Ex Parte Vail et al

Patent Trial and Appeal Board

Oct 9, 2014

11940018 (P.T.A.B. Oct. 9, 2014)

UNITED STATES PATENT AND TRADEMARK OFFICE
____________________

BEFORE THE PATENT TRIAL AND APPEAL BOARD
____________________

Ex parte ROBERT R. VAIL, MARY JO BILLINGS,
ROBERT D. BOHRER, ROBERT D. BROOKS II, MARY MAY M.
EMMIGHAUSEN, HOWARD M. FANNIN, EDWARD R. JAROCH,
TONYA L. JUSTICE, ALAN L. KELKENBERG, SCOTT R. MORRIS,
WILLIAM T. PARKS, JR, HAYES I. SAXON, and
WILLIAM L. WEAVER
____________________

Appeal 2012-004868
Application 11/940,018
Technology Center 2400
____________________

Before JOHN A. EVANS, HUNG H. BUI, and CATHERINE SHIANG,
Administrative Patent Judges.

BUI, Administrative Patent Judge.

DECISION ON APPEAL
Appellants1 seek our review under 35 U.S.C. § 134(a) of the
Examiner’s final rejection of claims 1–41. We have jurisdiction under
35 U.S.C. § 6(b).
We AFFIRM.2

1 The Real Party in Interest is Hewlett-Packard Development Company, LP.
2 Our decision refers to Appellants’ Appeal Brief filed July 18, 2011 (“App.
Br.”); Reply Brief filed December 7, 2011 (“Reply Br.”); Examiner’s
App
App

safeg
a sub
servi
App
co
seek

Answ
Nov
eal 2012-0
lication 11
Appellan
uarding a
network u
ces withou
Appellan
ellants’ Fi
one or mo
mmunicat
Accordin
ing access

er mailed
ember 14,
04868
/940,018
ST
ts’ invent
nd process
sing a gat
t impactin
ts’ Fig. 4
g. 4 illustr
re compon
ion to isol
user t
g to Appe
to a comp

October 2
2007 (“Sp
ATEMEN
Appella
ion relates
ing confid
eway to pr
g the secu
is reprodu
ates a flow
ents prov
ated comp
raffic or (2
llants, use
onent prov

0, 2011 (“
ec.”).
2
T OF TH
nts’ Inven
to a netwo
ential info
ovide restr
rity of the
ced below
chart of h
iding conf
onents wit
) managem

r traffic m
iding con

Ans.”); an
E CASE
tion
rk commu
rmation an
icted acce
network.
:
ow a gatew
idential se
hin the net
ent traffi
ay include
fidential se

d original
nication s
d, more s
ss to conf
Abstract a
ay is use
rvices and
work base
c.
any comm
rvices. In

Specifica
ystem for
pecifically
idential
nd Fig. 4.

d to isolate
direct
d on: (1)
unication
contrast,

tion filed
,

Appeal 2012-004868
Application 11/940,018

3

management traffic may include any communication that seeks to perform
administrative functions with respect to one or more components providing
confidential services. Spec. 24:10–16. For example, management traffic
may include data that supports, manages, administrates, or delivers services
to devices, applications, databases, or services which contain confidential
information or support a subnetwork device. Id. at 14:10–22.

Claims on Appeal
Claims 1, 15, and 28 are independent claims. Representative claim 1
is reproduced below:

1. A method for providing restricted access to
confidential services without impacting the security of an
enterprise network, comprising:
using a gateway to isolate one or more components
providing confidential services from one or more other
portions of an enterprise network;
receiving, at the gateway, a first communication
directed to a selected one of the one or more components;
determining if the first communication is user
traffic or management traffic;
authenticating the first communication;
if the first communication is user traffic,
forwarding the first communication to one of the one or
more components providing the confidential services;
and
if the first communication is management traffic,
encrypting the first communication and forwarding the
communication to one of the one or more components
providing the confidential services; and
monitoring the one or more components of the
enterprise network to identify malicious changes.

