Ex Parte Joy et alDownload PDFPatent Trial and Appeal BoardFeb 28, 201713230726 (P.T.A.B. Feb. 28, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/230,726 09/12/2011 Jon Joy 333258.01 5090 69316 7590 03/02/2017 MICROSOFT CORPORATION ONE MICROSOFT WAY REDMOND, WA 98052 EXAMINER SALL, EL HADJI MALICK ART UNIT PAPER NUMBER 2457 NOTIFICATION DATE DELIVERY MODE 03/02/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): u sdocket @ micro soft .com chriochs @microsoft.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JON JOY, DERK ADAIR BENISCH, TOM JANES, JAMES BOERNER, MICHAEL SITLER, ANTHONY PAUL PENT A, and ZACHARIAH MORGAN Appeal 2016-002273 Application 13/230,7261 Technology Center 2400 Before MICHAEL J. STRAUSS, DANIEL N. FISHMAN, and JAMES W. DEJMEK, Administrative Patent Judges. DEJMEK, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a Final Rejection of claims 1—19 and 21. Claim 20 has been canceled. App. Br. 25. We have jurisdiction over the remaining pending claims under 35 U.S.C. § 6(b). We reverse. 1 Appellants identify Microsoft, Inc. as the real party in interest. App. Br. 3. Appeal 2016-002273 Application 13/230,726 STATEMENT OF THE CASE Introduction Appellants’ claimed invention is directed to techniques for allowing a source computer node to specify one or more node properties used to select target nodes from a proxy network. Spec. Abstract. In other words, “[a] source may initiate a request to send traffic to a particular target (e.g., a ‘target request’), and may specify a particular set of node properties of the nodes sending the traffic (e.g., nodes in a particular geographic location and/or utilizing a particular type of network connection).” Spec. 1 7. The Specification sets forth an exemplary scenario of a malware detection service for using the claimed technique. Spec. 124. According to the Specification, malware servers may respond differently to requests based on the node (or node properties of the node) sending the request. Spec. 124— 25. In a disclosed embodiment, a proxy network may be organized as a set of node managers each managing a set of nodes having various node properties. Spec. 132. A source node (e.g., a computer running a malware detection service) may instruct the node managers to use nodes having a specified node property send traffic (e.g., “crawl”) a target node (e.g., malware server). Spec. 132. According to the Specification, by selecting specific node properties, a malware detection service may be better able to avoid detection by the malware server. See Spec. Tflf 24, 26. Claim 1 is illustrative of the subject matter on appeal and is reproduced below with the disputed limitations emphasized in italics'. 1. A method of sending traffic on behalf of sources to targets using node managers managing nodes having node properties, the method using a device having a processor and comprising: executing on the processor instructions configured to: 2 Appeal 2016-002273 Application 13/230,726 upon receiving from a node manager a node descriptor identifying node properties of at least one node managed by the node manager, store the node descriptor; and upon receiving from a source a target request identifying a target and at least one selected node property. using the node descriptors, select at least one selected node manager managing nodes that satisfy the selected node properties', and send to the at least one selected node manager a traffic request to instruct at least one node satisfying the selected node properties to generate traffic between the node and the target. The Examiner’s Rejections 1. Claims 1—18 and 21 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Boren (US 2010/0100962 Al; Apr. 22, 2010) and Paterson-Jones et al. (US 8,190,682 B2; May 29, 2012) (“Paterson-Jones”). Final Act. 2—8. 2. Claim 19 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Boren, Paterson-Jones, and Kalimuthu et al. (US 2008/0229095 Al; Sept. 18, 2008) (“Kalimuthu”). Final Act. 8-9. Issue on Appeal2 Did the Examiner err in finding the combination of Boren and Paterson-Jones teaches or suggests a node manager selecting a node satisfying specified node properties to generate traffic between the node and an identified target, as required by claim 1 ? 2 We only address this issue, which is dispositive. We do not address additional issues raised by Appellants’ arguments. 3 Appeal 2016-002273 Application 13/230,726 ANALYSIS3 Appellants contend Boren, as relied upon by the Examiner, fails to teach nodes (i.e., computers) of Boren’s allied secondary network are selected based on node properties identified by a source node. App. Br. 14- lb. In particular, Appellants assert “in Boren, it does not matter which nodes of the allied secondary network are selected to send traffic to the target.” App. Br. 14. Further, Appellants contend the nodes in Boren are treated in a fungible manner wherein any differences among the allied secondary computers are immaterial. App. Br. 15. In response, the Examiner explains “Boren discloses launching denial of service attacks on specific targeted computers causing the bot network to each generate multiple service requests to the specific target computer.” Ans. 10 (citing Boren 19). Boren is generally directed to “methods of preventing and defeating network attacks, such as denial of service or other similar network attacks.” Boren 12. In a disclosed embodiment, a plurality of computers from a secondary allied network are used to initiate a virtual attack on the various computers sending requests as part of a distributed denial of service attack. Boren 114. According to various embodiments of the present invention, a separate set of resources is utilized to “call back” previously blocked requesting addresses and determine, if such addresses should be serviced. This allows the target of a denial of service type attack to automatically come back on line and serve many 3 Throughout this Decision, we have considered the Appeal Brief, filed June 1, 2015 (“App. Br.”); the Reply Brief, filed December 16, 2015 (“Reply Br.”); the Examiner’s Answer, mailed on October 20, 2015 (“Ans.”); and the Final Office Action (“Final Act.”), mailed on November 10, 2014, from which this Appeal is taken. 4 Appeal 2016-002273 Application 13/230,726 of its customers, even though a denial of service type attack is still in progress. Boren 122. Thus, Boren discloses the nodes of the secondary allied network attempt to communicate with, and determine if the various nodes generating traffic to a defended computer are valid nodes (e.g., of a known customer) or should be restricted/blocked. We agree with Appellants that the Examiner has not identified within Boren that the nodes of the secondary allied network are selected based on identified node properties. Further, we agree with Appellants that the Examiner’s response identifying exemplary passages of Boren in selection of a computer (see Ans. 9-10 (citing Boren || 47 and 51)) is inapposite. Reply Br. 3^4. The identified passages do not specify the use of node parameters (or any other mechanism) to select the nodes from the secondary allied network. For the reasons discussed supra, and on the record before us, we do not sustain the Examiner’s rejection of independent claim 1. For similar reasons, we do not sustain the Examiner’s rejection of independent claims 12 and 21, which recite similar limitations. Additionally, we do not sustain the Examiner’s rejections of claims 2—11 and 13—19, which depend therefrom. 5 Appeal 2016-002273 Application 13/230,726 DECISION4 We reverse the Examiner’s decision to reject claims 1—19 and 21. REVERSED 4 In the event of further prosecution, we invite the Examiner to consider whether claims 1—19 and 21 comport with the requirements of 35 U.S.C. §112, second paragraph. In particular, we leave it to the Examiner to determine whether claim terms “the node descriptors,” and “the selected node properties,” as recited in claims 1, 12, and 21; “the node,” as recited in claims 1 and 21; and “the selected node,” as recited in claim 12 have clear antecedent bases. 6 Copy with citationCopy as parenthetical citation
