10040573 (B.P.A.I. Jul. 23, 2010)

Ex Parte Fenton et al

Board of Patent Appeals and InterferencesJul 23, 2010

10040573 (B.P.A.I. Jul. 23, 2010)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/040,573 11/02/2001 Charles S. Fenton 103036.00014 2730 82744 7590 07/23/2010 AT&T Legal Department - JW Attn: Patent Docketing Room 2A-207 One AT&T Way Bedminster, NJ 07921 EXAMINER POLTORAK, PIOTR ART UNIT PAPER NUMBER 2434 MAIL DATE DELIVERY MODE 07/23/2010 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________________ Ex parte CHARLES S. FENTON, and KEITH E. SHAFER ____________________ Appeal 2008-0061481 Application 10/040,573 Technology Center 2100 ____________________ 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, as recited in 37 C.F.R. § 41.52, begins to run from the “MAIL DATE” (paper delivery mode) or the “NOTIFICATION DATE” (electronic delivery mode) shown on the PTOL-90A cover letter attached to this decision. Before: JEAN R. HOMERE, DEBRA K. STEPHENS, and JAMES R. HUGHES, Administrative Patent Judges. STEPHENS, Administrative Patent Judge. DECISION ON APPEAL Appeal 2008-006148 Application 10/040,573 2 Appellants appeal under 35 U.S.C. § 134(a) (2002) from a final rejection of claims 1-5, 8-10, 14, 21-29, 33-39, 41-43, and 47-55. Claims 6, 7, 11-13, 15-20, 30-32, 40, and 44-46 have been canceled. (Br., 2). We have jurisdiction under 35 U.S.C. § 6(b) (2008). We AFFIRM. Introduction According to Appellants, the invention is a system and method for secure communication between two entities (Spec., 1 and Abstract). A virtual private proxy is generated between the two entities based on agreement between the two entities (Abstract). Each entity has a virtual private proxy associated with it (id.). When data is monitored, if the data associated with the first entity violates the agreement, the data is disallowed (id.). STATEMENT OF THE CASE Exemplary Claim(s) Claim 1 is an exemplary claim and is reproduced below: 1. A method for secure communication comprising: generating a plurality of virtual private proxies based on an agreement between a first entity and a second entity; associating a first virtual private proxy of the plurality of virtual private proxies with the first entity and a second virtual private proxy of the plurality of virtual private proxies with the second entity; monitoring data at the first virtual private proxy associated with the first entity; Appeal 2008-006148 Application 10/040,573 3 determining whether the data violates the agreement; and disallowing communication of the data from the first virtual private proxy to the second virtual private proxy when the data violates the agreement. Prior Art Dan (Dan ‘290) Reed Ashdown Dan (Dan ‘103) Epstein US 6,148,290 US 6,266,704 B1 US 6,308,276 B1 US 2002/0178103 A1 US 6,684,329 B1 Nov. 14, 2000 Jul. 24, 2001 Oct. 23, 2001 Nov. 28, 2002 Jan. 27, 2004 Charles P. Pfleeger, “Security In Computing”, pp. 270-273, 2nd Ed., 1996, ISBN: 0-13-37486-6. (Pfleeger) Rejections Claims 1-4, 14, 24-26, 28-29, 37, 41, 43, and 52-54 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, and Epsteine. Claims 5 and 47 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, and Reed. Claims 5 and 47 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, and Pfleeger. Claims 38, 39 and 53 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, and Ashdown. Appeal 2008-006148 Application 10/040,573 4 Claims 8-10, 21-23, 27, 33-36, 42, and 55 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, and Dan ‘103. Claims 48-51 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, Pfleeger, and Dan ‘103. Claims 48-51 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, Reed, and Dan ‘103. GROUPING OF CLAIMS (1) Appellants argue all of the independent claims 1, 14, 26, 41, and 55 with respect to independent claim 1 (Br. 5-11). We select independent claim 1 as the representative claim. We treat the dependent claims, 2-5, 21-25, 27-29, 33-39, 42, 43, and 47-54 as standing or falling with their respective dependency as they were not separately argued. Therefore, claims 2-5, 8-10, 14, 21-29, 33-39, 41-43, and 47-55 stand or fall with representative claim 1. (2) Appellants argue claim 8 separately (Br. 10). Claims 9 and 10 depend from claim 8 and were not separately argued; therefore, claims 9 and 10 stand or fall with claim 8. See 37 C.F.R. § 41.37(c)(1)(vii). 