Ex Parte Whitney

Patent Trial and Appeal Board

Apr 29, 2016

13017231 (P.T.A.B. Apr. 29, 2016)

UNITED STATES PATENT AND TRADEMARK OFFICE
UNITED STATES DEPARTMENT OF COMMERCE
United States Patent and Trademark Office
Address: COMMISSIONER FOR PATENTS
P.O. Box 1450
Alexandria, Virginia 22313-1450
www.uspto.gov
APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO.
13/017,231 01/31/2011 Tobias Ranier Whitney 247253-1 (GEDE:0084) 6279
113426 7590 04/29/2016
GE Energy Management
Fletcher Yoder PC
P.O. Box 692289
Houston, TX 77269-2289
EXAMINER
POWERS, WILLIAM S
ART UNIT PAPER NUMBER
2434
MAIL DATE DELIVERY MODE
04/29/2016 PAPER
Please find below and/or attached an Office communication concerning this application or proceeding.
The time period for reply, if any, is set in the attached communication.
PTOL-90A (Rev. 04/07)
UNITED STATES PATENT AND TRADEMARK OFFICE
____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD
____________

Ex parte TOBIAS RANIER WHITNEY
____________

Appeal 2014-008717
Application 13/017,231
Technology Center 2400
____________

Before JEAN R. HOMERE, JOHN A. EVANS, and
DANIEL J. GALLIGAN, Administrative Patent Judges.

Per Curiam.

DECISION ON APPEAL1

Appellant2 seeks our review under 35 U.S.C. § 134(a) of the
Examiner’s final rejection of claims 1–23. We have jurisdiction under
35 U.S.C. § 6(b).
We AFFIRM.

1 Our Decision refers to Appellant’s Appeal Brief filed February 5, 2014
(“App. Br.”); Appellant’s Reply Brief filed July 9, 2014 (“Reply Br.”);
Examiner’s Answer mailed May 9, 2014 (“Ans.”); the Final Office Action
mailed June 5, 2013 (“Final Act.”); and original Specification filed January
31, 2011 (“Spec.”).
2 Appellant identifies General Electric Company as the real party in interest.
App. Br. 2.
Appeal 2014-008717
Application 13/017,231

2
STATEMENT OF THE CASE
Claims on Appeal
Claims 1, 10, and 19 are independent claims. Claim 1 is reproduced
below (with disputed limitations in italics):
1. A method of detecting an attempted intrusion into a network
comprising:

configuring a smart meter for facilitating delivery,
measurement, or both of utility services, as an entrapment meter,
wherein the entrapment meter receives data packets from a network,
but does not transmit data packets to the network;

configuring the entrapment meter in a manner such that the
entrapment meter appears vulnerable to unauthorized intrusion to the
network;

detecting, using the entrapment meter, an attempted
unauthorized intrusion into the network; and

monitoring the attempted unauthorized intrusion.

References
Tanzella et al. US 7,277,404 B2 Oct. 2, 2007
(“Tanzella”)

Bell et al. US 2008/0219186 Al Sept. 11, 2008

Forbes, Jr. et al. US 7, 715,951 B2 May 11, 2010
(“Forbes”)

Iyad Kuwatly et al. , A Dynamic Honeypot Design for Intrusion Detection,
PROC. IEEE/ACS INT’L CONF. ON PERVASIVE SERVICES (ICPS ’04) (2004)
(“Kuwatly”).

Appeal 2014-008717
Application 13/017,231

3
Examiner’s Rejections
Claims 1, 3–10, 12–19, and 21–23 stand rejected under 35 U.S.C.
§ 103(a) as being unpatentable over Forbes, Tanzella, and Kuwatly. Ans. 3–
8; Final Act. 6–10.
Claims 2, 11, and 20 stand rejected under 35 U.S.C. § 103(a) as being
unpatentable over Forbes, Tanzella, Kuwatly, and Bell. Ans. 8–9; Final
Act. 11.

