Rainer BaederDownload PDFPatent Trials and Appeals BoardJul 29, 201914617787 - (D) (P.T.A.B. Jul. 29, 2019) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/617,787 02/09/2015 Rainer Baeder FORT-012700 1008 64128 7590 07/29/2019 MICHAEL A DESANCTIS JAFFERY WATSON MENDONSA & HAMILTON LLP 7501 Village Square Drive, Ste. 206 Castle Pines, CO 80108 EXAMINER ABRISHAMKAR, KAVEH ART UNIT PAPER NUMBER 3649 NOTIFICATION DATE DELIVERY MODE 07/29/2019 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): eofficeaction@appcoll.com mdesanctis@hdciplaw.com mike.desanctis@jwmhlaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte RAINER BAEDER ____________________ Appeal 2019-000607 Application 14/617,787 Technology Center 3600 ____________________ Before JILL D. HILL, LEE L. STEPINA, and ARTHUR M. PESLAK, Administrative Patent Judges. STEPINA, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Rainer Baeder (“Appellant”) appeals under 35 U.S.C. § 134(a) from the Examiner’s final decision rejecting claims 1–31. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. Appeal 2019-000607 Application 14/617,787 2 CLAIMED SUBJECT MATTER The claims are directed to mobile malware detection and user notification. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A method comprising: detecting, by a malware detection gateway device associated with a network of a mobile service provider, a malware event based on a data stream transmitted to or from a portable computing device communicating with a packet data network via the network; and responsive to said detecting, causing a malware reporting/notification message to be sent to a user of the portable computing device in real-time, by sending, by the malware detection gateway device, a malware indicating message to a lookup device, wherein the malware indicating message comprises an Internet Protocol (IP) address of the portable computing device, wherein the malware reporting/notification message (i) includes information regarding a remedial action that can be taken by the user to neutralize malware associated with the detected malware event or a link to the information and (ii) specifies a timeframe within which the user must perform the remedial action or risk deactivation of wireless service provided to the portable computing device by the mobile service provider. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on Appeal is: Rieschick Ramprasad Gupta Qureshi Gleichauf US 2012/0233656 A1 US 2014/0128020 A1 US 2014/0189861 A1 US 9,378,359 B2 US 9,436,820 B1 Sept. 13, 2012 May 8, 2014 July 3, 2014 June 28, 2016 Sept. 6, 2016 Appeal 2019-000607 Application 14/617,787 3 REJECTION Claims 1–31 are rejected under 35 USC § 103 as unpatentable over Gupta, Rieschick, Gleichauf, Qureshi, and Ramprasad. OPINION The Examiner finds that Gupta discloses many of the elements of claim 1, including detecting a malware event and notifying a user, but relies on Rieschick and Gleichauf to disclose countermeasures to be taken by the user device, and relies on Qureshi and Ramprasad to disclose taking countermeasures within a time period. Final Act. 8–33. The Examiner considers that it would have been obvious to provide a time frame in Gupta for the user to take countermeasures, “so that the user can have an opportunity to engage in a remedial action before the network connection is deactivated.” Id. at 29. Appellant makes arguments for the patentability of claims 1–31 as a group. Br. 11–22. We select claim 1 as representative of the group. See 37 C.F.R. § 41.37(c)(1)(iv). Analogous Art Appellant argues that Gleichauf, Qureshi and Ramprasad are non- analogous art because they are in fields different than that of the claimed invention and are not pertinent to the particular problem addressed by the inventor. Br. 12–17. Specifically, Appellant takes issue with the Examiner’s position that the relevant field is “network security.” Br. 13. According to Appellant, that is too broad of a concept, and the proper field of endeavor is “a malware detection methodology applicable to mobile Appeal 2019-000607 Application 14/617,787 4 devices.” Br. 15. Appellant asserts that the particular problem “relates to the difficulties of performing malware scanning on mobile devices.” Br. 16. Appellant contends that that the problem in both Gleichauf and Qureshi is determining whether it is safe to connect a device to the network, and that the problem in Ramprasad is metering usage in a wireless device. Id. For the reasons set forth below, we are not apprised of error in the Examiner’s findings. Gleichauf The Examiner finds that Gleichauf determines whether a device is safe in order to minimize the risk of a device transmitting malware. Ans. 4. The Examiner concludes that Gleichauf is reasonably pertinent to the problem with which the inventor