35 U.S.C. § 103(a): claims 1-4, 14, 24-26, 28-29, 37, 41, 43, and 52-54 ISSUE 1A Appellants assert their invention is not obvious over Dan ‘290 and Epsteine because Dan ‘290 does not teach or suggest generating a plurality Appeal 2008-006148 Application 10/040,573 5 of virtual private proxies (VPP) (App. Br. 5). Instead, according to Appellants, Dan ‘290 teaches enforcement code components that are components of a business service application that is public (App. Br. 5-6). Because Dan ‘290 explicitly declares the public nature of the environment to be an important aspect of Dan ‘290’s invention, Appellants contend Dan ‘290 does not teach the limitation recited (App. Br. 6). Appellants next argue Dan ‘290 does not teach proxies being generated (App. Br. 6). Specifically, Appellants contend none of the elements of Dan ‘290 cited qualify as proxies or are described as proxies (id.). The Examiner finds Appellants did not defined various terms including “private” and “proxy” (Ans. 12). The Examiner then finds, in light of definitions one of ordinary skill in the art would attribute to these terms, Dan ‘290's invention includes enforcement components that are a plurality of virtual proxies, for enforcing particular service contracts and services on behalf of enterprise networks (private entities) that result in the business service provider controlling a "service implementation component that executes . . . entirely on the service execution engine of the business service provider" (Ans. 11-12, 16-17, and 19). Accordingly the Examiner finds Dan ‘290 discloses that a plurality of virtual private proxies are generated (Ans. 11-13). Issue 1A Have Appellants shown the Examiner erred in finding Dan ‘290 discloses “generating a plurality of virtual private proxies?” Appeal 2008-006148 Application 10/040,573 6 FINDINGS OF FACT (FF) Appellants’ Specification (1) A VPP may be a logical entity (Spec. 10, ll. 8). Dan ‘290 (2) Dan ‘290 teaches a method and system for managing an automated business service system including multiple parties and a service contract specifying rules of interaction between the parties during service transactions (Abstract). The provider of the business service 500 controls and has full knowledge of the actual service implementation component 508 while the end user or client application only knows how to interact via the enforcement code component 502 and the contract specification 514 provided (col. 6, ll. 2-5). (3) A business service application 500 includes separate enforcement code components 502, 504 and 506 for enforcing a service contract(s) and service implementation component 508 which contains service implementation logic. In an example, the enforcement code components 502 and 512 are automatically generated from a single service contract 514 and executed on the service execution engine 510 and the client engine 516, respectively to ensure enforcement of interaction rules. The service contract specifies the rules of interaction between the parties including the permitted interaction patterns by the client and the required interaction pattern behaviors of the service provider. (Col. 5, ll. 49-63, col. 6, ll. 11-34, and Fig. 5). (4) [T]he enforcement code components can serve many purposes in the function of enforcing the specifications of the service contract. For example, enforcement code 512, upon receiving a Appeal 2008-006148 Application 10/040,573 7 request to be sent from the application 526, can log the request (noting time and content), number the request for correlation to an anticipated response, provide a signing function, include a timer function and notification in event of timeout and pass the request by a chosen protocol. When receiving a request or response from the service application 500, the enforcement code component can provide some of the functions listed hereinabove and also can determine whether the message is a response or a request, check validity of response and take appropriate action. (Col. 6, ll. 26-38). Dictionary (5) A “proxy” is defined as “authority or power to act for another” Merriam-Webster’s Collegiate Dictionary 938 (10th ed. 2000). (6) “Private” is defined as “intended for or restricted to use of a particular person, group, or class” Merriam-Webster’s