Ex Parte CookDownload PDFBoard of Patent Appeals and InterferencesDec 2, 201110390134 (B.P.A.I. Dec. 2, 2011) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/390,134 03/17/2003 Fred S. Cook 2041 (16056) 3473 33272 7590 12/02/2011 SPRINT COMMUNICATIONS COMPANY L.P. 6391 SPRINT PARKWAY MAILSTOP: KSOPHT0101-Z2100 OVERLAND PARK, KS 66251-2100 EXAMINER LANIER, BENJAMIN E ART UNIT PAPER NUMBER 2432 MAIL DATE DELIVERY MODE 12/02/2011 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte FRED S. COOK ____________ Appeal 2009-013567 Application 10/390,134 1 Technology Center 2400 ____________ Before JEFFREY S. SMITH, ERIC B. CHEN, and MICHAEL R. ZECHER, Administrative Patent Judges. ZECHER, Administrative Patent Judge. DECISION ON APPEAL 1 Filed on March 17, 2003. The real party in interest is Sprint Communications L.P. (App. Br. 1.) Appeal 2009-013567 Application 10/390,134 2 I. STATEMENT OF THE CASE Appellant appeals under 35 U.S.C. § 134(a) (2002) from the Examiner’s Final Rejection of claims 1-5, 13-16, and 20-24. 2 (App. Br. 2.) Responsive to a restriction requirement, claims 6-12 and 17-19 have been withdrawn from consideration. (Id.) We have jurisdiction under 35 U.S.C. § 6(b) (2008). We affirm-in-part. Appellant’s Invention Appellant invented an apparatus and method for providing security against unauthorized intrusions to a supervisory control and data acquisition (hereinafter “SCADA”) device. (Spec. 1: 15-18.) Illustrative Claim 1. Apparatus for interacting with a physical plant comprising: a programmable control unit for connecting to said physical plant and for performing a supervisory function for said physical plant, said programmable control unit having a public network interface for communicating with remote computer systems; a user computer system located remotely from said programmable control unit; a front-end security gateway located remotely from said programmable control unit, wherein said front-end security gateway communicates with said user computer system to authenticate and authorize a user for access to said programmable control unit, and wherein said front-end security gateway forwards messages between said user computer system and said programmable control unit after said user is authenticated and authorized; 2 In the Supplemental Appeal Brief filed August 13, 2008, Appellant reaffirms intent that all pending claims 1-5, 13-16, and 20-24 are subject to appeal. (Supp. App. Br. 1-2.) Appeal 2009-013567 Application 10/390,134 3 a public communication network coupled between said front-end security gateway and said programmable control unit to carry said forwarded messages; and a routing control configured to allow communication with said programmable control unit only by said front-end security gateway. Prior Art Relied Upon Buck US 2002/0186683 A1 Dec. 12, 2002 Benjamin US 2004/0028057 A1 Feb. 12, 2004 (effectively filed June 19, 2002) Paul Oman et al., Concerns About Intrusions Into Remotely Accessible Substation Controllers and SCADA Systems, (2000) 1-16 (hereinafter “Oman”). Rejections on Appeal Claims 1, 13-15, and 20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Buck and Oman. (Ans. 3-5.) Claims 2-5, 16, and 21-24 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Buck, Oman, and Benjamin. (Ans. 5-6.) Appellant’s Contentions Appellant contends that Buck’s disclosure of a firewall does not perform routing functions and, therefore, does not teach or suggest the “routing control,” as recited in independent claim 1. (App. Br. 7.) Appellant also argues that Buck’s firewall merely screens or blocks certain data packets. (Id.) Consequently, Appellant alleges that the Examiner’s correspondence of Buck to the claim elements, namely the claimed “routing control,” is erroneous because only the structure and interaction of the claimed invention achieves the objective of creating source access to the Appeal 2009-013567 Application 10/390,134 4 programmable control unit using a secure gateway that communicates with the programmable control unit over a public network. (Id.) Further, Appellant contends that Oman fails to remedy the deficiencies in the Examiner’s obviousness rejection. (Id. at 8.) Moreover, Appellant argues that there is no justification that an ordinarily skilled artisan would be motivated to replace Buck’s disclosure of telephone calls processed at the user computer with supervisory functions of a physical plant. (Id.) In response