Ex Parte Wiederin et alDownload PDFPatent Trial and Appeal BoardAug 20, 201310608137 (P.T.A.B. Aug. 20, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte SHAWN E. WIEDERIN, RALPH S. HOEFELMEYER, and THERESA E. PHILLIPS ____________________ Appeal 2010-000894 Application 10/608,137 Technology Center 2400 ____________________ Before DEBRA K. STEPHENS, KRISTEN L. DROESCH, and BRUCE R. WINSOR, Administrative Patent Judges. STEPHENS, Administrative Patent Judge. DECISION ON REQUEST FOR REHEARING BY EXAMINER UNDER MPEP 1214.04 Appeal 2010-000894 Application 10/608,137 2 STATEMENT OF THE CASE The Examiner requests rehearing of our May 3, 2012 Decision on Appeal (“Decision”), wherein we reversed the Examiner’s decision rejecting: (1) Claims 1, 4, 5, 8-10, 12-14, 16, 19, and 20 under 35 U.S.C. § 103(a) as being unpatentable over Schneier (U.S. Patent Application 2002/0087882 A1) and Joyce (U.S. Patent 6,519,703 B1); (2) Claims 6, 15, and 21 under 35 U.S.C. § 103(a) as being unpatentable over Schneier, Joyce, and Judge (U.S. Patent 6,941,467 B2); and (3) Claims 7 and 22 under 35 U.S.C. § 103(a) as being unpatentable over Schneier, Joyce, and Bates (U.S. Patent 6,785,732 B1). We have reconsidered our Decision, in light of both the Request for Rehearing by the Examiner (“Request”) and Appellants’ Reply to Examiner’s Request for Rehearing (“Reply to Req.”), and we find no errors therein. We decline to change our prior Decision for the reasons discussed infra. In the Request for Rehearing, the Examiner alleges that the following points were either misapprehended or overlooked in the Board’s Decision: (1) “the panel looked to the incorrect portion [0068] and/or did not appreciate that ‘forward’ is used in different contexts throughout the claim” (Request 4); Appeal 2010-000894 Application 10/608,137 3 (2) “[t]he Board considered only paragraph [0068] in Schneier that describes an SOC that was relied upon by the examiner to teach the second portion of the limitation, as also teaching the first portion of the limitation” (Request 5); and (3) “paragraph [0064] of Schneier describes the first portion of the limitation and paragraph [0068] of Schneier describes the second portion of the limitation” (Request 5). REJECTION UNDER 35 U.S.C. § 103 In our prior Decision, we explained “this portion of Schneier [, paragraph 68,] does not disclose forwarding information to the SOC when the information indicates that data potentially contains malicious content. Instead, this portion describes a request(s) coming from the SOC to the device” (Dec. 5). To detail our reasoning further, we provide the following. We found Schneier does not teach “the report information allowing the remote central management system to make a forwarding decision on behalf of the device” as recited in claim 1 (emphasis added). We understood the Examiner’s rationale, as articulated in the Answer, to be that paragraph 64 of Schneier discloses the device comprising forwarding logic configured to forward “interesting information” to a remote secure operations center (SOC) when further analysis is needed (Ans. 12). The Examiner cites paragraphs 64 and 68 of Schneier as support for forwarding interesting information to the SOC for further analysis that the Appeal 2010-000894 Application 10/608,137 4 SOC uses to inform the device whether to allow certain IP addresses to access the customer’s network for a period of time (Ans. 12). We find paragraph 64 teaches data is filtered by a negative filtering subsystem 2020, which discards uninteresting information, and then filtered by positive filtering subsystem 2030, which selects possibly interesting information and forwards it to communications and resource coordinator 2060 (emphasis ours). Paragraph 64 further teaches data that is neither determined to be discarded by negative filtering nor selected out as interesting by positive filtering form the “residue” which is sent to an anomaly engine for further analysis and possible forwarding to the SOC. The Examiner also appears to indicate the report information that indicates the first data potentially contains malicious content is the residue (Ans. 3; Request 6-7), the “interesting information” (Ans. 13) (which is the result of positive filtering ([0064])), and the sentry messages (Request 7) (created out of the interesting status data (pg. 5, [0065])). We agree Schneier discloses forwarding report information, whether it is the interesting information, residue, or sentry messages, to an SOC (remote central management system) when the report information indicates that the first data potentially contains malicious content. However, we do not agree with the Examiner that Schneier describes “the report information allowing the remote central management system to make a forwarding decision on behalf of the device” as recited in claim 1 (emphasis added) as set forth by the Examiner (Ans. 12, Request 7, § 2). Initially we note “forwarding decision” is not explicitly defined by Appellants in their Specification. Interpreting this term broadly, but Appeal 2010-000894 Application 10/608,137 5 reasonably, in light of Appellants’ Specification, a “forwarding decision” includes a determination whether to forward data. Paragraph 68 of Schneier discusses that the network response subsystem 2070, part of the probe/sentry system, “can, among other things, process and execute requests originating from the SOC designed to mitigate or terminate various attacks.” The paragraph further explains that the “network response subsystem 2070 might be requested by the SOC via Pipes 3000 to not allow a certain IP address to access the customer’s network for the next 10 minutes.” Accordingly, we agree the SOC makes a decision whether to allow access to the customer’s network (network response subsystem 2070) and thus, Schneier discloses the SOC may make a forwarding decision on behalf of the network response subsystem 2070. Therefore, we agree with the Examiner that Schneier discloses the remote central management system (SOC) making a forwarding decision (decision whether to forward data) on behalf of the device. However, the cited paragraphs, paragraphs 65, 66, and 68, do not teach or suggest the report information, whether it is the residue information, the interesting information, and/or the sentry messages, allowing the SOC to make a forwarding decision on behalf of the device. Indeed, the paragraphs cited by the Examiner are describing Figure 2 – an exemplary embodiment of a probe/sentry system in the device which only broadly describes interactions with the SOC (pg. 5, [0064]-[0069]). The Examiner has not set forth with specificity why one of ordinary skill in the art would have found Schneier to teach or suggests what precipitates the SOC requesting the network response subsystem 2010 to execute a specific Appeal 2010-000894 Application 10/608,137 6 request, such as to not allow a certain IP address to access the customer’s network for the next 10 minutes. Thus, we are not persuaded the Examiner has shown, nor do we readily find, Schneier teaches or at least suggests the residue information, interesting information, or the sentry messages are allowing the SOC to make a forwarding decision. Therefore, we did not find Schneier teaches or suggests the report information (interesting information) allowing the SOC to make a forwarding decision on behalf of the device. Accordingly, we are not persuaded Schneier teaches or suggests “forwarding logic configured to . . . forward the report information to a remote central management system when the report information indicates that the first data potentially contains malicious content, the report information allowing the remote central management system to make a forwarding decision on behalf of the device” as recited in independent claim 1 and commensurately recited in independent claims 10 and 16. After considering the evidence before us, we are not persuaded to alter our decision. CONCLUSION We have considered the arguments raised by the Examiner in the Request, but find none of these arguments persuasive that our original Decision was in error. We have reconsidered our Decision but decline to grant the relief requested. This Decision on Examiner’s “Request for Rehearing by Examiner” and Appellants’ “Reply to Examiner’s Request for Rehearing” is deemed to incorporate our earlier Decision by reference. Appeal 2010-000894 Application 10/608,137 7 ORDER We have granted the Examiner’s request to the extent that we have reconsidered our Decision, but we deny the request with respect to making any changes therein. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). REHEARING DENIED tj Copy with citationCopy as parenthetical citation
