims 1-19 and 21-33, which are all the pending claims. 3 Final Act. 1. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We affirm. 1 According to Appellant, the real party in interest is BAE Systems Information and Electronic Systems Integration Inc. Br. 4. 2 Our decision refers to the Final Office Action mailed April 9, 2013 ("Final Act."); Appellant's Appeal Brief filed December 10, 2013 ("Br."); the Examiner's Answer mailed June 4, 2014 ("Ans."); and the Specification filed January 17, 2007 ("Spec."). 3 Appellant filed an amendment with the Appeal Brief. Br. 4. The amendment was entered in an Advisory Action mailed April 4, 2014. Claim 20 was cancelled. Br. 4, 20. Appeal2014-008978 Application 11/632,669 THE CLAHvIED TI'-JVENTION According to the Specification: This invention relates to a method and apparatus for preventing zero-day exploit-based network attacks and more particularly to the utilization of a honey net to provide a virtual instantiation of a real network in parallel with a monitoring apparatus used to detect and prevent a zero-day exploit worm or manual attack from being effective against the network. Spec. 1. Independent claims 1, 21, and 33 are directed to methods and independent claims 9, 16, and 29 are directed to systems. Br. 25-33 (Claims Appendix). Claim 1 recites: A method for protecting a real enterprise network against zero-day worm-based attacks using infected data packets, comprising the steps of: forward-deploying a virtual network that duplicates the real enterprise network including at least one of a host server, a router, or an internal level application, the virtual network coupled to a communications network between the communications network and the real enterprise network to intercept traffic bound for the real enterprise network and process it before it reaches the real enterprise network, thus to establish what is happening ahead to an input to the real enterprise network; providing the virtual network with a honey pot application using a honey pot algorithm designed to attract zero day-based worm attacks in which the honey pot application detects the presence of infected packets from a zero-day worm and provides raw data as to the operation of the virtual network; upon detection of activity within the virtual network that is unexpected, analyzing the raw data to generate threat data; and, deploying a perimeter security device coupled between the real enterprise network and the communications network, responsive to the generated threat data, the parameter security device configuring itself to block infected data packets from invading the real enterprise network such that the virtual network 2 Appeal2014-008978 Application 11/632,669 that duplicates the real enterprise network is attacked prior to an attack reaching the real enterprise network whereby the real enterprise network is protected from the virtual network detected zero day-based worm attack by blocking the attack before it reaches the real enterprise network. Br. 25-26. REJECTIONS ON APPEAL Claims 1, 3-7, 16-21, 23-27, and 29-33 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Honeynet Definition, Whatis. com, http:// searchsecurity. tech target. com/ definition/honeynet (dated Apr. 5, 2012) ("Honeynet'); Nakae et al. (US 2004/0172557 Al, published Sep. 2, 2004) ("Nakae"); and Tajalli et al. (US 2004/0143749 Al, published July 22, 2004) ("Tajalli"). Final Act. 3. Claims 9, 10, and 12-14 stand rejected under 35 U.S.C. Â§ 103 (a) as being unpatentable over Honeynet and Nakae. Final Act. 20. Claims 2 and 22 stand rejected under 35 U.S.C. Â§ 103 (a) as being unpatentable over Honeynet, Nakae, Tajalli, and Compliance Component, NIST (June 8, 2004) ("Compliance Component"). Final Act. 25. Claim 11 stands rejected under 35 U.S.C. Â§ 103 (a) as being unpatentable over Honeynet, Nakae, and Compliance Component. Final Act. 25. Claims 8 and 28 stand rejected under 35 U.S.C. Â§ 103 (a) as being unpatentable over Honeynet, Nakae, Tajalli, and Chen et al., Modeling the Spread of Active Worms, IEEE INFOCOM 2003 ("Chen"). Final Act. 26. Claims 15 and 28 stand rejected under 35 U.S.C. Â§ 103 (a) as being unpatentable over Honeynet, Nakae, and Chen. Final Act. 27. 