Ex Parte Niemel¿

Patent Trials and Appeals BoardApr 22, 2016

12998038 - (D) (P.T.A.B. Apr. 22, 2016)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 12/998,038 03/11/2011 Jarno Niemel¿ 060B.0040.U1(US) 3186 29683 7590 04/25/2016 HARRINGTON & SMITH 4 RESEARCH DRIVE, Suite 202 SHELTON, CT 06484-6212 EXAMINER SCOTT, RANDY A ART UNIT PAPER NUMBER 2453 MAIL DATE DELIVERY MODE 04/25/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte JARNO NIEMELÄ ____________ Appeal 2014-007449 Application 12/998,038 Technology Center 2400 ____________ Before BRUCE R. WINSOR, LINZY T. McCARTNEY, and NATHAN A. ENGELS, Administrative Patent Judges. WINSOR, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the final rejection of claims 1–12 and 14. We have jurisdiction under 35 U.S.C. § 6(b). Claim 13 is canceled. See Response to Non-Final Action 5, 6 (filed Feb. 25, 2013). We reverse and institute a new ground of rejection within the provisions of 37 C.F.R. § 41.50(b) (2012). 1 According to Appellant, the real party in interest is F-Secure Oyj. App. Br. 2. Appeal 2014-007449 Application 12/998,038 2 STATEMENT OF THE CASE The Invention Appellant’s invention relates to a malware detection method. See Spec. 1:5. Claims 1, 12, and 14 are independent. Claim 1 is illustrative of the subject matter on appeal (line breaks and indentation added for readability): 1. A malware detection method implemented within a computer comprising a processor and comprising: receiving an electronic file, determining by the computer if the electronic file is associated with a valid digital signature; and if the electronic file is associated with a valid digital signature, then verifying by the computer that the signature belongs to a trusted source and if so then not performing a malware scan of said electronic file, and if the signature cannot be verified as belonging to a trusted source then performing said scan by the computer. See App. Br. 25. Rejections on Appeal Claims 1, 4, and 11 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Gordon et al. (7,107,618 B1; issued Sept. 12, 2006) (“Gordon”) and Vaidya et al. (US 2007/0266421 A1; published Nov. 15, 2007) (“Vaidya”). See Final Act. 4–5. Claim 2 stands rejected under 35 U.S.C. § 103(a) as unpatentable over Gordon, Vaidya, and Berlin (US 2006/0184792 A1; published Aug. 17, 2006). See Final Act. 5–6. Appeal 2014-007449 Application 12/998,038 3 Claim 3 stands rejected under 35 U.S.C. § 103(a) as unpatentable over Gordon, Vaidya, Berlin, and Kane (US 2007/0180528 A1; published Aug. 2, 2007). See Final Act. 6–8. Claim 5 stands rejected under 35 U.S.C. § 103(a) as unpatentable over Gordon, Vaidya, and Messerges et al. (US 2003/0084298 A1; published May 1, 2003) (“Messerges”). See Final Act. 8–9. Claims 6–9, 12, and 14 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Gordon, Vaidya, and Yeh et al. (US 2005/0120203 A1; published June 2, 2005) (“Yeh”). See Final Act. 9–13. Claim 10 stands rejected under 35 U.S.C. § 103(a) as unpatentable over Gordon, Vaidya, Yeh, and Novoa et al. (US. 6,223,284 B1; issued Apr. 24, 2001) (“Novoa”). See Final Act. 13. ISSUES The issues presented by Appellant’s contentions are as follows: Does the Microsoft reference,2 which the Examiner cites for the first time in the Examiner’s Answer, qualify as a prior art printed publication? Does the Examiner err in finding that the combination of Gordon and Vaidya teaches or suggests “verifying by the computer that the signature belongs to a trusted source” as recited in claim 1? 