Appeal 2012-004868
Application 11/940,018

4

App. Br. 42 (Claims Appendix) (disputed limitations in italics).

Evidence Considered
Jardin US 6,681,327 B1 January 20, 2004
Strub US 2007/0153689 A1 July 5, 2007
Lander US 7,350,229 B1 March 25, 2008

Appellants’ Admitted Prior Art (AAPA) regarding “processing of
Payment Card Industry (PCI) data” at Spec. 2:11–13.

Examiner’s Rejections
(1) Claims 28–41 stand rejected under 35 U.S.C. § 101 as being
directed to non-statutory subject matter. Ans. 5-6.
(2) Claims 1–3, 6–10, 12–17, 19–30, and 33-41 stand rejected
under 35 U.S.C. § 103(a) as being unpatentable over Jardin and Strub. Ans.
6–12.
(3) Claims 4, 18, and 31 stand rejected under 35 U.S.C. § 103(a) as
being unpatentable over Jardin, Strub, and AAPA. Ans. 12–13.
(4) Claims 5, 11, and 32 stand rejected under 35 U.S.C. § 103(a) as
being unpatentable over Jardin, Strub, and Lander. Ans. 13–14.

Issue on Appeal
Based on Appellants’ arguments, the dispositive issue on appeal is
whether the Examiner erred in rejecting claims 1–3, 6–10, 12-17, 19-30, and
33–41 under 35 U.S.C. § 103(a) as being unpatentable over Jardin and Strub.
In particular, the appeal turns on whether the combination of Jardin and
Strub teaches or suggests “determining if the first communication is user
traffic or management traffic” and “monitoring the one or more components
Appeal 2012-004868
Application 11/940,018

5

of the enterprise network to identify malicious changes” as recited in
Appellants’ independent claim 1, and similarly recited in independent claims
15 and 28. App. Br. 15–40; Reply Br. 8–33.

ANALYSIS
§ 101 Rejection of Claims 28–41
The Examiner rejects claims 28–41 because the broadest reasonable
interpretation of “computer-readable storage medium,” lacking any limiting
definition in the Specification to the contrary, encompasses transitory
propagating signals—i.e., non-statutory subject matter. Ans. 5.
Appellants argue: (1) Appellants’ Specification is silent regarding
signals, and because the definition of computer readable storage media is
provided within Appellants’ Specification that do not include signals, signals
are excluded from the definition for a computer readable storage medium
(App. Br. 13–14; Reply Br. 4–5); and (2) the broadest reasonable
interpretation of “storage media” does not cover both transitory and non-
transitory media. (App. Br. 14–15; Reply Br. 5–7).
We are not persuaded by Appellants’ arguments. First, as correctly
found by the Examiner, nothing in Appellants’ Specification or claims
precludes “computer-readable storage medium” from encompassing a
transitory signal. Ans. 5. Accordingly, giving the phrase its broadest
reasonable interpretation in light of the Specification (see In re Morris, 127
F.3d 1048, 1054 (Fed. Cir. 1997)), one skilled in the art would understand
the claim term “machine-readable storage medium” would include signals
per se. Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013)
Appeal 2012-004868
Application 11/940,018

6

(precedential). The Mewherter panel (an expanded panel) explained, “a
signal with embedded data [is a storage medium] . . . for data can be copied
and held by a transitory recording medium, albeit temporarily, for future
recovery of the embedded data.” Id.
Transitory propagating signals are unpatentable under 35 U.S.C.
§ 101. In re Nuijten, 500 F.3d 1346, 1355 (Fed. Cir. 2007). According to
U.S. Patent and Trademark Office (USPTO) guidelines:
[a] claim that covers both statutory and non-statutory
embodiments . . . embraces subject matter that is not eligible for
patent protection and therefore is directed to non-statutory
subject matter. . . . For example, a claim to a computer readable
medium that can be a compact disc or a carrier wave covers a
non-statutory embodiment and therefore should be rejected
under § 101 as being directed to non-statutory subject matter.