Collegiate Dictionary 925 (10th ed. 2000). ANALYSIS After consideration, we adopt the Examiner’s findings that Dan ‘290 teaches generating virtual private proxies. Appellants have not defined “virtual private proxy” (See Spec. 9-10). “In the absence of an express intent to impart a novel meaning to the claim terms, the words are presumed to take on the ordinary and customary meanings attributed to them by those of ordinary skill in the art.” Brookhill-Wilk 1, LLC. v. Intuitive Surgical, Inc., 334 F.3d 1294, 1298 (Fed. Cir. 2003) (internal citations omitted). The “ordinary and customary meaning of a claim term is the meaning that the term would have to a person of ordinary skill in the art in question at the Appeal 2008-006148 Application 10/040,573 8 time of the invention, i.e., as of the effective filing date of the patent application.” Phillips v. AWH Corp., 415 F.3d 1303, 1313 (Fed. Cir. 2005) (en banc). We determine the scope of the claims in patent applications not solely on the basis of the claim language, but upon giving claims their broadest reasonable construction in light of the specification as it would be interpreted by one of ordinary skill in the art. In re Am. Acad. of Sci. Tech. Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). In Dan ‘290, the enforcement code components can have many functions (FF 3). Given the proposed functions set forth by Dan ‘290, we find the enforcement code components (computer logic) have the function of standing in for another (the agreement) (FF 5). Thus, we find that the enforcement code components are proxies. Additionally, Dan ‘290 teaches a business service implementing separate enforcement code components executed on different engines (FF 2 and 3). Since these proxies can be restricted to use of a particular device, group or person (FF 6), we find these virtual proxies are private. According to Dan ‘290, a single service contract is utilized to generate the enforcement code components 502 and 512 (FF 3). Therefore, we find the enforcement code components are generated based on an agreement. Moreover, since each enforcement code component is generated to be executed on respective engines, we find the proxies are each associated with a different entity (FF 3 and Fig. 5). Appeal 2008-006148 Application 10/040,573 9 In light of these teachings by Dan ‘290, we find Appellants have failed to persuade us of error in the Examiner’s findings that Dan ‘290 teaches generating virtual private proxies. ISSUE 1B Appellants further contend Dan ‘290 and Epsteine do not teach or suggest “determining whether the data violates the agreement” or “disallowing communication of the data from the first virtual proxy to the second virtual private proxy when the data violates the agreement” (App. Br. 7 and 8). According to Appellants, Dan ‘290 instead describes automatic generation of code used to implement a service contract (App. Br. 7). The Examiner finds Dan ’290 discloses an agreement that is used to take appropriate action based on the agreement data to be communicated from first entity utilizing a first proxy and second entity utilizing a second proxy (Ans. 14-15 and 20). The Examiner further finds that Epsteine teaches allowing data communication based on an agreement and concludes it would have been obvious to one of ordinary skill in the art at the time of Appellants’ invention to disallow communication of data between entities as taught by Dan ‘290 based on an agreement as taught by Epsteine (Ans. 15 and 20). Issue 1B: Have Appellants shown the Examiner erred in finding the prior art teaches “determining whether the data violates the agreement” and “disallowing communication of the data from the first virtual proxy to the second virtual private proxy when the data violates the agreement?” Appeal 2008-006148 Application 10/040,573 10 FURTHER FINDINGS OF FACT (FF) Epsteine (7) In a generic example, a firewall system 120 screens all connections between a private network 110 and an untrusted system 140. During the screening process, the “firewall system 120 determines which traffic should be allowed and which traffic should be disallowed based on a predetermined security policy.” (Col. 1, ll. 19-26 and Fig. 1). ANALYSIS We find Dan ‘290 teaches determining if the data violates the agreement as the data is transferred