ANALYSIS
We have reviewed the Examiner’s rejections in light of Appellant’s
arguments the Examiner erred. See App. Br. 5–14; Reply Br. 2–6. We are
not persuaded by Appellant’s arguments. We highlight and address specific
arguments and findings for emphasis as follows.

Independent Claims 1, 10 and 19
Appellant contends the applied combination of references fails to
teach or suggest “configuring a smart meter for facilitating delivery,
measurement, or both of utility services, as an entrapment meter,” as recited
in claim 1. App. Br. 7; Reply Br. 2. In particular, Appellant notes Forbes
teaches managing electric power consumed by devices. App. Br. 8 (citing
Forbes Abstract). Appellant also points out Forbes does not teach
entrapment meters or configuring a smart meter as an entrapment meter.
App. Br. 7–8. Appellant then notes Tanzella teaches a network sensor that
rates the security of signals it receives. App. Br. 8 (citing Tanzella
Abstract). Appellant additionally asserts the notebook computer in Tanzella
is not equivalent to a smart meter. App. Br. 8 (citing Spec. ¶ 45). Appellant
Appeal 2014-008717
Application 13/017,231

4
next notes Kuwatly teaches fake systems resembling real systems to
potential saboteurs to probe the network for potential saboteurs in a
“honeypot” configuration. App. 8–9 (citing Kuwatly p. 3); Reply Br. 2
(citing Kuwatly, p. 3). Appellant argues the client/server system running
honeypot services in Kuwatly is not a real system configured as an
entrapment system. App. Br. 9.
Appellant’s arguments are not persuasive because they attack the
individual teachings of the references and do not address what the
combination of references teaches, as explained by the Examiner.
“Nonobviousness cannot be established by attacking references individually
where the rejection is based upon the teachings of a combination of
references.” In re Merck &Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986).
First, the Examiner relies upon Forbes to teach a smart meter. Ans. 9
(citing Forbes col. 14, ll. 28–40). Second, the Examiner finds Tanzella
teaches honeypots used in a network. Ans. 9–10 (citing Tanzella col. 12, l.
36 – col. 13, l. 11); see Tanzella col. 12, ll. 57–65 (“the hardware sensor
strips 802.11 management and control frames off of wireless data
transmissions and sends real-time or batched data back to a centralized
server (e.g., host system 220) for analysis and processing to determine
[network] intrusions.”). The Examiner further finds the sensors in Tanzella
can be incorporated within a notebook computer. Final Act. 2 (citing
Tanzella col. 8, ll. 10–15). Appellant’s Specification describes the system in
terms of “units” for which it provides “functional description[s],” and it
states that “software, hardware, or a combination of software and hardware
can perform the respective functions.” Spec. ¶ 34 (cited at Ans. 10–11).
Appellant’s arguments that Tanzella relates to a “computer” and not a “smart
Appeal 2014-008717
Application 13/017,231

5
meter” are unpersuasive because the Examiner relies on Forbes for a smart
meter in combination with the teachings of Tanzella, which provides
functional descriptions relating to security. We agree with the Examiner that
Forbes teaches a functioning smart meter and Tanzella teaches operable
sensors as honeypots. Ans. 11–12. The Examiner further relies upon
Kuwatly to teach configuring honeypots in a passive or active mode. Ans.
10 (citing Kuwatly, p. 3).
Appellant further argues that Tanzella does not teach “wherein the
entrapment meter receives data packets from a network, but does not
transmit data packets to the network,” as recited in claim 1. Appellant
contends Tanzella teaches “the sensors 230A-B ‘collect and forward security
related data to a host system 220 for further processing and analysis.’” App.
Br. 10 (quoting Tanzella col. 12, ll. 36–39); see also App. Br. 10 (quoting
col. 12, l. 48, col. 12, ll. 60–61, col. 13, ll. 5–10); see also Reply Br. 3
(citing col. 12, ll. 36–65). Appellant argues: “Referring to [Tanzella] FIG. 9
(reproduced below), it is clear that the packet reception and transmission
occur on the same local area network (LAN) 190.” Reply Br. 3.
We disagree. First, contrary to Appellant’s argument, Tanzella has no
Figure 9 and the Reply Brief does not reproduce a Figure 9. Reply Br. 3.
We agree with the Examiner that the claim requires that transmission from
the entrapment meter to a network is restricted, but not transmission from
the entrapment meter to one or more other networks. Ans. 12. As the
Examiner finds, Tanzella teaches that the hardware sensor operating in
“promiscuous mode” receives data on the 802.11 radio network but is not
able to and does not transmit data on the 802.11 radio network. See Ans. 13
(quoting Tanzella col. 13, ll. 2–5). Tanzella teaches:
Appeal 2014-008717
Application 13/017,231

