International Business Machines Corporation

Patent Trials and Appeals BoardMar 28, 2022

2021000905 (P.T.A.B. Mar. 28, 2022)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/872,116 01/16/2018 Dmitri Dodor P201701940US01 8812 63608 7590 03/28/2022 David H. Judson Law Office of David H. Judson 7244 N. Janmar Drive Dallas, TX 75230 EXAMINER TRAN, TONGOC ART UNIT PAPER NUMBER 2434 NOTIFICATION DATE DELIVERY MODE 03/28/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): mail@davidjudson.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte DMITRI DODOR and LEONID RODNIANSKY Appeal 2021-000905 Application 15/872,116 Technology Center 2400 Before JOSEPH L. DIXON, JAMES R. HUGHES, and LARRY J. HUME, Administrative Patent Judges. HUGHES, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Claims 8-22 are pending, stand rejected, are appealed by Appellant, and are the subject of our decision under 35 U.S.C. § 134(a).1 See Final Act. 1-2; Appeal Br. 1.2 We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 “Appellant” refers to “applicant” as defined in 37 C.F.R. § 1.42 (2019). Appellant identifies the real party in interest as International Business Machines Corporation (“IBM”). Appeal Br. 1. 2 We refer to Appellant’s Specification (“Spec.”), filed Jan. 16, 2018; Appeal Brief (“Appeal Br.”), filed July 6, 2020; and Reply Brief (“Reply Br.”), filed Nov. 17, 2020. We also refer to the Examiner’s Final Office Action (“Final Act.”), mailed Feb. 7, 2020; and Answer (“Ans.”), mailed Sept. 17, 2020. Appeal 2021-000905 Application 15/872,116 2 CLAIMED SUBJECT MATTER The claimed subject matter, according to Appellant, “relates generally to securing resources in a distributed computing environment and, in particular, to the protection and auditing of file systems.” Spec. 1:6-7. More specifically, Appellant’s claimed subject matter is directed to systems, computer program products, and apparatuses for implementing database access control, including a processor in cooperation with a database access control system operative execute instructions for database access control. The database access control system associated with database servers that share an access policy. The computer program instructions include program code for receiving a copy of a database access request provided by a client (to a particular server of the database servers that share the access policy) and a response to the database access request served to the client by the particular database server. The computer program instructions also include program code for analyzing the received response against the access policy. The computer program instructions further include program code that automatically generates a new access policy when it is determined that the response violates the access policy. Additionally, the computer program instructions include program code that propagates the new access policy, in real-time, to at least one other (different) database server (of the database servers that share the access policy). See Spec. 3:3-4:2; Abstr. Claim 8 (directed to an apparatus), claim 15 (directed to a computer program product), and claim 22 (directed to a system) are independent. Claim 8, reproduced below, is illustrative of the claimed subject matter: Appeal 2021-000905 Application 15/872,116 3 8. An apparatus, comprising: a processor; computer memory holding computer program instructions operative in association with a database access control system, the database access control system being associated with a set of database servers that share an access policy, the computer program instructions comprising: program code configured to receive from a given one of the database servers a copy of a database access request issued by a client, together with a response to that database access request that was served to the client by the given one of the database servers; program code configured to analyze the response against the access policy; program code configured to automatically generate a new access policy upon a determination that the response includes a violation of the access policy; and program code configured to propagate the new access policy, in real-time, to one or more other database servers in the set for instantiation on the one or more other database servers. Appeal Br. 19 (Claims App.). REFERENCES The prior art relied upon by the Examiner as evidence is: Name Reference Date Moriconi et al. (“Moriconi”) US 2003/0115484 A1 June 19, 2003 Anderson et al. (“Anderson”) US 2011/0125894 A1 May 26, 2011 Appeal 2021-000905 Application 15/872,116 4 REJECTION3, 4 The Examiner rejects claims 8-22 under 35 U.S.C. § 103 as being as being unpatentable over Moriconi and Anderson. See Final Act. 9-12. RELATED APPEAL Appellant indicates that the instant appeal “may be related to” an Appeal filed for a related patent application, U.S. Patent Application No. 16/457,937 (“’937 Appl.”). See Appeal Br. 1. The appeal for the ’937 Appl. was assigned Appeal No. 2019-000909, and the instant Appeal is related to Appeal No. 2021-000909 (“the ’909 Appeal”). In the ’909 Appeal, Appellant references the instant application and appeal. See Appeal Brief for the ’909 Appeal (dated July 6, 2020) at 1. The scope of the claims in the instant application are substantially similar to the at-issue claims in the ’937 Appl. A decision in the ’909 Appeal is still pending. ANALYSIS Obviousness Rejection of Claim 8 The Examiner rejects claim 8 (as well as independent claims 15 and 22, and dependent claims 9-14 and 16-21) as being obvious in view of 3 The Leahy-Smith America Invents Act (“AIA”), Pub. L. No. 112-29, 125 Stat. 284 (2011), amended 35 U.S.C. § 103. Because the present application has an effective filing date after the AIA’s effective date (March 16, 2013), this decision refers to 35 U.S.C. § 103. 