Ex Parte Khan et alDownload PDFPatent Trial and Appeal BoardFeb 29, 201612008856 (P.T.A.B. Feb. 29, 2016) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 12/008,856 01/15/2008 Faud Khan LUTZ 200567US01 2301 48116 7590 02/29/2016 FAY SHARPE/LUCENT 1228 Euclid Avenue, 5th Floor The Halle Building Cleveland, OH 44115-1843 EXAMINER MACILWINEN, JOHN MOORE JAIN ART UNIT PAPER NUMBER 2442 MAIL DATE DELIVERY MODE 02/29/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte FAUD KHAN, GERALD BATTEN, and YONG SUN ____________ Appeal 2013-010049 Application 12/008,856 Technology Center 2400 ____________ Before JAMES R. HUGHES, TERRENCE W. McMILLIN, and CATHERINE SHIANG, Administrative Patent Judges. HUGHES, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants seek our review under 35 U.S.C. § 134(a) of the Examiner’s Final decision rejecting claims 1–20. (App. Br. 5; Final Act. 1.)1 We have jurisdiction under 35 U.S.C. § 6(b). We reverse. 1 We refer to Appellants’ Specification (“Spec.”) filed January 15, 2008; Appeal Brief (“App. Br.”) filed December 28, 2012; and Reply Brief (“Reply Br.”) filed August 12, 2013. We also refer to the Examiner’s Answer (“Ans.”) mailed June 19, 2013, and Final Office Action (Final Rejection) (“Final Act.”) mailed July 11, 2012. Appeal 2013-010049 Application 12/008,856 2 Appellants’ Invention The invention at issue on appeal concerns communication network systems and methods for identifying computer systems (hosts) and types of operating systems associated with the computer systems behind a Network Address Translation (NAT) device in a network. The method includes the steps of capturing internet protocol (IP) packets at a point between a host computer system and a network, extracting fields from the internet protocol packet, producing a fingerprint from the extracted fields, analyzing the extracted fields to determine if a NAT is connected between the host computer system and the capture location, if it is determined that a NAT is so connected — analyzing the extracted fields to determine the number of host computer systems behind the NAT, and analyzing the extracted fields to determine with a level of probability that said fingerprint identifies an operating system running the host computer system. (Spec. ¶¶ 4, 7–14; Abstract.) Illustrative Claim Independent claim 1, reproduced below with the key disputed limitations emphasized, further illustrates the invention: 1. A method for identifying the number of computers and types of operating systems behind a network address translation device, comprising: processing an internet protocol packet associated with at least one host computer system including capturing said internet protocol packet at a point between the at least one host computer system and a network and extracting fields from said internet protocol packet to produce a fingerprint; Appeal 2013-010049 Application 12/008,856 3 analyzing said fields to determine if an associated network address translator is connected between said at least one host computer system and the point at which the internet protocol packet was captured; if said network address translator is connected, analyzing said fields to determine the number of host computer systems behind said associated network address translator; and analyzing said fields to determine with a level of probability that said fingerprint identifies an operating system running said at least one host computer system. Rejection on Appeal 1. The Examiner rejects claims 1–13 under 35 U.S.C. § 103(a) as being unpatentable over Arkin (US 2007/0297349 A1, pub. Dec. 27, 2007) and McClure (US 2007/0011319 A1, pub. Jan. 11, 2007). 2. The Examiner rejects claims 14–20 under 35 U.S.C. § 103(a) as being unpatentable over Arkin and Pankratov (US 2007/0157303 A1, pub. July 5, 2007). ISSUES Based upon our review of the administrative record, Appellants’ contentions, and the Examiner’s findings and conclusions, the pivotal issue before us follows: Does the Examiner err in concluding that Arkin (in combination with McClure or Pankratov) would have taught or suggested “extracting fields from said internet protocol packet to produce a fingerprint” to “determine . . . that said fingerprint identifies an operating system running said at least one host computer system” within the meaning of Appellants’ claim 1 and the commensurate limitations of claims 9 and 14? Appeal 2013-010049 Application 12/008,856 4 ANALYSIS The Examiner provides the same basis for rejecting independent claims 1 and 9 (Final Act. 3–5, 8–9; Ans. 5–8, 11–13, 19–23), and rejects representative claim 1 under 35 U.S.C. § 103(a) as being obvious in view of Arkin and McClure. (Final Act. 3–5.) The Examiner rejects independent claim 14 under 