10246969 (B.P.A.I. Sep. 20, 2010)

Ex Parte Godwin

Board of Patent Appeals and InterferencesSep 20, 2010

10246969 (B.P.A.I. Sep. 20, 2010)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/246,969 09/19/2002 Debbie Ann Godwin AUS920020403US1 2212 45993 7590 09/21/2010 IBM CORPORATION (RHF) C/O ROBERT H. FRANTZ P. O. BOX 23324 OKLAHOMA CITY, OK 73123 EXAMINER SHAW, YIN CHEN ART UNIT PAPER NUMBER 2439 MAIL DATE DELIVERY MODE 09/21/2010 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ________________ Ex parte DEBBIE ANN GODWIN ________________ Appeal 2010-003941 Application 10/246,969 Technology Center 2400 ________________ Before JAMES D. THOMAS, HOWARD B. BLANKENSHIP and STEPHEN C. SIU, Administrative Patent Judges. J. THOMAS, Administrative Patent Judge. DECISION ON APPEAL1 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, as recited in 37 C.F.R. § 41.52, begins to run from the “MAIL DATE” (paper delivery mode) or the “NOTIFICATION DATE” (electronic delivery mode) shown on the PTOL-90A cover letter attached to this decision. Appeal 2009-003941 Application 10/246,969 2 STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1 through 27. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Invention A tool for checking storage management system security settings which accesses one or more security parameters, compares them to security policies, rules, and allowable values, and reports noncompliant settings via a user-readable report. (Abstract, para. 69, lines 1-3; Figs. 3, 4). Representative Claim 1. A method in a storage management system comprising: accessing one or more security parameters of said storage management system; evaluating said security parameters against a set of security policies, rules and allowable parameter values; and indicating in a user-readable report which security parameters fail to meet said security policies, rules and allowable parameter values. Prior Art and Examiner’s Rejections The Examiner relies upon the following references as evidence of anticipation and unpatentability: Kaneda 2003/0004981 A1 Jan. 2, 2003 (filed Aug. 30, 2001) Appeal 2009-003941 Application 10/246,969 3 Proctor 6,530,024 B1 Mar. 4, 2003 (filed Nov. 20, 1998) Lineman 2003/0065942 A1 Apr. 3, 2003 (filed Sept. 28, 2001) Leong 6,557, 039 B1 Apr. 29, 2003 (filed Nov. 12, 1999) Claims 1-3, 5-7, 10-12, 14-16, 19-21, and 23-25 stand rejected under 35 U.S.C. § 102(e) as being anticipated by Proctor. All remaining claims stand rejected under 35 U.S.C. § 103. Proctor is being utilized by the Examiner along with Lineman to reject dependent claims 4, 13, and 22. Claims 8, 17, and 26 are rejected over Proctor and Kaneda. Lastly, claims 9, 18, and 27 stand rejected by the Examiner using Proctor and Leong. Claim Groupings Within the first stated rejection under 35 U.S.C. § 102, we and Appellants consider independent claim 1 as representative of the subject matter of independent claims 1, 10, and 19. No dependent claim is argued within any rejection before us. PROSECUTION HISTORY The above-noted panel issued a remand to the Examiner on August 20, 2008 in appeal 2008-1030. Subsequently, Appellant sought reinstatement of the appeal through a request for reinstatement filed on September 21, 2008. A decision on this request was granted on April 1, 2009, that led to the present appeal. Appeal 2009-003941 Application 10/246,969 4 ANALYSIS We refer to, rely on, and adopt the Examiner’s findings and conclusions set forth in the Answer. Our discussions here will be limited to the following points of emphasis. Proctor’s Abstract indicates that his invention relates to the ability to define security procedures which can include one or more policies as well as the detection of security incidents. The summary of invention at column 2 identifies plural different definable policies which are developed within topic heading 4 at the bottom of column 5 of this reference. With respect to the showing in Figure 2, the definition of security procedures in element 204 is followed in turn by data analysis section 216 and a security occurrence decision block 220. As discussed at column 6, lines 53-65, the data analysis step 216 performs an analysis function as well as a determination function whether any security breaches have been attempted or have occurred. This indicates to a person of ordinary skill in the art that an evaluation or compliance or compare functionality has occurred. An exemplary showing of audit policy and what comprises it is illustrated in Figure 3 to which subsequent Figures 4-8 detail the ability of an administrator/user to establish/change various security parameters or security settings as needed. These are discussed briefly at the beginning of column 7 with respect to these figures in conjunction with at least the detection policy and security policy in the discussions bridging columns 9 and 10. As relied upon by the Examiner in part, Figure 9 shows various policies within the corporate environment illustrated in a brief discussion of Appeal 2009-003941 Application 10/246,969 5 the security assessment capability 922/924 which may be found at column 11, lines 39-53. This portion again indicates an analysis is conducted in this assessment capability to again determine whether an actual or attempted or potential security breach has occurred that, likewise, is consistent with the evaluating functionality of representative independent claim 1 on appeal. Column 14 begins a discussion of exemplary Figures 13 and 14 which are said to be exemplary system implementations of Proctor’s invention. We likewise note, as before, the discussion at column 14, lines 31-45 that a detection engine 1342 in Figure 13 “evaluates” (in a manner consistent with the use of that term in independent claim 1 on appeal) collectively events with respect to the various policies to determine whether a security breach has occurred. Comparable teachings occur with respect to the detection mechanism 1434 in Figure 14 that again “evaluates” events to determine whether a security occurrence or incident has occurred as briefly indicated at column 16, lines 19-21. With this background in mind, Appellant’s arguments that the evaluating clause of representative independent claim 1 on appeal has not been met within 35 U.S.C. §102 are not persuasive of patentability. We consider Appellant’s remarks beginning at page 4 of the principal brief on appeal as essentially inviting us to read disclosed but unclaimed limitations into representative claim 1 on appeal, wherein an essentially similar approach is followed in Reply Brief. Contrary to what is indicated in the middle of page 5 of the principal brief on appeal, security parameters are what have been claimed in representative independent claim 1 and not security settings. Notwithstanding this, the showings within Figures 3-8 indicate that security Appeal 2009-003941 Application 10/246,969 6 settings/parameters are adjustable within the context of the audit policy teachings in Proctor. It is worthy of note here that the policy updates capability 928 in Figure 9 illustrates that adjustable policy parameters are also within the significant teachings of Proctor. This capability of updating/adjusting is best depicted in Proctor’s Figure 12 as to various policies. The comparative figure of Proctor’s Figure 9 alongside a depiction of aspects of Appellant’s disclosed invention at page 7 of the principal Brief on appeal invites us to improperly compare this portion of the Appellant’s disclosed invention with a limited view of the teachings of Proctor. Representative independent claim 1 also does not recite any ability to automatically change the thresholds in any detection policy, contrary to the position at the top of page 8 of the principal brief on appeal. By the use of such broad terms as reflected in representative independent claim 1 on appeal that are argued before us, the claims do not exclude the noted teachings of Proctor that clearly apply to the disputed recitations. CONCLUSIONS and DECISION Appellant has not shown that the Examiner erred in finding that Proctor anticipates the subject matter of representative independent claim 1 on appeal. Therefore, we affirm the Examiner’s rejections under 35 U.S.C. §§ 102 and 103 of various claims on appeal. Appeal 2009-003941 Application 10/246,969 7 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(v). AFFIRMED Erc IBM CORPORATION (RHF) C/O ROBERT H. FRANTZ P. O. BOX 23324 OKLAHOMA CITY, OK 73123