was concerned inasmuch as “both Gleichauf and the claimed invention are directed to reducing the possible effect of malware on devices.” Id. Our reviewing court has set forth a two-prong test for determining whether a prior art reference is analogous: (1) whether the reference is from the same field of endeavor as the claimed invention, and (2) if the reference is not within the same field of endeavor, whether the reference is reasonably pertinent to the particular problem with which the inventor is involved. In re Klein, 647 F.3d 1343 (Fed. Cir. 2011). The determination that a prior art reference is analogous art is an issue of fact. In re ICON Health & Fitness, Inc., 496 F.3d 1374, 1378 (Fed. Cir. 2007). Although Appellant asserts that the Examiner’s stated field of “network security,” is too broad, Appellant, under the heading “Field,” discloses that “[e]mbodiments of the present invention generally relate to the field of computer networks.” Spec. ¶ 2. Appeal 2019-000607 Application 14/617,787 5 Moreover, although Appellant argues that network security includes many diverse fields and that networks are subject to different types of attacks, it is unclear how this removes Gleichauf, Qureshi, and Ramprasad from Appellant’s field of endeavor. Specifically, the structure and function of Gleichauf’s network security is to detect “the real-time security state of the computerized device” for “minimizing the risk that the network resources receive malware.” Gleichauf 8:21–28. In Gleichauf, the computerized devices include mobile devices, namely, “IP-enabled and cellular telephones, personal digital assistants (PDA’s).” Id. at 8:40–43. As such Appellant’s assertion that Gleichauf is not in the field of “malware detection methodology applicable to mobile devices” (Br. 15) is not persuasive. Furthermore, Appellant does not persuasively argue that Gleichauf is not pertinent to the problem addressed by Appellant’s invention. Specifically, Appellant’s assertion that “Gleichauf is not concerned with addressing the difficulties of performing malware scanning on mobile devices,” is not well taken. Br. 16. We decline to narrowly define the problem addressed by the inventor to be synonymous with the field of invention inasmuch as this would ignore the fact that the test for determining whether a reference is analogous art has two distinct prongs. See Klein, 647 F.3d at 1349. A problem with which the inventor was involved is detecting and responding to malware events associated with mobile/portable computing devices. Spec. ¶ 7. Gleichauf discloses a system that “detects the real-time security state of the computerized device prior to providing the computerized device with access to the network resources, thereby limiting at-risk or vulnerable computerized devices from accessing the network resources and minimizing the risk that the network resources receive Appeal 2019-000607 Application 14/617,787 6 malware.” Gleichauf 8:22–28; see also id. at 3:30–49; Ans. 4. Gleichauf discloses that the computerized device includes “IP-enabled and cellular telephones, personal digital assistants (PDA’s), etc. Id. at 8:42–43. Gleichauf also discloses “receiving a quarantine message causing the computer system to be reconfigured to more fully comply with required security policy prior to being able to communicate within the network.” Id. at 5:26–29. As such, Gleichauf detects and responds to malware events and does so for a mobile device and is, therefore, reasonably pertinent to the inventor’s problem. Qureshi In response to Appellant’s assertion that Qureshi is non-analogous art, the Examiner finds that Qureshi’s system is reasonably pertinent to the inventor’s problem because it controls mobile device access based on “conditions indicative of detecting malware and would prevent the execution of an application as a result.” Ans. 4 (citing Qureshi 96:51–60). Given that Qureshi “relates generally to mobile computing devices (smartphones, tablets, PDAs, etc.) and associated application programs” (Qureshi 1:18–20), which include “an application running therein based on detecting certain conditions, such as conditions indicative of the application having a virus or being malware,” (id. at 96:51–54), Appellant’s assertion that Gleichauf is not in the field of “malware detection methodology applicable to mobile devices” (Br. 15) is not persuasive. Furthermore, assuming, for the purpose of argument, that Qureshi’s system for enabling enterprise users to securely access enterprise resources using their mobile devices to prevent malware and viruses from infecting Appeal 2019-000607 Application 14/617,787 7 other enterprise resources is outside Appellant’s field of endeavor, Appellant’s argument that Qureshi is not pertinent to the problem addressed by Appellant’s invention is