Ex Parte KimDownload PDFPatent Trial and Appeal BoardMay 18, 201813991460 (P.T.A.B. May. 18, 2018) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/991,460 06/04/2013 23122 7590 RATNERPRESTIA 2200 Renaissance Blvd Suite 350 King of Prussia, PA 19406 05/22/2018 FIRST NAMED INVENTOR Kyung Hee Kim UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. N&N-138US 6241 EXAMINER AN, WAYNE ART UNIT PAPER NUMBER 2498 NOTIFICATION DATE DELIVERY MODE 05/22/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): PCorrespondence@ratnerprestia.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte KYUNG HEE KIM Appeal 2017-011673 Application 13/991,460 1 Technology Center 2400 Before DEBRA K. STEPHENS, DANIEL J. GALLIGAN, and DAVID J. CUTITTA II, Administrative Patent Judges. GALLIGAN, Administrative Patent Judge. DECISION ON APPEAL Introduction Appellant appeals under 35 U.S.C. § 134(a) from a non-final rejection of claims 1-3 and 7-16, which are all of the claims pending in the application. We have jurisdiction under 35 U.S.C. § 6(b ). Claims 4--6 have been cancelled. We AFFIRM. 2 1 According to Appellant, the real party in interest is Ahnlab, Inc. Br. 1. 2 Our Decision refers to Appellant's Appeal Brief filed January 23, 2017 ("Br."); Examiner's Answer mailed June 30, 2017 ("Ans."); and Non-Final Office Action mailed July 19, 2016 ("Non-Final Act."). Appeal2017-011673 Application 13/991,460 STATEMENT OF THE CASE Claims on Appeal Claims 1, 10, and 16 are independent claims. Claim 1 is reproduced below: 1. A malicious code removing server comprising: a processor for executing instructions stored in a memory device of the malicious code removing server, the executed instructions causing the processor to: determine whether a detection engine associated with detection and removal of a malicious code will be provided to a client terminal and executed locally on the client terminal, or the malicious code will be detected and removed by cloud computing executed on the malicious code removing server, based on processing resources of the client terminal and reliability of a network connection between the client terminal and the malicious code removing server; defining, by the malicious code removing server, detection capabilities of the detection engine based on the processing resources of the client terminal; creating, by the malicious code removing server, an activity detection engine having a detection history for the client terminal; define and transmit the detection engine by the malicious code removing server to the client terminal with the detection capabilities to detect and remove the malicious code using the detection engine when the malicious code removing server determines that the processing resources of the client terminal are sufficient to execute the detection engine and the network connection is unreliable; and detect and remove the malicious code by: 1) a combination of the cloud computing and at least one of a basic detection engine and the activity detection engine when the malicious code removing server determines that: 2 Appeal2017-011673 Application 13/991,460 a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is reliable, the basic detection engine defined and transmitted by the malicious code removing server to the client terminal with limited detection capabilities as compared to the detection capabilities of the detection engine, 2) a combination of the basic detection engine and the activity detection engine when the malicious code removing server determines that: a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is unreliable, and 3) the detection engine, when the malicious code removing server determines that the processing resources of the client terminal are sufficient to execute the detection engme. Taylor Kashchenko References US 7,178,166 Bl Feb. 13, 2007 US 2010/0138926 Al June 3, 2010 Examiner's Rejections Claims 1, 10, and 16 stand rejected under 35 U.S.C. § 112, second paragraph as being indefinite. Non-Final Act. 4. Claims 1-3 and 7-16 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Kashchenko and Taylor. Id. at 5-13. 3 Appeal2017-011673 Application 13/991,460 Our review in this appeal is limited only to the above rejections and the issues raised by Appellant. Arguments not made are waived. See MPEP § 1205.02; 37 C.F.R. §§ 41.37(c)(l)(iv) and 41.39(a)(l). ISSUES Issue 1: Did the Examiner err in concluding claims 1, 10, and 16 are indefinite based on those claims' recitations of "sufficient," "insufficient," "reliable" and "unreliable"? Issue 2: Did the Examiner err in finding Kashchenko teaches detect[ing] and remov[ing] the malicious code by: 1) a combination of the cloud computing and at least one of a basic detection engine and the activity detection engine when the malicious code removing server determines that: a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is reliable ... 2) a combination of the basic detection engine and the activity detection engine when the malicious code removing server determines that: a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is unreliable, and 3) the detection engine, when the malicious code removing server determines that the processing resources of the client terminal are sufficient to execute the detection engine. as recited in claim 1 and similarly recited in claims 10 and 16? ANALYSIS Issue 1: Indefiniteness Claims 1, 10, and 16 similarly recite "the processing resources of the client terminal are insufficient to execute the detection engine," "the 4 Appeal2017-011673 Application 13/991,460 processing resources of the client terminal are sufficient to execute the detection engine," "the network connection is reliable" and "the network connection is unreliable." The Examiner rejects the claims under 35 U.S.C. § 112, second paragraph, as indefinite because "there is no consistent metric as to what is considered 'sufficient' or 'insufficient' for the processing resources, and what is considered 'reliable' or 'unreliable' for the network connection." Non-Final Act. 4; see also Ans. 5. Appellant argues "one of ordinary skill in the art would understand that sufficient processing resources means that the client terminal has adequate processor power and memory to run the detection engine locally" and also "would understand that a reliable network connection means that the connection between the client terminal and server has enough bandwidth to perform cloud computing over the network." Br. 8-9. We are not persuaded by Appellant's arguments. The claims do not recite "adequate processor power and memory," nor do they recite "enough bandwidth to perform cloud computing." Furthermore, Appellant does not direct us to any portion of the Specification that provides a definition or description of the disputed terms. See id. at 8. Moreover, as the Examiner points out (Ans. 5), Appellant's Specification does not describe, let alone define, what specific resources are required for "sufficient" (or "insufficient") execution of the detection engine; rather, the Specification only discusses the sufficiency of a "guarantee" for a resource. Spec. i-fi-133; See id. i-fi-135, 41, 43, 55. Further, Appellant's Specification does not even recite the term "reliable" (or "unreliable"), let alone define that a "reliable" network connection relates to available bandwidth for cloud computing. See id. ,-r,-r 33, 35, 41, 43, 55. 