14559255 (P.T.A.B. Jul. 16, 2018)

Ex Parte Zhang

Patent Trial and Appeal BoardJul 16, 2018

14559255 (P.T.A.B. Jul. 16, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 14/559,255 12/03/2014 64128 7590 07/18/2018 MICHAEL A DESANCTIS HAMILTON DESANCTIS & CHA LLP 12640 W. Cedar Drive, Suite 1 LAKEWOOD, CO 80228 FIRST NAMED INVENTOR Yong Zhang UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. FORT-014000 9151 EXAMINER NGUY,CHID ART UNIT PAPER NUMBER 2435 NOTIFICATION DATE DELIVERY MODE 07/18/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): mdesanctis@hdciplaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte YONG ZHANG Appeal2017-009716 Application 14/559,255 Technology Center 2400 Before THU A. DANG, DENISE M. POTHIER, and JAMES W. DEJMEK, Administrative Patent Judges. POTHIER, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellant1,2 appeals under 35 U.S.C. Â§ 134(a) from the Examiner's rejection of claims 1-20. Br. 5. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We affirm. 1 Throughout this opinion, we refer to the Final Action (Final Act.) mailed filed July 22, 2016, the Appeal Brief (Br.) filed January 24, 2017, and the Examiner's Answer (Ans.) mailed April 17, 2017. 2 The real party in interest is listed as Fortinet, Inc. Br. 3. Appeal2017-009716 Application 14/559,255 Invention Appellant's "embodiments of the present disclosure relate to detection of on-wire unauthorized/rogue access points (APs)." See Spec. ,r 2; see also Spec. ,r,r 9-12. Claim 1 is reproduced below with emphasis: 1. A method comprising: detecting, by a managed wireless access point (AP) of a private network comprising a wired portion and a wireless portion, a potential rogue AP within an area encompassed by the wireless portion of the private network; causing, by the managed AP, a network element coupled to the wired portion of the private network to inject a special network packet having a defined pattern into one or more pre- existing communication sessions associated with the potential rogue AP via a wired interface of the potential rogue AP; monitoring and analyzing, by the managed AP, network traffic transmitted on the wireless portion of the private network; responsive to detecting, by the managed AP, the special network packet within the network traffic, then identifying the potential rogue AP as a confirmed on-wire rogue AP that is coupled to the wired portion of the private network. Br. 19 (Claims App.). The Examiner relies on the following as evidence of unpatentability: Bhagwat McRae Atreya US 2005/0259611 Al US 2007/0186276 Al US 2014/0334317 Al The Rejections Nov. 24, 2005 Aug.9,2007 Nov. 13, 2014 Claims 1-5, 9-15, 19, and 20 are rejected under 35 U.S.C. Â§ 103 as unpatentable over McRae and Atreya. Final Act. 3-8. 2 Appeal2017-009716 Application 14/559,255 Claims 6-8 and 16-18 are rejected under 35 U.S.C. Â§ 103 as unpatentable over McRae, Atreya, and Bhagwat. Final Act. 8-10. OBVIOUSNESS REJECTION OVER McRAE AND ATREYA Regarding representative claim 1, 3 the Examiner finds McRae teaches its limitations, except for injecting a special network packet having a defined pattern into a pre-existing communication session associated with the potential rogue AP via a wired interface of the potential rogue AP and detecting the special network packet within network traffic. Final Act. 3--4 (citing McRae ,r,r 17-27, 33, Fig. 1). The Examiner turns to Atreya to teach and suggest the missing features in McRae and proposes incorporating Atreya's teaching within McRae to determine whether a device is rogue. Final Act. 4 (citing Atreya ,r,r 15, 16, 30-33, 36, Fig. 3). Appellant argues Atreya does not teach or suggest a managed AP causes a network element to perform the recited "to inject a special network packet" as recited. Br. 12-14 (discussing Atreya ,r,r 15, 16, 30, 36). Appellant also asserts Atreya does not teach or suggest a signature frame or special network packet is injected into a pre-existing communication session associated with the potential rogue AP as recited. Br. 14--15. ISSUE UnderÂ§ 103, has the Examiner erred in rejecting claim 1 by finding that McRae and Atreya collectively "caus[ e ], by the managed AP, a network element ... to inject a special network packet having a defined pattern into 3 Claims 1-5, 9-15, 19, and 20 are argued as a group. Br. 12-15. We select claim 1 as representative. See 37 C.F.R. Â§ 4I.37(c)(l)(iv). 