Ex Parte K.Download PDFBoard of Patent Appeals and InterferencesJul 5, 201111212554 (B.P.A.I. Jul. 5, 2011) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte SUDHEER K. ____________ Appeal 2009-008269 Application 11/212,554 Technology Center 2100 ____________ Before JOSEPH L. DIXON, ST. JOHN COURTENAY III, and THU A. DANG, Administrative Patent Judges. COURTENAY, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 18-26 which are all the claims pending in the application. Claims 1-17 and 27-29 were cancelled during prosecution. We have jurisdiction under 35 U.S.C. § 6(b). We Affirm. Appeal 2009-008269 Application 11/212,554 2 Invention Appellant’s invention relates to a method and apparatus for inserting code in computing environments. More particularly, the invention on appeal is directed to effecting dynamic code insertion and for identifying and preventing stack buffer overflow security attacks. (Spec. 1, ll. 4-8) Representative Claim 18. A method of detecting stack or buffer overflows, comprising: enabling taken branch traps on a process; intercepting a branch instruction encountered during execution of the process; redirecting processing of the intercepted branch instruction; storing a copy of a return address to which processing is intended to return after said intercepted branch instruction; and comparing a return address for a return instruction and the copy of the return address to detect a stack or buffer overflow and determine whether to execute the return instruction. Examiner’s Rejection1 Claims 18-26 stand rejected under 35 U.S.C. §103(a) as being unpatentable over the combination of Xu (“Architecture Support 1 The Final Office Action contained a rejection of claims 18-26 under §112, second paragraph. This rejection was withdrawn by the Examiner in the Answer. (Ans. 3). Therefore, the rejection under §112, second paragraph, is not before us. Appeal 2009-008269 Application 11/212,554 3 for Defending Against Buffer Overflow Attacks”) and DeWitt (US 2003/0135718 A1). Grouping of Claims Appellant has argued the obviousness rejection of claims 18-26 as a single group. (App. Br. 3-8). We select independent claim 18 as the representative claim. See 37 C.F.R. § 41.37(c)(1)(vii). Combinability under §103 ISSUE Under §103, did the Examiner err by improperly combining Xu and DeWitt? ANALYSIS We begin our analysis by deciding the threshold question of whether the Examiner erred in combining Xu and Dewitt. Appellant contends that the Examiner’s articulated reasoning for combining Xu and DeWitt finds no support, and thus has no rational underpinning in either of the references. (App. Br. 7) The Examiner states that “it would have been obvious to one of ordinary skill in the art at the time of the invention to combine the teaching of DeWitt with the invention of Xu, because prior art elements are combined according to known methods to yield predictable results.” (Ans. 5). The Examiner provides further details in support of this rationale on pages 16- 18 in the Answer. We observe that Appellant has not further rebutted the Examiner’s specific findings (i.e., no Reply Brief was filed). Appeal 2009-008269 Application 11/212,554 4 On this record, we agree with the Examiner. The Supreme Court has provided clear guidance that “when a patent ‘simply arranges old elements with each performing the same function it had been known to perform’ and yields no more than one would expect from such an arrangement, the combination is obvious.” KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 417 (2007) (quoting Sakraida v. Ag Pro, Inc., 425 U.S. 273, 282 (1976)). Moreover, given the breadth of Appellant’s representative claim18, we are not persuaded that combining the respective familiar elements of the cited references in the manner proffered by the Examiner was “uniquely challenging or difficult for one of ordinary skill in the art” (see Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR, 550 U.S. at 418)). This reasoning is applicable here. In particular, Appellant has not provided rebuttal evidence to establish that the Examiner’s proffered combination of references would have yielded unpredictable or unexpected results. Therefore, on this record, we find Appellant has not shown reversible error in the Examiner’s prima facie case of obviousness regarding the combinability of Xu and DeWitt. 2 2 See In re Jung, 637 F.3d 1356, 1365 (Fed. Cir. 2011) (“Jung argues that the Board gave improper deference to the examiner’s rejection by requiring Jung to ‘identif[y] a reversible error’ by the examiner, which improperly shifted the burden of proving patentability onto Jung. Decision at 11. This is a hollow argument, because, as discussed above, the examiner established a prima facie case of anticipation and the burden was properly shifted to Jung to rebut it. . . . ‘[R]eversible error’ means that the applicant must identify to the Board what the examiner did wrong . . . .”). Appeal 2009-008269 Application 11/212,554 5 Limitations under § 103 ISSUE Under §103, did the Examiner err in finding that the cited combination of Xu and DeWitt would have taught or suggested “comparing a return address for a return instruction and the copy of the return address to detect a stack or buffer overflow and determine whether to execute the return instruction,” within the meaning of representative claim 18? FINDINGS OF FACT 1. Xu teaches the “SRAS [Secure Return Address Stack] does not try to prevent overwriting a return address stored on the stack, it instead detects an attack after the return address is maliciously changed but before the attack can have any negative impact.” (Pg. 5, rightmost column, last sentence – pg. 6, ¶1). 