Ex Parte Broussard et alDownload PDFPatent Trial and Appeal BoardSep 24, 201312129072 (P.T.A.B. Sep. 24, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARKOFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 12/129,072 05/29/2008 Scott J. Broussard AUS920060040US2 1439 50170 7590 09/25/2013 IBM CORP. (WIP) c/o WALDER INTELLECTUAL PROPERTY LAW, P.C. 17330 PRESTON ROAD SUITE 100B DALLAS, TX 75252 EXAMINER HOLDER, BRADLEY W ART UNIT PAPER NUMBER 2439 MAIL DATE DELIVERY MODE 09/25/2013 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte SCOTT J. BROUSSARD, TONY C. KWONG JR., EDUARDO N. SPRING, and ANTHONY W. WROBEL JR. ____________________ Appeal 2011-005029 Application 12/129,072 Technology Center 2400 ____________________ Before JOSEPH F. RUGGIERO, ERIC B. CHEN, and PATRICK M. BOUCHER, Administrative Patent Judges. BOUCHER, Administrative Patent Judge. DECISION ON APPEAL Appeal 2011-005029 Application 12/129,072 2 STATEMENT OF THE CASE Introduction Appellants appeal under 35 U.S.C. § 134(a) from a rejection of claims 1–7 and 9–20. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Illustrative Claim The claimed subject matter relates to verification and reporting of security-policy violations in data-processing systems (Spec., p. 1, ll. 8–14). Claim 1 is illustrative and is reproduced below: 1. A method, in a data processing system comprising a processor, of reporting items of information containing confidential information, comprising: identifying, by the processor of the data processing system, at least one item of information containing the confidential information and stored in a computing device, based on one or more security search rules setting forth one or more security criteria for identifying the items of information that contain the confidential information; analyzing, by the processor, the at least one item of information to determine if the at least one item of information meets security policy compliance requirements by being maintained in the computing device in a confidential manner using security mechanisms corresponding to requirements specified in the security policy compliance requirements, wherein the security policy compliance requirements identify requirements for maintaining the items of information that contain the confidential information in a confidential state in the computing device; identifying, by the processor, one or more security policy violations based on results of the analysis, in response to the results indicating that the at least one item of information does not meet the security policy compliance requirements; and Appeal 2011-005029 Application 12/129,072 3 providing, by the processor, an output identifying the at least one item of information, wherein the output includes, for each item of information in the at least one item of information, an identifier of the item of information and the one or more security policy violations associated with the item of information. References The prior art relied upon by the Examiner in rejecting the claims on appeal is: Schmidt James Anderholm Williams US 2002/0069098 A1 US 2003/0212862 A1 US 2005/0183143 A1 US 2005/0257267 A1 Jun. 6, 2002 Nov. 13, 2003 Aug. 18, 2005 Nov. 17, 2005 Rejections The Examiner made the following rejections: Claims 1–7 and 9–20 stand provisionally rejected on the ground of nonstatutory obviousness-type double patenting as unpatentable over claims 1, 21–23, 25–30, and 32–34 of Pat. Appl. No. 11/381,151 (Ans. 4–20). Claims 1, 2, 9, 11, 12, 18, and 20 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Schmidt and Anderholm (Ans. 21–32). Claims 3–7 and 13–17 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Schmidt, Anderholm, and Williams (Ans. 32–41). Claims 10 and 19 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Schmidt, Anderholm, and James (Ans. 41–43). Appeal 2011-005029 Application 12/129,072 4 ANALYSIS We have reviewed Appellants’ arguments in the Appeal Brief, and have reviewed the Examiner’s response to Appellants’ arguments. Rather than exhaustively repeat the arguments here, we refer to the Brief and the Answer for the respective positions of Appellants and the Examiner. We highlight and address specific findings and arguments as follows. I. DOUBLE-PATENTING REJECTION Because Appellants present no arguments regarding the Examiner’s provisional rejection of claims 1–7 and 9–20 on the ground of nonstatutory obviousness-type double patenting, we summarily sustain these rejections. See MPEP § 1205.02, Rev. 9, August 2012 (“If a ground of rejection stated by the examiner is not addressed in the appellant’s brief, that ground of rejection will be summarily sustained by the Board”). II. § 103 REJECTIONS Appellants’ Contentions Appellants make the following contentions: 1. The Examiner erred because Schmidt does not teach: providing, by the processor, an output identifying the at least one item of