Amazon Technologies, Inc.Download PDFPatent Trials and Appeals BoardOct 19, 20212020003504 (P.T.A.B. Oct. 19, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/574,183 12/17/2014 Eric Jason Brandwine SEAZN.452C1 4801 79502 7590 10/19/2021 Knobbe, Martens, Olson & Bear, LLP (SEAZN) AMAZON TECHNOLOGIES, INC. 2040 Main Street Fourteenth Floor Irvine, CA 92614 EXAMINER AN, MENG AI T ART UNIT PAPER NUMBER 2195 NOTIFICATION DATE DELIVERY MODE 10/19/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): SEAZN.Admin@knobbe.com efiling@knobbe.com jayna.cartee@knobbe.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ERIC JASON BRANDWINE and DONALD L. BAILEY, JR. Appeal 2020-003504 Application 14/574,183 Technology Center 2100 Before MAHSHID D. SAADAT, MARC S. HOFF, and JENNIFER L. McKEOWN, Administrative Patent Judges. SAADAT, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1–20. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word Appellant to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies the real party in interest as Amazon Technologies, Inc. Appeal Br. 3. Appeal 2020-003504 Application 14/574,183 2 CLAIMED SUBJECT MATTER The claims are directed to managing virtual machine instances and other programmatically controlled networks by managing security assessments and assessing vulnerabilities at varying levels of granularity and sophistication when a suspicious event or triggering activity is detected of hosted virtual machine. See Spec. 44 (Abstract). Claim 1, reproduced below, illustrates the claimed subject matter: 1. A computer implemented method for managing a virtual machine network comprising: detecting an execution activity associated with execution of a virtual machine instance or a request for executing an execution activity on the virtual machine instance, wherein the execution activity is related to execution on an already fully- instantiated virtual machine instance; determining an execution security assessment event from a plurality of execution security assessment events based, at least in part, on the detected execution activity or requested execution activity; and causing performance of a security assessment on the virtual machine instance based, at least in part, on the determined execution security assessment event and based on at least one respective assessment preference. Appeal Br. 18 (Claims App.). REFERENCES The prior art relied upon by the Examiner is: Name Reference Date Palnitkar US 2009/0119776 A1 May 7, 2009 Protas US 2010/0175108 A1 July 8, 2010 Schuba US 2010/0251238 A1 Sept. 30, 2010 Brandwine US 8,918,785 B1 Dec. 23, 2014 Appeal 2020-003504 Application 14/574,183 3 REJECTIONS2 Claims 1–14 and 17–19 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Protas and Schuba. Final Act. 8–14. Claims 15, 16, and 20 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Protas, Schuba, and Palnitkar. Final Act. 14–16. OPINION We have reviewed the rejection in light of Appellant’s arguments that the Examiner erred. For the reasons explained below, we concur with Appellant’s arguments concerning unpatentability under § 103. We add the following to address and emphasize specific findings and arguments. Appellant contends that the Examiner erred because the combination of Protas with Schuba does not teach or suggest claim 1 feature of “determining an execution security assessment event from a plurality of execution security assessment events based, at least in part, on the detected execution activity or requested execution activity” and “causing performance of a security assessment on the virtual machine instance based, at least in part, on the determined execution security assessment event and based on at least one respective assessment preference.” Appeal Br. 9. Appellant specifically argues that “Protas teaches or suggests only one response to detecting an initiation signal: It restricts the virtual machine’s network access and scans it for known vulnerabilities.” Id. at 11. According to Appellant, the cited portions of Protas discloses that “the virtual machine 2 The rejection of claims 1, 10, and 17 on the ground of nonstatutory double patenting over Brandwine and Schuba, see Final Act. 5–8, is not addressed by this panel because the rejection appears to have been withdrawn by the Examiner as the rejection is not repeated in the Answer. Appeal 2020-003504 Application 14/574,183 4 signals ‘various events’ (Protas, ¶ [0048]), but the events monitored by the vulnerability assessment system of Protas do not individually correspond to security assessment events.” Id. at 12 (citing Protas ¶ 48). With respect to Schuba, Appellant argues that “Schuba is cited solely for the alleged teaching ‘wherein the execution activity is related to execution on an already fully-instantiated virtual machine instance,’ and does not contain any teachings or suggestions with regard to security assessment events.” Id. In response, the Examiner explains that “the initial signal 74 represents two distinct scenario and carries two different information 1) when the VM is started and 2) when the VM is resumed, thereby teaching a plurality of events rather than just a single event.” Ans. 4–5 (emphasis omitted). According to the Examiner, the disclosure in paragraphs 47 and 48 of Protas teaches status variables and signaling various events indicating that “the initiation signal 74 indicates plurality of events such as startup and resume of virtual machine.” See id. at 5–6. Regarding the distinction between “events” and “execution security assessment events,” the Examiner responds by explaining that: Examiner previously cited paragraph [sic] [0048]–[0050] to provide more context to the paragraph [0047] that was more specifically cited in the Office Action. The “events” in paragraph [0048] that is communicated by the virtual machine manager 72 is an indicator that allows the determination that the virtual machine 52 is started or resumed. That is, the determinations that the VM is started or resumed based on the “events” or indicators correspond to the claimed execution security assessment events, and these would not generate false positives during the execution of the virtual machine instances as Appellant alleges because such execution security assessment events are meant to trigger and cause performance Appeal 2020-003504 Application 14/574,183 5 of the security assessment which is consistent with the instant invention as claimed. Id. at 7 (emphasis omitted). We find that Protas discloses a virtual machine architecture where an initiation signal is intercepted and various indicators are activated by the guest operating system when the virtual machine is started or resumed. Protas ¶ 47. A vulnerability assessment system detects those indicators and restricts connection until a scanning engine is activated. Id. at ¶¶ 48, 52, 53. However, neither of the cited passages in Protas discloses or suggests that an execution assessment even is determined based on a detected execution activity or event. The only disclosure of any execution security assessment event based on a detected event by Protas is restricting the network connection and activating the scanning engine to test for vulnerabilities. See id. at ¶ 53. The Examiner’s assertion that “the determinations that the VM is started or resumed based on the ‘events’ or indicators correspond to the claimed execution security assessment events,” Ans. 7 (emphasis omitted), is not supported by evidence. As stated by Appellant, claim 1 requires detecting an execution activity and determining an execution security assessment event based on the detected execution activity. See Reply Br. 5. The Examiner has not identified any teachings in Protas or Schuba, or other applied references, to support the assertion that Protas’ vulnerability assessment system determines any subsequent action based on a detected event. That is, even if start or resume functions trigger the system to detect an execution activity, the Examiner has not explained how the security assessment event corresponds to the activity. Appeal 2020-003504 Application 14/574,183 6 Conclusion For the above reasons, we agree with Appellant that the Examiner’s proposed combination of Protas with Schuba does not teach or suggest the recited features of claim 1. The Examiner has not identified any teachings in the other applied prior art references to cure the above-identified deficiencies. Therefore, Appellant’s arguments have persuaded us of error in the Examiner’s position with respect to the rejections of independent claim 1, other independent claims which recite similar limitations (see claims 10 and 17), as well as the remaining claims dependent therefrom. See Appeal Br. 18–20 (Claims App.). DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1–14, 17–19 103 Protas, Schuba 1–14, 17–19 15, 16, 20 103 Protas, Schuba, Palnitkar 15, 16, 20 Overall Outcome 1–20 REVERSED Copy with citationCopy as parenthetical citation