3 Appeal2014-008978 Application 11/632,669 ANALYSIS We have reviewed the rejections of claims 1-19 and 21-33 in light of Appellants' arguments presented in the Appeal Brief. Appellants have not persuasively identified error. We agree with and adopt the Examiner's findings, reasoning, and conclusions as set forth in the Final Office Action (Final Act. 2-28) and the Examiner's Answer (Ans. 2-16). We highlight the following for emphasis. Claim 1 Appellant argues the cited combination of references fails to teach or suggest, "the virtual network coupled to a communications network between the communications network and the real enterprise network" and "the parameter security device configuring itself to block infected data packets from invading the real enterprise network such that the virtual network that duplicates the real enterprise network is attacked prior to an attack reaching the enterprise network" as recited in claim 1. App. Br. 10. Specifically, Appellant argues: The Examiner alleges that "decoy device of Nakae is equivalent to "honey pot application" of Applicant. Applicant disagrees. In Nakae, the firewall unit is installed at the interface between the Internet and an internal network, and is coupled with a decoy device, while the decoy device is coupled only with the firewall unit and not with Internet (See Nakae Figure 1 ). Whereas, in Applicant virtual network having the honey pot application is coupled between the communications network and the real enterprise network which is completely different for the network architecture of Nakae. Br. 12. Figure 1 ofNakae is reproduced below. 4 Appeal2014-008978 Application 11/632,669 FIG. 1 1 \ 2 Â·~ ... 1_Â· -F-IR-E\_N ..... l\L_L_uN_1_r _ ..... ~-------1 .... __ o_E_co_v_u_'N_11_Â· _ __. . ~ 1 _,..~ . t 4 tNTERNf\L NETWORK -<~Â· Y "r-:.~ ( SERVER Â· .. ~40\\g ~~ Figure 1 ofNakae depicts an attack defending system. Nakae i-f 34. The Examiner's response to this argument is: Nakae clearly shows, in figure 1, the Internet (communications network) is coupled to the firewall unit and decoy device (virtual network) which is coupled to the server (real enterprise network). Although the decoy device (virtual network) which is coupled to the firewall and not directly to the Internet and server, there is nothing in the claim language that requires a direct coupling. Coupling can simply mean that two nodes have communication with each other or are part of the same system or chain. It is clear that the decoy device is set up between the Internet and the server and is coupled to both of them. Ans. 3. We agree with the Examiner. The broadest reasonable interpretation of the relied-upon claim language, "the virtual network coupled to a communications network between the communications network 5 Appeal2014-008978 Application 11/632,669 and the real enterprise network," encompasses the system depicted in Figure 1 ofNakae. Appellant further argues that, because the firewall unit of N akae first analyzes the header information of a packet before determining whether to send the packet to the decoy device or the internal network, it fails to teach or suggest "the virtual network that duplicates the real enterprise network receives all the data packets including infected data packets." Br. 12-13. However, Appellants fail to point to any claim language that supports this distinction. We agree with the Examiner's response, which is, "[t]he claim does not require all the packets to come through the virtual network. The claim only requires that the honeypot application detect the presence of infected packets and provide raw data as to the operations of the virtual network." Ans. 3. Appellants have not persuaded us of error and, therefore, we sustain the rejection of claim 1. Claim 2-8 With regard to dependent claims 2-8, Appellant relies on the arguments presented for claim 1. Br.14, 22-23. We affirm the rejections of claims 2-8 for the reasons stated above with regard to claim 1. Claims 9-19, 21, and 23-33 With regard to claims 9-19, 21, and 23-33, Appellant fails to explain why the Examiner erred in making the rejections. Br. 14--23. Instead, Appellant makes statements that merely point out what a claim recites and makes conclusory statements regarding the Examiner allegedly using 6 Appeal2014-008978 Application 11/632,669 hindsight. Id. These unexplained and conclusory statements do not constitute arguments for patentability. 37 C.F.R. 41.37(c)((iv)("The arguments shall explain why the examiner erred as to each ground of rejection contested by appellant ... A statement which merely points out what a claim recites will not be considered an argument for separate patentability of the claim.") We sustain the rejections of claims 9-19, 21, and 23-33. Claim 22 Appellant fails to present any argument with regard to claim 22 in the Appeal Brief. Br. 10-23. We summarily affirm the uncontested rejection of claim 22. See Ex parte Frye, 94 USPQ2d 1072, 107 5 (BP AI) (precedential) ("If an Appellant fails to present arguments on a particular issue - or, more broadly, on a particular rejection-the Board will not, as a general matter, unilaterally review those uncontested aspects of the rejection.") DECISION The rejections of claims 1-19 and 21-33 are affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED 7