Ex Parte BoyceDownload PDFPatent Trial and Appeal BoardDec 27, 201614059330 (P.T.A.B. Dec. 27, 2016) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/059,330 10/21/2013 Kevin Gerard BOYCE TB-004-US-CON2 5502 759036630 IP-MEX Inc. Unit D2 (Second Floor) 150 Terence Matthews Crescent KANATA, ON K2M1X4 CANADA 12/29/2016 EXAMINER GERGISO, TECHANE ART UNIT PAPER NUMBER 2494 NOTIFICATION DATE DELIVERY MODE 12/29/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): vdonnelly @ ip-mex. com admin@ip-mex.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte KEVIN GERARD BOYCE Appeal 2016-003605 Application 14/059,330 Technology Center 2400 Before MAHSHID D. SAADAT, JOHNNY A. KUMAR, and JON M. JURGOVAN, Administrative Patent Judges. KUMAR, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Non-Final Rejection of claims 1—20. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 According to Appellant, the real party in interest is Trend Micro Incorporated (App. Br. 3). Appeal 2016-003605 Application 14/059,330 STATEMENT OF THE CASE Introduction Appellant’s invention relates to protecting a computer system during boot operation (Spec. 1:17—19). Exemplary claim 1 under appeal reads as follows: 1. A method for protecting a computer from malicious network traffic during a boot operation of an operating system of the computer, the method comprising: (i) loading a security profile, comprising packet inspection rules, from a storage location into a memory of the computer during an early stage of the boot operation of the operating system of the computer when kernel mode services are available and before user mode services are initialized; and (ii) inspecting packets, transmitted to or from the computer by a computer network, while the operating system is being booted during the early stage of the boot operation of the operating system and after loading the security profile according to the packet inspection rules, and filter the packets to protect the computer from the malicious network traffic. The Examiner’s Rejection Claims 1—20 are rejected under 35 U.S.C. § 103(a) as unpatentable over Cromer et al. (US 2006/0185011 Al; pub. Aug. 17, 2006) and Rothwell et al. (US 2010/0043072 Al; pub. Feb. 18, 2010) (Non-Final Act. 2-9). Appellant’s Contentions Appellant contends the following: 1. Regarding claims 1,9, 16, and 20, Cromer teaches loading a control secret from a client computer into the secret register of a Network Interface Card (“NIC”), whereas the claims require loading a security profile 2 Appeal 2016-003605 Application 14/059,330 including packet inspection rules into the memory of a computer (App. Br. 14—22, 34, 36-37; Reply Br. 6-11, 17-18). Specifically: a. Cromer’s Network Interface Card (“NIC”) is not part of the computer being booted, because Figure 3 clearly shows the NIC being separate from the client computer (App. Br. 22). b. Cromer’s client computer is turned off while loading “fixes” into the NIC, therefore a security profile cannot be loaded into the computer (App. Br. 21; Reply Br. 11). 2. Cromer’s NIC autonomously examines packets before the booting process of the computer, which does not teach loading a security during an early stage of the boot operation of the operating system (App. Br. 21), per the following: a. The NIC control secret may be loaded at any time, whereas the claims require the security profile is loaded when kernel mode services are available and before user mode services are initialized (App. Br. 21; Reply Br. 10-11). b. The operating system is booted after the NIC is configured, therefore the NIC is not configured when the kernel mode services are available (id.). 3. Cromer’s control secret is not the claimed “security profile, comprising packet inspection rules,” and nothing in Cromer is relevant to inspecting packets to protecting a computer from malicious network traffic during boot operation (App. Br. 21; Reply Br. 10-11). 4. Claims 1,9, 16, and 20 require inspecting network packets while the operating system is being booted and filtering packets to protect the computer from loading malicious code, whereas Rothwell provides a file 3 Appeal 2016-003605 Application 14/059,330 level filter and not a packet level filter (App. Br. 22; Reply Br. 12—15). Specifically, Rothwell teaches: [A] filter module in the operating system which operates to detect an attempt to store data in the data storage, to determine a data format of the data to be stored in the data storage, and to prevent storage of the data if the data format is determined to relate to a predefined type. (App. Br. 22). 