Ex Parte Magdych et alDownload PDFBoard of Patent Appeals and InterferencesNov 8, 201010294255 (B.P.A.I. Nov. 8, 2010) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte JAMES S. MAGDYCH, TARIK RAHMANOVIC, JOHN R. MCDONALD, BROCK E. TELLIER, ANTHONY C. OSBORNE, and NISHAD P. HERATH Appeal 2009-00-5780 Application 10/294,255 Technology Center 2400 ____________ Before LANCE LEONARD BARRY, ST. JOHN COURTENAY III, and DEBRA K. STEPHENS, Administrative Patent Judges. COURTENAY, Administrative Patent Judge. DECISION ON APPEAL1 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, as recited in 37 C.F.R. § 41.52, begins to run from the “MAIL DATE” (paper delivery mode) or the “NOTIFICATION DATE” (electronic delivery mode) shown on the PTOL-90A cover letter attached to this decision. Appeal 2009-00-5780 Application 10/294,255 2 STATEMENT OF THE CASE Appellants seek our review under 35 U.S.C. § 134 of the Examiner’s final decision rejecting claims 50, 52-56, 58-62, and 64-71. Claims 1-49, 51, 57, and 63 are cancelled. We have jurisdiction over the appeal under 35 U.S.C. § 6(b). We Reverse. Invention Appellants’ invention on appeal relates to firewalls. More particularly, Appellants’ invention is directed to firewalls having security capabilities. (Spec. 1). Claim 50 is illustrative: 50. A method for detecting attacks on a network, comprising: at a gateway, receiving data from a remote source which is destined for a target; discarding at least a portion of the data based on a predetermined set of roles utilizing a firewall associated with the gateway which is coupled to the remote source, wherein the firewall utilizes the predetermined set of rules to discard the at least a portion of data as a function of a plurality of parameters selected from the group consisting of a source, a destination, and a port associated with the data; passing remaining data to an intrusion detection system coupled to the firewall associated with the gateway; Appeal 2009-00-5780 Application 10/294,255 3 receiving the remaining data utilizing the intrusion detection system; parsing the remaining data to identify data representing text therein utilizing the intrusion detection system; comparing the data representing text to a predetermined list of data representing text associated with attacks utilizing the intrusion detection system, wherein the data representing text of the predetermined list refers to different types of attacks selected from the group consisting of information, gathering attacks, a web server denial of service attack, and a file server remote compromise; identifying the data representing text as hostile based on the comparison; acting on the data representing text identified as hostile in order to prevent an attack, wherein the data representing text identified as hostile is acted upon differently based on the type of the attack by at least one of blocking the data, alerting an administrator, and disconnecting the remote source; and updating the predetermined list of data representing text associated with attacks; wherein the firewall and the intrusion detection system are included in a single device; wherein the data representing text identified as hostile is marked with an identifier based on the comparison, the identifier being used to determine the manner in which the data representing text identified as hostile is acted upon; Appeal 2009-00-5780 Application 10/294,255 4 wherein the text includes ASCII characters and UNICODE characters. wherein the comparing, identifying, and acting further involves binary data, in order to identify binary data that is hostile; wherein the remaining data is assembled utilizing the intrusion detection system using header information associated with each packet. (emphasis added). PRIOR ART Reid US 6,182,226 Jan. 30, 2001 Ben-Itzhak Dark US2003/0023873 US 7,058,976 Jan. 30, 2003 (filed Mar. 16, 2001) June 6, 2006 (filed May 17, 2000) Appellants appeal the following rejections: 1. Claims 50, 52-54, 56, 58-60, 62, 64-66, and 68-71 under 35 U.S.C. § 103(a) as unpatentable over Dark and Ben-Itzhak.2 2. Claims 55, 61, and 67 under 35 U.S.C. § 103(a) as unpatentable over Dark, Ben-Itzhak and Reid. ISSUE Based upon our review of the administrative record, we have determined that the following issue is dispositive in this appeal: 2 Although the Examiner includes claims 55, 61, and 67 in the heading for the first-stated rejection (Ans. 3), we observe that the Examiner provides no corresponding detailed statement of rejection for claims 55, 61, and 67 under the aforementioned first rejection header. (Ans. 3-6). Thus, claims 55, 61, and 67 stand rejected only under the second-stated rejection. Appeal 2009-00-5780 Application 10/294,255 5 Under § 103, did the Examiner err in determining that the cited combination of references would have taught or suggested that data representing text identified as hostile is marked with an identifier based on the comparison, the identifier being used to determine the manner in which the data representing text identified as hostile is acted upon? (See