Ex Parte Lahann et alDownload PDFPatent Trial and Appeal BoardJun 18, 201311166550 (P.T.A.B. Jun. 18, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte JEFFREY SCOTT LAHANN, FREDERIC GAIGE THIELE, and MICHAEL A. WALTER ____________ Appeal 2011-000200 Application 11/166,550 Technology Center 2400 ____________ Before KALYAN K. DESHPANDE, BARBARA A. PARVIS, and STACEY G. WHITE, Administrative Patent Judges. PARVIS, Administrative Patent Judge. DECISION ON APPEAL Appellants seek review under 35 U.S.C. § 134(a) of twice-rejected claims 1-3 and 10-18, which are the only claims pending in the application on appeal. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. Appeal 2011-000200 Application 11/166,550 2 STATEMENT OF CASE Appellants’ claims are directed to a computer system that identifies and prevents malicious intrusions. Spec. 1, ll. 6-7. An understanding of the invention can be derived from a reading of exemplary claim 1, which is reproduced below: 1. A method for identifying a pattern of messages which is characteristic of a malicious intrusion, said method comprising the steps of: a server receiving from one or more firewalls information identifying a destination IP address, a destination port and a signature of each of a multiplicity of messages received by said one or more firewalls and having an indicia of a malicious intrusion, and in response, determining a total number of different destination IP addresses, a total number of different destination ports and a total number of different signatures of messages of a subset sent from each of a plurality of source IP addresses during each of a plurality of intervals of substantially the same duration; and said server determining that for all of the messages of said subset sent from one of said source IP addresses in each of two or more of said intervals there are a first total number of different destination IP addresses, a second total number of different destination ports and a third total number of different signatures, and in response, determining and sending or displaying a notification that said one source IP address has sent a pattern of messages which is characteristic of a malicious intrusion. EVIDENCE CONSIDERED The Examiner relies on the following prior art: Ginter US 7,246,156 B2 Jul. 17, 2007 Glenn Mansfield, Kohei Ohta, Y. Takei, N. Kato, Y. Nemoto, Towards Trapping Wily Intruders In the Large (Cyber Solutions Inc. and Appeal 2011-000200 Application 11/166,550 3 Japan Graduate School of Information Sciences, Tohoku University at 1-13, 1999) (“Mansfield”). REJECTIONS Claims 1-3 and 10-18 stand rejected under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement. Ans. 3-4. Claims 1-3 and 10-18 stand rejected under 35 U.S.C. § 112, second paragraph, as being indefinite. Ans. 4. Claims 1-3 and 10-18 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Ginter and Mansfield. Ans. 4-7. ISSUES The issue of whether the Examiner erred in rejecting claims 1-3 and 10-18 under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement turns on whether the Specification conveys to a person with ordinary skill in the art that Appellants were in possession of the claimed invention. The issue of whether the Examiner erred in rejecting claims 1-3 and 10-18 under 35 U.S.C. § 112, second paragraph, as being indefinite turns on whether a person with ordinary skill in the art would have understood “during each of a plurality of intervals of substantially the same duration,” when the claims are read in light of the Specification. The issue of whether the Examiner erred in rejecting claims 1-3 and 10-18 under 35 U.S.C. § 103(a) as being unpatentable over Ginter and Mansfield turns on whether the combination of Ginter and Mansfield teaches or suggests “said server determining that for all of the messages of said Appeal 2011-000200 Application 11/166,550 4 subset sent from one of said source IP addresses in each of two or more of said intervals there are a first total number of different destination IP addresses, a second total number of different destination ports and a third total number of different signatures,” as is recited in claim 1. ANALYSIS We have reviewed the Examiner’s rejections in light of Appellants’ contentions. With respect to the Examiner’s written description and indefiniteness rejections, we agree with Appellants’ conclusions. With respect to the Examiner’s obviousness rejections, we disagree with Appellants’ conclusions. The rejection of claims 1-3 and 10-18 under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement The Examiner finds that the Specification does not describe Appellants’ independent claims 1, 11, and 15 as amended, which recite “during each of a plurality of intervals of substantially the same duration” and “in each of two or more of said intervals.” Ans. 3-4, 7-9. Appellants specifically highlight excerpts of the original Specification that convey and teach the claimed limitations. Br. 6-7. Appellants state that the “predetermined period” of the Specification is an interval and the Specification states that more than one such period is considered. Br. 7. We agree with Appellants. Although the Specification as filed does not use precisely the same language as that recited by the claims, the Specification does convey with reasonable clarity to one of ordinary skill in Appeal 2011-000200 Application 11/166,550 5 the art that, as of the filing date sought, Appellants were in possession of the claimed invention. That is, a person with ordinary skill in the art would have understood Appellants were in possession of the determining limitations as applied during the claimed time intervals based on the Specifications description of “predetermined periods.” Thus, the rejection of claims 1-3 and 10-18 under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement is not sustained. The rejection of claims 1-3 and 10-18 under 35 U.S.C. § 112, second paragraph, as being indefinite The Examiner finds that the term “during each of a plurality of intervals of substantially the same duration” is indefinite. Ans. 4, 9-10. Appellants contend that the term “substantially the same duration” encompasses insignificant variations in the durations of the intervals that would not likely impact the result. Br. 10. Appellants