CA, INC.Download PDFPatent Trials and Appeals BoardFeb 25, 20212019006360 (P.T.A.B. Feb. 25, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/454,150 08/07/2014 Kieron John James Connelly 7100-26200 4275 140181 7590 02/25/2021 SHOOK, HARDY & BACON L.L.P. (CA TECHNOLOGIES) INTELLECTUAL PROPERTY DEPARTMENT 2555 GRAND BOULEVARD KANSAS CITY, MO 64108-2613 EXAMINER NGUYEN, ANH ART UNIT PAPER NUMBER 2454 NOTIFICATION DATE DELIVERY MODE 02/25/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): bparkerson@shb.com shbdocketing@shb.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte KIERON JOHN JAMES CONNELLY, ANIVELLA VENKATA SATYA SAI NARSIMHA SUBRAHMANYA SUDHAKAR, STEVEN M. ISENBERG, MIRIAN MINOMIZAKI SATO, and DAOCHENG CHEN ____________ Appeal 2019-006360 Application 14/454,150 Technology Center 2400 ____________ Before JOHN A. JEFFERY, LARRY J. HUME, and CATHERINE SHIANG, Administrative Patent Judges. SHIANG, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1, 3–14, and 16–23, which are all the claims pending and rejected in the application. We have jurisdiction under 35 U.S.C. § 6(b). We reverse. 1 We use “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies CA, Inc. as the real party in interest. Appeal Br. 3. Appeal 2019-006360 Application 14/454,150 2 STATEMENT OF THE CASE Introduction The disclosed and claimed invention relates to “identifying and addressing unauthorized changes to network elements in a network environment.” Spec. ¶ 1. Methods of managing an information technology (IT) infrastructure include detecting by a configuration management system an unauthorized change to one of a plurality of network elements, determining by the configuration management system that the unauthorized change to the one of the plurality of network elements creates a risk condition to an operation of one of the services provided by the IT infrastructure, and initiating an action to remedy the unauthorized change in response to determining that the unauthorized change to the one of the plurality of network elements creates the risk condition to the operation of one of the services provided by the IT infrastructure. Abstract. Claim 1 is exemplary: 1. A method of managing an information technology (IT) infrastructure comprising a plurality of interconnected network elements that are configured to provide services to clients of the IT infrastructure, a configuration management system that manages elements of the IT infrastructure, and a service management system that monitors operation of services provided by the IT infrastructure, wherein the services are provided by operation of application programs running on application servers in the IT infrastructure, the method comprising: detecting by the configuration management system an unauthorized change to a security policy configuration of one of the plurality of network elements; determining by the configuration management system that the unauthorized change to the security policy configuration of the one of the plurality of network elements creates a risk condition to a security of operation of one of the services provided by the IT infrastructure, wherein the one of Appeal 2019-006360 Application 14/454,150 3 the services provided by the IT infrastructure is provided by an application program operating on a server in the IT infrastructure that is different from the one of the plurality of network elements; initiating by the configuration management system an action to remedy the unauthorized change in response to determining that the unauthorized change to the one of the plurality of network elements creates the risk condition to the security of the operation of one of the services provided by the IT infrastructure; determining by the configuration management system the identity of the one of the services provided by the IT infrastructure that utilizes the one of the plurality of network elements; and halting operation of the application program that provides the identified one of the services in response to determining that the unauthorized change to the one of the plurality of network elements creates the risk condition to the security of the operation of the one of the services. Appeal 2019-006360 Application 14/454,150 4 References and Rejections2 Claims Rejected 35 U.S.C. § References 1, 3, 6, 17, 20–23 103 Lecheler (US 2009/0217382 A1, Aug. 27, 2009), Jain (US 9,710,626 B2, July 18, 2017) 4, 19 103 Lecheler, Jain, Schroeder (US 2010/0304715 A1, Dec. 2, 2010) 7–10, 12– 14 103 Lecheler, Jain, Haag (US 2014/0201732; July 17, 2014) 5, 18 103 Lecheler, Jain, Paltenghe (US 2011/0167011 A1, July 7, 2011) 11 103 Lecheler, Jain, Sinha (US 2012/0117209 A1, May 10, 2012) 16 103 Lecheler, Jain, Brueckner (US 8,839,426 B1, Sept. 16, 2014) ANALYSIS3 We have reviewed the Examiner’s rejection in light of Appellant’s contentions and the evidence of record. We concur with Appellant’s contentions that the Examiner erred in finding the cited portions of Lecheler teach “determining . . . the unauthorized change to the security policy configuration of the one of the plurality of network elements creates a risk condition to a security of operation of one of the services provided by the IT infrastructure,” as recited in independent claim 1 (emphasis added). See Appeal Br. 10–12. The Examiner finds Lecheler’s “[u]nauthorized change to the security configuration file of the router . . . correspond[s] to [an] unauthorized change 2 Throughout this opinion, we refer to the (1) Final Office Action dated November 26, 2018 (“Final Act.”); (2) Appeal Brief dated March 8, 2019 (“Appeal Br.”); and (3) Examiner’s Answer dated May 21, 2019 (“Ans.”). 