information, wherein the output includes, for each item of information in the at least one item of information, an identifier of the item of information and the one or more security policy violations associated with the item of information, as recited in independent claim 1 and as commensurately recited in independent claims 11 and 20 (Br. 8–10). Appeal 2011-005029 Application 12/129,072 5 2. The Examiner erred because Schmidt does not teach: analyzing, by the processor, the at least one item of information to determine if the at least one item of information meets security compliance policy requirements by being maintained in the computing device in a confidential manner using security mechanisms corresponding to requirements specified in the security policy compliance requirements, wherein the security policy compliance requirements identify requirements for maintaining the items of information that contain the confidential information in a confidential state in the computing device, as recited in independent claim 1 and as commensurately recited in independent claims 11 and 20 (Br. 10–12). 3. The Examiner erred because Anderholm does not teach: providing, by the processor, an output identifying the at least one item of information, wherein the output includes, for each item of information in the at least one item of information, an identifier of the item of information and the one or more security policy violations associated with the item of information, as recited in independent claim 1 and as commensurately recited in independent claims 11 and 20 (Br. 12–13). 4. The Examiner erred because the combination of Schmidt and Anderholm fails to teach or render obvious that “the output further includes an identifier of one or more suggested corrective actions for correcting the one or more security policy violations,” as recited in dependent claim 2 and as commensurately recited in dependent claim 12 (Br. 13–14). 5. The Examiner erred because the combination of Schmidt and Anderholm fails to teach or render obvious “automatically identifying one or more corrective actions to correct the one or more security policy violations” and “automatically applying the identified one or more corrective actions to Appeal 2011-005029 Application 12/129,072 6 the at least one item of information to bring the at least one item of information into compliance with security policies,” as recited in dependent claim 9 and as commensurately recited in dependent claim 18 (Br. 14). 6. The Examiner erred in combining Schmidt and Anderholm with Williams because “the Williams reference does not provide any teaching or technical rationale to implement the features [recited in claims 1 and 11] missing from the Schmidt and Anderholm references” (Br. 15). 7. The Examiner erred because the combination of Schmidt, Anderholm, and Williams fails to teach or render obvious the limitation of: providing an output comprising a graphical user interface, and wherein the output comprises a graphical user interface having one or more graphical user interface elements associated with the one or more suggested corrective actions, the one or more graphical user interface elements being selectable by a user to perform a corrective action corresponding to a selected suggested corrective action of the one or more suggested corrective actions, as recited in dependent claim 3 and as commensurately recited in dependent claim 13 (Br. 17–18). 8. The Examiner erred because the combination of Schmidt, Anderholm, and Williams fails to teach or render obvious the features of “receiving first user input that selects an item of information from the at least one item of information,” “receiving second user input that selects one of the one or more suggested corrective actions associated with the selected item of information,” and “automatically applying one or more operations associated with the selected suggested corrective action to the selected item of information in response to the first and second user inputs,” as recited in dependent claim 4 and as commensurately recited in dependent claim 14 (Br. 18–20). Appeal 2011-005029 Application 12/129,072 7 9. The Examiner erred because the combination of Schmidt, Anderholm, and Williams fails to teach or render obvious the features of “providing a secondary graphical user interface element, in response to the second user input, identifying one or more security attributes to be utilized by operations associated with the selected suggested corrective action” and “receiving third user input that selects one of the one or more security attributes,” as recited in dependent claim 5 and as commensurately recited in dependent claim 15 (Br. 20–21). 10. The Examiner erred because the combination of Schmidt, Anderholm, and Williams fails to teach or render obvious that “the one or more security attributes include a particular organizational level for which the selected item of information is to be accessible,” as recited in dependent claim 6 and as commensurately recited in dependent claim 16 (Br. 21). 