35 U.S.C. § 103(a) as being obvious in view of Arkin and Pankratov. (Final Act. 11–13; Ans. 14–16, 23–25.) We address each of independent claims 1, 9, and 14 as follows. Appellants contend that Arkin and McClure do not teach or suggest numerous features of representative claim 1. (App. Br. 5–8; Reply Br. 3–6.) Specifically, Appellants contend, inter alia, that Arkin does not disclose “analyzing fields [extracted from an IP packet] to determine that a fingerprint [associated with the IP packet] identifies an operating system running on a host computer system with a level of probability as recited in the third ‘analyzing’ element” (App. Br. 8). (See App. Br. 5–7; Reply Br. 4– 6.) We agree, for essentially the reasons argued by Appellants, that the combination of Arkin and McClure does not teach determining that a fingerprint produced from extracted packet data identifies an operating system running on a host computer system behind a NAT as required by Appellants’ claim 1. Arkin, at most, generally describes fingerprints (¶ 83) and “operating system fingerprinting tests” (¶ 167), but does not explicitly teach determining a fingerprint from captured data and utilizing the fingerprint to identify an operating system behind a NAT. The Examiner has not sufficiently shown (Final Act. 3–5; Ans. 5–8, 19–22), nor do we Appeal 2013-010049 Application 12/008,856 5 find, that Arkin and McClure teach each of the disputed claim limitations. In particular, the Examiner does not sufficiently explain how Arkin produces the fingerprint and then utilizes the fingerprint to identify the host operating system. Consequently, we are constrained by the record before us to find that the Examiner erred in concluding Arkin and McClure teach the disputed limitations of Appellants’ claim 1. Dependent claims 2–7 depend on and stand with claim 1. Accordingly, we reverse the Examiner’s obviousness rejection of claims 1–7. Appellants also contend that Arkin and McClure do not teach or suggest several features of representative claim 9. (App. Br. 8–10; Reply Br. 6–7.) Specifically, Appellants contend, inter alia, that Arkin does not describe performing a transmission control protocol fingerprint, an application fingerprint, and a fingerprint using extracted update request information as recited in claim 9. (See App. Br. 8–10; Reply Br. 6–7.) We agree, for essentially the reasons argued by Appellants and our reasoning discussed with respect to claim 1 (supra), that the combination of Arkin and McClure does not teach each of the disputed claim limitations of Appellants’ claim 9. In particular, the Examiner does not sufficiently explain how Arkin performs the recited fingerprints to identify the host system. Consequently, we are constrained by the record before us to find that the Examiner erred in concluding Arkin and McClure teach the disputed limitations of Appellants’ claim 9. Dependent claims 10–13 depend on and stand with claim 9. Accordingly, we reverse the Examiner’s obviousness rejection of claims 9–13. Appeal 2013-010049 Application 12/008,856 6 Appellants further contend that Arkin and Pankratov do not teach or suggest certain features of representative claim 14. (App. Br. 11–13; Reply Br. 7–8.) Specifically, Appellants contend, inter alia, that Arkin does not disclose “a system that includes a network user fingerprinter for capturing IP packets between one or more host and a network to use the IP packets in [obtaining] a fingerprint for at least one host” as recited in claim 14. (App. Br. 11–12; see Reply Br. 6–7.) We agree, for essentially the reasons argued by Appellants and our reasoning discussed with respect to claim 1 (supra), that the combination of Arkin and Pankratov does not teach each of the disputed claim limitations of Appellants’ claim 14. In particular, the Examiner does not sufficiently explain how Arkin describes utilizing its system to capture packets and extract data to obtain a fingerprint identifying the host system. Consequently, we are constrained by the record before us to find that the Examiner erred in concluding Arkin and Pankratov teach the disputed limitations of Appellants’ claim 14. Dependent claims 15–20 depend on and stand with claim 14. Accordingly, we reverse the Examiner’s obviousness rejection of claims 14–20. Accordingly, we agree that the Examiner erred, as the analysis in the Examiner’s rejection is not sufficient to show that claims 1–20 are unpatentable without further explanation. CONCLUSION Appellants have shown that the Examiner erred in rejecting claims 1– 20 under 35 U.S.C. § 103(a). Appeal 2013-010049 Application 12/008,856 7 DECISION We reverse the Examiner’s rejection of claims 1–20. REVERSED Copy with citationCopy as parenthetical citation