unavailing. Qureshi discloses an application running on a mobile device “detecting certain conditions, such as … malware,” and can be configured “to prevent programs from being executed when certain conditions are detected.” Qureshi 96:51–59; see also Ans. 4. As such, Qureshi detects and responds to malware events in a mobile device and is, therefore, reasonably pertinent to the inventor’s problem. Ramprasad Responsive to Appellant’s assertion that Ramprasad is non-analogous art, the Examiner finds that Ramprasad’s wireless device tracking system “is directed towards the same problem of deactivating wireless services if an improper action (e.g. no tracking client installed) has been realized.” Ans. 4. Ramprasad relates generally to providing “wireless services to wireless devices” and addresses “any provisional, billing, security and data issues that might threaten the health of their networks.” Ramprasad ¶¶ 2, 4. Although Ramprasad does not use the term “malware,” because Appellant discloses that “[m]alware typically refers to undesired code, software of a file, which may interrupt the normal functioning of a device” (Spec. ¶ 3), Appellant does not explain persuasively why detection of improper usage (abnormal functioning) of a mobile device is not within Appellant’s field of endeavor. Moreover, although we appreciate Appellant’s position that Ramprasad relates to a tracking client to meter wireless service usage (Br. 17 (citing Ramprasad ¶ 15)), Appellant fails to explain adequately why Appeal 2019-000607 Application 14/617,787 8 “deactivating wireless services if an improper action (e.g. no tracking client installed) has been realized” (see Ans. 4), is not pertinent to Appellant’s problem, as the Examiner finds. A reference is reasonably pertinent if . . . it is one which, because of the matter with which it deals, logically would have commended itself to an inventor’s attention in considering his problem. . . . If a reference disclosure has the same purpose as the claimed invention, the reference relates to the same problem, and that fact supports use of that reference in an obviousness rejection. Innovention Toys, LLC v. MCA Entm’t, Inc., 637 F.3d 1314, 1321 (Fed. Cir. 2011). Here, Appellant provides “an improved malware detection and notification system and method for mobile devices” (Spec. ¶ 6), because “security of mobile computing devices is weaker than that of laptops and like devices” (id. ¶ 4). Under the heading “Related Art,” Ramprasad discloses that wireless networks must “address any provisional, billing, security and data issues that might threaten the health of their networks.” Ramprasad ¶ 4. Given that Ramprasad deals with the problem of addressing threats to the health of a wireless network, we agree with the Examiner that Ramprasad’s concern with how to protect wireless services if an improper action has been realized logically would have commended itself to an inventor’s attention in considering protecting a mobile device from malware or other improper content as in Appellant’s invention. Although the focus of Ramprasad’s disclosure may not be in Appellant’s narrowly defined field of endeavor, it is reasonably pertinent to the problem addressed by the Appellant because it describes similar mobile device protection. Appeal 2019-000607 Application 14/617,787 9 Accordingly, each of Gleichauf, Qureshi, and Ramprasad is properly relied on by the Examiner for establishing obviousness under 35 U.S.C. § 103(a). Reporting/Notification Message Appellant also argues that Gupta does not disclose a “malware reporting/notification message,” because in Gupta’s system, “a mobile service provider may choose to educate subscribers . . . on [sic] their particular behaviors.” Br. 19 (citing Gupta ¶ 33). Appellant contends that the Examiner’s reliance on Gupta’s reporting module 44 is misplaced because module 44 stores network event information in an event database and “allow[s] subscribers visibility into the event database 46.” Id. (citing Gupta ¶ 59). Thus, according to Appellant, Gupta does not include a “malware reporting/notification message,” because Gupta merely allows subscribers to access stored network event information. Id. The Examiner responds that Gupta discloses network events, which include detecting malware, creates network event information, and uses a reporting module which provides the event information to the subscriber (user of the mobile device). Ans. 5 (citing Gupta ¶¶ 54, 55, 59). The Examiner notes, moreover, that Rieschick was also relied upon for detecting malware in real-time and alerting a user. Id. (citing Rieschick ¶ 29). Appellant’s arguments are not persuasive. As the Examiner correctly notes, Gupta discloses that “data packets that are being sent to or from subscriber device 12 . . . can be examined . . . to