3 Appeal2017-009716 Application 14/559,255 one or more pre-existing communication sessions associated with the potential rogue AP"? ANALYSIS Based on the record before us, we are not persuaded of error. As the Examiner indicates (see Ans. 11-12), one cannot show nonobviousness by attacking references individually where the rejection-as is here-are based on the combination of McRae and Atreya. See In re Keller, 642 F.2d 413, 426 (CCPA 1981); see also In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986). McRae teaches a managed AP ( e.g., 110) determines whether a certain other AP ( e.g., 130) is rogue by analyzing information received from another AP/device, some of which are coupled to a wired network. McRae ,r,r 20-26, Fig. 1, cited in Ans. 12. For example, McRae teaches at step 230 access point 110 obtains additional information from candidate devices (e.g., 130 or 140) by sending a probe request frame to the candidate devices and receiving a probe response frame, a device IP address, or an identity of other clients connected to the candidate device in response. McRae ,r,r 23-24, Fig. 2. As such, McRae teaches a managed AP (e.g., 110) causing an element to send special data into communications associated with a potential rogue AP (e.g., 130 or 140). See Ans. 12. Atreya teaches or suggests an additional technique for detecting rogue APs using "a wireless intrusion detection system (WIDS) deployed in a wireless controller." Ans. 12. For example, Atreya teaches and suggests a controller (1) instructing another component ( e.g., a wireless agent within a 4 Appeal2017-009716 Application 14/559,255 switch or "network element" as recited4) to inject a "signature frame" into a wired network and (2) watching for the frame to appear in the wireless network. See Atreya ,r,r 16-17, 25. Such a frame may contain "a pattern of data" or has "a defined pattern" as recited. Atreya ,r 25. Additionally, Atreya teaches the WIDS "can be deployed as an overlay dedicated appliance with its own dedicated 'sensor' APs, or an integrated component of a wireless controller with the managed APs doubling up as 'sensors'." Atreya ,r,r 14, 26. Such sensor APs are used to scan and report rogue Aps, and signature injection can be coordinated between a sensor AP and wireless switches. Atreya ,r,r 15, 26. Moreover, when incorporating Atreya's teachings with McRae, the combination suggests and predictably yields a managed AP, such as McRae's managed AP (e.g., 110), causing a network element (e.g., a switch as taught in Atreya) to inject a special network packet having a defined pattern into communications associated with a potential rogue AP as recited in claim 1. See Ans. 12-13. As for whether these communications include "pre-existing communication sessions" as recited (Br. 14--15), we agree with the Examiner that this limitation can be construed to include one endpoint being connected to and communicating with another endpoint. See Ans. 13. Additionally, we agree with the Examiner that Atreya teaches APs connected to and communicating with rogue APs in a wired/wireless system. See Ans. 13-14; see also McRae ,r,r 16-17. Atreya also discusses an 4 The phrase "network element" is not defined in the Specification. Examples of "a network element" include a network controller, a gateway, a router, a firewall, a hub, a switch, and a managed AP. Spec. ,r,r 33, 44, 45, 51. 