independent claims 50, 56, and 62) (emphasis added). PRINCIPLES OF LAW In rejecting claims under 35 U.S.C. § 103, it is incumbent upon the Examiner to establish a factual basis to support the legal conclusion of obviousness. See In re Fine, 837 F.2d 1071, 1073 (Fed. Cir. 1988). In so doing, the Examiner must make the factual determinations set forth in Graham v. John Deere Co., 383 U.S. 1, 17 (1966). “[T]he examiner bears the initial burden, on review of the prior art or on any other ground, of presenting a prima facie case of unpatentability.” In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992). Appeal 2009-00-5780 Application 10/294,255 6 FACTUAL FINDINGS 1. Claim 12 of the patent to Dark recites: “identifying the data representing text as hostile based on the comparison” and also that “data representing text identified as hostile is acted upon differently based on the type of attack . . . .” (Col. 11, ll. 24-30). 2. Claim 12 of the patent to Dark recites: “data representing text of the predetermined list refers to different types of attacks . . . .” (Col. 11, ll. 19- 20). ANALYSIS Appellants contend that the cited references, in particular Dark, would not have taught or suggested that text identified as hostile is marked with an identifier based on the comparison, as recited in independent claim 50. (App. Br.14). Based upon our review of the record, we agree. At the outset, we observe the close similarity between Appellants’ claim 50 and Dark’s claim 12.3 We agree with the Examiner that Dark discloses identifying the data representing text as hostile based on a comparison. (FF 1). However, on this record, we find the Examiner has not established how the identified data is further marked with an identifier based on the comparison, as claimed. (Independent Claims 50, 56, and 62). 3 We observe there are no common inventors of record between the patent to Susan Pittman Dark (US 7,058,976) and the instant invention. We also note that the respective assignees of record are not the same. Therefore, no obviousness-type double patenting rejection appears to have been appropriate. We further note that the inventors in the instant application on appeal and Susan Pittman Dark (US 7,058,976) were opposing parties in Patent Interference No. 105,271, decided March 24, 2005. Appeal 2009-00-5780 Application 10/294,255 7 The Examiner contends that the limitation in dispute is disclosed in col. 11, ll. 26-31 (claim 12) of Dark. (Ans. 11). Claim 12 of Dark recites that “data representing text of the predetermined list refers to different types of attacks . . . .” (FF 2). However, it is our view that the Examiner has not established how Dark’s claim 12 more narrowly teaches or suggests that the identified data is marked in any way with an identifier, and how such an identifier is further used to determine the manner in which the data representing the identified text is acted upon, within the meaning of Appellants’ independent claims. We particularly disagree with the Examiner’s statement in the “Response to Argument” section of the Answer that the broader language of claim 12 in the Dark reference (col. 11, ll. 16-31) is equivalent to the narrower language recited in each of Appellants’ independent claims. (Ans. 10-11). Moreover, we note the Examiner has not responded to Appellants’ contention (regarding Dark at col. 7, ll. 55-62) that simply setting an indicator if a warning level has been reached fails to teach marking data representing text identified as hostile, let alone a specific technique wherein the data representing text identified as hostile is marked with an identifier based on the comparison, as claimed. (App. Br. 14, ¶ 3). Therefore, for essentially the same reasons argued by Appellants in the Briefs, we agree that merely identifying data does not necessarily establish that the data is marked with an identifier based on the comparison, as required by the language of each independent claim before us on appeal. Appeal 2009-00-5780 Application 10/294,255 8 We do not find, and the Examiner has not established, that the secondary Ben-Itzhak reference overcomes the aforementioned deficiencies of Dark. On this record, we find the Examiner erred in determining that the cited combination of references would have taught or suggested that text identified as hostile is marked with an identifier based on the comparison. Accordingly, we reverse the Examiner’s rejection of independent claims 50, 56 and 62. Claims 55, 61, and 67 were rejected over Dark, Ben-Itzhak and Reid. We do not find, nor has the Examiner established, that Reid cures the deficiencies of Dark and Ben-Itzhak. Because we have reversed the Examiner’s rejection of each independent claim on appeal, we also reverse the Examiner’s rejections of dependent claims 52-55, 58-61, and 64-71. DECISION We reverse the Examiner’s § 103 rejections of claims 50, 52-56, 58- 62, and 64-71. ORDER REVERSED Appeal 2009-00-5780 Application 10/294,255 9 erc Zilka-Kotab, PC P.O. BOX 721120 SAN JOSE CA 95172-1120 Copy with citationCopy as parenthetical citation