13621379 (P.T.A.B. Mar. 5, 2018)

Ex Parte Wiegenstein et al

Patent Trial and Appeal BoardMar 5, 2018

13621379 (P.T.A.B. Mar. 5, 2018)

United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/621,379 09/17/2012 Andreas Wiegenstein VFO-10102/36 7121 25006 7590 03/07/2018 DTNSMORF fr SHOHT T T P EXAMINER 900 Wilshire Drive REVAK, CHRISTOPHER A Suite 300 TROY, MI 48084 ART UNIT PAPER NUMBER 2431 NOTIFICATION DATE DELIVERY MODE 03/07/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): MichiganPatTM @ dinsmore. com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ANDREAS WIEGENSTEIN, MARKUS SCHUMACHER, and XU JIA Appeal 2016-007255 Application 13/621,379 Technology Center 2400 Before LARRY J. HUME, JUSTIN BUSCH, and JOHN D. HAMANN, Administrative Patent Judges. BUSCH, Administrative Patent Judge. DECISION ON APPEAL Pursuant to 35 U.S.C. § 134(a), Appellants appeal from the Examiner’s decision to reject claims 1-8 and 11-19, which constitute all the claims pending in this application. Oral arguments were heard on February 6, 2018. A transcript (“Transcript” or “Tr.”) of the hearing has been placed in the record. We have jurisdiction over the pending claims under 35 U.S.C. § 6(b). Claims 9 and 10 were cancelled previously. We affirm-in-part. CLAIMED SUBJECT MATTER Appellants’ “invention relates generally to data loss/leak prevention and, in particular, to a system and method for detecting data extrusion in Appeal 2016-007255 Application 13/621,379 software applications.” Spec. ^ 2. The claims are directed to a method of using data flow analysis and data extrusion analysis to identify whether received source code, when executed, would transfer critical data from a database to data exit points beyond the protection limits of the system. Spec. Tflj 10-11. Claim 1 is the only independent claim. Claims 1 and 16 are reproduced below: 1. A method of detecting database extrusion in a software application that provides a knowledge base of critical business functions and critical database content, comprising the steps of: receiving code adapted for execution on a target computer system having predefined protection limits; configuring at least a portion of the database content to be regarded as critical; performing a computerized data flow analysis on the code to determine the paths that will be taken by the source code during execution, the paths including data transfers between read accesses to critical data in the database and data exit points outside the database; performing a computerized data extrusion analysis to determine if any of the paths identified by the data flow analysis are capable of actually transferring the critical data to the exit points and beyond the protection limits of the target system; and if such source code exists, reporting the potential data extrusion leak as a security violation. 16. The method of claim 1, including the steps of: performing a computerized asset flow analysis to determine if the critical data has left the target computer system and is no longer subject to the predefined protection limits; and reporting the results of the asset flow analysis to a user. 2 Appeal 2016-007255 Application 13/621,379 REJECTIONS1 Claim 16 stands rejected under pre-AIA 35 U.S.C. § 112, first paragraph, or AIA § 112(a) for lack of enablement. Final Act. 4-5. Claims 1-8 and 11-19 stand rejected under pre-AIA 35 U.S.C. § 102(e) as anticipated by Lange (US 7,743,423 B2; June 22, 2010). Final Act. 6-9. ANALYSIS The Enablement Rejection The Examiner rejects claim 16 for failing to meet the enablement requirement under 35 U.S.C. § 112, first paragraph. Final Act. 4-5. Specifically, the Examiner finds Appellants’ Specification fails to explain how the recited determination that “the critical data has left the target computer system and is no longer subject to the predefined protection limits” is made. Final Act. 5. The Examiner further explains the Specification lacks sufficient explanation of how “an indication [is] provided that proves that the critical data has actually exited the target system” after it exits the system “and is no longer subject to predefined protection limits.” Id. Appellants argue that, given the claimed systems’ control and recognition of the critical data, loss of control of, or access to, the critical data would indicate the data has been transferred beyond the control limits of the target system. See App. Br. 2. During the oral argument, however, Appellants conceded there was “a verb tense issue” with respect to claim 16. Tr. 13-15. Accordingly, based on Appellants’ representation that there was an issue with how the claim is presently drafted and the lack of clarity 1 The rejection of claim 17 under 35 U.S.C. § 112, first paragraph was withdrawn in the Answer. Ans. 2; see Final Act. 4-5. 