2 How to tell is a digital signature is trustworthy – Excel – Office.com, Office.com, http://office.microsoft.com/en-us/excel-help/how-to-tell-if-a- digital signature-is-trustworthy-HA001230875.aspx (“Microsoft”). See Ans. 3–4. Appeal 2014-007449 Application 12/998,038 4 ANALYSIS Printed Publication In the Final Rejection, the Examiner rejected claim 1 under 35 U.S.C. 103(a) as unpatentable over a combination of Gordon and Vaidya. See Final Act. 4–5. For the first time in the Examiner’s Answer, however, the Examiner additionally cites Microsoft as further evidence that claim 1’s “verifying that a signature belongs to a trusted source” would have been obvious to one of ordinary skill in the art. See Ans. 3–4; Microsoft. Upon review of the evidence before us, we find that the preponderance of the evidence in the record does not demonstrate that Microsoft qualifies as a prior art printed publication under 35 U.S.C. § 102. Determining whether a given reference qualifies as a prior art “printed publication” involves a case-by-case inquiry into the facts and circumstances surrounding the reference’s disclosure to members of the public. See In re Klopfenstein, 380 F.3d 1345, 1350 (Fed. Cir. 2004). “The statutory phrase ‘printed publication’ has been interpreted to mean that before the critical date the reference must have been sufficiently accessible to the public interested in the art; dissemination and public accessibility are the keys to the legal determination whether a prior art reference was ‘published.’” In re Cronyn, 890 F.2d 1158, 1160 (Fed. Cir. 1989) (quoting Constant v. Advanced Micro-Devices, Inc., 848 F.2d 1560, 1568 (Fed. Cir. 1988)). In the Answer, the Examiner cites Microsoft but offers no evidence that Microsoft was publically accessible prior to the critical date of Appellant’s application. See generally Ans. 1–6. Moreover, on its face, Microsoft has no indicia that it is a printed publication publically accessible prior to the critical date. See Microsoft. Indeed, our review of Microsoft Appeal 2014-007449 Application 12/998,038 5 reveals (1) a copyright date of 2014; (2) an access date of March 26, 2014; and (3) a discussion of Office2010, none of which evidence public accessibility prior to Appellant’s critical date of September 11, 2008.3 See id. Accordingly, because the Examiner has not sufficiently established that Microsoft qualifies as a prior art printed publication, we will not consider Microsoft in this decision. Rejection of Claims 1–12 and 14 under 35 U.S.C. § 103(a) The Examiner finds Gordon’s digital signature verification application, which can read a digital signature and verify that an email has not been tampered with, teaches or suggests “verifying by the computer that the signature belongs to a trusted source” as recited in claim 1. See Final Act. 4; Gordon col. 5, ll. 8–12; col. 6, ll. 12–16; Ans. 4. Appellant contends Gordon does not teach or suggest “verifying . . . the signature belongs to a trusted source” (claim 1) because Gordon “only verifies that the email has not been tampered with.” App. Br. 5. According to Appellant, “[t]here is no verification [in Gordon] that the signature is authentic.” Id. at 5. We agree with Appellant. Although Gordon’s digital signature verification algorithm can read a digital signature and verify that an email has not been tampered with, the Examiner has not shown that Gordon teaches or suggests “verifying . . . that the signature belongs to a trusted 3 The instant application, serial No. 12/998,038 (filed Mar. 11, 2011), is a 35 U.S.C. § 371 national stage entry of Patent Cooperation Treaty application No. PCT/EP2009/061537 (filed Sept. 7, 2009) and claims foreign priority under 35 U.S.C. § 119 from Great Britain patent application No. GB 0816572.2 (filed Sept. 11, 2008). Appeal 2014-007449 Application 12/998,038 6 source” as recited in claim 1. See Ans. 4; Final Act. 4–5; Gordon col. 5, ll. 8–12; col. 6, ll. 12–16. To the contrary, we find Gordon’s steps of reading of a digital signature and determining that an email has not been tampered with are distinct from, and do not depend on, verifying the digital signature’s source. See App. Br. 5–6; Gordon col. 5, ll. 8–12; col. 6, ll. 12–16. Further, we find the Examiner has not shown that Vaidya cures the aforementioned deficiency of Gordon. See Ans. 4. Though we agree with the Examiner that Vaidya’s portable endpoint security device (“PEPS”) determines if its remote computer system and/or network connection is trusted as prescribed by one or more internal policies (see id.; Vaidya ¶ 84), we are unpersuaded by the Examiner’s finding