Ex Parte Hao et alDownload PDFPatent Trial and Appeal BoardJun 19, 201512016320 (P.T.A.B. Jun. 19, 2015) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 12/016,320 01/18/2008 Da Ming Hao CN920060054US1 4071 7590 06/19/2015 Anne Vachon Dougherty 3173 Cedar Road Yorktown Hts, NY 10598 EXAMINER KHOSHNOODI, NADIA ART UNIT PAPER NUMBER 2494 MAIL DATE DELIVERY MODE 06/19/2015 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte DA MING HAO, WEI LI, LIN LUO, and HANG JUN YE ____________ Appeal 2013-002949 Application 12/016,3201 Technology Center 2400 ____________ Before CAROLYN D. THOMAS, JASON V. MORGAN, and KAMRAN JIVANI, Administrative Patent Judges. JIVANI, Administrative Patent Judge. DECISION ON APPEAL Appellants seek our review under 35 U.S.C. § 134(a) of the Examiner rejecting claims 1, 2, 4, 6–21, and 23, all the claims pending in the application. Claims 3, 5, and 22 are cancelled. We have jurisdiction over the appeal under 35 U.S.C. § 6(b). We AFFIRM-IN-PART. 1 According to Appellants, the real party in interest is International Business Machines Corporation. App. Br. 2. Appeal 2013-002949 Application 12/016,320 2 STATEMENT OF THE CASE The present patent application relates generally to secure updating of a vulnerable system over a network. Spec. 1. Claim 1 is illustrative (emphasis added): 1. An apparatus for secure updating of a vulnerable system over a network, the apparatus interposed between the system and the network, and implemented as a special hardware, the apparatus comprising: an internal interface connected to the system; an external interface connected to the network; a monitoring module for monitoring outgoing connections initiated by the system; and at least one filter module for selectively filtering out incoming network packets to block possible network attacks and only allowing packets pertinent to any outgoing connection initiated by the system. Claims 11, 13, 15, and 16 (emphasis added) depend from claim 1: 11. The apparatus according to claim 1, wherein the apparatus is a standalone device. 13. The apparatus according to claim 11, wherein the standalone device comprises a dedicated network cable. 15. The apparatus according to claim 11, wherein the apparatus is located in proximity to the vulnerable system. 16. The apparatus according to claim 11, wherein the apparatus is located at or in proximity to a gateway connecting to multiple vulnerable systems. Claims 13, 15, and 16 stand rejected as indefinite under 35 U.S.C. § 112, second paragraph. Appeal 2013-002949 Application 12/016,320 3 Claims 1, 2, 7–8, 10–15, 17–19, and 23 stand rejected under 35 U.S.C. § 102(b) as being unpatentable over Phillips (US Pub. 2006/0095965 Al, May 4, 2006). Claims 4, 6, 9, 16, 20, and 21 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Phillips and various other references of record. ISSUES The pivotal issues before us are: 1. whether the term dedicated, as recited in claim 13, satisfies the definiteness requirement of 35 U.S.C. § 112, second paragraph; 2. whether the phrase in proximity to, as recited in claims 15 and 16, satisfies the definiteness requirement of 35 U.S.C. § 112, second paragraph; 3. whether Phillips anticipates selectively filtering out incoming network packets and only allowing packets pertinent to any outgoing connection initiated by the system, as recited in independent claims 1, 17, and 18; and 4. whether the references of record teach or suggest selectively filtering out incoming network packets and only allowing packets pertinent to any outgoing connection initiated by the system, as recited in dependent claims 4, 6, 9, 16, 20, and 21. ANALYSIS We have reviewed the Examiner’s rejections in light of Appellants’ arguments in the Appeal Brief and Reply Brief that the Examiner has erred, and the Examiner’s Answer to Appellants’ arguments. Appeal 2013-002949 Application 12/016,320 4 Issue 1: Definiteness of claim 13 under of 35 U.S.C. § 112, second paragraph (“dedicated”) Claim 13 recites the standalone device comprises a dedicated network cable. The Examiner rejects the term dedicated as indefinite. Non-Final Act. 13–14. Specifically, the Examiner finds that it is unclear how the addition of the term dedicated impacts the scope of network cable. Ans. 3– 4. Appellants present no argument on this term. App. Br. 10–12; Reply Br. 2–4. Accordingly, we summarily sustain the Examiner’s rejection of claim 13 under 35 U.S.C. § 112, second paragraph. Issue 2: Definiteness of claims 15 and 16 under of 35 U.S.C. § 112, second paragraph (“in proximity to”) Claim 15 recites the apparatus located in proximity to the vulnerable system. Claim 16 recites the apparatus located in proximity to a gateway connecting to multiple vulnerable systems. The Examiner finds the limitation in proximity to is indefinite. Non-Final Act. 14. Appellants contend, inter alia, that one of ordinary skill in the art would understand the meaning of the term in the context of the claim and the Specification. App. Br. 11; Reply Br. 2–4. We are not persuaded by Appellants’ arguments. Rather, we agree with the Examiner and adopt the Examiner’s findings and reasons on this issue as our own. We further emphasize the following. Section 112, second paragraph requires “that a patent’s claims, viewed in light of the specification . . . inform those skilled in the art about the scope of the invention with reasonable certainty.” Nautilus, Inc. v. Biosig Instruments, Inc., 