Ex Parte Hubbard et alDownload PDFPatent Trial and Appeal BoardDec 22, 201611680494 (P.T.A.B. Dec. 22, 2016) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/680,494 02/28/2007 Dan Hubbard 4593.060US1 5374 141463 7590 12/27/2016 Schwegman Lundberg & Woessner / Forcepoint P.O. Box 2938 Minneapolis, MN 55402 EXAMINER WILLIS, AMANDA LYNN ART UNIT PAPER NUMBER 2158 NOTIFICATION DATE DELIVERY MODE 12/27/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): uspto@slwip.com SLW @blackhillsip.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte DAN HUBBARD and ALAN TSE Appeal 2016-001743 Application 11/680,494 Technology Center 2100 Before JEFFREY S. SMITH, ERIC B. CHEN, and JOSEPH P. LENTIVECH, Administrative Patent Judges. CHEN, Administrative Patent Judge. DECISION ON APPEAL This is an appeal under 35 U.S.C. § 134(a) from the final rejection of claims 1—23. Claims 24—34 have been cancelled. We have jurisdiction under 35 U.S.C. § 6(b). We reverse and enter a new ground of rejection pursuant to our authority under 37 C.F.R. § 41.50(b). STATEMENT OF THE CASE Appellants’ invention relates to identifying active content in websites on a network. (Abstract.) Appeal 2016-001743 Application 11/680,494 Claim 1 is exemplary, with disputed limitation in italics: 1. A method of controlling access to requested web content, implemented on at least one processor, comprising: receiving, using at least the processor, a request for access to web content located at an address specified by a uniform resource locator (URL); determining which processes are spawned by the web content identified by the URL; comparing which processes are spawned with a list to determine properties of the URL; and determining, using at least the processor, whether to allow the request based at least partly on the determined properties. Claims 1—23 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Golan (US 5,974,549; issued Oct. 26, 1999) and Russell-Falla (US 6,266,664 Bl; issued July 24, 2001). ANALYSIS We are persuaded by Appellants’ arguments (App. Br. 11—12) that the combination of Golan and Russell-Falla would not have rendered obvious independent claim 1, which includes the limitations “determining which processes are spawned by the web content identified by the URL” and “comparing which processes are spawned with a list to determine properties of the URL.” The Examiner found that the security monitor of Golan for a Web browser, which monitors API calls, corresponds to the limitations “determining which processes are spawned by the web content identified by the URL.” (Final Act. 3.) The Examiner further found that the security monitor of Golan, which also does not permit certain API calls that would 2 Appeal 2016-001743 Application 11/680,494 breach security configurations, corresponds to the limitation “comparing which processes are spawned with a list to determine properties of the URL.” {Id.', see also Ans. 2-4.) We do not agree. Golan relates to “a security monitor for securing untrusted and/or unknown software downloaded from an external source” (col. 1,11. 5—7), in particular “creating a secure sandbox within which a plurality of downloaded software components can execute in a secure manner” (Abstract). Golan explains that “[t]he monitored application normally makes API calls 22 to the operating system 18” (e.g., Windows 95 or Windows NT), such that “[API] calls are intercepted and monitored by security monitor 20 within the secure sandbox, generally referenced 10” and “[t]he security monitor does not permit the software component to call certain APIs with certain parameters that would breach the security configuration provided by a user.” (Col. 5,11. 3—11.) Golan further explains that “[t]he security monitor detects when a downloaded software component attempts to commit an action that breaches security and functions to halt the component’s execution and issue a warning to the user.” (Col. 4,11. 58—61.) Although the Examiner cited the security monitor of Golan, which generally explains that API calls that may breach security are monitored (Ans. 3—4), the Examiner has provided insufficient evidence to support a finding that Golan teaches the limitations “determining which processes are spawned by the web content identified by the URL” and “comparing which processes are spawned with a list to determine properties of the URL,” particularly when Golan is silent with respect to spawning a process. In particular, Golan is silent with respect to API calls executing a spawn function and comparing the results of such spawn function to any list. On 3 Appeal 2016-001743 Application 11/680,494 this record, the Examiner has not demonstrated that Golan teaches the limitations “determining which processes are spawned by the web content identified by the URL” and “comparing which processes