5. A person of ordinary skill in the art would not be motivated to combine Rothwell with Cromer, since Rothwell proposes to protect a computer against malware infection by preventing storage of data on a storage medium depending on a format of the data, whereas the present invention provides protection against malicious network traffic (App. Br. 23). 6. Claims 2, 10, and 17 require “the security profile comprises packet inspection rules for analyzing at least a portion of a packet using at least a portion of the security profile,” whereas Cromer’s secret code does not include any packet inspection rules, is not used to analyze packets, and is not loaded into the memory of a computer (App. Br. 24; Reply Br. 15—16). 7. Regarding claims 3,11, and 18, Cromer teaches the NIC determines what packets should be allowed to pass through the NIC to the client computer, whereas the claims require the inspection rules are applied by the computer to packets transmitted to and from the computer (App. Br. 25—26; Reply Br. 16). 8. Regarding claims 4, 7, 8, 12, and 15, Cromer merely teaches applying anti-virus fixes to a computer, and does not teach any elements of the claims (App. Br. 27, 32—36; Reply Br. 16—17). 4 Appeal 2016-003605 Application 14/059,330 9. Claims 5 and 13 require loading the security profile by “a kernel network driver of the operating system,” whereas Cromer teaches resetting and configuring NIC drivers (App. Br. 29, 35; Reply Br. 17). 10. Regarding claim 6, 14, and 19, Cromer utilizes a virtual machine monitor (VMM) for installing an anti-virus, and does not teach loading a security profile for an operating system running in a virtualized environment (App. Br. 31, 35-37; Reply Br. 17-18). Issue on Appeal Did the Examiner err in rejecting claims 1—20 as being obvious over Cromer and Rothwell? ANALYSIS We have reviewed the Examiner’s rejections in light of Appellant’s arguments that the Examiner has erred. We disagree with Appellant’s contentions (1)—(10) above. We adopt as our own the findings and reasons set forth by the Examiner in the action from which this appeal is taken, and the reasons set forth by the Examiner in the Examiner’s Answer in response to Appellant’s Appeal Brief. As to Appellant’s contentions (l)(a)-(b), Appellant points to Cromer’s Figure 3 to support the NIC (240) being separate from the client computer (102), however, Figure 3 shows the client computer (102) connected to a fix server (106) via the fix server’s separate NIC (322) (Cromer 140). We agree with the Examiner’s finding that Cromer’s client computer NIC (240), along with the NIC’s processor (214) and software agent (238), is part of the client computer (102) as shown in Figure 2, and 5 Appeal 2016-003605 Application 14/059,330 therefore, we agree that Cromer teaches loading a security profile into “a memory of the computer” (Non-Final Act. 3-A\ Ans. 4—5 (citing Cromer 114; see also 38—39)). Further, although Cromer teaches an embodiment where the client computer is turned off before applying an anti-virus fix (Ans. 5 (citing Cromer Fig. 4A and 5A)), we agree with the Examiner’s finding that Cromer also teaches an embodiment where the client computer is turned on, and thus the security profile can be loaded into the memory of the computer {id. (citing Cromer Fig. 5B; see also 149)). Regarding Appellant’s contentions (2)(a)-(b), Appellant describes “an early stage of the boot operation of the operating system” as a period when kernel mode services (i.e., network drivers) are available, but before user mode services are initialized such that the computer system is capable of running ordinary software application programs {see Claim 1 and Spec. 8:5— 11, 11:21—23). Under the broadest reasonable interpretation consistent with Appellant’s disclosure, we agree with the Examiner’s finding that “an early stage of the boot operation of the operating system” does not preclude Cromer’s booting operation of the client computer’s secondary operating system to apply an anti-virus fix via the NIC hardware and software agent, where the fix occurs while kernel mode NIC network drivers are available but before software applications of the primary operating system are available (Non-Final Act. 3—\\ Ans. 3—5 (citing Cromer || 47-48, 51—52; see also 38—39, processor 214 and agent 238 configure NIC network drivers)). See In re Am. Acad. ofSci. Tech. Ctr., 367 F.3d 1359, 1369 (Fed. Cir. 2004) (“[T]he PTO is obligated to give claims their broadest reasonable interpretation during examination.”). 