The USPTO provides further guidance:
The broadest reasonable interpretation of a claim drawn
to a computer readable medium … typically covers forms of
non-transitory tangible media and transitory propagating signals
per se in view of the ordinary and customary meaning of
computer readable media … When the broadest reasonable
interpretation of a claim covers a signal per se, the claim must
be rejected under 35 U.S.C. § 101 as covering non-statutory
subject matter.

David J. Kappos, Subject Matter Eligibility of Computer Readable Media,
1351 Off. Gaz. Pat. Office 212 (Feb. 23, 2010).

In view of In re Nuijten, USPTO’s position regarding In re Nuijten,
and our precedential decision in Ex parte Mewherter, we construe the recited
“computer-readable storage medium” as encompassing a transitory signal,
Appeal 2012-004868
Application 11/940,018

7

which is non-statutory subject matter. We, therefore, sustain the Examiner’s
rejection of claims 28–41 as directed to non-statutory subject matter under
35 U.S.C. § 101. We note, however, that Appellants are not precluded from
amending these claims to overcome this rejection. Guidance on this point is
provided in U.S. Patent & Trademark Office, Subject Matter Eligibility of
Computer Readable Media, 1351 Off. Gaz. Pat. Office 212 (Feb. 23, 2010)
(“A claim drawn to such a computer readable medium that covers both
transitory and non-transitory embodiments may be amended to narrow the
claim to cover only statutory embodiments to avoid a rejection under 35
U.S.C. § 101 by adding the limitation ‘non-transitory’ to the claim.”).

§ 103 Rejection of Claims 1–3, 6–10, 12–17, 19–30, and 33–41
based on Jardin and Strub

With respect to independent claim 1, and similarly independent claims
15 and 28, the Examiner finds Jardin discloses a method for providing
restricted access to confidential services (managing secure transactions), via
a gateway (broker) having all the features including “determining if the first
communication (data packet) is user traffic or management traffic” in the
form of a “non-secure transaction” or “secure transaction” except for
“monitoring one or more components of the enterprise network to identify
malicious changes.” Ans. 7–8 (citing Jardin 1:19–21, 3:48–51, 62–67, 4:13–
29, 47–58, 6:38–57, 7:9–18, 8:56–65, 9:48–55, Fig. 1 and Fig. 3).

App
App

illus
corre
App
trans
Fig.
Id. a
factu
comb
eal 2012-0
lication 11
Fig. 3 of
tration.
Fig

Accordin
sponds to
ellants’ cla
action” as
3).
The Exa
t 8 (citing
al finding
ine Strub
04868
/940,018
Jardin is r
. 3 of Jard
t
g to the E
“non-secu
imed “ma
disclosed
miner then
Strub ¶¶ 2
s, the Exam
et al. with
eproduced
in shows
ransaction
xaminer, A
re transac
nagement
by Jardin.
relies on
, 22, 48, F
iner conc
Jardin wi
8
below wi
“non-secur
” of data p
ppellants
tion” as di
traffic” co
Id. at 7 (c
Strub for d
igs. 8 and
ludes “it w
th the mot
th addition
e transact
ackets.
’ claimed
sclosed Ja
rresponds
iting Jard
isclosing
11, claim
ould have
ivation of
al markin
ion” vs. “s
“user traff
rdin. Like
to “secure
in 6:38–57
the missin
16). Based
been obv
effectively
gs for

