10471562 (B.P.A.I. Jan. 31, 2012)

Ex Parte Lamotte

Board of Patent Appeals and InterferencesJan 31, 2012

10471562 (B.P.A.I. Jan. 31, 2012)

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte THIERRY LAMOTTE ____________ Appeal 2009-012591 Application 10/471,562 Technology Center 2400 ____________ Before MARC S. HOFF, THOMAS S. HAHN, and DENISE M. POTHIER, Administrative Patent Judges. POTHIER, Administrative Patent Judge. DECISION ON APPEAL Appeal 2009-012591 Application 10/471,562 2 STATEMENT OF THE CASE Appellant appeals under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1-16. We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. Invention Appellant’s invention relates to a portable security device securing traffic in a platform and providing information portability linked to the user’s security. See Spec. 7:26-8:5. Claim 5 is illustrative and reproduced [emphasis, bracketing, and paragraphing added]: 5. A portable electronic device connectable in a removable manner to a host platform linked to a packet network, comprising a means for storing security policies, a means for detecting security policy designation parameters in packets outgoing from the platform to the network and packets transmitted by the network and incoming to the platform, a means for processing the outgoing and incoming packets respectively according to security policies designated by the detected designation parameters, and [1] a means for initiating a communication with a security policy management server through the network when the processing means does not recognize any security policy corresponding to the policy designation parameters detected in a packet, to enable the server to negotiate a security policy through the device and transmit to the device at least one packet containing designation parameters and parameters on which the negotiated policy depends and which are stored and used in the device for processing packets relating to the negotiated policy. The Examiner relies on the following as evidence of unpatentability: Holden US 6,067,620 May 23, 2000 Vu US 6,557,104 B2 Apr. 29, 2003 (filed May 2, 1997) Appeal 2009-012591 Application 10/471,562 3 Bonneau US 6,577,229 B1 June 10, 2003 (filed June 10, 1999) THE REJECTIONS 1. Claims 5-7, 13, and 14 are rejected under 35 U.S.C. § 102(e) as anticipated by Holden. Ans. 3-6.1 2. Claims 1-4, 8,2 10-12, 15, and 16 are rejected under 35 U.S.C. § 103(a) as unpatentable over Holden and Vu. Ans. 6-10. 3. Claim 9 is rejected under 35 U.S.C. § 103(a) as unpatentable over Holden, Vu, and Bonneau. Ans. 10. THE ANTICIPATION REJECTION OVER HOLDEN Regarding independent claim 5, Appellant argues among other things that the cited passages in Holden do not disclose recited limitation [1] supra. Br. 9-11. In particular, Appellant asserts that Holden only relate to hosts finding hardware and internet protocol (IP) addresses and does not disclose the secured network interface unit (SNIU) communicating with the server when detecting a security policy designation parameter in a packet not associated with a known policy. Br. 10-11. Regarding independent claim 13, Appellant asserts that Holden’s SNIU is external to the host platform and network whereas the logical implementation of the security policy as set forth in the claims is within the 1 Throughout this opinion, we refer to the Appeal Brief filed November 28, 2008 and the Examiner’s Answer mailed January 23, 2009. 2 We presume the Examiner mistakenly included claim 9 in this rejection. See Ans. 6. The body of the § 103 rejection based on Holden and Vu does not discuss claim 9 (see Ans. 6-10), and claim 9 has been separately rejected based on Holden, Vu, and Bonneau (Ans. 10). Appeal 2009-012591 Application 10/471,562 4 host’s Open Systems Interconnection (OSI) model. See Br. 12-13. For this reason, Appellant contends that Holden does not disclose “implementing security policies in a host device that communicates with a network by means of a multi-layer [OSI] model” as recited in the preamble. Id. ISSUES Under § 102, has the Examiner erred by finding that Holden discloses: (1) a means for initiating a communication with a security policy management server through the network when the processing means does not recognize any security policy corresponding to the policy designation parameters detected in a packet, as recited in claim 5? (2) a method for implementing security