to the Examiner’s Answer, Appellant alleges that Buck’s disclosure only limits voice data or a particular data packet type to the restricted transmission with the telephony service provider, whereas other embodiments in Buck allow other types of data or packets to continue to pass through the firewall. (Reply Br. 1.) Appellant also contends that Buck fails to teach or suggest that a remote caller must be specifically authorized for access to the computer system behind the firewall. (Id. at 2.) Consequently, Appellant argues that any user authorized to use the telephone system would be able to place a call to the user in Buck. (Id.) Examiner’s Findings and Conclusions The Examiner finds that Buck’s disclosure of setting up the firewall to allow either the transmission of voice data through one particular port, or permitting the transfer of data packets between the internal computer system and a gateway server of the Internet Telephony Service provider, teaches or suggests that the firewall is configured such that only the gateway server can communicate with an internal computer system, such as computer system (10). (Ans. 7.) Therefore, the Examiner finds that Buck teaches or suggests “a routing control configured to allow communication with said programmable control unit only by said front-end security gateway,” as Appeal 2009-013567 Application 10/390,134 5 recited in independent claim 1. (Id.) Further, the Examiner finds that using the firewall protection system, as disclosed in Buck, in a power plant environment that comprises like computer systems would have been obvious to an ordinarily skilled artisan at the time of the claimed invention in order to protect plants that are vulnerable to electronic attacks, wherein attacks could result in widespread disruption of power at regional and even national levels for up to 24 hours, as disclosed in Oman. (Id. at 7-8.) II. ISSUE Has the Examiner erred in concluding that the combination of Buck and Oman renders independent claim 1 unpatentable? In particular, the issue turns on whether the proffered combination teaches or suggests “a routing control configured to allow communication with said programmable control unit only by said front-end security gateway,” as recited in independent claim 1. III. FINDINGS OF FACT The following Findings of Fact (hereinafter “FF”) are shown by a preponderance of the evidence. Buck FF 1. Buck’s figure 1 illustrates a computerized system for transmitting voice data over the Internet. (¶ [0032].) In particular, Buck discloses using a firewall (20) to protect the computer system (10) of an internal client. (Id.) Further, Buck discloses that the firewall (20) may be implemented using packet-screening routers in order to protect the computer Appeal 2009-013567 Application 10/390,134 6 system (10) of the internal client against unauthorized (i.e., non-secure) transmissions over the Internet from external computer(s) (50). (¶ [0034].) FF 2. Buck discloses that the firewall security system may be set up in such a way as to allow either the transmission of voice data through one particular port, or permits data packets to be transferred strictly between the computer system (10) of the internal client and a gateway server (81) of the Internet Telephony Service Provider. (¶ [0066].) Oman FF 3. Oman discloses that many of the risks involving networked controllers and SCADA systems are similar to those affecting traditional network-based computer systems. (Abstract.) Accordingly, Oman discloses that the implementation of security policies for power substation controllers and SCADA systems can draw from lessons learned in commercial network and computer security. (Id.) Oman discloses traditional approaches for reducing vulnerability that include, among other things, implementing firewalls. (Id.) FF 4. Oman discloses that remotely accessible Intelligent Electronic Devices, Controllers, and SCADA systems, and more importantly, substations controlled by such devices, are vulnerable to electronic attacks. (P. 3, para. 2.) Because the nature of the activities and systems controlled by the electronic devices in the substations, Oman discloses that the misuse of these devices could have disastrous consequences that could lead to loss of life and/or property. (Id.) Oman discloses that the electronic power industry needs to address and mitigate these risks. (Id.) Appeal 2009-013567 Application 10/390,134 7 FF 