Ex Parte Stute et alDownload PDFPatent Trial and Appeal BoardApr 29, 201612351645 (P.T.A.B. Apr. 29, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/351,645 0110912009 23345 7590 MCGUIREWOODS, LLP 1750 TYSONS BLVD SUITE 1800 Tysons Corner, VA 22102 05/03/2016 FIRST NAMED INVENTOR Michael Roy Stute UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 0464.0009 9227 EXAMINER LA YELLE, GARY E ART UNIT PAPER NUMBER 2493 NOTIFICATION DATE DELIVERY MODE 05/03/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): patents@mcguirewoods.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MICHAEL ROY STUTE and SCOTT S. PAL Y Appeal2014-009276 Application 12/351,645 Technology Center 2400 Before ST. JOHN COURTENAY III, JAMES R. HUGHES, and MATTHEW J. McNEILL, Administrative Patent Judges. COURTENAY, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner's Final Rejection, mailed July 10, 2013, of claims 21-30 and 34--40. Claims 1-20 and 31-33 are cancelled. We have jurisdiction under 35 U.S.C. § 6(b ). We affirm. Appeal2014-009276 Application 12/351,645 Invention The claimed invention on appeal is directed to: "information systems and, in particular, to systems and methods of managing network security and threats on a network." (Spec. i-f 2.) Representative Claim 21. A method comprising: performing, by one or more computer systems: receiving traffic information generated based, at least in part, upon an analysis of packets directed to a plurality of enterprise assets, each of the plurality of enterprise assets coupled to at least one of a plurality of distinct computer networks; receiving vulnerability information generated based, at least in part, upon a scan of the plurality of distinct computer networks, the scan configured to detect vulnerabilities associated with one or more of the plurality of enterprise assets; receiving vendor alert information provided by one or more third-party vendors, the vendor alert information related to one or more of the plurality of enterprise assets; continuously correlating the received traffic information, vulnerability information, and vendor alert information; assigning threat points to one or more security threats based, at least in part, upon the continuous correlation; and [L 1] dynamically adjusting a priority of each of the one or more security threats by escalating security threats with highest potential to be successful and modifying a risk associated with other security threats based, at least in part, upon the continuous correlation. (Emphasis added regarding the contested limitation, labeled as "L 1 ".) 2 Appeal2014-009276 Application 12/351,645 Rejections A. Claims 21and22 are rejected under 35 U.S.C. § 103(a) as being obvious over the combined teachings and suggestions of Frederichs et al. (US 2003/0084349 Al; published May 1, 2003), Gula et al. (US 2005/0229255 Al; published October 13, 2005), Rouland et al. (US 7,913,303 Bl; issued March 22, 2011), and Internet Security Systems™, Enhanced Dynamic Threat ProtectionTM via Automated Correlation and Analysis, An ISS White Paper, ©2002 Internet Security Systems, Inc. (hereinafter "ISS"). B. Claims 23-30 and 34--40 are rejected under 35 U.S.C. § 103(a) as being obvious over the combined teachings and suggestions of Frederichs, Gula, Rouland, ISS and Bector et al. (US 6,687,732 Bl; issued February 3, 2004) Grouping of Claims Based on Appellants' arguments, we decide the appeal of all claims rejected under rejection A on the basis of representative claim 21. See 3 7 C.F.R. § 41.37(c)(l)(iv). We address rejection B of claims 23-30 and 34-- 40, infra. ISSUE Issue: Under§ 103, did the Examiner err by finding the cited combination of Frederichs, Gula, Rouland and ISS would have taught or suggested the contested limitation L 1: "dynamically adjusting a priority of each of the one or more security threats by escalating security threats with 3 Appeal2014-009276 Application 12/351,645 highest potential to be successful and mod;fying a risk associated with other security threats based, at least in part, upon the continuous correlation," within the meaning of representative claim 21? (Emphasis added.) Contentions Appellants focus their argument on the ISS reference, asserting that the first cited section of the reference does not discuss the portion of the contested claim limitation "escalating security threats with highest potential to be successful" (App. Br. 10): [T]he Final Office Action relies upon !SS. At its first cited portion, however, ISS states that: RealSecure SiteProtector with the Security Fusion Module employs numerous correlation techniques to achieve the ultimate goal in state-of-the-art correlation: fully automated and dynamic risk correlation. Risk correlation determines the relationship between the active threats against the network and systems, and the vulnerabilities of those resources. This "Holy Grail" of correlation provides any organization with a true risk-oriented view of its enterprise-wide environment. Risk correlation answers the fundamental question: What are the consequences of the current vulnerability and attack exposure to the business? And in doing so, it allows available security personnel to focus exclusively on protecting the most critical business assets. !SS, p. 6, third paragraph. Accordingly, Appellant respectfully notes that the foregoing passage simply does not discuss "escalating security threats with highest potential to be successful and modifying a risk associated with other security threats." Appellants additionally argue that the second cited section of the ISS reference does not teach or suggest the