Ex Parte Whittaker et alDownload PDFBoard of Patent Appeals and InterferencesAug 28, 201209952208 (B.P.A.I. Aug. 28, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 09/952,208 09/12/2001 James A. Whittaker SIIPT03 3595 49691 7590 08/28/2012 IP STRATEGIES 12 1/2 WALL STREET SUITE E ASHEVILLE, NC 28801 EXAMINER COLIN, CARL G ART UNIT PAPER NUMBER 2493 MAIL DATE DELIVERY MODE 08/28/2012 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte JAMES A. WHITTAKER, ANDRES DE VIVANCO, and RAHUL CHATURVEDI ____________ Appeal 2010-06372 Application 09/952,208 Technology Center 2400 ____________ Before JOSEPH L. DIXON, LANCE LEONARD BARRY, and ST. JOHN COURTENAY III, Administrative Patent Judges. DIXON, Administrative Patent Judge. DECISION ON APPEAL Appeal 2010-006372 Application 09/952,208 2 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from a rejection of claims 100-195. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. The claims are directed to protecting a host computer from malicious mobile code. Claim 100, reproduced below, is illustrative of the claimed subject matter: 100. A method of protecting a host computer from malicious mobile code, the host computer including an operating system and at least one local resource controlled thereby, the method comprising: identifying mobile code received by the host computer; modifying the operating system to monitor access of the at least one local resource by the mobile code; transferring control of the at least one local resource to a protective program if the mobile code calls the at least one local resource; observing behavior of the mobile code by the protective program; based on the observed behavior, determining whether the mobile code is one of malicious, potentially malicious, or not malicious; and based on the determination, blocking access to the at least one local resource by the mobile code if the mobile code is determined to be malicious, without user notice or intervention, Appeal 2010-006372 Application 09/952,208 3 allowing access to the at least one local resource by the mobile code if the mobile code is determined not to be malicious, without user notice or intervention, and requesting user input regarding access to the at least one local resource by the mobile code if the mobile code is determined to be potentially malicious. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Pearce Chess Gruper US 5,657,445 US 2002/0073055 A1 US 7,047,369 B1 Aug. 12, 1997 June 13, 2002 (filed Sept. 30, 1998) May 16, 2006 (filed Sept. 25, 1997) REJECTIONS Claims 111, 118, 132, 160, and 180 stand rejected under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement. Claims 100-113, 117-125, 128-130, 132, 134-154, 157, 159, 160, 162- 181, 183, 184, and 186-195 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Pearce and Gruper. Claims 114-116, 126, 127, 131, 133, 155, 156, 158, 161, 182, and 185 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Pearce, Gruper, and Chess. Appeal 2010-006372 Application 09/952,208 4 ANALYSIS The Written Description Rejection Claims 111, 132, 160, and 180 The Examiner finds that the originally-filed Specification fails to provide written description support for the following limitations of claim 111: “allowing normal operation of the host computer if the mobile code does not call the at least one local resource”; “if the mobile code is not determined to be malicious, determining whether the mobile code is potentially malicious”; and “transferring control of the at least one local resource back to the mobile code . . . if the mobile code is not determined to be potentially malicious” (Ans. 3). Appellants contend that “[i]t is inherent in the description that this computer system provides normal computer functions for an authorized user. For example, paragraphs [0003] and [0004] describe normal functionality of a computer when executing mobile code” (App. Br. 14). Appellants also contend that It is apparent that the normal operational features of the computer system take place when the protective method of the claimed invention does not detect malicious or potentially malicious code. [F]or example, as stated in paragraph [0019], mobile code is allowed to access the operating system and a jump command is accessed to transfer control to a protective program. The protective program performs protective functionality, as described, if malicious or potentially malicious code is found. (App. Br. 14-15). We find that paragraphs 3 and 4 of the Specification generally describe two types of mobile code that may operate on a host computer: Appeal 2010-006372 Application 09/952,208 5 scripts that interface with applications at an application level of the host computer and native code that bypasses the application level and access the operating system of the host computer directly (see Spec. ¶¶ [0003]-[0004]; Fig. 1). In order to protect against malicious native code, “the protection program of the present invention is within the operating system itself waiting for the mobile code to access any of the local resources within the host computer” (Spec. ¶ [0018]). If the mobile code calls one of the local resources, control of the local resource is transferred to the protective program (Spec. ¶ [0019]). Accordingly, the Specification describes performing normal computer operation — including execution of mobile code — until the mobile code attempts to access a local resource through the operating system, in which case computer operation is no longer normal, but protective. In other words, as described, Appellants’ invention allows normal computer operation so long as mobile code does not call a local resource. We thus find descriptive support in the originally-filed Specification for the feature “allowing normal operation of the host computer if the mobile code does not call the at least one local resource” (claim 111). However, Appellants do not specifically address the limitations “if the mobile code is not determined to be malicious, determining whether the mobile code is potentially malicious” and “transferring control of the at least one local resource back to the