2. Xu teaches that the “RAS [Return Address Stack] can usually achieve very high prediction accuracy (greater than 99%) [17]. Observe that the RAS contains a redundant hardware copy of the return address on the process's stack in memory and is immune from stack overflow. This redundant copy of the return address can be used to detect situations when the return address has been tampered with.” (pg. 6, ¶2). Additional findings of fact appear below. Appeal 2009-008269 Application 11/212,554 6 ANALYSIS At the outset, we only consider Appellant’s arguments to the extent that they are directed to claimed subject matter. For example, we observe that representative claim 18 is silent regarding the argued “inserting of code” or “dynamically inserting code.” (See App. Br. 4). Appellant additionally contends that it is not inherent in Xu that when the return address has been tampered with, the instruction will not be executed, as argued by the Examiner. (App. Br. 4). We note that representative claim 18 recites, in pertinent part: comparing a return address for a return instruction and the copy of the return address to detect a stack or buffer overflow and determine whether to execute the return instruction. In response, the Examiner finds that one of ordinary skill in the art would have readily recognized: In order to detect situations when the return address has been tampered with, it is necessary to compare the standard return address that has been pushed onto the return address stack with that redundant hardware copy, at the time the return instruction is fetched. In other words, upon encountering of a return instruction (which is a type of branch), a comparison of the standard return address and the redundant hardware copy must be performed. (Ans. 17). We note that the Examiner’s position has not been further rebutted by Appellant (i.e., by filing a Reply Brief). Appeal 2009-008269 Application 11/212,554 7 The ultimate legal question of obviousness is “based on underlying factual determinations including . . . what th[e] prior art teaches explicitly and inherently . . . .” In re Zurko, 258 F.3d 1379, 1383 (Fed. Cir. 2001). However, based upon our review of the record, we need not reach the issue of inherency to decide this appeal, because “‘[a] prima facie case of obviousness is established when the teachings from the prior art itself would appear to have suggested the claimed subject matter to a person of ordinary skill in the art.’” In re Bell, 991 F.2d 781, 783 (Fed. Cir. 1993) (quoting In re Rinehart, 531 F.2d 1048, 1051 (CCPA 1976)). Here, we find that Xu expressly teaches maintaining a redundant hardware copy of the return address on the process's stack in memory that is immune from stack overflow. (FF 2). Thus we find Xu, when combined with DeWitt (which teaches intercepting branch instructions, para. [0064]), would have taught or suggested Appellant’s claimed “storing a copy of a return address to which processing is intended to return after said intercepted branch instruction.” (Claim 18). Given that Xu expressly teaches that the “redundant copy of the return address can be used to detect situations when the return address has been tampered with” (id.), and because the thrust of Xu’s entire document is directed to an “Architecture Support for Defending Against Buffer Overflow Attacks” (pg. 1, Title), we find Xu would have at least strongly suggested comparing the return address from the stack with the redundant copy in memory to detect a stack or buffer overflow attack and thus determine whether to execute the return instruction. (See Claim 18). Our findings are buttressed by Xu’s teaching that the SRAS (Secure Return Address Stack) does not try to prevent overwriting a return address Appeal 2009-008269 Application 11/212,554 8 stored on the stack, but instead detects an attack after the return address has been maliciously changed, before the attack can have any negative impact. (FF 1). Because Xu teaches that the attack is detected before it can have a negative impact, we find Xu strongly suggests non-execution of the return instruction if the return address has been maliciously changed during a function call invocation. Further, we find that DeWitt teaches actions that may be taken after a branch instruction is encountered, by use of the trap flag (¶. [0064]). More particularly, DeWitt discloses “a taken-branch trap flag that causes the processor to stop executing instructions at every branch- type instruction and to deliver execution control to a trap handler for the taken-branch trap.” (Id.). Therefore, based on the totality of the evidence, we find that the combined teachings of Xu and DeWitt would have taught or suggested “comparing a return address for a return instruction and the copy of the return address to detect a stack or buffer overflow and determine whether to execute the return instruction,” as recited in claim 18. (emphasis added). For at least these reasons, we agree with the Examiner’s ultimate legal conclusion of obviousness. Accordingly, we find Appellant has not shown reversible error in the Examiner’s §103 rejection of representative claim 18. We sustain the obviousness rejection of representative claim 18, and claims 19-26 (not argued separately) which fall therewith. See 37 C.F.R. § 41.37(c)(1)(vii). Appeal 2009-008269 Application 11/212,554 9 DECISION We affirm the rejection of claims 18-26 under § 103. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). ORDER AFFIRMED tkl Copy with citationCopy as parenthetical citation