Ex Parte TEODORO et alDownload PDFPatent Trial and Appeal BoardDec 13, 201813657083 (P.T.A.B. Dec. 13, 2018) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/657,083 10/22/2012 138770 7590 12/17/2018 Artegis Law Group, LLP-VERISIGN, INC. 7710 Cherry Park Drive Suite T #104 Houston, TX 77095 FIRST NAMED INVENTOR Mark TEODORO UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. SIGN0032US 3711 EXAMINER DESROSIERS, EV ANS ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 12/17/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): algdocketing@artegislaw.com kcruz@artegislaw.com j matthews @artegislaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MARK TEODORO and SEAN LEACH 1 Appeal2017-001717 Application 13/657,083 Technology Center 2400 Before ERIC B. CHEN, SHARON PENICK, and JOHN R. KENNY, Administrative Patent Judges. PENICK, Administrative Patent Judge. DECISION ON APPEAL Introduction This is an appeal under 35 U.S.C. § 134(a) from the Examiner's Final Rejection of claims 1 and 3-32. Claim 2 is cancelled. We have jurisdiction under 35 U.S.C. § 6(b )(1 ). We REVERSE. Invention Appellants' Specification relates to mitigating a distributed denial-of- service (DDoS) attack, by presenting a user challenge page to a user which must be correctly responded to before requiring a web server to service the 1 Appellants identify Verisign, Inc. as the real party in interest. App. Br. 2. Appeal2017-001717 Application 13/657,083 user's request. Spec. ,r,r 1, 6-9. A DDoS mitigation server "is disposed at a front end" of the web server, and, in response to a request from a user host to access the web server, the DDoS mitigation server generates an integrated user challenge page and transmits it to the user host. Id. ,r,r 17, 19-20. This integrated user challenge page integrates a user challenge test with an image of a web page from the requested web server, in order to "appear[] to be presented on a web page of the web server that the user is attempting to access." Id. ,r,r 17, 21, 22, 28-33, 39. Exemplary Claim Claims 1, 15, and 28 are independent. Claim 1, reproduced below, is exemplary: 1. A system for providing distributed denial-of- service (DDoS) mitigation service, the system compnsmg: a memory storing instructions; a processor, operably connected to the memory, that executes the instructions to perform operations compnsmg: receiving, from a web server, an image of a web page of the web server; intercepting, from a user device, a request to access the web server; generating an integrated user challenge page comprising a user challenge test and the image of the web page, wherein the image of the web page comprises an image of at least a portion of the web page; transmitting, prior to establishing any connection between the user device and the web server, the integrated user challenge page to the user device; 2 Appeal2017-001717 Application 13/657,083 processing an answer to the user challenge test received from the user device; and determining whether the answer is correct. Rejection on Appeal The Examiner rejects claims 1, 3-7, 13-20, and 26-322 under 35 U.S.C. § I03(a) as unpatentable over a combination of Tyree (US 2002/0120853 Al; published Aug. 29, 2002) and Todorov (US 2011/0296509 Al; published Dec. 1, 2001). Final Action 3-12. The Examiner rejects claims 8-12 and 21-25 under 35 U.S.C. § I03(a) as unpatentable over a combination of Tyree, Todorov, and Wylie et al. (US 7,203,560 Bl; issued Apr. 10, 2007, hereinafter "Wylie"). Final Action 12-15. ANALYSIS Issue: Did the Examiner err in finding that Todorov teaches or suggests "receiving, from a web server, an image of a web page of the web server," and "generating an integrated user challenge page comprising a user challenge test and the image of the web page, wherein the image of the web page comprises an image of at least a portion of the web page," as recited in claim 1? T odorov teaches a security system which, in response to a client request for a web page, sends a web page over a network to a client, where the web page includes "web page data" and presents a user challenge and a request for an answer. Todorov Abstract, ,r 34, Fig. 4 (element 403). The 2 The Examiner's Final Rejection lists claim 2 as rejected (Final Action 3) but also notes that this claim is not pending (id. at 1 ). Appellants agree that claim 2 is not pending. Appeal Br. 1, 5, 19; see id. at 20 (Claims App'x). 3 Appeal2017-001717 Application 13/657,083 Examiner finds that the combination of Tyree and Todorov teaches or suggests the invention of claim 1, including the receipt of an image of a web page from a web page, and the generation of an integrated user challenge page comprising a user challenge test and an image of the web page. Final Action 3-5. Specifically, the Examiner maps Todorov's creation of a web page including a user challenge to the claimed inclusion of "an image of the web page" in the "integrated user challenge page." Id. at 4; Answer 11-12. The Examiner finds that Todorov discloses "web page generator 303 can create a web page that includes web page data (read 'image of the web page') [and] a CAPTCHA challenge (read user challenge test)." Final Action 4. Appellants argue that Examiner erred in finding the proposed Tyree/Todorov combination teaches or suggests, as required by the claim, "receiving, from a web server, an image of a web page of the web server." Appeal Br. 11-13; Reply Br. 5-7. In particular, Appellants argue that Todorov only teaches the generation of a web page from stored data and not that the data is a result of receipt of a web page from a web server. Appeal Br. 12. The claim requires that an integrated challenge page, including both a user challenge and an image of a web page received from a web server, be generated. Todorov, as the Examiner correctly notes, teaches the production of a web page including a challenge, and that that web page may "include web page data." Todorov ,r 34. However Appellants are correct that the Examiner does not show how or whether Todorov teaches or suggests that the Todorov web page generator which produces the web page including the challenge receives or "web page data" from a web server to which a request 4 Appeal2017-001717 Application 13/657,083 is directed. Instead, Todorov discloses that the web page generator generates a page using information including web page data and challenge data from a data store coupled to the password security system which contains the web page generator. Todorov ,r,r 22-24, Fig. 3. Todorov does not teach or suggest that data (such as web page data) from this data store, or that other data used to generate the page, has been received from a web server separate from the claimed system, or that the data store's web page data comprises an image of at least a portion of a web page. Created web pages include web page data, and Todorov's disclosures with respect to the web page data used in Todorov's web pages do not teach or suggest the claimed receipt "from a web server, [ of] an image of a web page of the web server" or generation of an integrated user challenge page "comprising ... the image of the web page" so received. We are persuaded of Examiner error regarding the disputed limitation. Because we agree with at least one of the arguments advanced by Appellants, we need not reach the merits of Appellants' other arguments. Accordingly, we do not sustain the Examiner's obviousness rejection of independent claim 1. Independent claims 15 and 28 contain commensurate limitations, including the more specific recitation that "the web page image comprises an image of at least a portion of a web page that the user device is requesting to access" which we similarly find not taught or suggested by the combination of Tyree and Todorov. Additionally, we do not sustain the obviousness rejections of dependent claims 2, 4--14, 16-27, and 29-32 argued on the same grounds. 5 Appeal2017-001717 Application 13/657,083 DECISION We reverse the Examiner's decision rejecting claims 1, 3-7, 13-20, and 26-32 under 35 U.S.C. § 103(a) as unpatentable over Tyree and Todorov. We reverse the Examiner's decision rejecting claims 8-12 and 21-25 under 35 U.S.C. § 103(a) as unpatentable over Tyree, Todorov, and Wylie. REVERSED 6 Copy with citationCopy as parenthetical citation