5 Appeal2017-009716 Application 14/559,255 enterprise WLAN (Atreya ,r 15), injecting a signature frame within a network having "devices distributed throughout the corporate LAN" (Atreya ,r 17), and gathering "information regarding connected devices on different physical ports" (Atreya ,r 25). See also Ans. 14 (stating "communication sessions already exist between the network devices when the signature frame is injected" in Atreya). Notably, Appellant does not rebut the Examiner's findings in the Answer. For the foregoing reasons, Appellant has not persuaded us of error in the rejection of independent claim 1 and claims 2-5, 9-15, 19, and 20, which are not separately argued. THE OBVIOUSNESS REJECTION OVER MCRAE, ATREYA, ANDBHAGWAT Representative claim 65 depends indirectly from claim 1 and further recites "one or more pre-existing communication sessions comprise a transmission control protocol (TCP) session and wherein the special network packet comprises a TCP packet." Br. 20 (Claims App.). The Examiner finds McRae and Atreya do not explicitly teach these limitations, turning to Bhagwat. Final Act. 8-9 (citing Bhagwat ,r,r 16, 75-78); Ans. 15-16 (citing Bhagwat ,r,r 61, 75-78, 81-86). Appellant argues Bhagwat's taught "existing association" (Br. 15 ( emphasis omitted)) between a wireless station and an AP differs from the recited "one or more pre-existing communication 5 Claims 6-8 and 16-18 are argued collectively. Br. 15-16. We select claim 6 as representative. See 37 C.F.R. Â§ 4I.37(c)(l)(iv) (2016). 6 Appeal2017-009716 Application 14/559,255 sessions," which are required to be "between two host or server computer systems" as understood by an ordinarily skilled artisan. Br. 16. ISSUE UnderÂ§ 103, has the Examiner erred in rejecting claim 6 by finding that McRae, Atreya, and Bhagwat collectively would have taught or suggested "one or more pre-existing communication sessions comprise a transmission control protocol (TCP) session and wherein the special network packet comprises a TCP packet"? ANALYSIS Based on the record before us, we are not persuaded of error. First, Appellant provides no supporting evidence that the recited "pre-existing communication session" in claims 1 and 6 would have been understood by an ordinary skilled artisan to be "between two host or server computer systems." Br. 15-16. That is, counsel's arguments cannot take the place of factually supported objective evidence. See, e.g., In re Huang, 100 F.3d 135, 139--40 (Fed. Cir. 1996). Second, even presuming, without agreeing, that the recited "pre- existing communication sessions" must be between host or servers as argued, the collective teachings McRae, Atreya, and Bhagwat suggest such communication sessions exists. As discussed above, we already addressed how McRae and Atreya at least suggest "pre-existing communication sessions" as recited in claim 1. Moreover, Bhagwat further explains (1) a sniffer determines TCP port number of a wireless station by monitoring packets transmitted by or received at the stations (e.g., a host) (Bhagwat 7 Appeal2017-009716 Application 14/559,255 ,r 75, cited in Ans. 15); (2) the sniffer operates (a) during "ongoing communication" (Bhagwat ,r 84) and (b) during transmission of marker packets in the LAN (Bhagwat ,r 87); and (3) "TCP is used by computers in Internet Protocol (IP) network for reliable exchange of data" (Bhagwat ,r 88). See also Bhagwat, Fig. 1; see also Ans. 15-16 ( discussing how Bhagwat indicates the wireless stations or hosts are transmitting and receiving data packets in a TCP session). As such, Bhagwat teaches and suggests the transmitted marker packets are part of a TCP session between computers (e.g., hosts). Moreover, when combining these teachings with McRae and Atreya, the combination would have predictably yielded the recited "one or more pre-existing communication sessions comprise a transmission control protocol (TCP) session and wherein the special network packet comprises a TCP packet" as recited in claim 6. Appellant does not rebut the Examiner's findings in the Answer. Notably, claims 8 and 18 do not recite a TCP or UDP session. Br. 20, 22 (Claims App.). Because the arguments presented by Appellant for claims 8 and 18 are not commensurate in scope, the contentions are not persuasive. For the above reasons, Appellant has not persuaded us of error in the rejection of claims 6-8 and 16-18. DECISION We affirm the Examiner's rejection of claims 1-20 underÂ§ 103. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED 8