note that the term “substantially” is frequently used in patent applications to accommodate minor variations that might be appropriate to secure the invention. Br. 9-10. We agree with Appellants. The test for definiteness under 35 U.S.C. § 112, second paragraph, is whether “those skilled in the art would understand what is claimed when the claim is read in light of the specification.” Orthokinetics, Inc. v. Safety Travel Chairs, Inc., 806 F.2d 1565, 1576 (Fed. Cir. 1986) (citations omitted). In the context of this application, we find that one of ordinary skill in the art at the time of the invention would not find the phrase “substantially the same duration” as vague or indefinite. Thus, the rejection of claims 1-3 and 10-18 under 35 U.S.C. § 112, second paragraph, as being indefinite is not sustained. Appeal 2011-000200 Application 11/166,550 6 The rejection of claims 1-3 and 10-18 under 35 U.S.C. § 103(a) as being unpatentable over Ginter and Mansfield Appellants contend that Ginter does not teach or suggest that during two or more intervals there is a repeat in numbers of different destination IP addresses and different destination ports of the messages sent from one of the source IP addresses, and this is detected and correlated as an indication of an attack. Br. 12. Appellants also contend that the cited portions of Ginter are “unrelated” to the disputed limitation of claim 1, which Appellants argue requires a determination based on “a same source IP address sending messages with a first total number of different destination IP addresses, a second total number of different destination ports and a third total number of different signatures,” and that “[t]his manner of repetition” in each of two or more intervals indicates a malicious intrusion. Br. 14. Appellants further contend that Mansfield does not fill the gap of Ginter. Br. 14-16. We disagree with Appellants. First, Appellants’ arguments are not commensurate with the scope of independent claim 1. For example, claim 1 does not recite detecting and correlating a “repeat in numbers,” as Appellants contend (Br. 12). Additionally, claim 1 does not recite a determination based on a “manner of repetition by the same source IP address,” as argued by Appellants (Br. 14). As the Examiner reasonably finds, claim 1 “does not explicitly recite that the numbers [i.e., the first total number of different destination IP addresses, the second total number of different destination ports and the third total number of different signatures] are the same” (Ans. 11). Appeal 2011-000200 Application 11/166,550 7 Additionally, we are not persuaded by Appellants’ characterization of the Examiner’s findings as “unrelated” to the disputed element (Br. 14). As the Examiner correctly finds, Ginter discloses determining the destination addresses and signatures (types of attack). Ans. 11 (citing Ginter col. 62, ll. 4-17). For example, Ginter discloses reporting “information about the type of attack, and the target of the attack (what machine by host name, IP address and the like)” and “a break down by type of event within a reporting period to identify what viruses (virus signatures) have been removed . . .” (Ginter col. 62, ll. 6-12). Additionally, we agree with the Examiner’s findings that Mansfield discloses determining for a particular source “the contents of the packets,” “destination address[es],” and “destination port[s]” (Ans. 11-12 (citing Mansfield 4)). Furthermore, as the Examiner correctly finds, Mansfield discloses how to recognize different pattern signatures from a traffic profile. Ans. 12. For example, Mansfield describes “[t]he basic concept of signature-based traffic tracing” involving a correlation of the monitored traffic pattern and viewing “[t]he signature of the flow” in a window “which comprises an integral number of [time] slots.” Mansfield 6. Thus, we agree with the detailed findings and rationale set forth by the Examiner showing that claim 1 would have been obvious to one of ordinary skill in the art at the time of the invention in view of the combination of Ginter and Mansfield (Ans. 4-6, 11-12). Appellants additionally assert that the combination of Ginter and Mansfield fails to teach or suggest the elements of claim 3. However, Appellants merely point out what claim 3 recites and copy an excerpt of the cited prior art into the Brief. Br. 17. Appellants do not provide sufficient evidence or rationale to further distinguish claim 3 from the prior art. See 37 Appeal 2011-000200 Application 11/166,550 8 C.F.R. § 41.37(c)(1)(vii) (“A statement which merely points out what a claim recites will not be considered an argument for separate patentability of the claim.”); In re Lovin, 652 F.3d 1349, 1357 (Fed. Cir. 2011) (“[W]e hold that the Board reasonably interpreted Rule 41.37 to require more substantive arguments in an appeal brief than a mere recitation of the claim elements and a naked assertion that the corresponding elements were not found in the prior art.”). Thus, we are not persuaded by Appellants’ arguments for the same reasons discussed supra. Appellants do not separately argue claims 2 and 10 (Br.12). Additionally, Appellants also not provide further evidence or rationale regarding the patentability of claims 11-18 (Br. 18-19). Thus, we are not persuaded that the Examiner erred for the same reasons discussed supra. CONCLUSION The Examiner erred in rejecting claims 1-3 and 10-18 under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement. The Examiner erred in rejecting claims 1-3 and 10-18 under 35 U.S.C. § 112, second paragraph, as being indefinite. The Examiner did not err in rejecting claims 1-3 and 10-18 under 35 U.S.C. § 103(a) as being unpatentable over Ginter and Mansfield. DECISION To summarize, our decision is as follows. Appeal 2011-000200 Application 11/166,550 9 The rejection of claims 1-3 and 10-18 under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement is reversed. The rejection of claims 1-3 and 10-18 under 35 U.S.C. § 112, second paragraph, as being indefinite is reversed. The rejection of claims 1-3 and 10-18 under 35 U.S.C. § 103(a) as being unpatentable over Ginter and Mansfield is sustained. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED msc Copy with citationCopy as parenthetical citation