2021001736 (P.T.A.B. Mar. 18, 2022)

RADWARE, LTD.

Patent Trials and Appeals BoardMar 18, 2022

2021001736 (P.T.A.B. Mar. 18, 2022)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/169,942 06/01/2016 Yotam BEN EZRA RADW P0345 1235 122066 7590 03/18/2022 M&B IP Analysts, LLC 150 Morristown Road Suite 205 Bernardsville, NJ 07924-2626 EXAMINER POPHAM, JEFFREY D ART UNIT PAPER NUMBER 2432 NOTIFICATION DATE DELIVERY MODE 03/18/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): eofficeaction@appcoll.com pair@mb-ip.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE _____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD _____________ Ex parte YOTAM BEN EZRA, OREN OFER, and DEENA YEHUDA _____________ Appeal 2021-001736 Application 15/169,942 Technology Center 2400 ______________ Before JOSEPH L. DIXON, JOHNNY A. KUMAR, and CATHERINE SHIANG, Administrative Patent Judges. KUMAR, Administrative Patent Judge. DECISION ON APPEAL This is a decision on appeal under 35 U.S.C. § 134(a) from the final rejection of claims 1-8, 10-23, and 25-29.1 We affirm. INVENTION The invention is directed to systems and methods for detecting an access to a protected resource by headless browser bots. See Appellant’s Abstr. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. According to Appellant, RADWARE, LTD. is the real party in interest. Appeal Br. 3. Appeal 2021-001736 Application 15/169,942 2 Claim 1 is exemplary of the invention and reproduced below: 1. A method for detecting an access to a protected resource by headless browser bots, comprising: receiving a request from a client machine; determining whether an anti-headless browser bot (AHBB) challenge should be generated, wherein the determination is based on at least a load parameter related to an overall current computing load of the protected resource; generating the AHBB challenge only when the determination is that the AHBB challenge should be generated, wherein the AHBB challenge includes at least one headless browser identifying characteristic that includes an object for processing at least script code; receiving a response to the AHBB challenge; comparing the received response to at least one challenge requirement to determine a pass result or a fail result; and upon determining a pass result, granting the client machine access to the protected resource. Appeal Br. 24 (Claims App.). REJECTIONS AND REFERENCES2 Claims 1-8, 10-23, and 25-29 are rejected under 35 U.S.C. § 112(a) as failing to comply with the written description requirement. Claims 1-8, 10-23, and 25-29 are rejected under 35 U.S.C. § 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the applicant regards as the invention. 2 Throughout this Decision we refer to Appellant’s Appeal Brief (“Appeal Br.”) dated September 30, 2020, Appellant’s Reply Brief (“Reply Br.”) dated December 30, 2020, the Final Action (“Final Act.”) dated April 7, 2020, and the Examiner’s Answer (“Ans.”) dated December 9, 2020. Appeal 2021-001736 Application 15/169,942 3 Claims 1-8, 10-23, and 25-29 are rejected under 35 U.S.C. § 103 as being unpatentable over Hidayat (US 2016/0294796 A1; pub. Oct. 6, 2016) in view of Feng (US 2010/0031315 A1; pub. Feb. 4, 2010). Claims 11 and 26 are rejected under 35 U.S.C. § 103 as being unpatentable over Hidayat in view of Feng and Linden (US 2006/0136294 A1; pub. June 22, 2006). ANALYSIS Rejections of claims 1-8, 10-23, and 25-29 under 35 U.S.C. §§ 112(a) and (b) We have reviewed Appellant’s arguments in the Briefs, the Examiner’s rejections, and the Examiner’s response to Appellant’s arguments. We disagree with Appellant’s conclusions that the Examiner erred in finding the Specification fails to demonstrate Appellant had possession of “an overall current computing load,” as claimed. In particular, Appellant cites to paragraphs 44 and 57 of the Specification for support of an overall current computing load. The Examiner has provided a comprehensive response to each of Appellant’s arguments on pages 3 through 10 of the Answer. The Examiner determines: The language in paragraph 44 is generic and does not specify that the current load is the overall computing load of the protected resource. Indeed, if this was the case, then the amendment including “overall” would have been wholly unnecessary, Appellant would not have added the word “overall” to the claim, and, failing that, Appellant certainly would have removed the word “overall” in response to the 112(a) rejection, since Appellant is arguing here that it is superfluous (e.g., “One of ordinary skill in the art would recognize that this is referring to Appeal 2021-001736 Application 15/169,942 4 the computing load for the protected server as a whole, i.e., the overall current load for the protected server”). Ans. 3-4. The instant application would have had basis for overall computing load of the protected resource if the application discussed various sub-loads and then combined all sub-loads together to make a total/complete/server “computing load” that includes all loads on the server as well. However, this is not the case in the instant application. One of ordinary skill in the art would not understand that “current load” means “overall current load” since there can be many different current loads (for example, loads of each