2019002400 (P.T.A.B. Sep. 28, 2020)

International Business Machines Corporation

Patent Trials and Appeals BoardSep 28, 2020

2019002400 (P.T.A.B. Sep. 28, 2020)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/243,115 08/22/2016 Omer Tripp IL920120021US5_8150-0706 7304 73109 7590 09/28/2020 Cuenot, Forsythe & Kim, LLC 20283 State Road 7 Ste. 300 Boca Raton, FL 33498 EXAMINER HO, THOMAS ART UNIT PAPER NUMBER 2494 NOTIFICATION DATE DELIVERY MODE 09/28/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ibmptomail@iplawpro.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte OMER TRIPP Appeal 2019-002400 Application 15/243,115 Technology Center 2400 Before JASON J. CHUNG, JAMES W. DEJMEK, and SCOTT E. BAIN, Administrative Patent Judges. BAIN, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s decision to reject claims 26–43, which constitute all claims pending in the application. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42(a) (2017). Appellant identifies the real party in interest as “IBM Corporation.” Appeal Br. 1. Appeal 2019-002400 Application 15/243,115 2 BACKGROUND The Claimed Invention According to Appellant, the claimed invention relates to “computer software analysis,” and more specifically, to “remediation of security vulnerabilities in computer software.” Spec. ¶ 2. Claims 26, 32, and 38 are independent. Claim 26 is illustrative of the invention and the subject matter of the appeal, and reads as follows: 26. A computer-implemented method, comprising: identifying, for the computer software application, a set of security-sensitive data flows using a data propagation graph; encoding each transition that participates in one or more of the set of security-sensitive data flows as a unique propositional variable; encoding, for ease respective security-sensitive data flow, the respective security-sensitive data flow as a disjunctive propositional clause that includes all propositional variables corresponding to transitions that participate in the respective data flow; conjoining the clauses to form a conjunctive normal formula; processing, using a satisfiability solver, the formula; and determining whether the formula is satisfiable. Appeal Br. 24 (Claims App.) (emphases added). References The references relied upon by the Examiner are: Name Reference Date Huang et al. (“Huang”) US 2007/0074188 Al Mar. 29, 2007 Jain US 2004/0098682 Al May 20, 2004 Appeal 2019-002400 Application 15/243,115 3 The Rejections on Appeal Claims 26–43 stand rejected under 35 U.S.C. § 101 as being directed to patent-ineligible subject matter. Final Act. 8–11. Claims 26–43 stand rejected under 35 U.S.C. § 103 as being unpatentable over Huang and Jain. Final Act. 11–16. DISCUSSION We have reviewed the Examiner’s rejections in light of Appellant’s arguments presented in this appeal. Arguments which Appellant could have made but did not make in the Briefs are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(iv). On the record before us, Appellant persuades us of error regarding the subject matter eligibility rejection of claims 28–31, 34–37, and 40–43. As to the remaining claims and rejections, however, Appellant has not persuaded us of error. To the extent consistent with our discussion below, we adopt as our own the findings and reasons set forth in the rejection from which the appeal is taken and in the Examiner’s Answer. We provide the following for highlighting and emphasis. Rejection Under 35 U.S.C. § 101 The Examiner determined that claim 26 is directed to “encoding” variables in a “formula,” and “processing” the formula, all of which the Examiner determined is a mathematical concept and, therefore, constitutes an abstract idea. Ans. 4–6; Alice Corp. v. CLS Bank lnt’l, 573 U.S. 208, 217 (2014) (describing two-step framework “for distinguishing patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications of those concepts”). Further, the Examiner determined that claim 26 does not recite any “security vulnerability Appeal 2019-002400 Application 15/243,115 4 remediation steps,” nor any additional limitations beyond generic computing devices, and therefore does not amount to significantly more than the abstract idea. Ans. 6. Accordingly, the Examiner concluded that claim 26 constitutes ineligible subject matter. Appellant argues that the Examiner has “overgeneralized” the claimed invention, and that claim 26 is not an abstract idea because it “is directed to remediat[ing] security vulnerabilities in computer software.” Appeal Br. 10–11. Appellant argues that the claim recites details that do not monopolize the “abstract idea” cited by the Examiner, and that the invention is directed to improving computer technology, namely, security. Appeal Br. 12; Reply Br. 5. Pursuant to the USPTO’s “Revised Subject Matter Eligibility Guidance,” which synthesizes case law and provides agency instruction on the application of § 101, we must look to whether