11. The Examiner erred because the combination of Schmidt, Anderholm, and Williams fails to teach or render obvious the features of “retrieving a pre-established security setting associated with the selected security attribute” and “providing the pre-established security setting to the one or more operations associated with the selected suggestive corrective action,” as recited in dependent claim 7 and as commensurately recited in dependent claim 17 (Br. 21–22). 12. The Examiner erred because James fails to teach: wherein the at least one item of information is an electronic mail message, and wherein the one or more corrective actions include at least one of automatically modifying a distribution list for the electronic mail message to not include unauthorized individuals that may pose a security risk, automatically encrypting the electronic mail message, or automatically encrypting an attachment to the electronic mail message, Appeal 2011-005029 Application 12/129,072 8 as recited in dependent claim 10 and as commensurately recited in dependent claim 19 (Br. 22–23). First Contention With respect to Appellants’ first contention, we are not persuaded that the Examiner has erred. Schmidt is directed generally to “finding and analyzing content and private information on computer networks in order to protect proprietary material” (Schmidt ¶ 4). We find that Schmidt teaches systems and methods that search for and find privately owned information on computer networks, storing the results for an analysis that determines whether privately owned information is being pirated and distributed via a computer network (Schmidt ¶ 30). The Examiner specifically finds that the “security policy compliance requirements” recited in independent claims 1, 11, and 20 are disclosed by Schmidt’s policy of determining whether specific information is “being pirated” or “not being pirated” (Ans. 46). We agree with this finding. Appellants argue that “[t]here is no reason in Schmidt to include an identifier of a security policy violation that is associated with an item of information because Schmidt is only concerned with detecting one type of violation, i.e. the unauthorized distribution of copyrighted material” (Br. 8). But as the Examiner finds, Schmidt explicitly teaches that the synthesized data are also “disseminated to … agents to analyze network traffic … and [to] take action according to instructions of the content owner if such privately owned and copyrighted material is found” (Ans. 22–23, citing Appeal 2011-005029 Application 12/129,072 9 Schmidt ¶36, ll. 15–21). This dissemination itself acts as an identifier of a security policy violation by Schmidt (see Schmidt ¶¶ 49–57) (Ans. 46–47). Second Contention With respect to Appellants’ second contention, we are not persuaded that the Examiner has erred. Anderholm relates to “using software to monitor user, application and device behavior and events” (Anderholm ¶ 2). The Examiner specifically identifies an embodiment disclosed in Anderholm in which confidential patient data are stored in a hospital’s computer system using confidential security mechanisms (Ans. 23, citing Anderholm ¶ 191). The Examiner thus finds that Anderholm teaches or suggests the limitation of “being maintained in the computing device in a confidential manner using security mechanisms corresponding to requirements specified in the security policy compliance requirements” (Ans. 23). We agree with this finding. Appellants argue that “Anderholm is concerned with monitoring user’s interactions with computing devices, not determining that the computing system is implementing security mechanisms corresponding to requirements specified in security policy compliance requirements” (Br. 12). We are not persuaded by this argument because it attacks Anderholm individually when the Examiner has, in fact, relied on the combination of Schmidt and Anderholm (see Ans. 45). The test for obviousness is what the combined teachings of the prior art would have suggested to the hypothetical person of ordinary skill in the art. In re Keller, 642 F.2d 413, 425 (CCPA 1981). As the Examiner finds, the relevant teaching value of Anderholm is found in its disclosure of maintaining confidential data using confidential Appeal 2011-005029 Application 12/129,072 10 security mechanisms specified and in compliance with security policies (see Ans. 45). Third Contention With respect to Appellants’ third contention, we are not persuaded that the Examiner has erred. As we discuss supra in connection with Appellants’ first contention, we agree with the Examiner’s finding that Schmidt discloses providing an output identifying at least one item of information meeting the recited limitations through its disclosure of