ecure
ic”
wise,

, 8:56-65,
g feature.
on these
ious … to
detecting

Appeal 2012-004868
Application 11/940,018

9

and isolating malicious traffic in the network before its effect is felt by the
intended recipients.” Id. (citing Strub ¶ 2).
Appellants do not dispute the Examiner’s rationale for combining
Jardin and Strub. Rather, Appellants contend the combination of Jardin and
Strub does not teach or suggest: (1) “determining if the first communication
is user traffic or management traffic” and (2) “monitoring the one or more
components of the enterprise network to identify malicious changes” as
recited in Appellants’ independent claim 1, and similarly recited in
independent claims 15 and 28. App. Br. 15–40; Reply Br. 8–33. In
particular, Appellants acknowledge Strub discloses a method of monitoring
data traffic in a communication network to identify malicious changes. App.
Br. 16 (citing Strub ¶¶ 2, 22, 48, Figs. 8 and 11, claim 16). Nevertheless,
Appellants argue that: (1) Strub does not monitor components of a network
(App. Br. 16), and (2) monitoring traffic coming to and from network
components is not equivalent to monitoring components of an enterprise
network (Reply Br. 9–10).
In addition, Appellants contend the terms “user traffic” and
“management traffic” have a specific meaning as per Appellants’
Specification, i.e., “user traffic” as “data that contains confidential
information such as credit card information or customer financial/privacy
information” and “management traffic” as “data that is utilized to support,
manage, administrate, or deliver services to devices, applications, databases,
or services which contain confidential information or support a sub-network
42 device.” App. Br. 18 (citing Spec 12:21–23, and 14:2–6). According to
Appellants, both the “user traffic” and “management traffic” are disclosed as
Appeal 2012-004868
Application 11/940,018

10

secure communications. Id. As such, Appellants argue that: (1) one of
ordinary skill would not interpret these terms “user traffic” and
“management traffic” to encompass “non-secure transactions” and “secure
transactions” as disclosed by Jardin, and (2) because the user traffic and
management traffic are secure communications, Jardin actually teaches away
from the subject matter of Appellants’ claim 1. Id. at 19.
We do not find Appellants’ arguments persuasive to demonstrate
reversible error in the Examiner’s position. See In re Jung, 637 F.3d 1356,
1365 (Fed. Cir. 2011). Rather, we find the Examiner has provided a
comprehensive response, supported by a preponderance of evidence, to each
of the contentions raised by Appellants. Ans. 17–23. For example, the
Examiner finds Strub discloses detecting malicious threats, such as a Denial
of Service (DoS) attack directed at a certain network equipment, node or
subnet. Ans. 7–18 (citing Strub ¶¶ 18, 38). According to Strub, a monitor
107 is provided at a router 101 to sample incoming data traffic and
determine if data (for example data packets) in the traffic is indicative of a
malicious threat. Strub ¶ 10, and Fig. 3. In other words, Strub’s monitor is
able to monitor the router (i.e., network equipment, node, and subnet) to
determine if an attack is occurring therein (e.g., a DoS attack, virus attack,
port scan, as well as others). Ans. 18 (citing Strub ¶¶ 18, 22, and 53).
Therefore, as correctly found by the Examiner, the broadest reasonable
interpretation of “monitoring the one or more components of the enterprise
network to identify malicious changes” includes monitoring data traffic
coming to and from network equipment, nodes, and subnets, as disclosed by
Strub. Id. This interpretation is consistent with Appellants’ own
Appeal 2012-004868
Application 11/940,018

11

Specification where network intrusion detection sensors (NIDS) and host-
based intrusion detector sensors (HIDS) are described to monitor the
malicious and unauthorized activity on network devices within the PCI
infrastructure. Spec 22: 14–29.
With respect to the disputed terms “user traffic” and “management
traffic,” confidential information is neither required by Appellants’
Specification nor defined in Appellants’ claim 1. Indeed, Appellants’ own
Specification broadly describes:
User traffic may include any communication seeking access to
a component providing confidential services. In contrast,
management traffic may include any communication that seeks
to perform administrative functions with respect to one or more
components providing confidential services.

