Ex Parte Ting et alDownload PDFPatent Trial and Appeal BoardOct 7, 201611809791 (P.T.A.B. Oct. 7, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 111809,791 06/01/2007 23517 7590 10/12/2016 MORGAN, LEWIS & BOCKIUS LLP (BO) 1111 PENNSYLVANIA A VENUE, N.W. WASHINGTON, DC 20004 FIRST NAMED INVENTOR David M. T. Ting UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. IPV-010/7304132001 9530 EXAMINER POPHAM, JEFFREY D ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 10/12/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): kcatalano@morganlewis.com patents@morganlewis.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte DAVID M. T. TING and DANIEL V. ESKENAZI Appeal2015-002719 Application 11/809,791 Technology Center 2400 Before ST. JOHN COURTENAY III, THU A. DANG, and LARRY J. HUME, Administrative Patent Judges. COURTENAY, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner's Final Rejection of claims 1--4, 7-18, and21-28. Claims 5, 6, 19, 20, and29-31 are canceled. We have jurisdiction under 35 U.S.C. § 6(b). We Affirm. Appeal2015-002719 Application 11/809,791 Invention Appellants' disclosed and claimed invention relates to a method and system for safeguarding keystroke commands from keyboard logging malware. (Spec. i-f 1.) Representative Claim 1 1. A method for safeguarding keystroke commands from keyboard-logging malware, the method comprising: [L 1] intercepting, by a client agent application executed by a hardware processor, keystroke commands passed from an operating system and directed to a callback function; [L2] determining a memory address of the callback function; [L3] comparing the determined memory address to a list of memory addresses corresponding to approved applications and/or files; and [L4] delivering the keystroke commands to the callback function only if the determined memory address matches an address on the list. (Lettering added to identify contested limitations). Rejections A. Claims 1, 2, 7-16, 21-25, and 28 are rejected under 35 U.S.C. § 103(a) as obvious over the combined teachings and suggestions of Waterson (US 2006/0101128, pub. May 11, 2006), England (US 2004/0044906 Al, pub. Mar. 4, 2004), and Saito (US 2007/0136728 Al, pub. June 14, 2007). 2 Appeal2015-002719 Application 11/809,791 B. Claims 3, 4, 17, and 18 are rejected under 35 U.S.C. § 103(a) as obvious over the combined teachings and suggestions of Waterson, England, Saito, and Shoham (US 2006/0031926 Al, pub. Feb. 9, 2006). C. Claims 26 and 27 are rejected under 35 U.S.C. § 103(a) as obvious over the combined teachings and suggestions of Waterson, England, and Kelley (US 2004/0030914 Al, pub. Feb. 12, 2004). Grouping of Claims Based on Appellants' arguments, we decide the appeal of rejection A, of independent claims 1, 15, and 28, on the basis of representative independent claim 1. See 37 C.F.R. § 41.37 (c)(l)(iv). We address rejection A of dependent claims 2, 7-14, 16, and 21-25, not argued separately, infra. We decide the appeal of rejection B, of dependent claims 3, 4, 17, and 18, not argued separately, infra. We decide the appeal of rejection C, of independent claim 26, and associated dependent claim 27, not argued separately; infra. ANALYSIS We have considered all of Appellants' arguments and any evidence presented. We disagree with Appellants' arguments and we adopt as our own: ( 1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken, and (2) the reasons and rebuttals set forth in the Examiner's Answer (2-25) in response to Appellants' arguments. However, we highlight and address specific findings and arguments for emphasis in our analysis below. 3 Appeal2015-002719 Application 11/809,791 Rejection A ofRepresentative Claim 1under35U.S.C.§103(a) Combinability under 35 U.S.C. § 103 I. Appellants contend, based on the October 3, 2013 Declaration, under 37 C.F.R. § 1.132, of inventor David Ting, that "one of skill in the art would not combine Waterson and England, and also, separately, would not combine Waterson and Saito." (App. Br. 7-8.) At the outset, we note that our reviewing courts have found a declaration provided by an inventor is by nature self-serving, and is therefore accorded little, if any, evidentiary weight. See e.g., Reese v. Hurst, 661F.2d1222, 1239 (CCPA 1981) (discussing the weight to be given to self-serving declarations made by an inventor in an interference proceeding). "A man cannot make evidence for himself by writing a letter containing the statements that he wishes to prove." A. B. Leach & Co. v. Peirson, 275 U.S. 120, 128 (1927). Cf with Bell & Howell Document Mgmt. Prods. v. Altek Sys., 132 F.3d 701, 706 (Fed. Cir. 1997) (An inventor's self-serving statements are rarely relevant to the proper construction of a claim term.). We additionally note inventor David Ting's Declaration does not provide any objective evidence of secondary considerations, such as commercial success, long felt but unmet need, or unexpected results. 