mobile code . . . if the mobile code is not determined to be potentially malicious” (claim 111, see App. Br. 14-15). That is, Appellants do not point out where the Specification provides written description support for these features (see id.). We decline to sua sponte find support for these features in Appellants’ Specification. Appeal 2010-006372 Application 09/952,208 6 Even if the Specification describes determining whether mobile code is malicious and determining whether mobile code is potentially malicious, this description alone is insufficient to satisfy the written description requirement for claim 111. The Specification must necessarily describe the specifically claimed combination of these elements, including the conditional structure of claim 111, for example, “if the mobile code is not determined to be malicious, determining . . . .” See Hyatt v. Boone, 146 F.3d 1348, 1354 (Fed. Cir. 1998) (“[T]he written description must include all of the limitations of the [claim], or the applicant must show that any absent text is necessarily comprehended in the description provided . . . .”). Absent specific identification of descriptive support in the originally-filed Specification for the limitations discussed above, we are not persuaded that the Examiner erred in rejecting claim 111 as failing to comply with the written description requirement. The Examiner rejects claims 132 and 160 based on lack of written description for limitations similar to the claim 111 limitation “transferring control of the at least one local resource back to the mobile code . . . if the mobile code is not determined to be potentially malicious” (Ans. 3). Namely, claim 132 recites “allowing the mobile code to access the at least one local resource if the mobile code is not determined to be potentially malicious,” and claim 160 recites “allowing the mobile code to access the at least one local resource if it is determined that the mobile code is not potentially malicious.” Appellants’ arguments regarding claims 132 and 160 are the same as those presented for claim 111 (see App. Br. 20-21, 23-24). Therefore, for the reasons discussed above, we are not persuaded that the Appeal 2010-006372 Application 09/952,208 7 Examiner erred in rejecting claims 132 and 160 as failing to comply with the written description requirement. The Examiner rejects claim 180 based on lack of written description for a limitation similar to the claim 111 limitation “if the mobile code is not determined to be malicious, determining whether the mobile code is potentially malicious” (Ans. 3). Namely, claim 180 recites “determining whether the mobile code is potentially malicious if the mobile code is not determined to be malicious.” Appellants’ arguments regarding claim 180 are the same as those presented for claim 111 (see App. Br. 26-27). Therefore, for the reasons discussed above, we are not persuaded that the Examiner erred in rejecting claim 180 as failing to comply with the written description requirement. Claim 118 The Examiner finds that the originally-filed Specification fails to provide written description support for the claim 118 limitation “transferring control of the at least one local resource to a protective program via the at least one jump command only if the mobile code calls the at least one local resource” (Ans. 3). Appellants’ contentions regarding claim 118 are the same as those presented for claim 111 (see App. Br. 17-18). Specifically, Appellants argue that “as stated in paragraph [0019], mobile code is allowed to access the operating system and a jump command is accessed to transfer control to a protective program” (App. Br. 17). As explained above regarding claim 111, the described host computer allows mobile code to execute normally on the operating system until the mobile code calls a local resource. Control of the local resource is Appeal 2010-006372 Application 09/952,208 8 transferred to the protective program via the jump command upon the mobile code calling the local resource (Spec. ¶ [0019]). Thus, we find that the Specification provides written description support for the limitation “transferring control . . . only if the mobile code calls the resource” (claim 118) because the Specification describes only the condition of the mobile code calling the local resource as triggering the transfer of control to the protective program (see Spec. ¶ [0019]). Otherwise, normal execution of the mobile code on the operating system continues, as discussed above. Therefore, we find that the Examiner erred in rejecting claim 118 as failing to comply with the written description requirement. The Obviousness Rejections Pearce and Gruper Regarding representative independent claim 100, Appellants contend that Pearce does not disclose determining whether identified mobile code falls into one of the three claimed categories (App. Br. 32-33). Appellants also argue that Pearce does not disclose “autonomic code blocking based on a determination of malicious mobile code” (App. Br. 33). That is, Pearce does not disclose blocking malicious code without user intervention (see Id.). Appellants further contend that Gruper does not suggest modifying Pearce because Gruper controls access based solely on identifying the mobile code as known; whereas, claim 100 controls access based on observed behavior of the mobile code and does not require that the mobile code be known (App. Br. 35). We disagree. The Examiner finds that Pearce discloses the claim 100 limitations “requesting user input regarding access to the at least one local resource by Appeal 2010-006372 Application 09/952,208 9 the mobile code if the mobile code is determined to be potentially malicious” and “allowing access to the at least one local resource by the mobile code if the mobile code is determined not to be malicious, without user notice or intervention” (Ans. 4; Pearce, col. 7, ll. 15-67). For the third claimed category of “malicious code,” the Examiner finds that Gruper discloses blocking access to a resource automatically upon determining that an application is malicious (Ans. 5). Thus, as the Examiner’s rejection is based