134 S. Ct. 2120, 2129 (US 2014). When, as in the instant case, a word of degree is used in a claim, it is incumbent upon the Appeal 2013-002949 Application 12/016,320 5 applicant to provide in the patent specification some standard for measuring that degree. Seattle Box Co., Inc. v. Industrial Crating & Packaging, Inc., 731 F.2d 818, 826 (Fed. Cir. 1984). The relevant inquiry is thus two pronged. The first prong determines whether the specification provides a standard for measuring the claimed degree. MPEP § 2173.05(b). If such standard is not recited in the specification, the second prong asks whether an artisan of ordinary skill, in view of the prior art and the status of the art, would be nevertheless reasonably apprised of the scope of the invention. Id. Here, the Specification recites no standard for measuring the claimed degree of proximity. Appellants direct us to disclosure of one embodiment in which the invention is a standalone device interposed between the system and the network. Reply 2–4 (citing Spec. 5–6). Such a standalone device may be located near a computer, near a hub, or near a network. Id. This disclosure is insufficient to set forth a standard for measuring the claimed degree. Substituting the terms proximity and near one for the other provides no clarity as to the degree of proximity (i.e., nearness) required. Turning to the understanding of a skilled artisan, Appellants fail to identify in the record before us sufficient evidence that one of ordinary skill in the art, in view of the prior art and the status of the art, reasonably would be apprised of the scope of the invention, despite the lack of a standard recited in the Specification. Accordingly, we sustain the Examiner’s rejection of claims 15 and 16 under 35 U.S.C. § 112, second paragraph. Appeal 2013-002949 Application 12/016,320 6 Issue 3: Rejection under 35 U.S.C. § 102(b) based on Phillips Claim 1 recites in relevant part at least one filter module only allowing packets pertinent to any outgoing connection initiated by the system. Claims 17 and 18 recite commensurate limitations. Thus every claim requires allowing only packets pertinent to any outgoing connection initiated by the system. The Examiner finds Phillips meets this limitation through disclosure of a network security protocol that transmits packets from a secure server to a computer via a network security module. Ans. 8–9 (citing Phillips, ¶¶ 42 and 43). Appellants argue this disclosure does not address outgoing connections initiated by the system, as recited in the independent claims. App. Br. 13–15. We agree with Appellants. Phillips discloses the network security module 304 (at least one filter module) periodically issues security information requests to the security service 306 (the network) for configuration information related to computer 302 (vulnerable system). Phillips, ¶¶ 42 and 43. In response, the security service 306 (the network) sends the security information including protective security measures (incoming packets) to be implemented by the network security module 304 (at least one filter module). Phillips, ¶¶ 45 and 46. Here, the security information (incoming packets) is pertinent to a request periodically initiated by the network security module 304 (at least one filter module), not to any outgoing connection initiated by the system, as claimed. In an alternative embodiment, Phillips discloses the security service 306 (the network) may push security information (incoming packets) to the security module 304 (at least one filter module). Id. ¶ 57. Here, the security information (incoming packets) is pertinent to a request initiated by the Appeal 2013-002949 Application 12/016,320 7 security service 306 (the network), not to any outgoing connection initiated by the system, as claimed. Thus in both cited embodiments, Phillips fails to teach the incoming packets allowed are pertinent to any outgoing connection initiated by the system. Constrained by the record before us, we do not sustain the Examiner’s § 102(b) rejection of independent claims 1, 17, and 18, nor of their dependent claims 2, 7–8, 10–15, 19, and 23. Issue 4: Rejections under 35 U.S.C. § 103(a) The Examiner rejects dependent claims 4, 6, 9, 16, 20, and 21 applying Phillips in combination with various other references of record. Here, the Examiner relies on Phillips to meet the outgoing connection initiated by the system, recited in the independent claims from which these claims depend. The Examiner makes no findings using the other references of record to repair the deficiency of Phillips discussed above. Accordingly, we do not sustain the Examiner’s § 103(a) rejection of dependent claims 4, 6, 9, 16, 20, and 21. DECISION We affirm the Examiner’s 35 U.S.C. § 112, second paragraph rejections of claims 13, 15, and 16.2 We reverse the Examiner’s 35 U.S.C. § 102(b) rejections of claims 1, 2, 7, 8, 10–15, 17–19, and 23. 2 We decide the Appeal before us. However, should prosecution of these claims continue, we recommend the Examiner ascertain whether the term “special incoming network packets,” as recited in claim 18 meets the definiteness requirement of 35 U.S.C. § 112, second paragraph. Appeal 2013-002949 Application 12/016,320 8 We reverse the Examiner’s 35 U.S.C. § 103(a) rejections of claims 4, 6, 9, 16, 20, and 21. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART kme Copy with citationCopy as parenthetical citation