Ex Parte LongDownload PDFPatent Trial and Appeal BoardFeb 7, 201411420645 (P.T.A.B. Feb. 7, 2014) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/420,645 05/26/2006 Kurt James Long 5143-001 1366 22429 7590 02/07/2014 LOWE HAUPTMAN & HAM, LLP 2318 Mill Road Suite 1400 ALEXANDRIA, VA 22314 EXAMINER RAHMAN, MAHFUZUR ART UNIT PAPER NUMBER 2438 MAIL DATE DELIVERY MODE 02/07/2014 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte KURT JAMES LONG ___________ Appeal 2011-008842 Application 11/420,645 Technology Center 2400 ____________ Before ST. JOHN COURTENAY III, THU A. DANG and CARL W. WHITEHEAD, JR., Administrative Patent Judges. WHITEHEAD, JR., Administrative Patent Judge. DECISION ON APPEAL Appeal 2011-008842 Application 11/420,645 2 STATEMENT OF THE CASE Appellant is appealing the rejection of claims 1-32. Appeal Brief 5. We have jurisdiction under 35 U.S.C. § 6(b) (2012). We affirm. Introduction The invention is directed to “a system and method of detecting fraud and/or misuse in a computer environment based on analyzing data in log files, or other similar records, including user identifier data.” Specification 1, ¶ 0002. Illustrative Claim (Emphasis Added) 1. A method of detecting fraud or misuse in a computer environment, comprising: accessing user identifiers that are associated with computer users; accessing modeled data that corresponds to at least one of fraud detection information or misuse detection information, wherein the fraud detection information or the misuse detection information comprises a user identifier corresponding to a user authorized to access information and associated event characteristics that, when combined with an authorized user access, constitute at least one of fraudulent access to information by an authorized user or misuse of information by an authorized user; accessing application layer data and data corresponding to at least one of transactions or activities that are associated with the computer users; extracting the application layer data and the data corresponding to at least one of transactions or activities that are associated with the computer users events; Appeal 2011-008842 Application 11/420,645 3 normalizing the extracted data to produce records; correlating the normalized data and the user identifiers to produce correlated information; and determining whether the correlated information corresponds to at least one of the fraud detection information and misuse detection information. Rejections on Appeal Claims 1-4, 6-18, and 20-32 stand rejected under 35 U.S.C. § 102(b) as being anticipated by Drake (U.S. Patent Number 6,347,374 B1; issued February 12, 2002). Answer 5-19. Claims 5 and 19 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Drake and Porras (U.S. Patent Number 6,704,874 B1; issued March 9, 2004. Answer 20-21. Issue Under 35 U.S.C. § 102, has the Examiner erred by finding that Drake discloses “a user identifier corresponding to a user authorized to access information and associated event characteristics that, when combined with an authorized user access, constitute at least one of fraudulent access to information by an authorized user or misuse of information by an authorized user,” within the meaning of claim 1? ANALYSIS We have reviewed the Examiner’s rejections in light of Appellant’s arguments that the Examiner has erred. We disagree with Appellant’s arguments. We concur with the findings and reasons set forth by the Appeal 2011-008842 Application 11/420,645 4 Examiner in the action from which this appeal is taken and the reasons set forth by the Examiner in the Answer in response to Appellant’s Appeal Brief. Appellant argues that Drake does not expressly or inherently disclose a user identifier corresponding to a user authorized to access information and associated event characteristics that, when combined with an authorized user access, constitute at least one of fraudulent access to information by an authorized user or misuse of information by an authorized user as recited in claim 1. Appeal Brief 10. Appellant further contends: Drake describes detection as scanning for “attack signature matches or for statistical anomalies.” See, e.g., at col. 16, ll. 50- 51. An attack, by its definition, refers to unauthorized access, as an attack is conducted by someone from “outside” a defined group of authorized users. Even if the “attacker” were to be someone with authorized access to the computing environment as a whole, i.e., a user within the system without the privileges to the specific information accessed, this would still constitute unauthorized access by someone from outside the group of authorized users. The statistical anomalies disclosed by Drake all describe unauthorized access or attempts to gain unauthorized access. In view of this, “attack signature matches” or “statistical anomalies” indicate that Drake is directed to