aforementioned portion of the contested limitation: (App. Br. 10-11). At its second cited portion, !SS states that "incidents involving the most critical or valuable business assets take priority over 4 Appeal2014-009276 Application 12/351,645 lesser inconsequential events." !SS, p. 7, last paragraph. However, claim 21 recites "escalating security threats with highest potential to be successful." Simply put, escalating "security threats with highest potential to be successful," as recited in claim 21, is not the same as escalating "incidents involving the most critical business assets," as described in !SS. Hence, !SS does not teach or suggest "dynamically adjusting a priority of each of the one or more security threats by escalating security threats with highest potential to be successful and modifying a risk associated with other security threats based, at least in part, upon the continuous correlation." The Examiner disagrees (Ans. 3--4). The Examiner finds contested limitation LI is taught or suggested by the ISS reference, as follows: Appellants argue that the cited references do not teach or suggest "escalating security threats with the highest potential to be successful". The [E]xaminer respectfully disagrees. The ISS document involves dynamic risk correlation and focuses on the most critical business assets (ISS cited paragraph 3, page 6). ISS indicates a "prioritized view of an organization's protected assets" and also that that "incidents involving the most crucial or valuable business assets take priority over lesser or potentially inconsequential events" (see cited portion of IIS, page 7, last paragraph, emphasis added). Therefore, ISS teaches the limitation at issue. ANALYSIS We have considered all of Appellants' arguments and any evidence presented. We disagree with Appellants' arguments, and we adopt as our own: (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken, and (2) the reasons and rebuttals set forth in the Answer in response to Appellants' arguments. (Ans. 3---6.) However, we highlight and address specific findings and arguments for emphasis in our analysis below. 5 Appeal2014-009276 Application 12/351,645 At the outset, we note the Examiner adopts a broad reading of the term "successful" as recited within the contested claim limitation: "dynamically adjusting a priority of each of the one or more security threats by escalating security threats with highest potential to be successful and modifying a risk associated with other security threats based, at least in part, upon the continuous correlation." (Claim 21; see also Ans. 3--4 ). The Specification does not define the term, nor are examples offered to explain or clarify what is meant by "successful." The Examiner refers to the Specification for context, and specifically cites paragraph 52 in support of the finding that "escalating a security threat on a critical business asset would imply a higher level of success than an attack on an insignificant asset" (Ans. 4): In addition, SDM 218 generally aids in providing a successful security event management system by generating alerts from multiple and complex sources by linking threats to the business assets they target. The Examiner additionally points to several teachings or suggestions in the ISS reference (page 8, paragraphs 1--4) of continuous correlation of events. (Final Rejection 7). Given the lack of a definition for the claim term "successful" in the claim or the Specification, on this record, we are not persuaded the Examiner's interpretation of the contested claim limitation L 1 is overly broad or unreasonable. 1 Moreover, a reference may be relied upon for all 1 Because "applicants may amend claims to narrow their scope, a broad construction during prosecution creates no unfairness to the applicant or 6 Appeal2014-009276 Application 12/351,645 that h would have reasonably suggested to one having ordinary skm the art, including non-preferred embodiments. See Aierck & Co. v. Biocn~.ft Laboratories, Inc., 874 F.2d 804, 807 (Fed. Cir.), cert. denied, 493 U.S. 975 (1989). Here, we find the cited descriptions in the ISS reference teach or suggest the contested claim language, so as to render clairn 21 obvious under § 103. Specifically, we find the dynamic risk correlation, and focus on the most critical business assets (as taught by ISS)) at least suggest the escalation of security threats with the highest potential to be successful, within the meaning of claim 21. Therefore, by a preponderance of the evidence, and for the reasons discussed above, we are not persuaded the Examiner erred. Accordingly, we sustain the rejection of representative claim 21, and dependent claim 22, also rejected under rejection A. See "Grouping of Claims," supra. Rejection B of claims 23-30 and 34-40 under §103 Appellants advance no separate arguments for the noted claims, which are rejected under rejection B. Arguments not made are considered waived. See 37 C.F.R. § 41.37(c)(l)(iv). Therefore, we sustain the rejection of independent claims 30 and 35, and dependent claims 23-29, 34 and 36-40. Conclusion For the reasons discussed above, and by a preponderance of the evidence, we are not persuaded the Examiner erred. patentee." In re ICON Health and Fitness, Inc., 496 F.3d 1374, 1379 (Fed. Cir. 2007) (citation omitted). 7 Appeal2014-009276 Application 12/351,645 DECISION We affirm the Examiner's rejections of claims 21-30 and 34--40 under § 103. No time for taking any action connected with this appeal may be extended under 37 C.F.R. § 1.136(a)(l). See 37 C.F.R. § 41.50(f). AFFIRMED 8 Copy with citationCopy as parenthetical citation