3 Appeal 2016-007255 Application 13/621,379 regarding how one of ordinary skill in the art would have implemented the additional limitation as currently drafted, we are not persuaded the Examiner erred in rejecting claim 16 under 35 U.S.C. § 112, first paragraph. The Anticipation Rejection The Examiner rejects claims 1-8 and 11-19 as anticipated by Lange, finding Lange discloses each of the recited limitations. Final Act. 6-9. Of particular note, the Examiner finds Lange discloses “performing a computerized data flow analysis on the code to determine the paths that will be taken by the source code during execution, the paths including data transfers between read accesses to critical data in the database and data exit points outside the database,” as recited in independent claim 1. Final Act. 6 (citing Lange 2:34-54, 5:57-6:44, 10:1-23). Lange discloses simulating execution paths in managed code “to find the permissions for each execution path” in order to determine permissions needed for each security path and, by creating a union of the permissions needed for each execution path, Lange determines the full permission set needed to execute the managed code. Lange 2:34-54, 5:57-6:44, Fig. 3a, Abstract. If the managed code exceeds the security permissions it is granted, a security exception is triggered. Id. Appellants contend Lange determines access rights by simulating execution paths but does not disclose “data transfer paths between read accesses to critical data in the database and data exit points,” as recited in the claims. App. Br. 4. Appellants agree with the Examiner that Lange discloses potential violations of security policies (i.e., if and when Lange triggers a security exception because the simulated code requires rights beyond those granted to the code). App. Br. 5. Appellants argue, however, 4 Appeal 2016-007255 Application 13/621,379 that triggering a security exception in response to determining the simulated source code requires a different permission set is not the same as determining whether “paths that will be taken by the source code during execution, the paths including data transfers between read accesses to critical data in the database and data exit points outside the database,” as recited in claim 1. Id. Appellants generally contend the cited portions of Lange are not applicable to the recited elements because Lange is directed to identifying the required access rights to execute source code (i.e., Lange simulates execution of source code to determine the required permission set), which is completely different than the data flow analysis and data extrusion analysis recited in Appellants’ claims, which are directed to identifying potential data leaks (i.e., the transfer of critical data from within a database to an exit point outside of the database). Reply Br. 2. In particular, Appellants argue the Examiner’s finding that Lange’s source code discloses the recited critical data depends on an unreasonably broad implicit construction of “critical data.” App. Br. 4; Reply Br. 1-3. Furthermore, Appellants assert Lange’s determination of permissions required for an execution path of its source code does not disclose the recited “paths including data transfers between read accesses to critical data in the database and data exit points outside the database” because Lange’s source code is not equivalent to the recited “critical data” and, thus, Lange does not address where data is transferred to or from or, more specifically, whether critical data can leave the managed environment. App. Br. 4-5; Reply Br. 2-3. Furthermore, Appellants argue triggering a security 5 Appeal 2016-007255 Application 13/621,379 exception does not disclose the recited “exit points outside the database” to which data may be transferred. App. Br. 5; Reply Br. 2-4. When the contested claim limitations are considered in light of Appellants’ Specification, we agree. Appellants’ claim explicitly states the critical data is database content. See, e.g., App. Br. 6 (Claim 1). Although it is possible to store source code in a database, and stored source code would not necessarily differ from other stored information, we determine that a person of ordinary skill in the art, when reviewing the claims and Specification, would have understood executing source code to be distinct from data, especially Appellants’ critical data. Moreover, Appellants’ Specification provides examples that, while not limiting, further provide context for what is meant by “critical data.” See, e.g., Spec. ^ 43 (“The rules engine also includes information about critical database tables (e.g. tables holding HR data or financial data)” (emphasis added)). Additionally, Lange’s triggering of a security exception merely indicates that Lange’s simulation of the subject source code indicates the source code exceeds its allowed security permissions. We agree with Appellants that triggering a security exception when simulated source code does not have the necessary permissions to execute all of its function does not disclose determining that critical data may be transferred from a database to an exit point outside of the database. The Examiner fails to sufficiently explain how Lange’s source code discloses the recited critical data, or how simulating such source code and triggering a security exception discloses determining that paths taken by source code during execution are capable of transferring critical data from a database to an exit point outside of the database. 6 Appeal 2016-007255 Application 13/621,379 On this record and for the reasons discussed above, we are persuaded of Examiner error. Accordingly, we do not sustain the Examiner’s rejection of independent claim 1. For similar reasons, we also do not sustain the Examiner’s rejections of claims 2-8 and 11-19, which depend therefrom. DECISION We affirm the Examiner’s decision to reject claim 16 under 35 U.S.C. §112, first paragraph, for lack of enablement, but we reverse the Examiner’s decision to reject claims 1-8 and 11-19 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 41.50(f). AFFIRMED-IN-PART 7