5. Oman discloses that electronic attacks could result in widespread disruption of power at regional and even national levels for up to 24 hours. (P. 5, para. 7.) IV. ANALYSIS 35 U.S.C. § 103(a) Rejection—Combination of Buck and Oman Claim 1 We do not find error in the Examiner’s obviousness rejection of independent claim 1. Independent claim 1 recites, inter alia, “a routing control configured to allow communication with said programmable control unit only by said front-end security gateway.” As detailed in the Findings of Fact section supra, Buck discloses that the firewall protects the computer system of an internal client from unauthorized transmissions over the Internet by external computers. (FF 1.) In particular, Buck discloses that the firewall security system may be set up in such a way that permits the transfer of data packets strictly between the computer system of the internal client and a gateway server. (FF 2.) Consequently, we agree with the Examiner that Buck’s firewall is capable of being configured in such a way that only the gateway server can communicate with the computer system of the internal client. (See Ans. 7.) Thus, we find that Buck teaches or suggests the disputed claim limitation. Further, we are not persuaded by Appellant’s argument that there is no justification that an ordinarily skilled artisan would be motivated to replace Buck’s disclosure of telephone calls processed at the user computer with supervisory functions of a physical plant. (App. Br. 8.) We note that Oman discloses that the security risks involving power substation controllers and Appeal 2009-013567 Application 10/390,134 8 SCADA systems are similar to those affecting traditional network-based computer systems. (FF 3.) Oman also discloses using traditional approaches to reduce the vulnerability associated with such controllers and systems, including implementing firewalls. (Id.) Consequently, we find that Oman provides a basis in fact to support the Examiner’s position of incorporating Buck’s firewall protection system into Oman’s power substation controllers and SCADA systems. (See Ans. 4, 7-8.) That is, we find that it would have been obvious to an ordinarily skilled artisan to incorporate Buck’s firewall protection system (FFs 1 and 2) into Oman’s power plant environment (i.e., power substation controllers and SCADA systems) (FF 3) in order to protect such controllers and systems from attacks that may result in widespread disruption of power at regional and even national levels for up to 24 hours. (FFs 4 and 5.) We find untimely Appellant’s argument that Buck fails to teach or suggest that a remote caller must be specifically authorized for access to the computer system behind the firewall and, therefore, any user authorized to use the telephone system would be able to place a call to the user in Buck. (Reply Br. 1-2.) 3 We note that Appellant raised this argument for the first time in the Reply Brief. We further note that this argument is not raised in response to any new issues the Examiner may have raised in the Answer, or to address changes or developments in the law that may have occurred after the Appeal brief was filed. Appellant’s attempt to introduce such a belated argument in the Reply Brief is improper. 3 “[T]he reply brief [is not] an opportunity to make arguments that could have been made in the principal brief on appeal to rebut the Examiner's rejections, but were not.” See Ex parte Borden, 93 USPQ2d 1473, 1474 (BPAI 2010) (Informative). Appeal 2009-013567 Application 10/390,134 9 Nonetheless, to the extent that Appellant’s argument is premised on the notion that Buck does not teach or suggest authenticating and authorizing a user at a remote user computer before allowing such user to access the programmable unit, we are not persuaded. As discussed supra, Buck discloses that the firewall protects the computer system of an internal client from unauthorized transmissions over the Internet by external computers. (FF 1.) Consequently, we find that such disclosure at least suggest to an ordinarily skilled artisan that Buck implicitly discloses authorizing a user of an external computer prior to allowing such user to access the computer system of the internal client. Thus, we find that Buck teaches or suggests authenticating and authorizing a user at a remote user computer before allowing such user to access the programmable unit, as required by independent claim 