are spawned with a list to determine properties of the URL.” Thus, we are persuaded by Appellants’ arguments that “Golan does not disclose or suggest that the downloadable software components themselves can spawn processes.” (App. Br. 11.) In particular, we are persuaded by Appellants’ arguments that “[t]he difference between the Examiner’s position and the claim language is demonstrated by [additional evidence,] Microsoft TechNet, Chapter 3, Developing Phase: Process and Thread Management, (May 31, 2006),” which “provides several examples of process creation” including “one example [that] spawns a ‘notepad’ process using the ‘CreateProcess’ API.” (Id. at 12.) Accordingly, we do not sustain the rejection of independent claim 1 under 35 U.S.C. § 103(a). Claims 2—11 depend from independent claim 1. We do not sustain the rejection of claims 2—11 under 35 U.S.C. § 103(a) for the same reasons discussed with respect to independent claim 1. Independent claims 12 and 23 recite limitations similar to those discussed with respect to independent claim 1. We do not sustain the rejection of claims 12 and 23, as well as dependent claims 13—22, for the same reasons discussed with respect to claim 1. NEW GROUND OF REJECTION UNDER 37 C.F.R. § 41.50(b) We enter the following new ground of rejection: Claims 1,12, and 23 are rejected under 35 U.S.C. § 103(a) as unpatentable over Golan, Microsoft TechNet, and Russell-Falla. 4 Appeal 2016-001743 Application 11/680,494 As discussed previously, Golan explains that “[t]he monitored application normally makes API calls 22 to the operating system 18” (e.g., Windows 95 or Windows NT), such that “[API] calls are intercepted and monitored by security monitor 20 within the secure sandbox, generally referenced 10” and “[t]he security monitor does not permit the software component to call certain APIs with certain parameters that would breach the security configuration provided by a user.” (Col. 5,11. 3—11.) In particular, Golan explains the following: Process and Thread APIs The following APIs are used with processes and threads and are monitored in order to prevent unauthorized access to the address space and execution state of other processes and threads running at the same time. AttachThreadlnput Create Process Create Thread CreateProcessAsUser.... (Col. 17,11.38-50.) Microsoft TechNet explains that “[a]n alternative to using CreateProcess [API] is to use one of the spawn functions that are present in the standard C runtime.” The combination of Golan and Microsoft TechNet is nothing more than the simple substitution of the known spawn functions of Microsoft TechNet for the Create Process API of Golan, to yield predictable results. See KSR Inti Co. v. Teleflex Inc., 550 U.S. 398, 417 (2007). This combination would result in the security function of Golan determining if the spawn functions of Microsoft TechNet appear on the “Process and Thread APIs” list of Golan, which breaches security protocol. Accordingly, the combination of Golan and Microsoft TechNet teaches or suggests the 5 Appeal 2016-001743 Application 11/680,494 limitations “determining which processes are spawned by the web content identified by the URL” and “comparing which processes are spawned with a list to determine properties of the URL.” Pursuant to our authority under 37 C.F.R. § 41.50(b), we reject independent claims 1, 12, and 23 as unpatentable over Golan, Microsoft TechNet, and Russell-Falla under 35 U.S.C. § 103(a). Because Appellants do not allege error in the Examiner’s findings for claims 2—11 and 13—22 we adopt the Examiner’s uncontested findings for claims 2—11 and 13—22. Accordingly, we reject dependent claims 2—11 and 13—22 as unpatentable over Golan, Microsoft TechNet, and Russell-Falla under 35 U.S.C. § 103(a). This decision contains a new ground of rejection pursuant to 37 C.F.R. § 41.50(b). 37 C.F.R. § 41.50(b) provides that a “new ground of rejection pursuant to this paragraph shall not be considered final for judicial review.” 37 C.F.R. § 41.50(b) also provides that Appellants, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new ground of rejection to avoid termination of proceedings (37 C.F.R. § 1.197 (b)) as to the rejected claims: (1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the prosecution will be remanded to the examiner. . . . (2) Request rehearing. Request that the proceeding be reheard under § 41.52 by the Board upon the same Record. . . . 6 Appeal 2016-001743 Application 11/680,494 DECISION The Examiner’s decision rejecting claims 1—23 is reversed. A new ground of rejection has been entered under 37 C.F.R. § 41.50(b) for claims 1, 12, and 23, rejected under 35 U.S.C. § 103(a) as unpatentable over Golan, Microsoft TechNet, and Russell-Falla. REVERSED 37 C.F.R, $ 41.50(b) 7 Copy with citationCopy as parenthetical citation