1 To the extent the Declarant relies on "in my opinion" (Declaration 5, i-fi-12, 3), we find the stated conclusions are self-serving, and are therefore 1 "For objective evidence of secondary considerations to be accorded substantial weight, its proponent must establish a nexus between the evidence and the merits of the claimed invention." Wyers v. Master Lock Co., 616 F.3d 1231, 1246 (Fed. Cir. 2010) (quotation omitted). 4 Appeal2015-002719 Application 11/809,791 unpersuasive. To the extent the Declarant cites to specific evidence of record in support of the proposition that the cited references would not have been combined by an artisan in the manner proffered by the Examiner, we address Appellants' contentions, infra. II. Appellants contend, inter alia: (1) the "Ting Declaration states that the references are not germane to each other," (2) "do not complement each other," and (3) they are "incompatible." (App. Br. 9-16.) As relied upon by the Examiner (Final Act. 20), the primary Waterson reference describes protection of user keystroke information to secure user entry data, by using a master Microsoft WINDOWS™ operating system "hook," which intercepts keystrokes, and monitors and filters all WINDOWS messages. (Abstract, i-fi-186, 91-92, 95). We are not persuaded by Appellants' contentions (App. Br. 9-16) because we find a preponderance of the evidence supports the Examiner's finding that an artisan would have incorporated the secure execution techniques of England (i-fi-fl9, 37--41, and 43--45), into the keystroke protection system of Waterson (i-fi-f 86, 91-95, and 101), to increase user security. (Final Act. 22.) We find the Examiner's proffered combination would have ensured that only authorized applications would gain access to sensitive keystrokes, by providing such secure keystroke data to the authorized applications only from within a "curtained" (i.e., restricted access) portion of memory. (Final Act. 21-22.) Thus, we agree with the Examiner's finding that incorporating Saito's callback address-based authentication techniques (i-fi-f 23, 31-33, 43, 45--49, 5 Appeal2015-002719 Application 11/809,791 and 75-79), into Waterson's keystroke protection system (ifif 86, 91-95, and 101 ), as further modified by England's curtained memory and code (ififl9, 37--41, and 43--45), would have provided additional authentication mechanisms, and therefore would have increased system security. (Final Act. 20-23.) Based on the evidence relied upon (id.), we find the Examiner provides sufficient "articulated reasoning with some rational underpinning to support the legal conclusion of obviousness." In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006). See also 35 U.S.C. § 132. (See Final Act. 21-23.) Moreover, after reviewing the record before us, it is our view that an artisan would have understood that intercepting keystroke commands for delivery to callback functions associated with authorized ("approved") applications would have merely produced a predictable result. (Claim 1 ). Appellants have not shown that intercepting "keystroke commands," as recited in claim 1, would have been more than a combination of familiar prior art practices (i.e., steps or acts), according to known methods, to yield predictable results. See KSR Int'! Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). Nor have Appellants provided evidence that combining such known elements or steps (as described in Waterson, England, and Saito - Final Act. 19-23) would have been "uniquely challenging or difficult for one of ordinary skill in the art," Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007), or would have yielded unexpected results. Furthermore, to the extent known alternatives would have been considered and accommodated by an artisan, the Supreme Court guides that courts can "take account of the inferences and creative steps that a person of ordinary skill in the art would employ." KSR, 550 U.S. 398 at 418. 6 Appeal2015-002719 Application 11/809,791 Ill. Appellants further contend the Declaration states that Waterson and Saito "address different problems." (App. Br. 16.) \Ve do not find Appellants' contention persuasive because the references need not recognize the same problern solved by the AppeHants. See In re Kemps, 97 F.3d 1427, 1430 (Fed. Cir. 1996). Moreover, "[a] finding that two inventions were designed to resolve different problems ... is insufficient to demonstrate that one invention teaches away from another." Nat'! Steel Car, Ltd. v. Canadian Pac. Ry., Ltd., 357 F.3d 1319, 1339 (Fed. Cir. 2004). Therefore5 on this record, we do not find Appellants' contention that Waterson and Saito "address different problems" sufficient to show the Examiner improperly combined the cited references under§ 103. Contested limitations Ll-L4 under 35 U.S.C. § 103(a) Appellants additionally contest limitations Ll-L4 (App. Br. 18-24). Regarding all contested limitations, we only consider Appellants' arguments to the extent such arguments are directed to subject matter actually claimed. Limitation LI Appellants contend: [N]othing in Waterson discloses the interception of commands passed from an operating system and directed to a callback function. The master/ debug hook Waterson intercepts