4 The Examiner also rejected claims 8-22 on the grounds of non-statutory obviousness-type double patenting (“OTDP”) over claims 1-7 of co-pending US 16/457,937. See Final Act. 7-8. Appellant filed a terminal disclaimer on May 6, 2020. Therefore, the OTDP rejection has been rendered moot. See Appeal Br. 2. We do not address this rejection. Appeal 2021-000905 Application 15/872,116 5 Moriconi and Anderson. See Final Act. 9-10; Ans. 6-12. Specifically, the Examiner relies on Moriconi for teaching most of the features of Appellant’s claim 8, including: receiving a copy of a database access request made by a client to a set of database servers as well as a response to that database access request that was served to the client from a given one of the database servers, and analyzing the response against a shared database access policy. See Final Act. 9-10 (citing Moriconi ¶¶ 24, 25, 68, 69); Ans. 6-12 (citing Moriconi ¶¶ 8, 10, 19). The Examiner relies on Anderson for teaching automatically generating a new access policy when it is determined that the response violates the shared access policy, and propagating the new access policy in real time. See Final Act. 10 (citing Anderson ¶ 12); Ans. 10-12 (citing Anderson ¶¶ 12, 18). Appellant contends that Moriconi and Anderson do not teach the disputed limitations of claim 8. See Appeal Br. 5-14; Reply Br. 1-5. Specifically, Appellant contends, inter alia, the Examiner-cited portions of Moriconi do not disclose, teach, or suggest the features of “program code configured to receive from a given one of the database servers a copy of a database access request issued by a client, together with a response to that database access request that was served to the client by the given one of the database servers” and “program code configured to analyze the response against the access policy” (claim 8). See Appeal Br. 7-11; Reply Br. 1-3. As articulated by the Federal Circuit, the Examiner’s burden of proving non-patentability is by a preponderance of the evidence. See In re Caveney, 761 F.2d 671, 674 (Fed. Cir. 1985) (“[P]reponderance of the evidence is the standard that must be met by the PTO in making rejections”). “A rejection based on section 103 clearly must rest on a factual basis[.]” In Appeal 2021-000905 Application 15/872,116 6 re Warner, 379 F.2d 1011, 1017 (CCPA 1967). “The Patent Office has the initial duty of supplying the factual basis for its rejection. It may not . . . resort to speculation, unfounded assumptions or hindsight reconstruction to supply deficiencies in its factual basis.” Id. We conclude the Examiner’s analysis fails to meet this standard because the rejection does not adequately explain the Examiner’s findings of fact. We agree with Appellant that the Examiner has not persuasively shown that the combination of Moriconi and Anderson describes the features of receiving a response (database access request response-i.e., a determination to grant or deny access) and analyzing the response against a shared access policy as set forth in claim 8. See Appeal Br. 7-11; Reply Br. 1-3. As pointed out in detail by Appellant, the Examiner-cited portions of Moriconi (see Moriconi ¶¶ 8, 10, 19, 24, 25, 68, 69) merely describe generalized authentication and resource-level authorization. See Reply Br. 2-3. The Examiner has not provided a detailed claim construction or mapping of the features of Appellant’s claims to the disclosures in Moriconi. The Examiner has also not sufficiently explained how the cited portions of Moriconi would have taught or suggested the features to one of ordinary skill in the art. “When a reference is complex or shows or describes inventions other than that claimed by the applicant, the particular part relied on must be designated as nearly as practicable. The pertinence of each reference, if not apparent, must be clearly explained and each rejected claim specified.” 37 C.F.R. §1.104(c)(2). Here, the Examiner has not provided the requisite mapping or a sufficient explanation of the pertinence of the cited portions of the prior art. Appeal 2021-000905 Application 15/872,116 7 For example, the Examiner has not clearly mapped any disclosure in Moriconi to receiving a response and analyzing that response with respect to a shared database access policy, or explained how “the combination of [Moriconi’s] authentication” with “[Moriconi’s resource-level] authorization . . . are provided at the authentication process and analysis of the request and response is analyzed and verified against the access policy at the authorization process.” Ans. 10; see Final Act. 9-10; Ans. 6-12. Consequently, we are constrained by the record before us to find that the Examiner erred in finding that the combination of Moriconi and Anderson renders obvious Appellant’s claim 8. Independent claims 15 and 22 include limitations of commensurate scope. Claims 9-14 and 16-21 depend from and stand with their respective base claims. Thus, we do not sustain the Examiner’s obviousness rejection of claims 8-22. CONCLUSION Appellant has shown that the Examiner erred in rejecting claims 8-22 as being obvious under 35 U.S.C. § 103. We, therefore, do not sustain the Examiner’s rejection of claims 8-22. DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § References/Basis Affirmed Reversed 8-22 103 Moriconi, Anderson 8-22 REVERSED