1. It follows that the Examiner has not erred in concluding that the combination of Buck and Oman renders independent claim 1 unpatentable. Claims 13 and 14 Appellant does not provide separate and distinct arguments for patentability with respect to dependent claims 13 and 14. (See App. Br. 6- 9.) Therefore, we select independent claim 1 as representative of these cited claims. See 37 C.F.R. § 41.37(c)(1)(vii). Consequently, the Examiner has not erred in rejecting dependent claims 13 and 14 for the same reasons set forth in our discussion of independent claim 1. Claims 15 and 20 Appellant offers the same arguments set forth in response to the obviousness rejection of independent claim 1 to rebut the obviousness rejection of independent claims 15 and 20. (See App. Br. 8-9.) We have Appeal 2009-013567 Application 10/390,134 10 already addressed these arguments in our discussion of independent claim 1, and we found them unpersuasive. Therefore, we find that the Examiner has not erred in concluding that the combination of Buck and Oman renders independent claims 15 and 20 unpatentable. 35 U.S.C. § 103(a) Rejection—Combination of Buck, Oman, and Benjamin Claim 2 Appellant contends that that none of the prior art cited by the Examiner teach or suggest that “[the] routing control comprises a telephone switching system configured to provide an originating call restriction…,” as recited in dependent claim 2. (App. Br. 9.) The Examiner finds that Buck’s disclosure of an Internet telephony transmission system that uses a firewall to effectively filter and block calls, in conjunction with Benjamin’s disclosure of a hybrid call communication system, teaches or suggests the disputed limitation. (Ans. 8.) In response to the Examiner’s Answer, Appellant argues that Buck’s disclosure of blocking is not based on the identity of the originator of the call as required by the claimed “originating call restriction.” (Reply Br. 2.) We agree with Appellant. At best, we find that Buck’s disclosure of a firewall that effectively filters and blocks unauthorized transmissions of voice data (e.g., telephone calls) (FFs 1 and 2) amounts to a routing control that functions to block incoming telephone calls that are unauthorized. However, we find that Buck’s disclosure is silent in regards to completing an incoming telephone call that originates from a predetermined telephone number, and blocking incoming telephone calls that originate from other telephone numbers. Moreover, we are unable to ascertain how the textual portions of Benjamin relied upon by the Examiner teaches or suggests placing call restrictions on Appeal 2009-013567 Application 10/390,134 11 incoming telephone calls, such that a call which originates from a predetermined telephone number is complete, whereas calls from other telephone numbers are blocked. Consequently, we find that the Examiner improperly relied upon the combination of Buck and Benjamin to teach or suggest the disputed claim limitation. Further, we find that Oman fails to remedy the above-noted deficiencies in the Examiner’s obviousness rejection. It follows that the Examiner has erred in concluding that the combination of Buck, Oman, and Benjamin renders dependent claim 2 unpatentable. Claims 16 and 21 Since dependent claims 16 and 21 recite a similar claim limitation as dependent claim 2, we find the Examiner has erred in concluding that the combination of Buck, Oman, and Benjamin renders dependent claims 16 and 21 unpatentable for the same reasons set forth supra. Claims 3-5 and 22-24 By virtue of their dependency to dependent claims 2, 16, and 21, we find that the Examiner has also erred in concluding that the combination of Buck, Oman, and Benjamin renders dependent claims 3-5 and 22-24 unpatentable for the same reasons set forth supra. V. CONCLUSIONS OF LAW 1. The Examiner has not erred in rejecting claims 1, 13-15, and 20 as being unpatentable under 35 U.S.C. § 103(a). 2. The Examiner has erred in rejecting claims 2-5, 16, and 21-24 as being unpatentable under 35 U.S.C. § 103(a). Appeal 2009-013567 Application 10/390,134 12 VI. DECISION 1. We affirm the Examiner’s decision to reject claims 1, 13-15, and 20 as being unpatentable under 35 U.S.C. § 103(a). 2. We reverse the Examiner’s decision to reject claims 2-5, 16, and 21-24 as being unpatentable under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART ke Copy with citationCopy as parenthetical citation
