Ex Parte Tripp et alDownload PDFPatent Trial and Appeal BoardMar 20, 201713743474 (P.T.A.B. Mar. 20, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/743,474 01/17/2013 OMER TRIPP IL920120078USl_8150-0335 5329 73109 7590 03/22/2017 Cuenot, Forsythe & Kim, LLC 20283 State Road 7 Ste. 300 Boca Raton, EL 33498 EXAMINER RASHID, HARUNUR ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 03/22/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ibmptomail@iplawpro.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte OMER TRIPP and OMRI WEISMAN Appeal 2016-000695 Application 13/743,4741 Technology Center 2400 Before JEAN R. HOMERE, JEREMY J. CURCURI, and JON M. JURGOVAN, Administrative Patent Judges. JURGOVAN, Administrative Patent Judge. DECISION ON APPEAL appellants identify IBM Corporation as the real party in interest. (App. Br. 1.) Appeal 2016-000695 Application 13/743,474 STATEMENT OF THE CASE Appellants seek review under 35 U.S.C. § 134(a) from a Final Rejection of claims 14—37. Claims 1—13 have been canceled. (Claims App’x.) We have jurisdiction under 35 U.S.C. § 6(b). We affirm.2 CLAIMED INVENTION The claims are directed to a method and system for identifying stored security vulnerabilities in computer software applications. Abstract. Claim 14, reproduced below, is illustrative of the claimed subject matter: 14. A system for identifying stored security vulnerabilities in computer software applications, the system comprising: a processor programmed to initiate executable operations comprising: providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload; wherein an interaction performed with the first interface results in data written to a location within a persistent data store; and wherein an interaction performed with a second interface of the computer software application results in data read from the location within the persistent data store; and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location. (App. Br. 20.) 2 Our Decision refers to the Specification filed Jan. 17, 2013 (“Spec.”), the Final Office Action mailed Dec. 26, 2014 (“Final Act.”), the Appeal Brief filed May 26, 2015 (“App. Br.”), the Examiner’s Answer mailed Aug. 10, 2015 (“Ans.”), and the Reply Brief filed Oct. 8, 2015 (“Reply Br.”). 2 Appeal 2016-000695 Application 13/743,474 REJECTIONS Claims 14—37 stand provisionally rejected on the ground of nonstatutory obviousness-type double patenting over claims 1—13 of copending US Application No. 14/067,032, filed Oct. 30, 2013. (Final Act. 4—14.) Claims 25—37 were rejected under 35U.S.C. § 101 as directed to non statutory subject matter. (Final Act. 15—16.) However, this rejection was withdrawn in the Examiner’s Answer3, and is thus not before us. (Ans. 2.) Claims 14 and 16—37 stand rejected under 35 U.S.C. § 103(a) based on Maor (US 2012/0255023 Al, publ. Oct. 4, 2012) and IBM Security (“IBM Application Security Insider: Research,” http://blog.watchfire.com/ wfblog/research/page/2/, June 10, 2009). (Final Act. 16—21.) Claims 15 and 33 stand rejected under 35 U.S.C. § 103(a) based on Maor, IBM Security, and Williams (US 2011/0231936 Al, publ. Sept. 22, 2011). (Final Act. 21-22.) ANALYSIS Obviousness-Type Double Patenting—Claims 14—37 Claims 14—37 stand provisionally rejected on the ground of obviousness-type double patenting. This rejection is provisional because the copending application on which it is based has not issued as a patent. Given its provisional nature, this rejection is not ripe for review, and we do not reach this rejection in our decision. See Ex parte Jerg, Appeal 2011-000044, 3 In the event of further prosecution, the Examiner and Appellants are advised to consider our precedential decision for guidance concerning the patent eligibility of the claims in this application involving signals and computer-readable media under 35 U.S.C. § 101. Ex parte Mewherter, 107 USPQ2d 1857 (PTAB 2013) (precedential). 