a claim recites: (1) any judicial exceptions, including certain groupings of abstract ideas (i.e., mathematical concepts, certain methods of organizing human activity such as a fundamental economic practice, or mental processes) (“Step 2A, Prong One”); and (2) additional elements that integrate the judicial exception into a practical application (see MPEP § 2106.05(a)–(c), (e)–(h)) (“Step 2A, Prong Two”). See USPTO, 2019 Revised Patent Subject Matter Eligibility Guidance 84 Fed. Reg. 50, 54–55 (Jan. 7, 2019) (“Guidance”). Only if a claim recites a judicial exception and does not integrate that exception into a practical application, do we then look to whether the claim: Appeal 2019-002400 Application 15/243,115 5 (3) adds a specific limitation beyond the judicial exception that is not “well-understood, routine, conventional” in the field (see MPEP § 2106.05(d)); or (4) simply appends well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. See id. at 56 (collectively “Step 2B”). We begin our review with Step 2A, Prong One of the Guidance, as applied to Appellant’s claim 26.2 As the Examiner determined, claim 26 is directed to a “computer- implemented method,” which performs “identifying” data using a “graph,” “encoding” data as a “variable,” “encoding” data as a “clause” including “variables,” forming a “formula,” “processing” the formula,” and “determining” whether the formula is “satisfied.” Appeal Br. 24. There is no specific security remediation step recited in the foregoing. Appellant argues that the claims use “downgraders” to “prevent misuses of a computer program.” Reply Br. 4. Claim 26, however, does not recite those elements. Rather, as the Examiner determined, each of the foregoing steps of claim 26 recites “math logic” and the “determination of logic.” Ans. 6. Accordingly, we agree with the Examiner’s determination that the foregoing steps of claim 26 constitute an abstract idea, and specifically, a mental process. Ans. 5–6. 2 The Guidance refers to “Step One” as determining whether the claimed subject matter falls within the four statutory categories identified by 35 U.S.C. § 101: process, machine, manufacture, or composition of matter. This step is not at issue in this case. Appeal 2019-002400 Application 15/243,115 6 Although we describe the abstract idea slightly differently than the Examiner, the Examiner’s characterization of the idea is not erroneous. “An abstract idea can generally be described at different levels of abstraction.” Apple, Inc. v. Ameranth, Inc., 842 F.3d 1229, 1240 (Fed. Cir. 2016). The level of abstraction an examiner uses to describe an abstract idea need not “impact the patentability analysis.” Apple, 842 F.3d at 1241. That is true here. Regardless of the level of generality used to describe the abstract idea recited, the claims are directed to an abstract idea. Cf. Accenture Glob. Servs., GmbH v. Guidewire Software, Inc., 728 F.3d 1336, 1344–45 (Fed. Cir. 2013) (“Although not as broad as the district court’s abstract idea of organizing data, it is nonetheless an abstract concept.”). Moreover, our reviewing court has noted that, in certain instances, there may be an overlap between an abstract idea within the mathematical concepts category and an abstract idea within the mental processes category. See Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350, 1354 (Fed. Cir. 2016) (concluding that “analyzing information by steps people go through in their minds, or by mathematical algorithms, without more, as essentially mental processes within the abstract-idea category”). Further, the data processing (analyzing) elements recited in claim 26 do not make the claim any less abstract. See id at 1353 (holding that “collecting information, analyzing it, and displaying certain results of the collection and analysis” are “a familiar class of claims ‘directed to’ a patent ineligible concept”). Thus, upon review of claim 26, we agree with the Examiner’s determination that the foregoing steps individually, and in combination, recite one or more of the categories deemed abstract under the Guidance, namely, a mental process. Appeal 2019-002400 Application 15/243,115 7 We next proceed to Step 2A, Prong 2 of the Guidance. Under this step, if the claim “as a whole” integrates the abstract idea into a “practical application,” it is patent eligible. Appellant argues that claim 26 is an “involves the modification of a[] computer software application,” and is an “improvement to computer technology.” Reply Br. 5. Appellant argues the invention is similar to the one found patent-eligible in BASCOM Glob. Internet Servs., Inc. v. AT&T Mobility LLC, 827 F.3d 1341 (Fed. Cir. 2016). Reply Br. 5. Improving the functioning of a computing device or system, such as a computer security system, can reflect integration of an idea into a “practical application.” Guidance Section III; see also DDR, 773 F.3d 1245; BASCOM, 827 F.3d 