policies in a host device that communicates with a network using an OSI model, as recited in claim 13? ANALYSIS Claims 5-7 Based on the record before us, we find error in the Examiner’s rejection of independent claim 5, which recites a means for initiating a communication with a security policy management server through the network when the processing means does not recognize any security policy corresponding to the policy designation parameters detected in a packet (i.e., limitation [1]).3 The Examiner maps Holden’s discussion of attempting to 3 37 C.F.R. § 41.37(c)(1)(v) requires each means plus function as permitted by 35 U.S.C. §112, ¶ 6 be identified. Neither Appellant nor the Examiner indicates whether the “means for” language found in claim 5 invokes 35 U.S.C. § 112, ¶ 6. However, because claim 5 uses “means for” language, we find 35 U.S.C. § 112, ¶ 6 has been invoked, and we accordingly conduct our Appeal 2009-012591 Application 10/471,562 5 communicate with someone else to limitation [1]. See Ans. 3-4, 11-12. Holden discloses that a host attempts to communicate with someone by sending messages to maintain associations. Holden, col. 11, l. 18 – col. 12, l. 9. While we agree that this discussion is directed to the host attempting to communicate with someone (Holden, col. 11, ll. 35-40; Br. 11), this passage also states “[w]hen a host behind a SNIU attempts to communicate . . ., the SNIU transmits an Association Request Message . . . to the destination.” Id. (emphasis added). Thus, the SNIU (i.e., a portable electronic device), as well as the host, initiate communications. Yet, when attempting to communicate with someone, Holden does not disclose a mechanism that initiates these communications when the processing means does not recognize any security policy corresponding to the policy designation parameters in a packet. The sending of messages back and forth (e.g., the Association Request Message) from the host to the destination is used to identify other SNIUs in the communications path. Holden, col. 11, l. 35-45. However, Holden does not initiate these communications when a processing means does not recognize a security policy corresponding to policy designation parameters detected in a packet. Holden further discusses the terminating SNIU determining whether an association should be permitted when the association would not violate the global or local security policy (i.e., a security policy) and then creates an Association Grant Message. Holden, col. 11, ll. 51-57. While Holden discloses examining a packet to see if there is a violation of a security review. See Biomedino, L.L.C. v. Waters Techs. Corp., 490 F.3d 946, 950 (Fed. Cir. 2007). Appeal 2009-012591 Application 10/471,562 6 policy, we do not agree with the Examiner that Holden teaches initiating the Association Grant Message (Holden, col. 11, ll. 53-57) when a processing means does not recognize a security policy corresponding to the policy designation parameters detected in a packet. Also, regardless of determining when the processing means does not recognize a security policy as recited in limitation [1], Holden’s host broadcasts Address Resolution Protocol (ARP) Request messages and Reverse Address Resolution Protocol (RARP) Requests, and the host target returns an ARP Response message or a RARP Response (e.g., initiating a communication to a server). See Holden, col. 11, l. 59–col. 12, l. 8. Holden’s SNIU further uses associations to establish trust between SNIUs. Holden, col. 11, ll. 19-21. The SNIUs create this association by using custom messages and existing protocols to determine the existence of other SNIUs and hosts. Holden, col. 11, ll. 25-28. While security associations are held open (Ans. 11-12), Holden’s SNIUs use the association’s security parameters to make security decisions for each packet. Holden, col. 11, ll. 31-33. However, Holden, again, fails to disclose details as to whether messages are being initiated to a server when a processing means does not recognize a security policy corresponding to a parameter detected in each packet. We therefore find that Holden fails to explicitly or inherently teach any mechanism or an equivalent drawn to limitation [1] in claim 5. For the foregoing reasons, Appellant has persuaded us of error in the rejection of independent claim 5 and dependent claims 6 and 7 for similar reasons. Appeal 2009-012591 Application 10/471,562 7 Claims 