Ex Parte Hay et alDownload PDFPatent Trial and Appeal BoardSep 26, 201613705705 (P.T.A.B. Sep. 26, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 131705,705 12/05/2012 ROEEHAY 73109 7590 09/28/2016 Cuenot, Forsythe & Kim, LLC 20283 State Road 7 Ste. 300 Boca Raton, FL 33498 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. IL920120075US1_8150-0320 8158 EXAMINER STEINLE, ANDREW J ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 09/28/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): ibmptomail@iplawpro.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ROEE HAY, DANIEL KALMAN, ROI SALTZMAN, and OMER TRIPP Appeal2015-003348 Application 13/705,705 Technology Center 2400 Before JEAN R. HOMERE, BETH Z. SHAW, and KARA L. SZPONDOWSKI, Administrative Patent Judges. SHAW, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner's final rejection of claims 9-11, 14--19, and 22-25, which are the only claims currently pending in this application. App. Br. 2. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. RELATED APPEALS This appeal is related to an Appeal 2015-005652 (U.S. Application No. 14/026,647). Appellants did not identify the related appeal. App. Br. 2. Appellants are reminded that they have a duty to identify: all other prior and pending appeals, interferences, trials before the Board, or judicial proceedings ... [that] involve an application or patent owned by the appellant or assignee, are known to appellant, the Appeal2015-003348 Application 13/705,705 appellant's legal representative, or assignee, and may be related to, directly affect or be directly affected by or have a bearing on the Board's decision in the pending appeal. 37 C.F.R. § 31.41(c)(ii) (2014). INVENTION Appellants' invention is directed to computer tools for detecting security vulnerabilities. Spec. i-f 3. Claim 9, which is representative, reads as follows: 9. A system for identifying security vulnerabilities on computing devices, the system comprising: a processor programmed to initiate executable operations comprising: detecting an inter-process communication on a computing device; determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability; and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability, wherein the determining comprises determining where the security vulnerability is a susceptibility to a confidentiality violation. REJECTIONS AT ISSUE The Examiner rejected claims 9-11, 14--19, and 22-25 under 35 U.S.C. § 102(b) as being anticipated by Freund (US 2004/0199763 Al; published Oct. 7, 2004). Final Act. 5-8. ISSUES Appellants argue that the Examiner's rejections are in error. App. Br. 8-12; Reply Br. 2. The dispositive issue presented by these arguments is: 2 Appeal2015-003348 Application 13/705,705 Did the Examiner err in finding Freund discloses "determining where the security vulnerability is a susceptibility to a confidentiality violation," as recited in claim 9? ANALYSIS We have reviewed Appellants' arguments in the Briefs, the Examiner's rejection, and the Examiner's response to Appellants' arguments. We adopt as our own the findings and reasons set forth in the rejection from which this appeal is taken and in the Examiner's Answer in response to Appellants' Appeal Brief. See Final Act. 2-8; Ans. 2-3. We highlight and address specific arguments and findings for emphasis as follows. Appellants argue that Freund fails to disclose "wherein the determining comprises determining where the security vulnerability is a susceptibility to a confidentiality violation," as recited in claim 9. App. Br. 8-12; Reply Br. 2. Here, the Examiner finds Freund's monitoring connection of potential malware requests discloses the disputed limitation of claim 9. See Ans. 2-3 (citing Freund i-f 72); Final Act. 6 (citing Freund i-fi-172-73, 88). Freund describes that connection requests are monitored, and that an incoming connection request attempts to create a communication channel (port), but that connection request can be trapped and re-directed, resulting in access being blocked. Id. (citing i-f 72; see also i-fi-173, 76, 84). The connection request attempt includes sufficient information (e.g., text string) to allow determination of the type of service being requested. Ans. 3 (citing f 72). Once the communication port has been opened, malware may send messages 3 Appeal2015-003348 Application 13/705,705 to a DNS server, including sending confidential information to a malicious DNS server. Id. The Examiner finds, and we agree, that the connection requests are inter-process communications that are monitored and assessed to determine what type of service is being requested. Id. The Examiner finds paragraph 72 refers to one such request, which is a confidentiality violation. Id. This type of request can be detected and mitigated by trapping or re-directing. Ans. 2-3; see also Freund i-fi-173. 84. Although Appellants argue that requesting a type of service does not identically disclose the claimed "'determining whether the inter-process communication is consistent with a susceptibility to a confidentiality violation,'" (Reply Br. 2), we are not persuaded. As described above, Freund describes monitoring connection requests, trapping, and redirecting certain requests to determine whether the requesting application has appropriate privileges, because if a requesting application does not have appropriate privileges, it may be used to send confidential information to a malicious DNS server. Freund i-fi-172, 73, 84. Appellants argue that the claimed invention involves "characterizing the type of security violation." App. Br. 9. However, this limitation is not recited in claim 9, and we decline to import this argued limitation into the claim. We agree with the Examiner's finding that under a broad but reasonable interpretation of the claim, Freund discloses "determining where the security vulnerability is a susceptibility to a confidentiality violation," as recited in claim 9 because Freund discloses determining where a request of malware may be used to send confidential information to a malicious DNS server. See Freund i-fi-1 72-73. In the absence of sufficient evidence or line 4 Appeal2015-003348 Application 13/705,705 of technical reasoning to the contrary, the Examiner's findings are reasonable and we find no reversible error. Because Appellants have not presented separate patentability arguments or have reiterated substantially the same arguments as those previously discussed for patentability above (see App. Br. 8-12), the remaining pending claims fall for the same reasons as claim 9. See 37 C.F.R. § 41.37(c)(l)(iv). DECISION The decision of the Examiner to reject claims 9-11, 14--19, and 22-25 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l). See 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 5 Copy with citationCopy as parenthetical citation