5 Appeal2017-011673 Application 13/991,460 Based on the foregoing, we are not persuaded the Examiner erred in concluding claims 1, 10, and 16 are indefinite. As such, we sustain the rejection of claims 1, 10, and 16 under 35 U.S.C. § 112, second paragraph. Issue 2: Obviousness Appellant contends the Examiner erred in concluding Kashchenko renders obvious detect[ing] and remov[ing] the malicious code by: 1) a combination of the cloud computing and at least one of a basic detection engine and the activity detection engine when the malicious code removing server determines that: a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is reliable ... 2) a combination of the basic detection engine and the activity detection engine when the malicious code removing server determines that: a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is unreliable, and 3) the detection engine, when the malicious code removing server determines that the processing resources of the client terminal are sufficient to execute the detection engine, as recited in claim 1 and similarly recited in claims 10 and 16. Br. 9-10. Specifically, Appellant argues "the Examiner is using improper hindsight when asserting that it would be obvious for Kashchenko' s system to perform the three claimed scenarios" because in the "first claimed scenario (where network connection is reliable), it would appear that one of ordinary skill in the art simply use[ s] cloud computing by itself' rather than "a combination of cloud computing and local detection engines." Id. at 10 (citation omitted). 6 Appeal2017-011673 Application 13/991,460 We are not persuaded. The Examiner finds (Ans. 9; Non-Final Act. 7), and we agree, Kashchenko 's "hybrid thin client/thick client security arrangement," configured such that "certain security functions are off-loaded to the server, while other security functions are executed locally on the user's portable information device" (Kashchenko i-f 66; see id. i-fi-115, 71), teaches "detect[ing] and remov[ing] the malicious code by: 1) a combination of the cloud computing and at least one of a basic detection engine." We further agree with the Examiner's conclusion that it would have been obvious to use Kashchenko' s hybrid thin client/thick client security arrangement when Kashchenko determines that "a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is reliable." See Ans. 9. As the Examiner points out (Non-Final Act. 6; Ans. 9), Kashchenko "dynamically generate[s] a selection of which of the security services are to be executed locally ... and which of the security services are to be executed remotely" based on "computing capacity availability" (Kashchenko i-f 15). In particular, in configuring the hybrid use of local and remote security services, Kashchenko considers "network traffic speed, network traffic volume, remaining battery capacity, amount of memory allocated, a list of applications currently running, or processor idling time," i.e., client resources and network connectivity. Id. i-fi-168-70; see id. i-fi-115, 71-72, 88. Indeed, Kashchenko discloses "balanc[ing] the needs of preserving performance [of the client] PID 10 while providing an adequate level of protection from security risks" by "weighting" client resources and network connectivity. Id. i-f 98. Because Kashchenko teaches "adjust[ing] the 7 Appeal2017-011673 Application 13/991,460 security module's configuration and operational settings based on various inputs and on decision criteria" (id. i-f 72; see id. i-fi-1 15, 68, 88), e.g., "the system performance of [client] PID 1 O" (id. i-f 88) and "network traffic speed [or] network traffic volume" (id. i-f 70), we are not persuaded that the "first claimed scenario ... only becomes obvious when improperly gleaned from Appellant's disclosure" (Br. 10). Instead, we determine that configuring Kashchenko to use its hybrid thin client/thick client security arrangement when its client resources are insufficient and its network connection is reliable would not have been "uniquely challenging or difficult for one of ordinary skill in the art." Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citation omitted). An obviousness analysis "need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ." KSR Int 'l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007); see also In re Translogic Tech., Inc., 504 F.3d 1249, 1259 (Fed. Cir. 2007) ("obvious variants of prior art references are themselves part of the public domain"). Additionally, Appellant argues that "[ s ]imilar logic can be applied to the [remaining] other two claimed scenarios," i.e., "2) a combination of the basic detection engine and the activity detection engine when the malicious code removing server determines that: a) the processing resources of the client terminal are insufficient to execute the detection engine, and b) the network connection is unreliable" and "3) the detection engine, when the malicious code removing server determines that the processing resources of the client terminal are sufficient to execute the detection engine." Br. 10. This assertion is without persuasive explanation or elaboration. The 8 Appeal2017-011673 Application 13/991,460 remaining limitations recite different subject matter, and applying "similar logic" without an explanation of what similar logic is applied and how it is applied is inadequate to persuade us of Examiner error. As such, we are not persuaded the Examiner erred in concluding those limitations would have been obvious over Kashchenko and Taylor. Accordingly, we are not persuaded the Examiner erred in concluding the combination of Kashchenko and Taylor renders obvious the subject matter recited in independent claims 1, 10, and 15. Additionally, Appellant does not provide separate arguments for claims 2, 3, 7-9, and 11-15. See Br. 11. Therefore, we sustain the obviousness rejections of claims 1-3 and 7-15. DECISION We affirm the Examiner's decision rejecting claims 1, 10, and 16 under 35 U.S.C. § 112, second paragraph as being indefinite. We affirm the Examiner's decision rejecting claims 1-3 and 7-16 under 35 U.S.C. § 103(a) as being unpatentable over Kashchenko and Taylor. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 41.50(±). AFFIRMED 9 Copy with citationCopy as parenthetical citation