identify any network events[, which] can include malicious software (‘malware’).” Gupta ¶ 54. The “network event data 37 may be provided to correlation module 36,” which provides information that may “include an alert to one or more email Appeal 2019-000607 Application 14/617,787 10 addresses, phone numbers, computers, or other devices.” Id. ¶¶ 55–56. Gupta also discloses that the event information from correlations module 36 may be used to generate behavior profiles 50 that may include “attacks sent and received from the subscriber mobile device,” and that reporting module 44 can “provide behavior profiles 50 to the mobile service provider or subscriber based on the event information and/or the subscriber device information.” Id. ¶¶ 58–59 (emphasis added). Thus, a preponderance of the evidence supports the Examiner’s finding that Gupta sends a “malware reporting/notification message” (alert) to the user. Rieschick discloses that “various embodiments may detect transmissions of known and unknown malware in real time,” and that “[v]arious embodiments may alert wireless device users of detected malware.” Rieschick ¶ 29; see also Final Act. 13. Thus, a preponderance of the evidence supports the Examiner’s finding that Rieschick sends a “malware reporting/notification message” (alert) to the user in real time. Moreover, nonobviousness cannot be established by attacking the references individually when the rejection is predicated upon a combination of prior art disclosures. See In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986). For the reasons set forth above, the Examiner’s findings are supported by a preponderance of the evidence, and we agree with the Examiner that the combined teachings of Gupta and Rieschick “disclose responsive to said detecting, causing a malware reporting/notification message to be sent to a user of a portable computing device in real-time.” Ans. 5. Timeframe for Remedial Action/Hindsight Appeal 2019-000607 Application 14/617,787 11 Appellant argues that the references do not suggest the claim 1 requirement that “the malware reporting/notification message . . . specifies a timeframe within which the user must perform the remedial action or risk deactivation of wireless service.” Br. 20. Appellant asserts that the Examiner mischaracterizes the teachings of Gupta and Rieschick because there is no remediation in Gupta, and Rieschick only detects “transmissions of known and unknown malware in real time,” but does not suggest that the detecting and the alerting are connected such that the altering is also in real time. Id. (citing Rieschick). Appellant concludes that a timeframe for remedial action is not supported by the teachings of the references, “but rather appear to be after-the-fact justifications based on Applicant’s disclosure in an exercise of impermissible hindsight.” Br. 21–22. In response, the Examiner reiterates that the combined teachings of Gupta and Rieschick suggest detecting malware and alerting the wireless users of malware, as well as providing prevention information (countermeasures) to the devices in real time. Ans. 6. The Examiner concludes that because Gleichauf performs a check to determine whether remediation has been performed to ensure access and Qureshi teaches that the remedial action must be performed in a specified time period, the combined teachings of the references suggest “specifying a timeframe within which the user must perform the remedial action in the context of the claim as a whole.” Ans. 8. Appellant’s arguments are not persuasive. Rieschick discloses that “various embodiments may send detection and prevention information to telecommunications network operators, wireless devices and/or malware systems in real time.” Rieschick ¶ 32 (emphasis added); see also Ans. 6. Appeal 2019-000607 Application 14/617,787 12 Given that Rieschick discloses detecting and alerting in real time, the Examiner has a sound basis for combining Rieschick with Qureshi to alert a user that if remedial action is not performed in “a specified time period,” the user risks deactivation of “the network connection capability.” Qureshi 62:32–48; see also Ans. 7. The Examiner has provided reasoning to support the combination, namely, “so that the user can have an opportunity to engage in a remedial action before the network connection is deactivated.” Final Act. 29. This improvement is disclosed in the cited references, rather than stemming from impermissible hindsight. See Qureshi 62:9–57. We have considered all of Appellant’s arguments regarding claim 1, but find them unavailing. We sustain the rejection of claim 1. Claims 2–31 fall with claim 1. DECISION The Examiner’s decision to reject claims 1–31 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Copy with citationCopy as parenthetical citation