that Vaidya “checks . . . a signature[] of the remote system to determine if the system is a trusted source, according to a stored policy.” See Ans. 4; Vaidya ¶¶ 22, 48. Vaidya teaches that (1) policies are distributed in an XML format, wherein the XML format may include a digital signature, and (2) the PEPS receives updated malware signatures. See Vaidya ¶¶ 22, 48. However, the cited passages of Vaidya do not evidence that Vaidya verifies its digital or malware signature belongs to a trusted source, or that Vaidya determines its remote computer system is trusted based on its digital or malware signature. See App. Br. 11; Reply Br. 4. The Examiner has not shown that Gordon and Vaidya, either singly or in combination, teach or suggest “verifying . . . that the signature belongs to a trusted source” as recited in claim 1. Nor has the Examiner provided an adequate rationale to fill the gaps in the cited prior art. Therefore, we find the Examiner erred in the rejection of claim 1 under 35 U.S.C. § 103(a). Accordingly, constrained by this record, we do not sustain the rejection of Appeal 2014-007449 Application 12/998,038 7 independent claim 1. For the same reason, we do not sustain the rejections of independent claims 12 and 14, and dependent claims 2–11, each of which include the same deficiency discussed above with respect to the rejection of claim 1. See App. Br. 4–22; Reply Br. 2–5; Ans. 3–6; Final Act. 4–13. NEW GROUND OF REJECTION WITHIN 37 C.F.R. § 41.50(b) Claim 1 Claim 1 is rejected on a new ground under 35 U.S.C. § 103(a) as unpatentable over Gordon, Vaidya, and Novoa. We adopt as our own the Examiner’s findings regarding claim 1 except, as discussed supra, neither Gordon nor Vaidya teach or suggest “verifying by the computer that the signature belongs to a trusted source.” Novoa, however, in an analogous art, teaches this limitation. Novoa col. 10, ll. 11–17 (“[T]he digest is encrypted with a private key. Encrypting the digest creates a digital signature for the ROM image. The digital signature serves to provide verification that the ROM image originated from the ROM image publisher and that the ROM image has not been altered.”); Fig. 12A, item 920 (“Authentic Rom Image?”); Fig. 13 (illustrating the signature verification process); col. 20, l. 61–col. 21, l. 33 (describing the signature verification process, whereby a trust provider verifies that a subject is trusted for a specified action). It would have been obvious to one of ordinary skill in the art at the time of the invention to modify Gordon and Vaidya to include the teaching of Novoa in order to prevent fraudulent behavior by a third party. See Novoa col. 10, ll. 30–36. Appeal 2014-007449 Application 12/998,038 8 Claims 2–12 and 14 We have entered a new ground of rejection for claim 1. We leave it to the Examiner to consider the patentability of independent claims 12 and 14, as well as dependent claims 2–11, in light of our findings and conclusions supra. The fact that we did not enter new grounds of rejection for claims 2– 12 and 14 should not be construed to mean that we consider those claims to be directed to patentable subject matter or to be patentable over the prior art of record. DECISION The decision of the Examiner to reject claims 1–12 and 14 is reversed. We enter a new ground of rejection for claim 1 under 35 U.S.C. § 103(a). Section 41.50(b) provides that “[a] new ground of rejection . . . shall not be considered final for judicial review.” Section 41.50(b) also provides that Appellant, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new ground of rejection to avoid termination of the appeal as to the rejected claims: (1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new Evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the prosecution will be remanded to the examiner . . . . (2) Request rehearing. Request that the proceeding be reheard under § 41.52 by the Board upon the same Record. Appeal 2014-007449 Application 12/998,038 9 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(1)(iv). REVERSED 37 C.F.R. § 41.50(b)