Juniper Networks, Inc.Download PDFPatent Trials and Appeals BoardMay 12, 20212020001206 (P.T.A.B. May. 12, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/495,427 04/24/2017 Jacob Asher Langton 0023-0743C1 8557 44987 7590 05/12/2021 Harrity & Harrity, LLP 11350 Random Hills Road Suite 600 Fairfax, VA 22030 EXAMINER WILCOX, JAMES J ART UNIT PAPER NUMBER 2439 NOTIFICATION DATE DELIVERY MODE 05/12/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): docket@harrityllp.com mpick@harrityllp.com ptomail@harrityllp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JACOB ASHER LANGTON, DANIEL J. QUINLAN, KYLE ADAMS, and DECLAN CONLON Appeal 2020-001206 Application 15/495,427 Technology Center 2400 Before JASON V. MORGAN, JAMES B. ARPIN, and MICHAEL J. ENGLE, Administrative Patent Judges. ENGLE, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 21, 23–35, and 37–43, all of the pending claims. We have jurisdiction under 35 U.S.C. § 6(b). We reverse. TECHNOLOGY The application relates to “a multi-file malware analysis.” Spec. Abstract. 1 “Appellant” refers to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies Juniper Networks, Inc. as the real party in interest. Appeal Br. 3. Appeal 2020-001206 Application 15/495,427 2 ILLUSTRATIVE CLAIM Claim 21 is illustrative and reproduced below with disputed limitations emphasized: 21. A device, comprising: a memory; and one or more processors to: execute a group of files in a sandbox environment, the group of files being identified for a multi- file malware analysis for analyzing the group of files as a group, the group of files being associated with a plurality of malware scores, and each of the plurality of malware scores including at least one malware counter; monitor the sandbox environment to detect a behavior indicative of malware caused by any one file of the group of files that are executed, where the one or more processors, when monitoring the sandbox environment, are to: analyze the group of files that are executed as a group without analyzing each file of the group of files individually; modify all of the plurality of malware scores associated with the group of files that are executed based on detecting the behavior indicative of malware, caused by the any one file of the group of files that are executed, when the group of files was analyzed as a group, where the one or more processors, when modifying all of the plurality of malware scores, are to: Appeal 2020-001206 Application 15/495,427 3 adjust the at least one malware counter for each of the plurality of malware scores based on detecting the behavior indicative of malware caused by the any one file of the group of files that are executed; determine whether at least one malware score, of the plurality of malware scores that are modified, satisfies a threshold; when the at least one malware score is determined to satisfy the threshold, individually analyze a file of the group of files, associated with a malware score that satisfies the threshold, for a presence of malware based on individually executing the file in the sandbox environment; and when the at least one malware score is not determined to satisfy the threshold, identify an additional group of files to execute and monitor for the behavior indicative of malware. REFERENCES The Examiner relies on the following references: Name Reference Date Hotta US 8,566,932 B1 Oct. 22, 2013 McDougal US 9,009,820 B1 Apr. 14, 2015 Milliken US 2010/0205265 A1 Aug. 12, 2010 Shua US 2014/0237590 A1 Aug. 21, 2014 Raman US 2013/0167231 A1 June 27, 2013 REJECTIONS The Examiner makes the following rejections under 35 U.S.C. § 103: Claims References Final Act. 21, 23–35, 37–40 McDougal, Hotta, Shua, Raman 4 41–43 McDougal, Hotta, Shua, Raman, Milliken 18 Appeal 2020-001206 Application 15/495,427 4 ANALYSIS Independent claim 21 recites a device to “modify all of the plurality of malware scores associated with the group of files that are executed based on detecting the behavior indicative of malware, caused by the any one file of the group of files that are executed, when the group of files was analyzed as a group.” Independent claims 28 and 35 recite commensurate limitations. Appellant argues that McDougal “merely discloses a score for a single file that is based on . . . malware detection . . . applied to the single file,” not “a group of files ‘when the group of files was analyzed as a group.’” Appeal Br. 9 (emphasis added). In the Answer, the Examiner quotes large blocks of McDougal. Ans. 4–6 (citing McDougal, 13:59–14:21, 22:22–35, 3:66–4:19). However, we agree with Appellant that “the Examiner quoted more than two pages of MCDOUGAL without responding to any of Appellant’s arguments in the Appeal Brief.” Reply Br. 2. We also agree with Appellant that “the Examiner’s conclusory statement that ‘[t]hus, McDougal reads on the claim limitation’ lacks any explanation as to how the Examiner’s summary of MCDOUGAL ties to the specific feature of the claim.” Id. at 3. The Examiner’s first quotation teaches a single file having multiple weighted scores, but it is unclear how this relates to modifying all scores for all files in a group. Ans. 4 (citing McDougal, 13:59–14:21); Reply Br. 3. The Examiner’s second quotation teaches prioritizing the analysis of the rest of the files in a group if one file has malware in it, but it is unclear whether or why this would have any impact on the malware scores for each file in that group. Ans. 5 (citing McDougal, 22:22–35); Reply Br. 3. The Examiner’s third quotation teaches analyzing a “set of files” and that a Appeal 2020-001206 Application 15/495,427 5 single file “may include several files embedded within the file” such as “a ZIP file,” but again the Examiner has not explained how this relates to scoring or prioritizing. Ans. 5–6 (citing McDougal, 3:66–4:19). Absent further explanation from the Examiner, it is unclear how the Examiner is applying these quotations to the claim language. See In re Jung, 637 F.3d 1356, 1362 (Fed. Cir. 2011) (holding 35 U.S.C. § 132 “is violated when a rejection is so uninformative that it prevents the applicant from recognizing and seeking to counter the grounds for rejection” (quotation omitted)). The Examiner does not rely on Milliken to cure any of these deficiencies. And because the issue above is dispositive for the rejections of all of the claims, we need not address Appellant’s other arguments. Accordingly, we do not sustain the Examiner’s rejections of independent claims 21, 28, and 35, and their dependent claims 23–27, 29– 34, and 37–43. OUTCOME The following table summarizes the outcome of each rejection: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 21, 23–35, 37–40 103 McDougal, Hotta, Shua, Raman 21, 23–35, 37–40 41–43 103 McDougal, Hotta, Shua, Raman, Milliken 41–43 Overall Outcome 21, 23–35, 37–43 REVERSED Copy with citationCopy as parenthetical citation