6
[T]he standalone hardware sensor would have an 802.11 radio
operating in “promiscuous mode” in order to be undetectable
from the airwaves and still read all 802.11 network traffic. In
operating in promiscuous mode, the hardware sensor would not
be able to transmit data such as beacon management and would
be in a read-only operation mode. The sensor software
embedded on the device would read 802.11 frames from the
wireless network and interrogate them to strip the management
and control frames from the data frames, collect the data and send
it to the back-end server.
Tanzella col. 12, l. 66 – col. 13, l. 9.
Appellant argues “[i]t is unclear how the Examiner is suggesting that
a promiscuous mode somehow teaches restricting transmission of data
packets on a network where data packets were received.” App. Br. 11
(citing Tanzella col. 12, l. 36 – col. 13, l. 11). Appellant argues that, even
though the hardware sensor is in operating in read-only mode, the hardware
sensor transmits data to the network. Reply Br. 4. We are not persuaded
because Tanzella teaches that, in promiscuous mode, the device operates in
“read-only” mode on the radio network and, therefore, sends data to the
back-end network on a different network, such as the LAN 190, depicted in
Fig. 2E. See Tanzella col. 12, l. 66 – col. 13, l. 9, Fig. 2E. Therefore, it
receives data on one network, i.e., the 802.11 radio network, but transmits
data on a different network and not on the 802.11 radio network. In light of
this, we are not persuaded of Examiner error based on Appellant’s argument
that Tanzella does not teach “wherein the entrapment meter receives data
packets from a network, but does not transmit data packets to the network,”
as recited in the claim.
Appellant argues Forbes does not teach the benefit of information
about potential saboteurs of the smart meters. App. Br. 8 (citing Forbes col.
Appeal 2014-008717
Application 13/017,231

7
5, ll. 12–19). Appellant contends Tanzella does not teach smart meters nor
the usefulness of information about smart meter saboteurs. App. Br. 8.
Therefore, Appellant appears to be arguing that there would have been no
reason to combine the teachings of Forbes and Tanzella to address security
issues in smart meters. See App. Br. 8; Reply Br. 2.
We are not persuaded because the Examiner provides articulated
reasoning with rational underpinning for combining the references (see Final
Act. 6 (citing Forbes, col. 5, ll. 8–22; Tanzella, col. 1, ll. 35–42), Final Act.
7 (citing Kuwatly, p. 3)), and Appellant’s arguments do not persuasively
rebut the Examiner’s findings underlying the asserted combination (App. Br.
8; Reply Br. 2). For example, the Examiner finds Forbes teaches protecting
against the threat of malicious acts on the smart meter and the smart grid.
Final Act. 6, Ans. 9 (citing Forbes col. 5, ll. 8–22). The Examiner further
finds Tanzella teaches gathering information about a potential
attack/attacker to protect the network. Ans. 9–10 (citing Tanzella col. 32, ll.
4–10); see Tanzella col. 32, ll. 4–7) (“Some embodiments including dynamic
channel change may further use a honeypot trap that tricks the attacker into
thinking the original channel is still valid and provides the necessary
forensic information to identify the attacker.”). The Examiner explains that
a person of ordinary skill in the art “would have been motivated to
implement the smart meter of Forbes with the honeypot trap of Tanzella in
order to make computer-based systems more secure from malicious risks
and attacks as suggested by Tanzella.” Final Act. 6. The Examiner also
provides articulated reasoning with rational underpinning for the
combination of Forbes and Tanzella with Kuwatly. See Final Act. 7. As
Appeal 2014-008717
Application 13/017,231