via the enforcement code components which ensure enforcement of the interaction rules (FF 3). Therefore, we find it inherent that these enforcement code components would need to determine whether the data violates the interaction rules in order to enforce them. Accordingly, we find Dan ‘290 teaches “determining whether the data violates the agreement.” We further find that the combination of Dan ‘290 and Epsteine teaches disallowing traffic based on an agreement (FF 7). Thus, we find Dan ‘290’s teaching of communications between proxies (as discussed above in Issue 1A) according to an agreement (FF 3) and Epsteine’s teaching of disallowing communication according to an agreement teach “disallowing communication of the data from the first virtual proxy to the second virtual proxy when the data violates the agreement.” Appeal 2008-006148 Application 10/040,573 11 ISSUE 1C Appellants argue no motivation exists to modify Dan ‘290’s public system using Epsteine’s firewall enhancement system (App. Br. 6-7). Specifically, Appellants argue that since Dan ‘290’s business service application is public, implementing Epsteine’s firewall enhancement system would undermine a fundamental principle of operation of Dan ‘290 (App. Br. 7). The Examiner finds Epsteine suggests allowing or disallowing data communication based on a security policy which the Examiner finds to be a predetermined agreement (Ans. 4 and 14). Thus, the Examiner finds it would have been obvious to one of ordinary skill in the art at the time of Appellant's invention to “disallow communication of the data between the first entity (using a first virtual proxy) and the second entity (using the second virtual proxy) as disclosed by Dan ‘290, based on an agreement as disclosed by Epsteine” to achieve a system that would allow only traffic conforming to a predetermined security policy (Ans. 4, 14, and 17-20). Issue 1C: Have Appellants shown the Examiner erred in finding one of ordinary skill in the art would have been motivated to combine Epsteine’s firewall enhancement system into the system of Dan ‘290? ANALYSIS We disagree that implementing Epsteine’s firewall enhancement system would undermine a fundamental principle of operation of Dan ‘290. As discussed above with respect to Issue 1A, we find that Dan ‘290 teaches private proxies. Using a firewall to allow or disallow traffic based on an agreement does not undermine the basic principle of Dan ‘290 which teaches Appeal 2008-006148 Application 10/040,573 12 private proxies and other elements of a business service system that permits communication between entities according to rules of interaction. Indeed, we find an ordinary artisan would have possessed the knowledge and skills rendering one capable of combining the technology of Epsteine into the system of Dan ‘290 as Dan ‘290 already suggests enforcement of interaction between proxies. (“[T]he proper question is whether the ordinary artisan possesses knowledge and skills rendering him capable of combining the prior art references.” DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1368 (Fed. Cir. 2006) (emphasis in original). We find the Examiner has articulated a motivation with a rational underpinning and Appellants have not persuaded us that the Examiner erred in finding one of ordinary skill in the art would have been motivated at the time Appellants’ invention was made, to combine Epsteine’s firewall enhancement system into the system of Dan ‘290. ISSUE 2 35 U.S.C. § 103(a): claims 8-10 Appellants argue Dan does not teach an agreement that includes the types of data allowed and the Examiner did not “even allege that the references teach or claim this element” (App. Br. 10). The Examiner finds that to perform a comparison to determine if data is allowable, as discussed in Issue 1B, the data that is allowed must be listed (Ans. 15). The Examiner further finds Dan teaches Dan '103, provides exemplary types of data that could be found in an agreement including types of protocols used (Ans. 15-16). Thus, the Examiner concludes, it would have been obvious to one of ordinary skill in the art at the time of applicant's Appeal 2008-006148 Application 10/040,573 13 invention to include allowable data types in an agreement given the benefit of fine control of data communication (Ans. 16). Issue 2: Have