Ex Parte AMIT et alDownload PDFPatent Trials and Appeals BoardMar 26, 201913430002 - (D) (P.T.A.B. Mar. 26, 2019) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 13/430,002 03/26/2012 YAIRAMIT 73109 7590 03/28/2019 Cuenot, Forsythe & Kim, LLC 20283 State Road 7 Ste. 300 Boca Raton, FL 33498 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. IL920110096US2_8150-0209 5303 EXAMINER CHOUDHURY, AZIZUL Q ART UNIT PAPER NUMBER 2456 NOTIFICATION DATE DELIVERY MODE 03/28/2019 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ibmptomail@iplawpro.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte YAIR AMIT, EVGENY BESKROVNY, and OMER TRIPP Appeal2017-005077 Application 13/430,002 1 Technology Center 2400 Before ROBERT E. NAPPI, DEBRA K. STEPHENS, and JEREMY J. CURCURI, Administrative Patent Judges. STEPHENS, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a final rejection of claims 1-15, which are all of the claims pending in the application. We have jurisdiction under 35 U.S.C. § 6(b ). We AFFIRM. CLAIMED SUBJECT MATTER According to Appellants, the claims are directed to a detection of vulnerabilities in web services (Abstract). Claim 1, reproduced below, is illustrative of the claimed subject matter: 1 According to Appellants, the real party in interest is IBM Corporation (App. Br. 1). Appeal2017-005077 Application 13/430,002 1. A method detecting a vulnerability in a Web service, the method comprising: determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service; and responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Shah Chang US 8,402,525 B 1 US 8,646,026 B2 REJECTIONS Mar. 19, 2013 Feb.4,2014 Claims 1-15 are provisionally rejected under 35 U.S.C. § 101 as claiming the same invention as that of claims 16-25 of co-pending Application No. 13/335,439 (Final Act. 2); and Claims 1-15 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Chang and Shah (id. at 3-7). ISSUES Double Patenting: Claims 1-15 Claims 1-15 are provisionally rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 16-25 of co-pending Application No. 13/335,439 (Final Act. 2). 2 Appeal2017-005077 Application 13/430,002 We decline to reach this provisional rejection over a published application (see Ex parte Moncla, 95 USPQ2d 1884, 1885 (BP AI 2010) (precedential) ). 35 U.S.C. § 103(a): Claims 1-15 Appellants contend their invention as recited in claims 1-15, is patentable over Chang and Shah (App. Br. 8-16). Claims l, 9, 10, and 15: 2 With respect to claim 1, Appellants contend the combination fails to teach the limitations of: determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service; and responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability, as recited in claim 1 (App. Br. 8-15, 19). We agree with the Examiner's findings and emphasize the following. Appellants first contend "the invention involves the detecting of a potential vulnerability in a Web service based upon whether an identity of a requester is used to select a different path of a branch in program code of the Web service" (id. at 9). In contrast, Appellants argue, Chang describes the use of a self-created vulnerability and 2 Although Appellants contend claim 9 stands or fall together with claim 2 (App. Br. 8), because claim 9 does not depend, either directly or indirectly, from claim 2 and Appellants present no additional arguments directed to claim 9, claim 9 stands or falls with claim 1. 3 Appeal2017-005077 Application 13/430,002 specifically use of a "[h ]oney policy 812 [that] is a special policy published and advertised by the service provider in the network to attract hackers, because it is unsecured and can be easily used to build a secured SOAP [ (Simple Object Access Protocol)] message for intrusion 807'' (id.; Chang 13:21-25). Additionally, Appellants contend, "it is the use of the honey policy alternative 812 that determines whether a different path is employed" (id.). The Examiner relies on the combination of Chang and Shah to teach "determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service," and we agree with the Examiner's findings and reasoning (Final Act. 3--4; Ans. 3---6). Chang teaches "selecting a web service policy alternative at runtime based on previously collected data concerning web service for a web service requester and web service provider pair" (Chang 4:40--43; Final Act. 8). Thus, a policy is selected based on data including a web service requester. Chang further teaches "[f]or security, honey policies can be set which allows users to be anonymous but to prevent intrusion will direct to a different path" (Chang 11 :33-35; Final Act. 8). Thus, because, it has previously been determined that different policies are selected based on the web service requester and a honey policy is set up, Chang teaches determining whether a Web service uses identity of a requester to select one of a plurality of different policies (paths) of a branch in program code (Final Act. 3; Chang 4:40--43, 11 :33- 35). Moreover, the Examiner relies on Shah to teach different policies levels are provided to users based on certain information such as user ID (Shah 3:18-26, 33-35, 5:1-10; Final Act. 4). Appellants admit Shah teaches 4 Appeal2017-005077 Application 13/430,002 "selection of a path according to an identity of a requester" (App. Br. 15). And thus, the Examiner relies on the combination of Chang and Shah to teach the disputed limitations. Appellants appear to be arguing the references individually (App. Br. 13-15) while the Examiner is relying on the combination. We are further not persuaded the reliance on Chang's teachings in column 4 and the honey policy are different embodiments that are inconsistent with each other (App. Br. 14). Rather, one teaches setting up selecting a web service policy alternative based on previously collected data for a web service requester and web service provider pair, and the other details one of those policies. Therefore, we are not persuaded the Examiner erred. Appellants further argue the combination fails to teach "responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability" (App. Br. 10-15). Chang teaches "when security vulnerability is found in a Web Service message that a weak policy alternative is discovered later at [ ] runtime, the system provides a mechanism to remove the weak policy alternative dynamically, so that securer security policy alternative will be selected