disseminating synthesized data to take action in addressing pirated material (see Schmidt ¶¶ 49–57). Appellants’ argument that the limitation is not taught by Anderholm thus attacks Anderholm individually when the Examiner’s articulated basis for rejection relies on the combination of teachings of Schmidt and Anderholm (see Ans. 53–56). Fourth Contention With respect to Appellants’ fourth contention, we are not persuaded that the Examiner has erred. Appellants argue that “Schmidt does not teach any output containing an identifier of suggested corrective actions, let alone suggested corrective actions for one or more security policy violations identified in the output” (Br. 14). But similar to our analysis of Appellants’ first contention supra, Schmidt explicitly teaches that the synthesized data are also “disseminated to … agents to analyze network traffic … and [to] take action according to instructions of the content owner if such privately owned and copyrighted Appeal 2011-005029 Application 12/129,072 11 material is found” (Ans. 57, citing Schmidt ¶36, ll. 15–21). This dissemination itself acts as an identifier of a suggested corrective action of initiating the cease-and-desist notification process taught by Schmidt (see Schmidt ¶¶ 49–57) (Ans. 57). Fifth Contention With respect to Appellants’ fifth contention, we are not persuaded that the Examiner has erred. In finding that Schmidt teaches or suggests the identification and automatic application of corrective actions as recited in claims 9 and 18, the Examiner cites Schmidt’s disclosure of disseminating synthesized data to agents to take action according to instructions of the content owner if privately owned and copyrighted material is found (Ans. 25). The Examiner additionally references the cease-and-desist notification process taught by Schmidt, which includes functionality in which an investigator may search through a list of offenders to determine who should have action taken against them (Ans. 58, citing Schmidt ¶¶ 52–55, 59). Appellants argue that “[t]his does not correct any security violation and does not cause an item of information to be placed into compliance with a security policy” (Br. 14). We are not persuaded by this argument because it is incommensurate with the scope of the claims. Specifically, the claims do not require that the security violations automatically be corrected or automatically be brought into compliance with security policies. Rather, the limitation recited in the claims is more limited. We agree with the Examiner that these more limited requirements are taught or suggested by Schmidt’s disclosure of automatically assigning a paralegal to work on the offender’s Appeal 2011-005029 Application 12/129,072 12 case to bring the confidential violation offender into compliance with security policies (Ans. 59). Sixth Contention With respect to Appellants’ sixth contention, we are not persuaded that the Examiner has erred. Appellants argue that Williams does not correct various asserted deficiencies of Schmidt and Anderholm in the rejections of claims 1 and 11 (Br. 15). Because we are not persuaded that the Examiner has erred in applying those references to claims 1 and 11, we are also not persuaded by this argument. Seventh Contention With respect to Appellants’ seventh contention, we are not persuaded that the Examiner has erred. The Examiner relies on Williams in combination with Schmidt and Anderholm to find the features of the graphical user interface recited in claims 3 and 13 obvious (Ans. 33–34). Appellants argue that “there is nothing in the graphical user interfaces depicted or described [in Williams] that teaches or renders obvious the specific features of [claims 3 and 13]” (Br. 18). We are not persuaded by Appellants’ line of reasoning because it attacks Williams individually when the Examiner has relied on the combination of references to find that the limitations would reasonably have been suggested to a person of ordinary skill in the art. In re Keller, 642 F.2d 413, 425 (CCPA 1981). Appeal 2011-005029 Application 12/129,072 13 Eighth Contention With respect to Appellants’ eighth contention, we are not persuaded that the Examiner has erred. The Examiner finds that Schmidt’s cease-and-desist notification process, which includes a workflow tool that aids a legal team in determining offenders, building a case, and sending cease and desist letters, teaches or suggests the receipt of first and second inputs as recited in the clams (Ans. 35). We agree with this finding. In particular, the cease-and-desist notification process taught by Schmidt includes functionality in which an investigator may search through a list of offenders to determine who should have action taken against them by selecting an item of information and to initiate the corrective action by clicking a “Take Action” button to mark the offender for paralegal assignment (see Schmidt ¶ 53). Appellants’ argument “multiple users must be intimately involved in the process of generating the cease and desist case letter in Schmidt” (Br. 20) is unpersuasive because it is not commensurate with the scope of the claims. Contrary to Appellants’ assertion, claims 4 and 14 do not require an “automatic mechanism for correcting a security policy violation” (Br. 20), requiring instead the receipt of first and second user inputs that select the item of information and corrective action and automatically applying one or more operations associated with the selected suggested corrective action to the selected item of information. We agree with the Examiner that these features are taught by the cease-and-desist notification process of Schmidt. Appeal 2011-005029 Application 12/129,072 14 Ninth Contention With respect to Appellants’ ninth contention, we are not persuaded that the Examiner has erred. The Examiner relies on Williams, which teaches a graphical user interface that includes a status field, in combination with Schmidt and Anderholm for finding the limitations taught or suggested by the combination. Appellants reiterate arguments directed at Williams and addressed supra (Br. 20). The portion of Appellants’ argument directed at Schmidt (Br. 20–21) otherwise “merely points out what a claim recites” and is accordingly not “considered an argument for separate patentability of the claim.” 37 C.F.R. §41.37(c)(1)(vii). See In re Lovin, 652 F.3d 1349, 1351 (Fed. Cir. 2011) (sustaining requirement that Appellants articulate more substantive arguments if they wish for individual claims to be treated separately). Tenth Contention With respect to Appellants’ tenth contention, we are not persuaded that the Examiner has erred. We agree with the Examiner’s finding that Williams discloses various hierarchies of security attributes (Ans. 79). Within the context of this finding, we disagree with Appellants that the combination of references fails to teach or suggest the limitations recited in claims 6 and 16. Eleventh Contention With respect to Appellants’ eleventh contention, we are not persuaded that the Examiner has erred. Appeal 2011-005029 Application 12/129,072 15 The Examiner finds that Williams’s disclosure of a security policy editing module providing the capability of creating, editing, and storing security policies in a policy library for future recall suggests the limitations of “retrieving a pre-established security setting associated with the selected security attribute” and “providing the pre-established security setting to the one or more operations associated with the selected suggestive corrective action” (Ans. 37). We agree with these findings. Appellants argue that the “cited sections of Williams have nothing to do with the features of claims 7 and 17” (Br. 22). In light of the breadth of the term “pre-established security setting” and the lack of any identification of a narrowing definition of the term by Appellants, we disagree. The relevant teaching value of Williams is found in its disclosure of a security policy deployment module to provide security policy and rules, which the Examiner finds suggest providing pre-established security settings associated with selected suggestive corrective action operations (see Ans. 80). Twelfth Contention With respect to Appellants’ twelfth contention, we are not persuaded that the Examiner has erred. Appellants argue that “[w]hile James mentions email, James makes no mention whatsoever regarding one or more corrective actions including at least one of automatically modifying a distribution list for the electronic mail message to not include unauthorized individuals that may pose a security risk, automatically encrypting the electronic mail message, or automatically encrypting an attachment to the electronic mail message” (Br. 23). This Appeal 2011-005029 Application 12/129,072 16 argument attacks James individually and is insufficient to rebut the obviousness conclusion reached by the Examiner based upon the combined teachings of the references. The test for obviousness is what the combined teachings of the prior art would have suggested to the hypothetical person of ordinary skill in the art. In re Keller, 642 F.2d 413, 425 (CCPA 1981). Conclusion For the foregoing reasons, we: (1) sustain the Examiner’s rejection of claims 1, 2, 9, 11, 12, 18, and 20 under 35 U.S.C. § 103(a) as unpatentable over Schmidt and Anderholm; (2) sustain the Examiner’s rejection of claims 3–7 and 13–17 under 35 U.S.C. § 103(a) as unpatentable over Schmidt, Anderholm, and Williams; and (3) sustain the Examiner’s rejection of claims 10 and 19 under 35 U.S.C. § 103(a) as unpatentable over Schmidt, Anderholm, and James. DECISION The Examiner’s decision rejecting claims 1–7 and 9–20 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED tj Copy with citationCopy as parenthetical citation