client, session, user, application, etc.). Ans. 7. We have reviewed the Appellant’s arguments and the portions of the Specification cited by the Appellant, and we are not persuaded of error in the Examiner’s rationale to support the rejections. Accordingly, we sustain the Examiner’s rejections of claims 1-8, 10-23, and 25-29 under 35 U.S.C. § 112(a) (written description), and 35 U.S.C. § 112(b) (indefiniteness). Rejections of claims 1-8, 10-23, and 25-29 under 35 U.S.C. § 103 Issue: Did the Examiner err in rejecting exemplary claim 13 as being obvious over Hidayat and Feng because the combination of Hidayat and Feng does not teach or suggest “determining whether an anti-headless browser bot (AHBB) challenge should be generated, wherein the determination is based on at least a load parameter related to an overall current computing load of the protected resource” (emphases added (hereinafter “the disputed limitations”))? 3 Independent claim 16 recites similar subject matter. Appeal 2021-001736 Application 15/169,942 5 To the extent consistent with our analysis below, we adopt as our own the findings and reasons set forth in the Examiner’s Answer (see Ans. 12- 46). We highlight and address specific findings and arguments for emphasis as follows. The Examiner relies upon Feng for teaching the disputed limitations. Ans. 13-15 (citing Feng ¶ 29). Paragraph 29 of Feng (with emphasis added) discloses: [0029] Depending on the loads of the client, a proof-of-work (“PoW”) challenge is created. The proof-of-work challenge is proportional to the historical load the client has placed upon the server as well as the current load on the server. The server transmits the proof-of-work challenge to the client over the application layer. More specifically, the proof-of-work challenge is embedded within a URL found in any HTML. The Examiner determines, and we agree: This clearly shows that the challenge is generated based on a load parameter related to the overall load on the server. In fact, at least 3 separate loads are referenced here: “the loads of the client”, “the historical load the client has placed upon the server”, and “the current load on the server”. Ans. 13-14. Appellant argues that claim 1 requires “the determination as to whether or not a challenge is to be issued based on the overall current computing load on the server of Feng, which is the protected resource therein. Such does not appear to be taught or suggested by Feng.” Appeal Br. 11. Appellant’s arguments are not commensurate with the scope of claim 1, because claim 1 does not recite the determination to be based on the overall current computing load. The Examiner determines, and we agree: Appeal 2021-001736 Application 15/169,942 6 Rather, the claim requires the determination to be “based on at least a load parameter related to an overall current computing load of the protected resource”. This does not mean that the determination is based on the overall load itself, but rather, that it is based on any parameter that is related to the overall load. The load each client puts on the server is certainly an example of a load parameter related to the overall load. The language of claim 1 is much broader than Appellant believes. Ans. 12 (emphasis added). Appellant’s arguments on pages 4 through 16 of the Reply Brief are unpersuasive of error because it focuses on the individual teachings of Hidayat and Feng. Each reference cited by the Examiner must be read, not in isolation, but for what it fairly teaches in combination with the prior art as a whole. See In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). Appellant’s argument also presumes that Feng’s teachings would be bodily incorporated into Hidayat. But, “[t]he test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference. . . . Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425 (CCPA 1981). Regarding the dependent claims, while Appellant raises additional arguments for patentability of claims 11 and 26 (Appeal Br. 17-22), we find that the Examiner has responded in the Answer with sufficient evidence. Ans. 31-46. Therefore, we adopt the Examiner’s findings and underlying reasoning, which are incorporated herein by reference. We also sustain the Examiner’s obviousness rejections of the remaining appealed claims, which are not separately argued by Appellant. See Appeal Br. 7-22. Appeal 2021-001736 Application 15/169,942 7 It follows that Appellant has not shown that the Examiner has erred in concluding that the combination of Humes and Estrada renders claims 1-8, 10-23, and 25-29 unpatentable. CONCLUSION We affirm the Examiner’s rejections of claims 1-8, 10-23, and 25-29 under 35 U.S.C. §§ 112(a) and (b). We affirm the Examiner’s rejections of claims 1-8, 10-23, and 25-29 under 35 U.S.C. § 103 over the combined teachings and suggestions of the cited references. DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1-8, 10-23, 25-29 112 Written Description 1-8, 10-23, 25-29 1-8, 10-23, 25-29 112 Indefiniteness 1-8, 10-23, 25-29 1-8, 10-23, 25-29 103 Hidayat, Feng 1-8, 10-23, 25-29 11, 26 103 Hidayat, Feng, Linden 11, 26 Overall Outcome 1-8, 10-23, 25-29 Appeal 2021-001736 Application 15/169,942 8 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). See 37 C.F.R. § 1.136(a)(1)(iv) (2019). AFFIRMED