3 Appeal 2016-000695 Application 13/743,474 2012 WL 1375142 at *3 (BPAI 2012) (informative); Ex parte Moncla, 95 USPQ2d 1884 (BPAI 2010) (precedential). § 103(a) Rejection — Claims 14, 16—32, and 34—37 Appellants note that independent claim 14 recites two interactions involving respective first and second interfaces of a computer software application. App. Br. 15. Specifically, claim 14 recites “an interaction performed with the first interface [of the computer software application] results in data written to a location within a persistent data store” and “an interaction performed with a second interface of the computer software application results in data read from the location within the persistent data store.” The Examiner finds these features are disclosed in Maor. (Final Act. 16-18, Ans. 3-7 citing Maor H 25, 42, 47-A9, 52, 66, 71, Figs. 1^1.) Appellants contend that Maor actually discloses that a submitting module and a retrieving module are found within Maor’s runtime testing system, and not within the computer software application undergoing testing. App. Br. 15—17, Reply Br. 2—5. Thus, Appellants assert the claimed interactions with first and second interfaces of the computer software application are not disclosed in Maor. Id. These arguments are not persuasive. Claims are given their broadest reasonable interpretation consistent with the specification. In re Am. Acad. OfSci. Tech. Ctr., 367 F.3d 1359, 1369 (Fed. Cir. 2004). At the same time, care must be exercised not to import limitations into the claims or to read a particular embodiment appearing in the written description into the claim if the claim language is broader than the embodiment. In re Van Geuns, 988 F.2d 1181, 1184 (Fed. Cir. \993){ci\mgInreZletz, 893 F.2d319, 321 (Fed. Cir. 1989)). 4 Appeal 2016-000695 Application 13/743,474 Referring to the Specification, we find no special definition is given for what is meant by first and second interfaces of the computer software application. Although it is true that one interpretation of an interface of the computer software application means that the interface is part of or belongs to the computer software application, the word of in this context can also mean g to. (“Of.” def. 5a. Merriam- Webster.com. Merrs am Webster, n.d. Web. Dec. 1, 2016.) Considering the full breadth of the phrase of the computer software application, therefore, we find that the person of ordinary skill would have considered the submitting module 106, the retrieving module 107, and the network interface 1064 to be interfaces that interact with, and therefore relate to, the computer software application, and thus would have regarded each such interface as an interface of the computer software application as claimed. We agree with the Examiner that Maor teaches the first and second interfaces of the computer software application. 4 Both the submitting module and the network interface are labeled “106” in Maor, Figure 1, which appears to be a typographical error. 5 Appeal 2016-000695 Application 13/743,474 108 FIG. 1 Figure 1 of Maor shows a testing system 108 with submitting module 106 and receiving module 107 communicating via network interface 106 with a tested unit 102 including web server 101 running applications using test data stored in a memory unit 103. We emphasize that the foregoing characterization of Maor is not the only way a person of ordinary skill in the art would have construed the Maor reference. In Maor, from the perspective of the web server 101 in Figure 1, depicted above, the incoming arrow represents an interface associated with the software application running on the web server 101. This interface receives test data from the submitting module 106 via network interface 106 and stores it in the memory unit 103. The outgoing arrow of the web server 101 also represents an interface associated with the software application, and this interface transmits responses to the test data from the memory unit 103 to the retrieving module 107. Thus, for this additional reason, we are not persuaded the Examiner errs. It is well-known that computer software 6 Appeal 2016-000695 Application 13/743,474 applications have interfaces to allow input and output of commands and data, as demonstrated by Maor. For all of these reasons, we agree with the Examiner the disputed claimed features are taught by Maor. § 103(a) Rejection — Claims 15 and 33 Appellants argue claims 15 and 33 on the same basis as claim 14. App. Br. 17—18. Accordingly, we sustain the rejection of claims 15 and 33 under 35 U.S.C. § 103(a). DECISION We affirm the rejection of claims 14—37 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 7 Copy with citationCopy as parenthetical citation
