Ex Parte SimaDownload PDFPatent Trial and Appeal BoardApr 12, 201311056928 (P.T.A.B. Apr. 12, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte CALEB SIMA ____________ Appeal 2010-011614 Application 11/056,9281 Technology Center 2400 ____________ Before CAROLYN D. THOMAS, BRUCE R. WINSOR, and BARBARA A. BENOIT, Administrative Patent Judges. THOMAS, Administrative Patent Judge. DECISION ON APPEAL 1 The real party in interest is Hewlett-Packard Development Company, L.P. Appeal 2010-011614 Application 11/056,928 2 STATEMENT OF THE CASE Appellant seeks our review under 35 U.S.C. § 134(a) of the Examiner’s final decision rejecting claims 1-19, which are all the claims pending in the application. We have jurisdiction over the appeal under 35 U.S.C. § 6(b). We REVERSE. The present invention relates generally to crawl-and-attack routines for testing Web applications. See Spec. ¶ [0004]. Claim 1 is illustrative: 1. A method for testing web applications with recursive discovery and analysis comprising the steps of: (a) receiving a target; (b) crawling the target to discover a plurality of analyzable objects; (c) conduct attack sequences on the plurality of analyzable objects; (d) discovering an additional analyzable object during the attack sequence, such additional analyzable object not being readily apparent to a crawl process, and continuing at step (b) with the additional analyzable object used as an input to be used during said crawling. Appellant appeals the following rejection2: 1. Claims 1-19 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Reshef (US Patent Pub. 2002/0010855 A1, Jan. 24, 2002) and Hurst (US 6,996,845 B1, Feb. 7, 2006). 2 The Examiner withdrew the following rejections: (1) the rejection of claim 19 under 35 U.S.C. § 112, first paragraph, and (2) the rejection of claims 1, 7, 18, and 19 under 35 U.S.C. § 112, second paragraph (see Ans. 2, 11). Appeal 2010-011614 Application 11/056,928 3 ANALYSIS Our representative claim, claim 1, recites, inter alia, “discovering an additional analyzable object during the attack sequence . . . with the additional analyzable object used as an input to be used during said crawling.” Independent claims 7, 9, 18, and 19 recite commensurate limitations. Thus, the scope of each of the independent claims includes a feedback input to be used during the crawling that was discovered during the attack sequence. Issue: Did the Examiner err in finding that Reshef teaches and/or suggests an additional analyzable object used as an input to be used during said crawling, as set forth in claim 1? Appellant contends [w]hile Reshef does teach using the crawling process and attack process in parallel, it nowhere teaches or suggest [sic] inputting an additional analyzable object found during the attack process into the crawling process. In fact, the crawling process of Reshef does not have access to the results of the attack process at all. (App. Br. 15). We agree with Appellant. Here, the Examiner relies upon Reshef to teach and/or suggest the aforementioned features. As such, we shall look for error in the Examiner’s interpretation of Reshef. Specifically, the Examiner found that the argued limitations are in “Reshef paragraph 48 which recites extracting any path parameters or encapsulated links (e.g., additional analyzable object not readily apparent) Appeal 2010-011614 Application 11/056,928 4 within and subsequently processing the extracted objection for vulnerability” (Ans. 11-12). For example, Reshef discloses “extract[ing] any path parameters or links encapsulated therein. . . . Attributes of the path and data parameters are also extracted and logged in LinkDB” (¶ [0048]). In other words, Reshef’s paragraph [0048] discloses a “crawl stage” loop that scans the whole web application and discovers all the links or URLs associated therewith, including any input or hidden fields associated with HTML forms. Thus, while we agree with the Examiner that Reshef discloses extracting additional links and processing the same for vulnerabilities, such identified additional links processing in paragraph [0048] is done in the “crawl stage,” not during the “attack sequence” as required by the claims. Furthermore, even when Reshef executes the “crawling” and “attacking” in parallel (see ¶ [0100]), the Examiner has not shown, and we cannot readily find, where Reshef uses any additional objects found during the attack sequence as input during subsequent crawling, i.e., as feedback from the attack sequence. Instead, Reshef appears to merely go to a report stage and evaluate the results of the attack, i.e., report to the operator and store in a viewable transaction file (see Fig. 1; ¶¶ [0094]-[0096]). Here, the Examiner is silent regarding the additional analyzable object (discovered during the attack sequence) being used as inputs to subsequent crawling. The one who bears the initial burden of presenting a prima facie case of unpatentability is the Examiner. In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992). A prima facie case is established when the party with the burden of proof points to evidence that is sufficient, if uncontroverted, to entitle it to prevail as a matter of law. See Saab Cars USA, Inc. v. U.S., 434 F.3d 1359, Appeal 2010-011614 Application 11/056,928 5 1369 (Fed. Cir. 2006). The Examiner cannot entirely ignore any limitation in a claim while determining whether the subject matter of the claim would have been obvious. In re Wilson, 424 F.2d 1382, 1385 (CCPA 1970). Here, the Examiner has not pointed to any evidence that is sufficient to show the aforementioned limitation. In addition, the Examiner has not shown that Hurst cures the deficiencies of Reshef. We are therefore constrained by the record before us to find that the Examiner erred in rejecting representative claim 1 and claims 2-19 for similar reasons. Accordingly, we reverse the Examiner’s obviousness rejection of claims 1-19. Since we agree with at least one of the arguments advanced by Appellant, we need not reach the merits of Appellant’s other arguments. It follows that Appellant has shown that the Examiner erred in finding that the combined teachings of Reshef and Hurst render claims 1-19 unpatentable. DECISION We reverse the Examiner’s § 103 rejection of claims 1-19. REVERSED babc Copy with citationCopy as parenthetical citation