6 Appeal 2016-003605 Application 14/059,330 As to Appellant’s contention (3), we agree with the Examiner’s finding that the broadest reasonable interpretation, consistent with Appellant’s disclosure, of “loading a security profile, comprising packet inspection rules” and “inspecting packets . . . and filtering] the packets to protect the computer from the malicious network traffic” does not preclude Cromer’s NIC secret register that determines which data packets can be transmitted to and from the client computer, and uses encryption keys and IP address filters to discard network traffic that is not permitted by the NIC secret register (Non-Final Act. 3^4; Ans. 4—5 (citing Cromer || 68—71)). See In re Am. Acad. ofSci. Tech. Ctr., 367 F.3d at 1369. Appellant’s contention (4) that Rothwell does not teach inspecting network packets while the operating system is being booting is not persuasive of Examiner error, because Appellant is attacking the Rothwell reference individually where the rejection is based on the combination of Cromer and Rothwell (Non-Final Act. 3—5; Ans. 5—6). See In re Keller, 642 F.2d 413, 426 (CCPA 1981) (“[0]ne cannot show non-obviousness by attacking references individually where ... the rejections are based on combinations of references.”). The Examiner relied on Rothwell to bolster the position that inspecting data packets using a security profile was well known in the computer arts (Non-Final Act. 4—5; Ans. 5—6 (citing Rothwell 1116)), and we agree with the Examiner’s finding that the combination of Cromer and Rothwell teaches inspecting network data packets during a boot operation using a security profile to protect a computer from malicious network traffic (Ans. 3—6). We do not agree with Appellant’s contention (5) that a person of ordinary skill in the art would not be motivated to combine Rothwell with 7 Appeal 2016-003605 Application 14/059,330 Cromer. The references are both directed to the field of computer anti-vims protection (Non-Final Act. 3—5 (citing Cromer 114 and Roth well 1112)), and the Examiner has provided “some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness,” specifically, combining Rothwell’s concept of inspecting and filtering data at the packet level with Cromer’s network traffic inspection method would provide a more efficient malware protection system (Non-Final Act. 3—5 (citing Rothwell 113)). See KSR Inti v. Teleflex, Inc., 550 U.S. 398, 417— 18 (2007) (quoting In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006)). Regarding Appellant’s contention (6), we agree with the Examiner’s finding that Cromer and Rothwell teach a security profile (i.e., Cromer’s NIC secret register) loaded into the memory of a client computer, the security profile comprising packet inspection mles for analyzing a packet (i.e., NIC agent software), as discussed with respect to Appellant’s contentions (1) and (3), supra (see Ans. 3—7). As to Appellant’s contention (7), the Examiner finds, and we agree, that Cromer teaches the NIC, which is part of the client computer, inspects and filters network packets that are transmitted to and from the client computer (Ans. 5 (citing Cromer 168)). Regarding Appellant’s contention (8), we are not persuaded of Examiner error, because merely pointing out the features of claims 4, 7, 8, 12, and 15 and nakedly asserting that Cromer does not teach or suggest such features does not amount to a separate patentability argument. See 37 C.F.R. § 41.37(c)(l)(iv); In reLovin, 652 F.3d 1349, 1357 (Fed. Cir. 2011). Appellant’s contention (9) is not persuasive of error, because we agree with the Examiner’s finding that configuring the security profile via 8 Appeal 2016-003605 Application 14/059,330 Cromer’s NIC network drivers during the boot of the secondary operating system teaches loading the security profile by “a kernel network driver of the operating system,” as discussed with respect to Appellant’s contention (2) (Non-Final Act. 3—\\ Ans. 3—5 (citing Cromer H 47-48, 51—52; see also 38—39, processor 214 and agent 238 configure NIC network drivers)). As to Appellant’s contention (10), the Examiner finds, and we agree, that Cromer’s NIC secret register (i.e., the security profile) can be loaded for the secondary operating system using a virtual machine monitor, which teaches the claimed operating system running in a virtualized environment (Non-Final Act. 6 (citing Cromer 1 59)). CONCLUSION As discussed herein, Appellant’s contentions have not persuaded us of error in the Examiner’s rejection. Accordingly, we sustain the Examiner’s rejection of claims 1—20 under 35 U.S.C. § 103(a) as unpatentable over Cromer and Rothwell. DECISION We affirm the Examiner’s rejection of claims 1—20 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 9 Copy with citationCopy as parenthetical citation