unauthorized external or internal access, rather than internal misappropriation by an authorized user as recited in the claim. Thus, Drake lacks access by an authorized user, because it tries to prevent authorization to an unauthorized user using a compromised user login. Appeal Brief 10. Appeal 2011-008842 Application 11/420,645 5 The Examiner finds Appellant’s arguments are not commensurate with the scope of claim 1 because “attack signature matches” or “statistical anomalies” are not recited in the claim. Answer 21. We do not find Appellant’s arguments persuasive because claim 1 does not distinguish between information identifying “unauthorized external or internal access” as Appellant concedes as being taught by Drake and Appellant’s information identifying “internal misappropriation by an authorized user.” See Appeal Brief 10. In particular, once a user, having authorized external or internal access, accesses information that he or she is not authorized to access or misappropriates the information, he or she is no longer an authorized user. Moreover, we conclude that there is no difference between the “fraud detection information” or the “misuse detection information” of claim 1 because both terms are defined in the claim by the same “wherein” clause. Regarding the “wherein” clause, we additionally note that the “when combined with an authorized user access” limitation is a conditional limitation that is not positively recited as actually occurring.1 (Claim 1). 1 See MPEP § 2111.04 regarding “wherein” clauses: Claim scope is not limited by claim language that suggests or makes optional but does not require steps to be performed, or by claim language that does not limit a claim to a particular structure. However, examples of claim language, although not exhaustive, that may raise a question as to the limiting effect of the language in a claim are: (A) “adapted to” or “adapted for” clauses; Footnote continued on the next page. Appeal 2011-008842 Application 11/420,645 6 Therefore, because the definitional language following the conditional limitation is optional, a question arises as to how much patentable weight, if any, should be given to the contested “wherein” clause limitations. Furthermore, we find Appellants’ arguments regarding what “the fraud detection information or the misuse detection information comprises” are predicated on nonfunctional descriptive material. That is, what is comprised in the information that corresponds to accessed model data is merely the informational content of data, but the informational content of the data is not positively recited as altering or changing the way the data is to be accessed in the accessing step of the claimed method. Thus, the informational content of the data is non-functional descriptive material that is not accorded patentable weight. Non-functional descriptive material will not distinguish the invention from the prior art in terms of patentability. See Ex parte Nehls, 88 USPQ2d 1883, 1887-90 (BPAI 2008) (precedential); see also In re Ngai, 367 F.3d 1336, 1339 (Fed. Cir. 2004) and In re Gulack, 703 F.2d 1381, 1385 (Fed. Circ. 1983). Appellant further contends that “as explicitly recited, the attack is internal in nature and related to the transaction associated with the data” and (B) “wherein” clauses; and (C) “whereby” clauses. (MPEP § 2111.04 Eighth Edition, Rev. 9, Aug. 2012). Appeal 2011-008842 Application 11/420,645 7 for this reason, “Drake does not show claim 1 or 15 in the same level of detail.” Appeal Brief 12-13. Again, we do not find Appellant’s arguments persuasive because we conclude there is no distinction between the “fraud detection information or the misuse detection information” as recited in the claimed invention, and the data detected by Drake, for the reasons set forth above. Therefore, on this record, we are not persuaded the Examiner erred. Consequently, we sustain the Examiner’s anticipation rejection of both independent claims 1 and 15, both reciting commensurate claim language for the reasons state above. We also sustain the Examiner’s anticipation rejection of claims 2-4, 6-14, 16-18, and 20-32, not separately argued for the reasons set forth above. Appellant argues that Porras fails to cure the deficiencies of Drake and therefore claims 5 and 19 are not rendered obvious. Appeal Brief 15. We do not find Appellant’s arguments to be persuasive because we did not find Drake to be deficient and, therefore, we sustain the Examiner’s obviousness rejection of claim 5 and 19 for the reasons stated above. DECISION The Examiner’s anticipation rejection of claims 1-4, 6-18, and 20-32 is affirmed. The Examiner’s obviousness rejection of claims 5 and 19 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). See 37 C.F.R. § 41.50(f). Appeal 2011-008842 Application 11/420,645 8 AFFIRMED msc Copy with citationCopy as parenthetical citation