upon the collective teachings of Pearce and Gruper, Appellants’ arguments directed to Pearce’s alleged failure to disclose determining and responding to all three claimed categories of mobile code, including blocking malicious code, are not persuasive. Appellants’ arguments regarding Gruper are also not persuasive. We agree with the Examiner (Ans. 33-36) and find that Gruper determines that code is malicious based on observed behavior, not simply based on whether code is identified as known code. For example, Gruper discloses: When the application is run, disk access requests may be checked against the enforcement file. If the type of disk access is not allowed by the enforcement file then either the operation is stopped, the user is prompted to give specific permission, or a pre-defined automatic response may occur. (Gruper, col. 4, l. 66-col. 5, l. 3). Thus, Gruper’s enforcement file lists not only certain known applications but different actions that are allowed for each of the applications. To provide protection for the system hard drive, Gruper checks a running application’s access requests — i.e., “observed behaviour” — against the list, not just the application identity. Further, claim 100 does not preclude determining that known code is malicious and blocking such malicious code. To the contrary, representative claim 100 Appeal 2010-006372 Application 09/952,208 10 explicitly requires “identifying mobile code received by the host computer” before determining whether the code is malicious, potentially malicious, or not malicious (see Ans. 33). We are therefore not persuaded that the Examiner erred in rejecting representative claim 100. Although Appellants nominally argue each of dependent claims 101-110 separately, Appellants present no new arguments beyond those presented for representative claim 100 (see App. Br. 37-56). Further, although Appellants present separate arguments for each of the remaining independent claims 111, 118, 132, 145, 153, 160, 172, 180, and 184 (App. Br. 57-64, 71-78, 99-105, 128-133, 148-154, 161-167, 188-193, 208-215, 220-226) and respective dependent claims 112, 113, 117, 119-125, 128-130, 134- 144, 146-152, 154, 157, 159, 162-171, 173-179, 181, 183, and 186-195 (App. Br. 65-70, 79-98, 106-127, 134-147, 155-160, 168-187, 194-207, 216-219, 227-246), Appellants’ arguments for these claims appear to be the same arguments presented for claim 100. Thus, we also sustain the rejection of claims 101-113, 117-125, 128-130, 132, 134-154, 157, 159, 160, 162-181, 183, 184, and 186-195 for the reasons discussed above for representative claim 100. Pearce, Gruper, and Chess Regarding dependent claim 114, Appellants contend that Chess fixes documents that are already infected, contrary to the claimed invention, which protects a local resource from potentially malicious code (App. Br. 249). Appellants also contend that combining Chess with Pearce would be impractical because Chess requires recording the initial state of a storage device, which requires a great amount of backup space, contrary to the Appeal 2010-006372 Application 09/952,208 11 claimed invention, which overcomes the storage problem by recording changes to the local resource but not the entire initial state of the resource (Id.). We disagree. Chess discloses an anti-virus program that scans documents to determine whether changes made thereto are “safe” or “questionable” (Chess, ¶¶ [0025]-[0027]). Chess’s scan occurs after “questionable” changes may have been made, that is, after a potential virus may have changed documents (see id.). However, Chess discloses that “[i]f the changes are determined to be ‘questionable,’ a record is made of the name of the document and of the nature of the change” (Chess, ¶ [0028]). Later, if the recorded “questionable” changes are determined to be part of a viral set, Chess “restores the changed documents to their original condition or to a functionally equivalent state” (Chess, ¶ [0032]). Appellants have not shown how Chess’s system is different than the claimed invention, which permits potentially malicious code to access a local resource, rather than blocking the code before any malicious behaviour occurs. Thus, we are not persuaded that the Examiner erred in finding that Chess’s recording of “questionable” changes meets the limitation “recording changes made to the at least one local resource if the user allows the potentially malicious mobile code to access the at least one local resource” (claim 114; see Ans. 24-25). Further, we are not persuaded by Appellants’ argument that Chess’s backup storage requirement, when combined with Pearce, would be impractical (App. Br. 249). The claimed invention requires at least enough storage space to record changes made by potentially malicious mobile code so that it is possible to later reverse the changes. Appellants have not provided evidence showing that Chess’s storage requirement is greater than Appeal 2010-006372 Application 09/952,208 12 the claimed invention’s requirement, or evidence to support the assertion that providing additional storage is so impractical that Chess cannot be combined with Pearce. We are therefore not persuaded that the Examiner erred in rejecting claim 114. Further, although Appellants present separate arguments for each of the remaining dependent claims 115, 116, 126, 127, 131, 133, 155, 156, 158, 161, 182, and 185 (App. Br. 251-295), Appellants’ arguments for these claims appear to be the same arguments presented for claim 114. Thus, we also sustain the rejection of claims 115, 116, 126, 127, 131, 133, 155, 156, 158, 161, 182, and 185 for the reasons discussed above with respect to representative claim 114. CONCLUSIONS OF LAW Under 35 U.S.C. § 112, first paragraph, the Examiner erred in rejecting claim 118 but did not err in rejecting claims 111, 132, 160, and 180. Under 35 U.S.C § 103(a), the Examiner did not err in rejecting claims 100-195. DECISION For the above reasons, we affirm the rejections of claims 100-195. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). See 37 C.F.R. § 41.50(f). AFFIRMED peb Copy with citationCopy as parenthetical citation
