Ex Parte Bookbinder et alDownload PDFPatent Trial and Appeal BoardDec 12, 201411157774 (P.T.A.B. Dec. 12, 2014) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/157,774 06/21/2005 James B. Bookbinder 7785-25 (IP1007) 8515 92384 7590 12/12/2014 AT&T Legal Department - G&G Attention: Patent Docketing Room 2A-207 One AT&T Way Bedminster, NJ 07921 EXAMINER HOMAYOUNMEHR, FARID ART UNIT PAPER NUMBER 2495 MAIL DATE DELIVERY MODE 12/12/2014 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte JAMES B. BOOKBINDER, JON PADEN, ANTONIO GREEN, DAWN STEELE, and JOE GARCIA ____________ Appeal 2012-000819 Application 11/157,774 Technology Center 2400 ____________ Before ELENI MANTIS MERCADER, CARL W. WHITEHEAD JR., and JASON V. MORGAN, Administrative Patent Judges. MANTIS MERCADER, Administrative Patent Judge. DECISION ON APPEAL Appeal 2012-000819 Application 11/157,774 2 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from a final rejection of claims 1, 7, 9, 15, and 21–36. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. THE INVENTION Appellants’ claimed invention is directed to processor programmed to monitor (302) the communication network for the effects of malicious software, detect (304) a suspected malicious event, record (306) the suspected malicious event, restrict (308) Internet access to one or more customers suspected of having infected terminal equipment interrupting service of the communication network, and notify (310) one or more customers of the restricted Internet access. Abstract. Independent claim 1, reproduced below, is representative of the subject matter on appeal. 1. A non-transitory computer-readable storage medium for managing a communication network, the storage medium comprising computer instructions for: monitoring activity of network elements of the communication network for effects of malicious software, the network elements being service provider devices coupled with terminal equipment of a group of customers; detecting a suspected malicious event based on the monitored activity of the network elements; recording the suspected malicious event as alert information in a customer relationship management system; restricting Internet access to at least one customers of the group of customers suspected of having infected terminal equipment interrupting service of the communication network based on the detecting of the suspected malicious event; Appeal 2012-000819 Application 11/157,774 3 notifying the at least one customer of the restricted Internet access; receiving a call from a calling customer of the at least one customer using an interactive voice response system for interacting with the calling customer; determining if the terminal equipment of the calling customer is a source of the suspected malicious event; and providing the calling customer at least one option to remedy the suspected infected terminal equipment of the calling customer, the at least one option comprising instructions for selecting a software solution to remove the suspected malicious software from the infected terminal equipment of the calling customer, wherein when the calling customer initiates self-help actions by downloading virus protection software to remove the suspected malicious software and subsequently submits a request through the interactive voice response system to remove the restricted access, the restricted access is removed on a probationary basis by observing future behaviors of the infected terminal equipment before completely removing the alert information recorded in the customer relationship management system. REFERENCES and REJECTIONS The Examiner rejected claims 1, 7, 9, 15, and 21–36 under 35 U.S.C. § 103 as unpatentable over Kidron (U.S. Patent Application 2003/0200464 A1, Oct. 23, 2003) in view of Liang (U.S. Patent Application 2003/0105973 A1, June 5, 2003) and further in view of Schneier (U.S. Patent Application 2002/0087882 A1, July 4, 2002) and Tovander (U.S. Patent No. 6,715,083 B1, Mar. 30, 2004). ISSUE The pivotal issue is whether Kidron teaches the limitation of “monitoring activity of network elements of the communication network for Appeal 2012-000819 Application 11/157,774 4 effects of malicious software, the network elements being service provider devices coupled with terminal equipment of a group of customers” as recited in claim 1. ANALYSIS Appellants argue that the local terminal devices of Kidron embedded with pattern recognition processors perform the monitoring activity of the local terminal devices, which is different than the claimed monitoring activity of effects of malicious software being performed by “network elements being service provider devices coupled with terminal equipment of a group of customers” as recited in claim 1 (App. Br. 8–10). In particular, Appellants argue that Kidron’s local terminal devices do not constitute network elements (App. Br. 9–10, 16–18). We do not agree with Appellants’ arguments. We adopt the Examiner’s findings and conclusions in the Answer and we add the following primarily for emphasis. We agree with the Examiner’s finding (Ans. 12), that Kidron’s Figure 2A shows a group of local machines connected to a cluster manager, which collects alerts from local machines, and sends them to the server (¶ 46). This cluster manager is also a local machine (¶ 46 and Fig. 2A), and therefore is monitored for its own activities (Ans. 12). Therefore, the “Local Machine and Cluster Manager” of Kidron is a service providing device (as it serves its own client, sends alerts from other machines to the server, and is part of the enterprise), and it is connected to the terminal equipment of a group of customers (i.e., other local machines, as shown in Fig. 2A) (Ans. 12). Thus, the cluster manager does constitute a network element. Moreover, there is no ipsissimis verbis test for determining whether a reference discloses a claim element, i.e., Appeal 2012-000819 Application 11/157,774 5 identity of terminology is not required. In re Bond, 910 F.2d 831, 832 (Fed. Cir. 1990). In other words, just because Kidron does not refer to the cluster manager as a network element that does not mean that it is not a network element. Identical terminology is not required in determining whether the reference discloses a claim element. We also agree with the Examiner, that the server monitors the enterprise network “for suspicious activity” in the enterprise network by receiving alerts from local machines and the cluster manager (see 14th-21st lines of ¶ 50) (Ans. 12–13). Thus, while we agree with Appellants that the local terminal devices detect irregular behavior (App. Br. 9 (citing ¶ 50)), we also agree with the Examiner (Ans. 12–13) that the server through the reporting of the cluster managers (i.e., network elements) monitors the detected suspicious activity from the local terminal devices (see ¶¶ 46, 50). Accordingly, Kidron teaches the claim limitation of monitoring activity (i.e., by the server) of network elements (i.e., one or more cluster managers (see ¶ 46)) of the communication network for effects of malicious software, the network elements being service provider devices coupled with terminal equipment of a group of customers (i.e., local machines) (¶¶ 46, 50). We further agree with the Examiner that Appellants’ argument regarding Kidron teaching away from claim 1 based on modifying Kidron’s local machines to network elements for monitoring suspicious activity (App. Br. 10–12) is misplaced because Kidron, as discussed supra, explicitly teaches the monitoring activity of the network elements coupled with terminal equipment, and as such, no further modification is needed (see Ans. 13–14). Appeal 2012-000819 Application 11/157,774 6 Appellants advance similar arguments with respect to claims 9 and 30 (App. Br. 18–19). Accordingly, we affirm the Examiner’s rejections of claim 1 and for the same reasons the rejections of claims 9 and 30 for the same reasons as well as the rejections of dependent claims 7, 15, 21–29, and 31–36 which were not separately argued. CONCLUSION The Examiner did not err in finding that Kidron teaches the limitation of “monitoring activity of network elements of the communication network for effects of malicious software, the network elements being service provider devices coupled with terminal equipment of a group of customers” as recited in claim 1. DECISION The Examiner’s decision rejecting claims 7, 9, 15, and 21–36 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED msc Copy with citationCopy as parenthetical citation