Spec 4:10–16 (emphasis added). Such management traffic may also
“include data that is support, manage, administrate, or deliver services to
devices, applications, databases or services which contain confidential
information or support a subnetwork device.” Spec 14:16–22.
Because of the permissive, optional, non-limiting language used to
describe the meaning of these disputed terms in Appellants’ own
Specification, the Examiner has broadly interpreted the claim terms “user
traffic” and “management traffic” as encompassing “non-secure transaction”
and “secure transaction” as disclosed by Jardin. Ans. 20 (citing Jardin 6:38–
57, 8:56–65, Fig. 3). We agree with the Examiner. While we recognize that
these disputed terms may have commonly accepted and understood
definitions, Appellants clearly do not limit the meaning of these terms to
those definitions; rather, Appellants intend to cover all generic
Appeal 2012-004868
Application 11/940,018

12

communication and their administrative functions in their own Specification,
including, for example, the “non-secure transaction” and “secure
transaction” as disclosed by Jardin. In our view, user traffic is nothing more
than data packets arriving at the gateway (broker) for a non-secure
transaction. In contrast, management traffic is nothing more than data that
support additional services including, for example, encryption services for
secure transaction as disclosed by Jardin. Accordingly, we find the
Examiner’s interpretation of these disputed terms is reasonable and
consistent with Appellants’ own Specification.
For the reasons set forth above, we find no reversible error in the
Examiner’s position and, as such, sustain the Examiner’s obviousness
rejection of Appellants’ independent claims 1, 15, and 28.
With respect to dependent claims 9, 22, and 36, Appellants argue
neither Jardin nor Strub teaches or suggests, for example, “wherein
determining that the first communication is user traffic comprises
determining that the first communication seeks access to a component
providing confidential services.” App. Br. 32–33. According to Appellants,
“user traffic” must be “data that contains confidential information such as
credit card information or customer financial/privacy information” as
disclosed by Appellants’ Specification. Spec. 12:21–23. Again, we
disagree. While claims are to be interpreted consistent with or in light of the
specification, limitations from the specification are not to be read into the
claims. See E-Pass Techs., Inc. v. 3Corn Corp., 343 F.3d 1364, 1369 (Fed.
Cir. 2003). Nowhere in Appellants’ claim 1 and, similarly, claims 15 and 28
is there any definition that “user traffic” must be “data that contains
Appeal 2012-004868
Application 11/940,018

13

confidential information such as credit card information or customer
financial/privacy information” as alleged by Appellants.
With respect to dependent claims 10, 23, and 37, Appellants argue
neither Jardin nor Strub teaches or suggests, for example, “wherein
determining that the first communication is management traffic comprises
determining that the first communication seeks to perform administrative
functions with respect to a component providing confidential services.”
App. Br. 34–35. Again, we disagree for the same reasons discussed in
connection with claim 1.
With respect to dependent claims 12–13, 25–26, and 39–40,
Appellants argue neither Jardin nor Strub teaches or suggests “determining
that the first communication is not supported by an encryption module, and
wherein encrypting the first communication comprises using a hosting server
for hosting the unsupported communication,” and “monitoring components
of the enterprise network to identify malicious changes comprises
monitoring one or more servers associated with the processing of
confidential information to identify malicious system changes. App. Br. 35–
37. We disagree and adopt the Examiner’s finding and explanations set
forth in the Examiner Answer. Ans. 24–26.

§ 103 Rejection of Claims 4, 8, and 31 based on
Jardin, Strub,and AAPA

With respect to claims 4, 8, and 31, Appellants present no separate
patentability arguments. App. Br. 40. For the same reasons discussed, we
also sustain the Examiner’s obviousness rejection of claims 4, 8, and 31.
Appeal 2012-004868
Application 11/940,018

14

§ 103 Rejection of Claims 5, 11, and 32 based on
Jardin, Strub,and Lander

Lastly, with respect to claims 5, 11, and 32, Appellants present no
separate patentability arguments. App. Br. 41. Again, for the same reasons
discussed in connection with independent claims 1, 15, and 28, we also
sustain the Examiner’s obviousness rejection of claims 5, 11, and 32.

CONCLUSION
On the record before us, we conclude the Examiner has not erred in
rejecting claims 1–41 under 35 U.S.C. § 101 and § 103(a).

DECISION
As such, we AFFIRM the Examiner’s final rejection of claims 1–41.
No time period for taking any subsequent action in connection with
this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv).

AFFIRMED

lp