3 Appellant raises additional arguments. Because the identified issue is dispositive of the appeal, we do not address the additional arguments. Appeal 2019-006360 Application 14/454,150 5 to the security policy configuration of the one of the plurality of network elements.” Ans. 5 (emphasis omitted). The Examiner cites Lecheler’s “baseline configuration file” for teaching the claimed “services provided by the IT infrastructure” and finds “[p]aragraphs 0025-0026 teach when an unauthorized change has been made to the field configuration file of the router, the unauthorized change in the field configuration file will creates a risk condition in operation of the baseline configuration file of the network system.” Ans. 5; see also Final Act. 7. We disagree. Lecheler describes baseline configuration files as “the original security configurations or the authorized updated security configurations for the routers 220a-c” and “[t]he baseline configuration files for each of the routers 220a-c are archived to provide a back-up for the field configuration files and a standard used to detect unauthorized changes to the field configuration files.” Lecheler ¶ 23 (emphasis added). Consistent with the above description, Lecheler describes “perform[ing] comparison of a baseline configuration file to a corresponding field configuration file” to determine whether changes are appropriate: Application of the target-delta file as described above assumes that the field configuration files of the routers 220a-c match the baseline configuration files (e.g., the original state). To confirm this is true, the intelligent delta tool 236 is configured to compare data blocks of the baseline configuration file with corresponding data blocks of the field configuration file and generate a field-delta file that represents functional differences therebetween. If the two configurations are functionally equivalent, the change may proceed using the target-delta file. If not, an unauthorized change has been made to the field configuration file and an alarm condition is raised. The field configuration file is then reviewed to determine the unauthorized changes. The review may be performed manually. Appeal 2019-006360 Application 14/454,150 6 In the second case noted above where an unauthorized attacker has made changes, the intelligent delta tool 236 performs a comparison of a baseline configuration file to a corresponding field configuration file. If changes are detected, an alarm is raised that indicates the need for further investigation. In order to detect unauthorized changes, the configuration monitor 238 may direct the intelligent delta tool 236 to compare the original and field configurations files periodically. Lecheler ¶¶ 25–26 (emphases added). Therefore, the Examiner’s finding that “Paragraphs 0025-0026 teach when an unauthorized change has been made to the field configuration file of the router, the unauthorized change in the field configuration file will creates a risk condition in operation of the baseline configuration file of the network system” (Ans. 5) is not supported by Lecheler. Indeed, such unsupported finding would defeat the purpose of the baseline configuration files, which are “archived to provide a back-up for the field configuration files.” Lecheler ¶ 23. Because the Examiner fails to provide sufficient evidence or explanation to support the rejection, we are constrained by the record to reverse the Examiner’s rejection of independent claim 1, and independent claim 20 for similar reasons. We also reverse the Examiner’s rejection of corresponding dependent claims 3–14, 16–19, and 21–23. Although the Examiner cites additional references for rejecting some dependent claims, the Examiner has not shown the additional references overcome the deficiency discussed above in the rejection of claim 1. Appeal 2019-006360 Application 14/454,150 7 CONCLUSION We reverse the Examiner’s decision rejecting claims 1, 3–14, and 16– 23 under 35 U.S.C. § 103. In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1, 3, 6, 17, 20–23 103 Lecheler, Jain 1, 3, 6, 17, 20– 23 4, 19 103 Lecheler, Jain, Schroeder 4, 19 7–10, 12– 14 103 Lecheler, Jain, Haag 7–10, 12–14 5, 18 103 Lecheler, Jain, Paltenghe 5, 18 11 103 Lecheler, Jain, Sinha 11 16 103 Lecheler, Jain, Brueckner 16 Overall Outcome 1, 3–14, 16–23 REVERSED Copy with citationCopy as parenthetical citation