1341. Appellant, however, does not explain, and we do not discern, any improvement in technology from the claimed invention. Compare BASCOM, 827 F.3d at 1350 (“harness[ing a] technical feature of network technology in a filtering system” to customize content filtering); DDR, 773 F.3d at 1258 (Fed. Cir. 2014) (“the claims at issue here specify how interactions with the Internet are manipulated to yield a desired result–– a result that overrides the routine and conventional sequence of events ordinarily triggered by the click of a hyperlink” (emphasis added).) The claims in BASCOM and DDR, for example, were “necessarily rooted in computer technology” in order to overcome a problem specifically arising in the realm of computer networks, see, e.g., DDR, 773 F.3d at 1257, but Appellant’s claim 26 recites instructions to establish variables and formulas, without reciting any security application or other technical application. Further, claim 26 uses a computer in its ordinary capacity, and does not Appeal 2019-002400 Application 15/243,115 8 recite any specific improvement to the way computers operate. Cf. Enfish, LLC v. Microsoft Corp., 822 F3d 1327, 1330–33, 1336 (Fed. Cir. 2016). Appellant also does not direct us to any evidence that claim 26 recites any unconventional rules, transforms or reduces an element to a different state or thing, or otherwise integrates the idea into a practical application. Finally, under Step 2B of the Guidance, we must look to whether the claims include any “additional limitation that is not well-understood, routine [or] conventional.” The “question of whether a claim element or combination of elements is well-understood, routine and conventional to a skilled artisan in the relevant field is a question of fact.” Berkheimer v. HP Inc., 881 F.3d 1360, 1368 (Fed. Cir. 2018); see also Mortg. Grader, Inc. v. First Choice Loan Servs. Inc., 811 F.3d. 1314, 1325 (Fed. Cir. 2016) (holding that patent eligibility inquiry may contain underlying issues of fact). Claim 26 recites “identifying” data, “encoding,” establishing a “formula,” and “processing” the formula. See supra. According to the Specification, the steps of claim 26 are performed using general purpose, conventional computing devices, and program instructions. See Spec. ¶¶ 33–37. We agree with the Examiner’s finding that simply using standard, generic computer elements to implement the foregoing managing of resources is well understood, routine, and conventional, and is not a meaningful limitation that amounts to significantly more than an abstract idea. Ans. 12. Further, although Appellant asserts that claim 26 includes unconventional elements, Appellant provides no evidence or persuasive argument to rebut any of the Examiner’s foregoing findings. Reply Br. 4–5. For example, Appellant does not address the Examiner’s finding that the Appeal 2019-002400 Application 15/243,115 9 Specification describes only generic, standard computing elements implementing the steps in claim 26. Similarly, we are unpersuaded by Appellant’s argument that the claim 26 “do[es] not preempt the entire field of customizing web content.” Appeal Br. 11–12. Although “preemption may signal patent ineligible subject matter, the absence of complete preemption does not demonstrate patent eligibility.” FairWarning IP, LLC v. Iatric Sys., Inc., 839 F.3d 1089, 1098 (Fed. Cir. 2016) (quoting Ariosa Diagnostics, Inc. v. Sequenom, Inc., 788 F.3d 1371, 1379 (Fed. Cir. 2015); see also OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1362–63 (Fed. Cir. 2015), cert, denied, 136 S. Ct. 701, 193 (2015) (“[T]hat the claims do not preempt all price optimization or may be limited to price optimization in the e-commerce setting do not make them any less abstract.”). Where, as here, “a patent’s claims are deemed only to disclose patent ineligible subject matter under the Mayo framework . . . preemption concerns are fully addressed and made moot.” Ariosa Diagnostics, Inc. v. Sequenom, Inc., 788 F.3d 1371, 1379 (Fed. Cir. 2015). Accordingly, we agree with the Examiner’s determination that claim 26 merely uses computer elements in the implementation of an abstract idea, which does not equate to providing a technical solution to a technical problem. Ans. 10–11. For the foregoing reasons, we are not persuaded of error regarding the Examiner’s subject matter eligibility rejection of claim 26, and we sustain that rejection. We are, however, persuaded of error regarding dependent claim 28 (and its dependent claims 29–31), which Appellant argues separately. Appeal Br. 14–15. Unlike claim 26, claim 28 recites a “downgrader” which Appeal 2019-002400 Application 15/243,115 10 indicates transitions to be “eliminated” (i.e., security vulnerabilities) and the active step of “eliminat[ing]” those transitions (variables). Appeal Br. 24 (Claims App.). We are persuaded that these additional elements, because they recite an express application of