Ex Parte Belgaied

Board of Patent Appeals and Interferences

Mar 30, 2009

10139099 (B.P.A.I. Mar. 30, 2009)

UNITED STATES PATENT AND TRADEMARK OFFICE
____________

BEFORE THE BOARD OF PATENT APPEALS
AND INTERFERENCES
____________

Ex parte KAIS BELGAIED
____________

Appeal 2008-2370
Application 10/139,099
Technology Center 2400
____________

Decided:1 March 31, 2009
____________

Before JAMES D. THOMAS, ST. JOHN COURTENAY III,
and CAROLYN D. THOMAS, Administrative Patent Judges.
THOMAS, Administrative Patent Judge.

DECISION ON APPEAL

1 The two-month time period for filing an appeal or commencing a civil
action, as recited in 37 C.F.R. § 1.304, begins to run from the decided date
shown on this page of the decision. The time period does not run from the
Mail Date (paper delivery) or Notification Date (electronic delivery).
Appeal 2008-2370
Application 10/139,099

2
STATEMENT OF THE CASE
This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final
rejection of claims 1, 3-6, 8-10, 12-15, and 17-26. We have jurisdiction
under 35 U.S.C. § 6(b).
We Affirm.

INVENTION
By the use of software probes Appellant’s invention captures and
reports debug information regarding data transport failures in a multi-level
secure operating environment. (Spec. 14 and Abst. 24).

REPRESENTITIVE CLAIM
Below is reproduced independent claim 1:
1. A method for diagnosing transport failures of a data packet in a
multi-level secure network, said method comprising:

a) activating a software-based probe at an access control decision
point of said network in response to an activation of a first command at a
debug station, wherein said software-based probe is capable of identifying
an error message for a multi-level trusted networking error;

b) re-sending said data packet;

c) detecting a data transport failure of said data packet being
transmitted between two or more computer systems, said data transport
failure resulting from a violation of a security policy of said network;

Appeal 2008-2370
Application 10/139,099

3
d) identifying an error message in response to said data transport
failure, said identifying being facilitated by said software-based probe; and

e) displaying said error message at said debug station of said network
in response to activation of a second command at the debug station.

PRIOR ART AND EXAMINER’S REJECTION
The Examiner relies upon the following reference as evidence of
anticipation:
Guheen US 6,473,794 B1 Oct. 29, 2002
(filed May 27, 1999)

All claims on appeal, 1, 3-6, 8-10, 12-15, and 17-26 stand rejected
under 35 U.S.C. § 102(e) as being anticipated by Guheen.

Claim Groupings
Although the principal Brief treats separately independent claims 1,
10, and 19 beginning respectively at page 9 of the principal Brief, the actual
arguments presented are common among these claims focusing upon the
“activating” clauses of independent method claims 1 and 10 and the
corresponding features in system independent claim 19 relating to the
activation and deactivation of software-based probes at access controlled
decision points. No arguments are presented in the principal Brief as to any
dependent claims on appeal.

Appeal 2008-2370
Application 10/139,099

4
ISSUES
Has Appellant shown that the Examiner erred in concluding that
Guheen teaches activating a software-based probe at an access controlled
decision point among the independent claims on appeal?

FINDINGS OF FACT (FF)
1. Appellant’s recognition of the admitted prior art at Specification
pages 2 and 3 indicates that it was known in the art that information on a
network may have different levels of sensitivity and that exiting controls
tracked information so that it reached only those destinations that were
cleared for the same classification. This approach included access controls
and, particularly, label-based access controls that automatically enforced the
transfer of information such that each data packet containing a label carried
information about the classification of the data in the packet and also the
credentials or privileges of the processor source that generated the data.
Administrators were capable of determining transport failures as long as the
failure did not violate a security policy.
2. Among Guheen’s extensive, comprehensive teachings of a web-
based system, this patent comprises 177 drawings sheets (and 97 Figures)
and 295 columns; it is approximately 1.25 inches thick. Pertinent aspects
are illustrated in Figures 1, 18, 21A, 23A, 24A, 25A, 26C, 27A, 28A, 29A,
30A, 31A, 32A, 33A, 34A, 47-54, 61, 64A-64B, 65A, 88, and 89.
Appeal 2008-2370
Application 10/139,099

