Ex Parte Grosse et alDownload PDFPatent Trial and Appeal BoardNov 20, 201311197842 (P.T.A.B. Nov. 20, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte ERIC HENRY GROSSE and THOMAS Y. WOO ____________________ Appeal 2011-0053491 Application 11/197,842 Technology Center 2400 ____________________ Before JEAN R. HOMERE, BRYAN F. MOORE, and JOHN A. EVANS, Administrative Patent Judges. HOMERE, Administrative Patent Judge. DECISION ON APPEAL 1 The real party in interest is Alcatel Lucent USA, Inc. (App. Br. 1.) Appeal 2011-005349 Application 11/197,842 2 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s non- final rejection of claims 1, 2, 4, 8-12, 14, and 18-20. Claims 3, 5, 13, and 15 have been indicated to as containing allowable subject matter. Claims 6, 7, 16, and 17 have been cancelled. (App. Br. 2.) We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Appellants’ Invention Appellants invented a method and system for defending a target victim against Denial of Service (DoS) attacks originating from an Internet Protocol (IP) based communications network. (Spec. 1, ll. 13-18.) In particular, upon receiving an IP packet, the target victim (11) examines the source/destination address of the packet to determine if it includes malicious content. Then, the target victim (11) transmits the corresponding IP address pair of the malicious packet to its carrier network (13) to thereby limit the transmission of such packet to the target victim (11). (Id., Fig. 1.) Illustrative Claim Independent claim 1 further illustrates the invention as follows: 1. A fully automated method for defending against Denial of Service attacks against a target victim, the target victim comprising an attack detector, the attack detector comprising a packet receiver, a processor, and a transmitter, the method implemented in the attack detector at the target victim, wherein the target victim is provided service by an Internet Protocol (IP) based carrier network which transmits IP packets thereto, the Appeal 2011-005349 Application 11/197,842 3 target victim having one or more IP addresses associated therewith, the method comprising the steps of: receiving, at the packet receiver, one or more IP packets from one or more source IP addresses; determining, with use of the processor, that a Denial of Service attack is being perpetrated upon said target victim based on an analysis of said IP packets received from one or more source IP addresses; identifying, with use of the processor, one or more pairs of IP addresses, each of said pairs of IP addresses comprising a source IP address and a destination IP address, wherein the source IP address is one of said source IP addresses from which one of said IP packets has been received, and wherein said destination IP address is one of said IP addresses associated with the target victim; and transmitting, using the transmitter, to said carrier network said one or more identified pairs of IP addresses to enable the carrier network to limit transmission of IP packets having a source IP address and a destination IP address equal to the source IP address and the destination IP address comprised in one of said identified pairs of IP addresses which has been transmitted thereto. Prior Art Relied Upon The Examiner relies on the following prior art as evidence of unpatentability: Fok US 2003/0187995 A1 Oct. 2, 2003 Etheridge US 2004/0054925 A1 Mar. 18, 2004 Hansson US 6,834,037 B2 Dec. 21, 2004 Appeal 2011-005349 Application 11/197,842 4 Noble US 2006/0174130 A1 Aug. 3, 2006 Judge US 7,694,128 B2 Apr. 6, 2010 Rejections on Appeal The Examiner rejects the claims on appeal as follows: 1. Claims 1, 2, 11, 12, and 14 stand rejected under 35 U.S.C. § 102(e) as being anticipated by Etheridge. 2. Claims 4 and 14 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Etheridge, Judge, and Fok. 3. Claims 8 and 18 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Etheridge, Judge, and Noble. 4. Claims 9, 10, 19, and 20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Etheridge and Hansson. ANALYSIS We consider Appellants’ arguments seriatim as they are presented in the Appeal Brief, pages 5-8 and the Reply Brief, pages 1-3. Dispositive Issue: Under 35 U.S.C. § 102(e), did the Examiner err in finding that Etheridge describes transmitting to an IP based carrier network the source/destination IP address pair of a packet identified as containing malicious attack to thereby limit transmission of the packet to the target victim, as recited claim 1? Appeal 2011-005349 Application 11/197,842 5 Appellants argue that Etheridge does not describe the disputed limitations emphasized above. (App. Br. 5-8, Reply Br. 1-3.) According to Appellants, Etheridge discloses a target victim performing countermeasures to protect itself from attack upon determining the presence of a malicious packet, whereas the claim requires the target victim to instruct its carrier network/service provider to perform the countermeasures. (App. Br. 5-6.) In response, the Examiner concludes because Appellants’ Specification does not define “carrier network,” it can be construed as the Internet including gateways, and routers connected thereto. Consequently, the Examiner finds Etheridge’s disclosure of applying the countermeasures to an uplink router connected to a carrier network to limit transmission of malicious packets describes the disputed limitations. (Ans. 7-8.) Based upon our review of the record before us, we find no error with the Examiner’s anticipation rejection regarding claim 1. We note at the outset that there is no material dispute between Appellants and the Examiner that Etheridge describes a host network (101) including an anti-network terrorism (A.N.T.) system (106) that, upon identifying an IP packet as being malicious, activates a defensive countermeasure at the host network against the source of the packet to protect the network from the attack [0042]. Alternatively, the A.N.T. system (106) can apply the countermeasure to an uplink router residing outside of the host network, but connected to the carrier network of the host network. [0045]. Therefore, the pivotal issue before us turns on whether the Examiner’s interpretation of the “IP based carrier network” as the Internet including an uplink router connected thereto Appeal 2011-005349 Application 11/197,842 6 comports with the broadest reasonable interpretation thereof. We answer this inquiry in the affirmative. In particular, we agree with the Examiner that the broadest reasonable of the claim recitation “IP based carrier network” comports with the Internet including devices connected thereto such as routers and gateways. Appellants’ argument that the “IP based carrier network” should instead be construed as the network of a service provider is not commensurate with the scope of the claim. (Reply Br. 2.) While the claim indicates that the target victim is provided service by an IP based carrier network transmitting IP packets thereto, the claim does not require that the carrier network be that of a service provider (that transmits IP packets to the target victim via the Internet.) We find that the recited transmission of IP packets to the target victim is a function routinely performed by the Internet, which is a conglomeration of various networks including devices connected thereto. Accordingly, we are satisfied that Etheridge’s disclosure of an A.N.T. system applying the countermeasure to an uplink router residing outside of the host network, but connected to the carrier network of the host network, describes an IP based carrier network to which malicious IP packets are transmitted for limit transmission to the target victim. It therefore follows Appellants have not shown error in the Examiner’s anticipation rejection of claim 1. Regarding the rejections of claims 2, 4, 8-12, 14, and 18-20, because Appellants have either not presented separate patentability arguments or have reiterated substantially the same arguments as those previously Appeal 2011-005349 Application 11/197,842 7 discussed for patentability of claim 1 above, claims 2, 4, 8-12, 14, and 18-20 fall therewith. See 37 C.F.R. § 41.37(c)(1)(vii). DECISION We affirm the Examiner’s rejections of claims 1, 2, 4, 8-12, 14, and 18-20 as set forth above. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED tj Copy with citationCopy as parenthetical citation