13-14 Based on the record before us, we reach the opposite conclusion for independent claim 13. Notably, claim 13 differs in scope from claim 5. Holden discloses the hosts have systems that operate at the Network or Transport Layers (Layers 3 and 4) of the OSI. Holden, col. 2, ll. 24-26; Ans. 5. Additionally, Holden discloses the SNIU performs the host/network core interface functions. Holden, col. 3, ll. 9-13; Ans. 5. Thus, any standard communication between the host and network is sent to or intercepted by the SNIU (e.g., intercepted) for performing the core functions of the host/network interface. See id. Among these functions performed by the SNIU is the standard communications stack function, which handles all the standard communications data translation between the physical data link and network protocol layers. Holden, col. 3, ll. 9-18; Ans. 5. Such data translation includes packets that are being transferred within the host and between two adjacent layers of the host’s model (e.g., the physical data link and the network layers). See id. Thus, when performing the data translations between the protocol layers, Holden discloses packets being intercepted as they are transferred between two adjacent layers of the OSI model within the host. See id. Furthermore, despite Appellant’s assertions (Br. 12-13), Appellant’s Figure 2 shows the location of logic for the portable device (e.g., 2) that implements the security policies of packets intercepted between two OSI layers is located external to the host platform (e.g., 1). See Spec. Fig. 2. Incoming and outgoing packets PE and PS are sent to a portable device’s “packet filter” which includes the connection module MCS and the Appeal 2009-012591 Application 10/471,562 8 decision-making engine MPS to implement security policies in the host. See Spec. 8:17:23; 11:16-28; 19:9-14, 21-27. Moreover, as discussed by the Examiner (Ans. 13), Holden discloses that the interface of the SNIU with the host (e.g., Host/Network Interface module 46) intercepts data packets during processing. Holden, col. 8, ll. 1-39; Fig. 4. Thus, when broadly but reasonably construing claim 13’s intercepting step, Holden discloses the SNIU, at least, logically intercepts packets, as they are transferred between two adjacent model layers within the host, while communicating with the host interface. Lastly, Appellant repeats the limitations in claim 13 and then states that Holden does not disclose these limitations. Br. 11-12. Merely pointing out what claim 13 recites and then asserting that Holden fails to teach these limitations is not considered a separate argument for patentability. See In re Lovin, 99 USPQ2d 1373, 1378-79 (Fed. Cir. 2011). For the foregoing reasons, Appellant has not persuaded us of error in the rejection of independent claim 13 and claim 14 not separately argued with particularity (Br. 11-13). THE OBVIOUSNESS REJECTION OVER HOLDEN AND VU Regarding representative claim 1, Appellant refers to “the reasons discussed above” in arguing that Holden’s SNIU is not analogous to or cannot anticipate a smart card as recited. Br. 15-16. Appellant also disagrees that Vu’s smart card is analogous art to a Fortezza card. Br. 16. Appellant additionally asserts that the Examiner has only provided a conclusory statement for applying Vu and has failed to articulate a reason Appeal 2009-012591 Application 10/471,562 9 with some rational underpinning to support the obviousness rejection based on Holden and Vu. See Br. 16. ISSUES (1) Under § 103, has the Examiner erred in rejecting claim 1 by finding that Holden and Vu collectively would have taught or suggested a smart card? (2) Is the Examiner’s reason to combine Holden and Vu in rejecting claim 1 supported by articulated reasoning with some rational underpinning to justify the Examiner’s obviousness conclusion? ANALYSIS Based on the record, we find no error in the Examiner’s rejection of claim 1. Appellant refers to “the reasons discussed above” in arguing that Holden does not anticipate claim 1. Br. 15-16. We are not persuaded. First, the Examiner rejected claim 1 based on Holden and Vu collectively and concludes the combination renders claim 1 obvious. See Ans. 6-7. Thus, attacking Holden individually or arguing Holden does not anticipate claim 1 fails to show nonobviousness. See In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). Second, based on the record, we are led to