keystroke information from a keyboard buff er and directed to the application window. Waterson does not disclose, teach, or suggest intercepting commands directed to a callback function; indeed, the term "callback function" or any similar concept or construct does not even appear in Waterson. The assertion by the Examiner that Waterson "intercepts keystroke commands ... directed to a callback function (e.g., directed to the callback function of the application requesting access to the data)" is 7 Appeal2015-002719 Application 11/809,791 simply incorrect; these words, phrases, and concepts do not appear in Waterson. (App. Br. 21.) We are not persuaded by Appellants' arguments because the evidence of record supports the Examiner's finding that Waterson's "hooks" teach or at least suggest the contested "callback function," because a "hook" intercepts events such as keystrokes in association with callback functions. (See Ans. 16-19.) As evidentiary support, we note Waterson teaches the use of the Microsoft WINDOWS operating system (i-f 91 ). We further note Appellants' Specification specifically describes (i-f 32): In WINDOWS-based systems, for example, keyboard logging malware relies on a feature of the operating system that allows the malware to "hook" a callback function into the internal messaging system and, as a result, the callback function is notified each time the user enters a keystroke. The operating system activates the callback function each time a character is pressed and provides the logger with an effective way to monitor keystrokes entered by the user for all applications. (Emphasis added.) 2 Given this evidence, we are not persuaded of error regarding the Examiner's mapping and underlying factual findings. (Ans. 16-19.) To prevent keystroke loggers from accessing keystroke information, Waterson' s 2 "A statement by an applicant in the specification or made during prosecution identifying the work of another as 'prior art' is an admission which can be relied upon for both anticipation and obviousness determinations, regardless of whether the admitted prior art would otherwise qualify as prior art under the statutory categories of 35 U.S.C. [§] 102." MPEP §2129(1.), citing Riverwood Int'! Corp. v. R.A. Jones & Co., 324 F.3d 1346, 1354 (Fed. Cir. 2003); Constant v. Advanced Micro-Devices Inc., 848 F.2d 1560, 1570 (Fed. Cir. 1988). 8 Appeal2015-002719 Application 11/809,791 protection software: ( 1) "first disables all hooks in the operating system," and then, (2) installs "a master hook that monitors and filters all windows messages ... to block all hooks with messages that would be of use to a keystroke logger." (Waterson i-f 92; see also Ans. 16-17.) We also agree with the Examiner's finding (Ans. 17), that Waterson's (i-f 95) blocking of any other requests that may interfere (or log) the information communicated between the keyboard buffer and the application field," would have taught or suggested contested limitation L 1: i.e., "intercepting ... keystroke commands passed from an operating system ... directed to a callback function." (Claim 1.) We find a preponderance of the evidence supports the Examiner's findings, because Waterson's master hook monitors or intercepts the keystroke commands passed from the keyboard buffer, and we find these elements are under the control of the WINDOWS operating system, as discussed supra. The Examiner :farther buttresses his findings regarding Waterson (with respect to limitation L 1 ), with Saito' s teachings and suggestions. (Ans. 20.) Specifically, the Examiner finds: "Saito explicitly uses the phrase 'callback function' (e.g., paragraphs 75-79) and discusses how the system can compare the callback function address to a list associated with legitimate applications." (Ans. 20.) We agree with the Examiner's findings, because Saito expressly teaches using a "callback function" and describes determining whether a caller program is legitimate (i.e., authorized), based on the callback function's acquired access destination address. (Saito, Abstract.) Therefore, we conclude contested limitation L 1 would have been obvious based on the Examiner's underlying factual findings regarding 9 Appeal2015-002719 Application 11/809,791 Waterson, as discussed above, and Saito (ifif 75-79), which expressly teaches a callback function, and also based upon the teachings and suggestions of England. (See Final Act. 20.) Limitations L2 and L3 Appellants contend England does not teach limitations L2 and L3. England, however, does not determine a memory address (of a callback function or otherwise); it has direct hardware access to the address of the currently executing instruction via the curtain logic 356. It further does not compare the determined address (again, because it did not determine the address) with a list of memory addresses corresponding to approved applications and/or files. England compares the instruction address to an address map 3 54 that contains only address ranges that correspond to curtained memory addresses, not to a list of addresses of approved applications