5
3. Guheen’s Figure 49 appears to illustrate the use of a Solaris-based
operating environment which appears comparable to that which is relied
upon by the Appellant’s disclosed invention at page 11 of the Specification
as filed. Moreover, the overall operating environment of Guheen is
considered to be a trusted environment comparable to that which is disclosed
and claimed as indicated according to the discussion at columns 294 and
295. Extensive discussions of security services illustrated in numerous of
the just-identified Figures begin at column 48.
4. The Examiner also makes reference to the discussion at the bottom
of the table at columns 17-18 under what appears to be the topic heading
“Product4 Product Suite:”
A range of security-based hardware and software that offers packet
filtering, encryption, security administration, virtual private network
and access restriction. The Product4 Product Suite includes the
following components:

Product4 Secure Net -- a complete set of products designed to
establish perimeter defense, secure intranets, secure remote access,
and secure extranets including the following:
Product4 EFS - firewall and security server software that screens
network traffic as defined by the organization's security policy. It also
acts as a high-speed encryption server to protect information going
over untrusted networks.
Product4 SPF-200 - security platform for perimeter defense and
electronic commerce. It provides stealthing to help protect an
organization from Internet attacks.
Product4 SKIP - provides encryption and key management
capabilities which enables PCs, workstations, and servers to achieve
secure/authenticated communication.
Appeal 2008-2370
Application 10/139,099

6
5. The security management tool 216 in Figure 61 is discussed briefly
at the middle of column 69 and more extensively at most of column 75 as
relied upon by the Examiner. Topics include e-mail content filtering to
enforce e-mail policy and the use of firewalls to enforce different security
policies as well. Significantly, the Examiner relies upon these teachings at
column 75, lines 21-28:
Intrusion detection--discovers and alerts administrators of intrusion
attempts. Network assessment--performs scheduled and selective
probes of the network's communication services, operating systems,
and routers in search of those vulnerabilities most often used by
unscrupulous individuals to probe, investigate, and attack your
network.

6. The Examiner has also made specific reference to column 162,
lines 50-63, which we reproduce here:
Managing hardware is all hardware directly used to manage the
environment. This includes all staging components. These
components are devoted to systems management functions. Examples
of managing hardware include management servers, management
controllers, management consoles, probes, and sniffers. One
significant component in the hardware monitoring arena is Firewall
access control policy management. Firewalls are regularly used for
network based security management. It is typically a system or group
of systems that enforce access control between two or more networks
and/or perform network data packet filtering. Usually packet filtering
router hardware and application gateways are used to block
unauthorized IP packets and enforce proxy defined user commands.

Appeal 2008-2370
Application 10/139,099

7
7. Among the Examiner’s responsive arguments beginning at the
bottom of page 13 of the Answer, the Examiner explains:
Column 162, line 53-55, Guheen discloses probes (i.e. a small utility
program that is used to investigate, or test, the status of a system,
network or Web site), sniffers (i.e. a specialized hardware device or
software in a desktop or laptop computer that captures packets
transmitted in a network for routine inspection and problem
detection). Guheen inherently teaches "a software-based probe at an
access control decision point of said network," and "activating a
software-based probe.., in response to an activation of a first
command since the presence of probe or sniffers would is used to
perform the above task.