8
such, Appellant does not persuade us the Examiner erred in combining the
references as applied in the rejection.
Based on the foregoing, we are not persuaded of error in the
Examiner’s rejection of claim 1, and we therefore sustain the rejection of
claim 1, as well as the rejection of claims 10 and 19, which are argued
together with claim 1. App. Br. 11; Reply Br. 4. Appellant does not present
additional persuasive arguments regarding claims 2, 3, 5–12, and 14–23
(App. Br. 14), and, therefore, we sustain the rejections of these claims.
Claims 4 and 13
Appellant argues the Examiner erred in finding Tanzella and Kuwatly
teach “the entrapment meter appears vulnerable to unauthorized intrusion to
the network comprises receiving data packets from the network using a
network interface card set to promiscuous mode,” as recited in claim 4.
App. Br. 11–12. Claim 13 recites similar limitations. In particular,
Appellant contends “neither of the cited references teaches or suggests that a
promiscuous mode can be used to make a vulnerable appearance.” Id. at 12
(emphasis omitted). Appellant asserts Tanzella teaches a vulnerable
appearance without promiscuous mode by using no or weak encryption or
default manufacturing modes. See id. (quoting Tanzella col. 32, ll. 40–43).
Appellant next argues Tanzella teaches away from creating a vulnerable
appearance by rendering the sensor undetectable, opposite to a vulnerable
appearance. See App. Br. 12 (quoting Tanzella col. 13, ll. 1–2), 13; see also
Reply Br. 6. Appellant contends promiscuous mode settings may be used
maliciously and may be detected to provide an appearance of vulnerability.
App. Br. 13 (citations omitted).
Appeal 2014-008717
Application 13/017,231

9
As explained above, the Examiner finds, and we agree, that Tanzella
teaches that a hardware sensor can be set to promiscuous mode, in which it
is not able to and does not transmit data on the 802.11 radio network. See
Ans. 13 (quoting Tanzella col. 13, ll. 2–5). The Examiner also finds
Tanzella teaches that a vulnerable appearance can be created for a device.
Final Act. 8 (citing Tanzella col. 12, l. 36 – col. 13, l. 11, col. 32, ll. 4–43).
Tanzella explains:
[A] new identity may be assumed such that a weaker or more
vulnerable appearing access point can be presented to the
attacker. This is done by again emulating access point
functionality, but in this case with an identity and set of
characteristics that appear vulnerable. This vulnerability
appearance may be created through the use of no or weak
encryption modes or the appearance of default manufacturing
modes with known passwords and user IDs.
Tanzella col. 32, ll. 36–43 (cited at Final Act. 8). Therefore, the Examiner
finds Tanzella teaches “sensors for monitoring network traffic are set in
promiscuous mode and are constructed to appear vulnerable.” Final Act. 8.
Appellant does not direct us to disclosure in which Tanzella states that
the aforementioned vulnerability teachings cannot be applied to a device in
promiscuous mode. Appellant’s argument that “Tanzella provides several
ways of providing the vulnerable appearance without regard to promiscuous
mode” (App. Br. 12) actually undermines a teaching away argument because
if Tanzella teaches using vulnerability techniques “without regard to
promiscuous mode,” then Tanzella cannot be said to “criticize, discredit, or
otherwise discourage” their use with promiscuous mode. See In re Fulton,
391 F.3d 1195, 1201 (Fed. Cir. 2004).
As such, Appellant’s arguments are unpersuasive of error, and we
sustain the rejection of claims 4 and 13.
Appeal 2014-008717
Application 13/017,231

10

DECISION
We affirm the Examiner’s rejections of claims 1–23.
No time period for taking any subsequent action in connection with
this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv).

AFFIRMED