and/or files, as required by the present claims. (App. Br. 23.) The Examiner applies a broad but reasonable interpretation to claim 1, and concludes contested limitation L2 ("determining a memory address of the callback function") does not preclude England's teaching of directly accessing the address of the currently executing instruction. (Ans. 23, England ifl9.) On this record, we are not persuaded the Examiner's claim interpretation of "a memory address of the callback function" is overly broad or unreasonable, as read on the teachings and suggestions of England (if 19), when combined with the teachings of Waterson, and Saito (e.g., if 75: "the 10 Appeal2015-002719 Application 11/809,791 callback address means an address where a callback function to be called is stored."). 3 Regarding contested limitation L3, Appellants' contentions are not commensurate with the claim limitations. Appellants contend England does not compare "a list of addresses of approved applications and/or files." (App. Br. 23-24.) However, limitation L3 of claim 1 actually recites broader language: "a list of memory addresses corresponding to approved applications and/or files." (Claim 1, emphasis added.) Appellants acknowledge England's instruction is "tested" (i.e., compared) against a hardware address map, and if there is a match, then the instruction is permitted to access the privileged data. (App. Br. 22; see also England i-fi-1 43--44.) The Examiner finds England's address map 354 teaches or at least suggests "a list of memory addresses corresponding to approved applications and/or file[s]." The Examiner further finds England's instruction address teaches or at least suggests the contested claim term "determined memory address." (Ans. 24--25; Final Act. 21; see also England i-fi-143--44.) We find a preponderance of the evidence supports the Examiner's legal conclusion of obviousness, because England compares the instruction address to a list of memory addresses in address map 3 54, which we find teaches, or at least suggests, contested limitation L3. (England i-fi-1 43--44.) 3 Because "applicants may amend claims to narrow their scope, a broad construction during prosecution creates no unfairness to the applicant or patentee." In re ICON Health and Fitness, Inc., 496 F.3d 1374, 1379 (Fed. Cir. 2007) (citation omitted). 11 Appeal2015-002719 Application 11/809,791 Limitation L4 Appellants contend Saito does not teach or suggest limitation L4. (App. Br. 21.) However, we are not persuaded by Appellants' arguments because we find Appellants are arguing the references separately.4 In addition to Saito, the Examiner cites both England and Waterson for teaching or suggesting limitation L4. (Ans. 22, Final Act. 20.) On this record, we find Appellants have not shown that intercepting keystroke commands, as claimed, and delivering such commands to the callback function, "only if the detennined memory address matches an address on the l i sf' (claim 1 ), is more than a combination of known practices (i.e., steps or acts) that would have yielded predictable results. See KSR, 550 U.S. at 416. Given the evidence cited by the Examiner (see Final Act 20----23), we find the Examiner's protlered combination of the teachings of \Vaterson, England, and Saito, would have realized predictable results such that Appellants' clairn l is rendered obvious under§ 103. Because Appellants have not persuaded us the Examiner erred, we sustain rejection A of representative claim 1, and rejection A of grouped independent claims 15 and 28, which fall with claim 1. (See Grouping of Claims, supra.) 4 See In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986) (One cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.). 12 Appeal2015-002719 Application 11/809,791 Rejection A of Claims 2, 7-14, 16, and 21-25 under 35 U.S.C. § 103(a) In view of the lack of any substantive or separate arguments directed to rejection A of dependent claims 2, 7-14, 16, and 21-25, we also sustain the Examiner's rejection A of these claims, as they fall with their respective independent claims. Arguments not made are considered waived. See 37 C.F .R. § 41.3 7 ( c )(1 )(iv). Rejection B of Claims 3, 4, 17, and 18 under 35 U.S.C. § 103(a) Appellants advance no separate arguments regarding the claims rejected under rejection B. Arguments not made are waived. See 37 C.F.R. § 41.37(c)(l)(iv). Therefore, we sustain the Examiner's rejection B of claims 3, 4, 17, and 18. Rejection C of Claims 26 and 27 under 35 U.S.C. § 103(a) Appellants advance no separate arguments regarding claims 26 and 27, which are rejected under rejection C. Arguments not made are waived. See 37 C.F.R. § 41.37 (c)(l)(iv). Therefore, we sustain the Examiner's rejection C of independent claim 26, and associated dependent claim 27. 13 Appeal2015-002719 Application 11/809,791 DECISION We affirm the Examiner's decision rejecting claims 1--4, 7-18 and 21-28 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 3 7 C.F .R. § 1.13 6( a )(1 )(iv). See 3 7 C.F.R. § 41.50(±). AFFIRMED 14 Copy with citationCopy as parenthetical citation
