The Boeing CompanyDownload PDFPatent Trials and Appeals BoardMar 15, 20212019006793 (P.T.A.B. Mar. 15, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/043,623 02/15/2016 Jai Joon Choi 12-1135-US-CNT 1094 63759 7590 03/15/2021 DUKE W. YEE YEE & ASSOCIATES, P.C. P.O. BOX 6669 MCKINNEY, TX 75071 EXAMINER TAYLOR, SAKINAH W ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 03/15/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): patentadmin@boeing.com ptonotifs@yeeiplaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte JAI JOON CHOI, BRIAN CHRISTOPHER GRUBEL, and DION STEPHEN DAVID REID ____________ Appeal 2019-006793 Application 15/043,623 Technology Center 2400 ____________ Before KARA L. SZPONDOWSKI, SCOTT B. HOWARD, and STEVEN M. AMUNDSON, Administrative Patent Judges. SZPONDOWSKI, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s Final Rejection of claims 1, 3–7, and 21–34, which constitute all of the claims pending in this application. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies the real party in interest as The Boeing Company. Appeal Br. 2. Appeal 2019-006793 Application 15/043,623 2 STATEMENT OF THE CASE Appellant’s invention relates “generally to identifying and managing network security vulnerabilities and, in particular, to ranking potential attack paths to networks by likelihood of attack based on probability analysis and consideration of non-quantitative factors.” Spec. ¶ 1. Claim 1, reproduced below, is representative of the claimed subject matter: 1. A computer-implemented method for discovering network attack paths comprising: generating scoring system results, using a computer, based on analysis of vulnerabilities of nodes in a computer network configuration, wherein the scoring system results are a quantitative assessment of severities of computer system security vulnerabilities of the nodes in the computer network; applying, using the computer, a Bayesian probability model to the scoring system results to provide probabilities of attack paths into the computer network, wherein the Bayesian probability model includes conditional dependency probability tables reflecting dependencies between risks associated with different nodes in the computer network; and combining, using the computer, qualitative input with both the scoring system results and the probabilities of attack paths, wherein by combining an output is formed; applying, using the computer, a weighted-average algorithm to the output to yield at least one ranking of nodes in the computer network in order of likelihood of targeting by an external attacker. REJECTIONS ON APPEAL Claims 1, 4, 24, 25, 27, and 34 stand rejected under 35 U.S.C. § 103 as unpatentable over Chong et al. (US 6,907,430 B2; issued June 14, 2005) (“Chong”) and Swinburne (WO 2010/042979 A1; published April 22, 2010). Final Act. 9. Appeal 2019-006793 Application 15/043,623 3 Claims 3, 7, 21, 26, 30, and 31 stand rejected under 35 U.S.C. § 103 as unpatentable over Chong, Swinburne, and Cohen et al. (US 2005/0193430 A1; published September 1, 2005) (“Cohen”). Final Act. 15. Claims 5 and 28 stand rejected under 35 U.S.C. § 103 as unpatentable over Chong, Swinburne, and Chen (US 2011/0295903 A1; published December 1, 2011). Final Act. 17–18. Claims 6 and 29 stand rejected under 35 U.S.C. § 103 as unpatentable over Chong, Swinburne, and Downs et al. (US 2013/0325769 A1; published December 5, 2013) (“Downs”). Final Act. 19. Claims 22, 23, 32, and 33 stand rejected under 35 U.S.C. § 103 as unpatentable over Chong, Swinburne, and Swiler et al. (US 7,013,395 B1; issued March 14, 2006) (“Swiler”). Final Act. 20–21. ANALYSIS Dispositive issue: Did the Examiner err in finding that the combination of Chong and Swinburne teaches or suggests “applying, using the computer, a weighted-average algorithm to the output to yield at least one ranking of nodes in the computer network in order of likelihood of targeting by an external attacker” as recited in independent claim 1 and commensurately recited in independent claim 25? The Examiner relies on Chong to teach the disputed limitation. Final Act. 11–12 (citing Chong 3:50–54, 4:49–57, 8:17–31, 8:51–60). Specifically, the Examiner finds that Chong’s “data averaging or aggregating, as well as the other ‘additional/necessary data processing’” that are “applied to the input data provided from different data sources” to assess Appeal 2019-006793 Application 15/043,623 4 “different probabilities of different hypotheses” teaches the disputed limitation. Ans. 8 (citing Chong 7:20–35, 10:14–21, 2:59–67). Appellant contends that Chong’s weighted algorithm (“data averaging”) “is applied to the input data provided from the different data sources” rather than to the output formed by combining qualitative input with scoring system results and probabilities of attack paths, as claimed. Appeal Br. 11–12. According to Appellant, the Examiner “explicitly acknowledges that Chong’s ‘averaging. . . is applied to the input data,’ in clear contradiction of the” claims. Reply Br. 4. We are persuaded by Appellant’s arguments. Chong is generally directed to “assessing activities within a computer network using Bayesian networks to, for example, detect attacks on the computer network, characterize and assess the nature and objectives of the attacks, and assess the vulnerability and security state of the computer network.” Chong 1:10– 14. Chong discloses a flowchart, including a first step of collecting data, a second step of managing the collection of data, and a third step of establishing a model, such as a Bayesian network, using the collection of data. See id. at Fig. 1 (steps 105, 110, 115); 1:59–61; 2:9–11; 3:55–56, 66– 67, 3:59–60. The step of managing the collection of data (step 110 in Figure 1), states that the “data can also be processed to match the format of the data with that required by the models,” and that “[a]ny necessary data processing can be performed on the data, such as, for example, aggregating or averaging the data.” Id. at 3:48–52. Then, the Bayesian network may “compute posterior probabilities such as, for example, the probability of the attacker type given the evidence (i.e., P(Attacker Type|Evidence))” using “the collection of data corresponding to events occurring within the computer Appeal 2019-006793 Application 15/043,623 5 network.” Id. at 5:56–62. In other words, Chong teaches aggregating or averaging the collected data in order to use the data to compute probabilities. Therefore, we agree with Appellant that the Examiner does not make sufficient findings that Chong teaches applying a weighted-average algorithm to the output, as claimed. Rather, as the Examiner acknowledges, Chong’s data averaging and aggregation is applied to the input data. See Ans. 8. Because we agree with at least one of the arguments advanced by Appellant, we need not reach the merits of Appellant’s other arguments. Accordingly, on this record, we do not sustain the Examiner’s 35 U.S.C. § 103 rejections of independent claims 1 and 25, and dependent claims 3–7, 21–24, and 26–34. CONCLUSION We reverse the Examiner’s rejections of claims 1, 3–7, and 21–34 under 35 U.S.C. § 103. In summary: Claims Rejected 35 U.S.C. § Reference(s)/ Basis Affirmed Reversed 1, 4, 24, 25, 27, 34 103 Chong, Swinburne 1, 4, 24, 25, 27, 34 3, 7, 21, 26, 30, 31 103 Chong, Swinburne, Cohen 3, 7, 21, 26, 30, 31 5, 28 103 Chong, Swinburne, Chen 5, 28 Appeal 2019-006793 Application 15/043,623 6 Claims Rejected 35 U.S.C. § Reference(s)/ Basis Affirmed Reversed 6, 29 103 Chong, Swinburne, Downs 6, 29 22, 23, 32, 33 103 Chong, Swinburne, Swiler 22, 23, 32, 33 Overall Outcome 1, 3–7, 21– 34 REVERSED Copy with citationCopy as parenthetical citation