Appellants shown the Examiner erred in finding Dan ‘103 teaches “the agreement comprises types of data allowed?” FURTHER FINDINGS OF FACT (FF) Dan ‘103 (8) Dan is directed toward automatic contract negotiation between multiple parties over a communication network (Abstract). The parties determine a negotiation protocol before the negotiation process including transport protocol (communication protocol, encoding, and transport security information) (Abstract, pg. 1, [0005], and Fig. 3). (9) Possible elements of a negotiation meta contract 110 that define information about the meta contract include many variations and combinations of types of information, for example, general information 120, information about roles and participants 130, delivery channels 140 and transport protocol 150, document-exchange (DocExchange) protocol 160, negotiation protocol 170, sequencing rules 180 and policy constraints 190. The negotiation protocol 170 defines the negotiation operations, e.g., actions for selecting and changing values of parameters, actions for changing constraints, etc. A set of sequencing rules 180 may be provided in meta contract 110 to ensure that the various negotiation actions are being issued in the correct order. The meta contract may also provide a set of policy constraints 190 for governing the negotiation. Policy constraints may include, for example, time constraints that specify the amount of time in which a response is required or the amount of time allowed before an offer is withdrawn. (pg. 3, [0032]). Appeal 2008-006148 Application 10/040,573 14 ANALYSIS We find Dan ‘103 teaches determining the type of data permitted and including those types of data allowed as part of the agreement (if it is the right protocol, meets time constraints, etc.) (FF 8 and FF 9). Thus, we find Appellants have not shown the Examiner erred in finding Dan ‘103 teaches “the agreement comprises types of data allowed.” ISSUE 3 35 U.S.C. § 103(a): claims 5, 47 35 U.S.C. § 103(a): claims 38, 39, 53 35 U.S.C. § 103(a): claims 21-23, 27, 33-36, 42 and 55 35 U.S.C. § 103(a): claims 48-51 Appellants presented no separate arguments for these rejections. Accordingly, Appellants have not presented any evidence or arguments to persuade us of error in the Examiner’s rejections of these claims. Therefore, these claims fall with their respective independent claims. CONCLUSION Appellants have not shown that the Examiner erred in finding claim 1 and similarly argued claims 14, 26, 41, and 55 reciting commensurate language obvious over Dan ‘290 and Epsteine. Since dependent claims 2-5, 21-25, 27-29, 33-39, 42, 43, and 47-54 depend either directly or indirectly from representative and independent claims 1, 14, 26, or 41, and were not argued separately, Appellants have not shown the Examiner erred in finding claims 2-5, 21-25, 27-29, 33-39, 42, 43, and 47-54 obvious. Additionally, Appellants have not shown the Examiner erred in rejecting claim 8 for Appeal 2008-006148 Application 10/040,573 15 obviousness and thus, its dependent claims 9 and 10 fall with claim 8. Accordingly, Appellants have not shown the Examiner erred in rejecting claims 1-5, 8-10, 14, 21-29, 33-39, 41-43, and 47-55 under 35 U.S.C. § 103(a) for obviousness. DECISION The Examiner’s rejection of claims 1-4, 14, 24-26, 28-29, 37, 41, 43, and 52-54 under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, and Epsteine is affirmed. The Examiner’s rejection of claims 5 and 47 under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, and Reed is affirmed. The Examiner’s rejection of claims 5 and 47 under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, and Pfleeger is affirmed. The Examiner’s rejection of claims 38, 39 and 53 under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, and Ashdown is affirmed. The Examiner’s rejection of claims 8-10, 21-23, 27, 33-36, 42, and 55 under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine and Dan ‘103 is affirmed. The Examiner’s rejection of claims 48-51 under 35 U.S.C. § 103(a) as being unpatentable over Dan ‘290, Epsteine, Pfleeger, and Dan ‘103 is affirmed. Appeal 2008-006148 Application 10/040,573 16 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv) (2009). AFFIRMED Vsh AT&T LEGAL DEPARTMENT - JW ATTN: PATENT DOCKETING ROOM 2A-207 ONE AT&T WAY BEDMINSTER NJ 07921