presume that the referred to “reasons discussed above” (Br. 15) relate to the argument that: (a) Holden’s cryptographic card is only part of the SNIU; (b) the SNIU is not a portable electronic device; and (c) the SNIU cannot be a smart card. Br. 8-9. Based on these presumptions, we understand Appellant to conclude that Holden discloses a SNIU but not a portable electronic or smart card that includes the Appeal 2009-012591 Application 10/471,562 10 recited means for storing, detecting, and processing limitations. Br. 9. We disagree. Holden discloses two different embodiments for the SNIU: (1) a stand-alone hardware SNIU and (2) a software SNIU. Holden, col. 4, ll. 24-28; Ans. 6. The software embodiment is implemented primary as a software function residing in the host computer, which can include a PCMCIA card reader (e.g., 88). Holden, col. 4, ll. 46-51, col. 7, ll. 13-16; Ans. 6. Holden also states the only hardware involved is a cryptographic card (e.g., a Fortezza card), which plugs into the host’s reader. See id. Holden also teaches a flash RAM card (e.g., 92) that can be inserted into the reader. Holden, col. 7, ll. 12-16. Thus, Holden teaches various portable cards connectable in removable manner to a reader on a host platform as recited in claim 1. Holden’s software embodiment provides all the same network security features, functionality, and security of the stand-alone SNIU. Holden, col. 4, ll. 55-67; Ans. 11. Holden teaches that the Fortezza card performs integrity and authenticating functions while the RAM card 92 loads the SNIU software. Holden, col. 7, ll. 17-20; see Ans. 6, 10-11. Thus, Holden’s SNIU software embodiment is located on a removable memory card or storage device (e.g., 92). See id. Alternatively, the Fortezza card includes integrity and authenticating functions (Holden, col. 7, ll. 17-18), which suggests having the means recited in claim 1. Appellant has not challenged that the SNIU software or the Fortezza card fails to perform the recited means limitations. See Br. 8-9, 15-16. We, therefore, disagree that Holden does not teach a card with the recited means in claim 1. Appeal 2009-012591 Application 10/471,562 11 Third, the Examiner indicates that the Fortezza card in Holden is not a “smart card” and cites to Vu to teach this feature. See Ans. 7. Vu teaches that tokens are used to store secret keys on various types of removable storage devices, including floppy disks, Fortezza cards, and smart cards. Vu, col. 1, ll. 34-41. Vu’s teaching illustrates that an ordinary skilled artisan would have recognized that various removable storage devices are interchangeable, including substituting a Fortezza card for a smart card. See id. Such a combination does no more than yield a predictable result of substituting an element (e.g., a Fortezza card) for another known in the field (e.g., a smart card). See KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). Additionally, Vu teaches and suggests other removable storage devices, such as a removable flash RAM card, can be used to store information. See Vu, col. 1, ll. 34-41. Thus, similar to the Fortezza card, Vu teaches and suggests that a smart card can be substituted for Holden’s flash RAM card, yielding a predictable result. See KSR, 550 U.S. at 417. Thus, there is reasoning with rational underpinning to combine Vu with Holden as the Examiner proposes. For the foregoing reasons, Appellant has not persuaded us of error in the rejection of independent claim 1 and claims 2-4, 8, 10-12, 15, and 16 not separately argued with particularity (Br. 17-18). THE OBVIOUSNESS REJECTION OVER HOLDEN, VU, AND BONNEAU Regarding claim 9, Appellant refers to the arguments made in connection with claim 1. Br. 18-19. We are not persuaded by Appellant’s argument for the reasons disclosed above with regard to Holden and Vu and need not address whether Bonneau cures any purported deficiency. This Appeal 2009-012591 Application 10/471,562 12 argument also fails to rebut persuasively the Examiner’s prima facie case of obviousness – a position we find reasonable. CONCLUSIONS Under 35 U.S.C. § 102, the Examiner did not err in rejecting claims 13 and 14, but erred in rejecting claims 5-7. Under 35 U.S.C. § 103, the Examiner did not err in rejecting claims 1-4, 8-12, 15, and 16. DECISION The Examiner’s decision rejecting claims 1-16 is affirmed-in-part. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART gvw