immediately to secure the Web Service" (Chang 13:11-16; Ans. 3). Thus, Chang's system provides a mechanism to remove the weak policy alternative dynamically so that the more secure policy alternative will be selected immediately. Chang further teaches: when the system detect[ s] the honey policy alternative 812 is used by the incoming message, the system can direct the hacker of the Web Services into [a] different path so that the [real] Web 5 Appeal2017-005077 Application 13/430,002 Services can be protected against the intrusion and security attack. Also, in the honey policy alternative path, the intrusion can be closely monitored and a deception response 808 can be sen[ t] back to the hacker in the case of malicious attack is detected. Honey token 813 can also be sent back to the intruder for further tracing the hacker's behavior in order to catch the hacker (Chang 13:46-56). We agree with the Examiner that Chang by providing a mechanism that permits selection of a more secure policy alternative ( different path of branch in program code) within a Web Service, is indicating the Web Service has a potential vulnerability. Additionally, Change teaches if the request is identified as being a malicious attack (responsive to determining that the Web service selects a deception response ( a different path of a branch)) according to the identity of the requester (malicious attacker), indicating that the Web service has a potential vulnerability (vulnerable to malicious attack). We are not persuaded the two different teachings of Chang are exclusive as asserted by Appellants (App. Br. 10). Chang does not teach that the Intrusion Prevention Process and Honey Policy Alternative cannot be used together (Ans. 4). Accordingly, Appellants have not persuaded us the Examiner has erred in finding the combination of Chang and Shah teach the disputed limitations. Appellants do not separately argue independent claims 10 and 15, but rather, indicate these claims stand or fall together with independent claim 1 (App. Br. 8). Claim 9, which depends from claim 1, is not separately argued; therefore, claim 9 falls with claim 1. Accordingly, we are not persuaded by Appellants' arguments that the combination of Chang and 6 Appeal2017-005077 Application 13/430,002 Shah fail to teach independent claim 1 and commensurately recited independent claim 10, and dependent claim 15. Claims 2---8 and 11-14: Claim 2 recites "determining a trusted identity to which identity of the requester is compared" (App. Br. 15-16). Appellants contend "[t]he Examiner's analysis makes no mention of 'a trusted identity' or that the identity of the requester is 'compared' to this trusted identity" (id.). According to Appellants, "the Examiner's analysis refers to the comparison of a message (not an identity) against an invalid message (not a trusted identity) (Reply Br. 6). We agree with Appellants that the Examiner has not sufficiently explained how Change teaches "determining a trusted identity to which identity of the requester is compared." Specifically, the Examiner finds Chang teaches "how the system detects users trying to use invalid identity decryption and verification" (Ans. 6 (citing Chang 12:55-13:2); Final Act. 4 (citing Chang 12:55-13:2)). Chang teaches: After the decryption 705 and policy alternatives are retrieved 707, the available policy alternatives are compared with the sketched message outlook 710 so that unqualified policy alternative can be filtered out 709 quickly, without compar[ing] the incoming message with each policy alternative 707. One embodiment of present invention uses a machine learning process. The sketched message outlook of all invalid SOAP message will be remembered 713 after the invalid incoming secures messages are decrypted, verified, confirmed and rejected for the first time. After the first time, the rejection of invalid incoming secures messages will be done without going [through] the lengthy verification process again 7 Appeal2017-005077 Application 13/430,002 (Chang 12:55-13:2). The Examiner finds Chang teaches "[i]nvalid messages that are rejected are remembered/stored so that future similar invalid messages can be rejected without having to go through the lengthy verification process again" (Ans. 6). However, the Examiner has not sufficiently explained how "[t]his process of utilizing remembered/stored rejected invalid messages as a reference against future messages so that re- verification need not occur" teaches "determining a trusted identity to which identity of the requester is compared." In particular, although a comparison is performed, the Examiner has not explained how, if the information in the messages sent by users is the trusted identity as the Examiner finds (id.), this is compared to the identity of the requester. Therefore, we are persuaded by Appellants' arguments that the Examiner fails to show the combination of Chang and Shah teaches "determining a trusted identity to which identity of the requester is compared," as recited in claim 2 and commensurately recited claim 11. Claims 3-8 depend from claim 2 and claims 12-14 depend from claim 11. Accordingly, claims 3-8 and 12-14 stand with claim 2. Thus, Appellants have persuaded us the combination of Chang and Shah fails to teach claim 2-8 and 11-14. Conclusion Accordingly, we are not persuaded the Examiner fails to show the combination of Chang and Shah teaches or suggests the limitations as recited in claims 1, 9, 10, and 15 and are persuaded the combination of Chang and Shah fails to teach or suggest the limitations as recited in claims 2-8 and 11- 14. Therefore, we sustain the rejection of claims 1, 9, 10, and 15 under 35 8 Appeal2017-005077 Application 13/430,002 U.S.C. § 103(a) as being unpatentable over Chang and Shah and do not sustain the rejection of claims 2-8 and 11-14 under 35 U.S.C. § 103(a) as being unpatentable over Chang and Shah. DECISION For the reasons above, we decline to reach and dismiss the provisional rejection of claims 1-15 under 35 U.S.C. § 101 as claiming the same invention as that of claims 16-25 of co-pending Application No. 13/335,439; affirm the rejection of claims 1, 9, 10, and 15 under 35 U.S.C. § 103 (a) as being unpatentable over Chang and Shah; and reverse the rejection of claims 2-8 and 11-14 under 35 U.S.C. § 103 (a) as being unpatentable over Chang and Shah. AFFIRMED 9 Copy with citationCopy as parenthetical citation