computer security, constitute an improvement in technology and, therefore, integrate the judicial exception into a practical application (Step 2A). Accordingly, we are persuaded the Examiner erred in rejecting claims 28–31, and we do not sustain the subject matter eligibility rejection of these claims. In addition, claims 34–37 (“system”) and 40–43 (“product”) are commensurate in scope to claims 28–31 (“method”), including the “downgrader” and “elimination” elements discussed above. Thus, for the same reasons, we also do not sustain the subject matter eligibility rejection of those claims. Appellant does not argue the subject matter eligibility rejection of the remaining claims separately from claim 26. Accordingly, we also sustain the rejection of remaining claims 27, 32, 33, 38, and 39. Rejection Under Pre-AIA 35 U.S.C. § 103(a) Appellant argues the Examiner erred in finding the prior art teaches or suggests a “data propagation graph” and “security-sensitive” data flows as recited in independent claim 26. Appeal Br. 16–20; Reply Br. 6–8. Specifically, Appellant contends that a data propagation graph is limited to “interprocedural flow” of information, which is not found in the cited prior art, and that security-sensitive data flow is not the same as identifying security “vulnerabilities.” Reply Br. 6–8. We, however, are unpersuaded of error. Appeal 2019-002400 Application 15/243,115 11 As the Examiner finds, Huang discloses a “software application” which is “transformed into an abstract representation,” i.e., a graph, preserving its “information flow properties.” Ans. 18–20; Huang ¶ 15. Huang refers to the graph as a “control flow graph (CFG),” which is a “data structure representing the input program as a sequence of nodes.” Huang, Figs. 4, 12, ¶¶ 35–36. As the Examiner finds, the representation in Huang’s CFG is used for “tracking information flows [data flows]” and “other types of data structures which preserve the information flow properties of the input program.” Id. ¶ 35. We agree with the Examiner’s finding that the foregoing teaches or suggests a “data propagation graph” as recited in claim 26. As recited in the claim and described in Appellant’s Specification, “data propagation graph” is a graph identifying “security-sensitive data flows” (discussed below). Nothing in the Appellant’s claims or Specification limits the term “data propagation graph” itself to exclude Huang’s control flow graph as Appellant argues. Reply Br. 6; In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004) (claim terms given their “their broadest reasonable interpretation consistent with the specification”). Appellant argues that a person of ordinary skill in the art would understand “data propagation graph” as excluding security vulnerabilities as reflected in Huang’s control flow graph, but Appellant presents no evidence to rebut the Examiner’s findings. See In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997) (“attorney argument [is] not the kind of factual evidence that is required to rebut a prima facie case of obviousness”). In fact, even Appellant uses the terms “security sensitive” and “security vulnerabilities” interchangeably in at least one context. See Appeal Br. 11 (“In this instance, Appeal 2019-002400 Application 15/243,115 12 the claimed invention is directed to the remediation of security vulnerabilities in computer software. This is accomplished by a process that analyzes a computer software application to identify a set of security- sensitive data flows.”). We also agree with the Examiner’s finding that Huang teaches or suggests “identifying security-sensitive data flows” in its discussion of identifying information flows that have “security vulnerabilities.” Ans. 20– 21; Huang, Figs. 4, 9, ¶¶ 64–65, 69. Appellant argues that “security- sensitive” is distinct from “security vulnerabilities,” but again presents no evidence to rebut the Examiner’s findings. See supra. Based on the plain meaning of the terms, we discern no error in the Examiner’s finding that one of ordinary skill would understand the cited portions of Huang as, at least, teaching or suggesting “identifying security-sensitive data flows.” Similarly, we discern no error in the Examiner’s finding that Huang teaches “encoding” the security-sensitive data flow. Ans. 21; Huang ¶¶ 65, 69. For the foregoing reasons, we are not persuaded the Examiner erred in rejecting claim 26. The remaining claims are not argued separately. We, therefore, also sustain the obviousness rejection of remaining claims 27–43. Appeal 2019-002400 Application 15/243,115 13 SUMMARY In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 26–43 101 Eligibility 26, 27, 32, 33, 38, 393 28–31, 34– 37, 40–43 26–43 103 Huang, Jain 26–43 Overall Outcome 26–43 DECISION We affirm the Examiner’s decision rejecting claims 26–43. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). See 37 C.F.R. § 41.50(f). AFFIRMED