PRINCIPLES OF LAW
Anticipation
“A claim is anticipated only if each and every element as set forth in
the claim is found, either expressly or inherently described, in a single prior
art reference.” Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d
628, 631 (Fed. Cir. 1987). Analysis of whether a claim is patentable over
the prior art under 35 U.S.C. § 102 begins with a determination of the scope
of the claim. We determine the scope of the claims in patent applications
not solely on the basis of the claim language, but upon giving claims their
broadest reasonable construction in light of the specification as it would be
interpreted by one of ordinary skill in the art. In re Am. Acad. of Sci. Tech.
Appeal 2008-2370
Application 10/139,099

8
Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). The properly interpreted claim
must then be compared with the prior art.

ANALYSIS
At the outset, we note that the Appellant’s arguments beginning at
page 2 in the Reply Brief have not been considered. The referenced pages
here (pages 5 and 6) of the Answer relate to the Examiner’s statement of the
rejection which is identical to that which was set forth in the final rejection
as to claim 1. Appellant presents arguments with respect to each element of
representative independent claim 1 beginning at page 2 of the Reply Brief,
whereas the principal Brief in this appeal limited its arguments to
corresponding features of activating the probes in the independent claims
herein. The Reply Brief sets forth new arguments that could have been
made and should have been made in the principal Brief with respect to claim
1 but, in fact, were not. Therefore, they are considered to have been waived.
The positions set forth in the Reply Brief are considered not timely.
Moreover, the Reply Brief does not in any manner address or otherwise
“reply” to the Examiner’s responsive arguments beginning at page 10 of the
Answer that were in fact made in response to the arguments Appellant made
in the principal Brief on appeal.
Appellant’s arguments at pages 9 through 11 of the principal Brief on
appeal are addressed by the Examiner at pages 11 and 12 of the Answer.
We recognize, as alleged, that Guheen’s teachings are quite comprehensive
Appeal 2008-2370
Application 10/139,099

9
as noted in our finding of fact 2. Guheen has comprehensive teachings
relating to an extensive internet-based system. Notwithstanding this,
Appellant urges that this reference and the Examiner’s specific references to
certain portions of it relate to unrelated teachings, and picking and choosing
unrelated elements of it. These positions are misplaced for the reasons set
forth by the Examiner and us. The existence of the prior art trusted network
environments, as recognized by Appellant in finding of fact 1, have been
correspondingly noted in our finding of fact 3 as well as our extensive
citation of pertinent Figures relating to the secure operating environment of
Guheen’s trusted network in finding of fact 2.
Significantly, Appellant’s contribution in the art appears to focus upon
the use of so-called probes that are software-based as indicated briefly in our
reference to the invention in the initial pages of this opinion. The ability of
an administrator to utilize similar probes has been clearly indicated by the
Examiner’s references to Guheen in findings of fact 4, 5, and 6. The Reply
Brief does not contest the Examiner’s apparent definitions of the use of
Guheen’s so-called “probes” and “sniffers” noted in finding of fact 7. The
Examiner’s reliance upon the teachings we noted in findings of fact 4-6
indicate to the artisan that security within the entire network of Guheen is
based upon an organization’s security policy for its network. Based upon
our review of the evidence before us, we find that artisans would have
utilized the management consoles briefly mentioned at finding of fact 6 to
Appeal 2008-2370
Application 10/139,099

10
effect the administrator’s need to make the network secure by using probes
and sniffers to monitor its security.

CONCLUSION OF LAW
Appellant has not shown that the Examiner erred in finding that
Guheen teaches activation of software-based probes to access control
decision points to monitor violations of security policies of the network as
set forth in independent claims 1, 10, and 19 on appeal.

DECISION
The Examiner’s rejection of claims 1, 3-6, 8-10, 12-15, and 17-26
under 35 U.S.C. § 102(e) is affirmed.
No time period for taking any subsequent action in connection with
this appeal may be extended under 37 C.F.R. § 1.136(a).

AFFIRMED

rwk

MARTINE PENILLA & GENCARELLA, LLP
710 LAKEWAY DRIVE
SUITE 200
SUNNYVALE, CA 94085