Ex Parte Mayer et alDownload PDFPatent Trial and Appeal BoardJun 16, 201510968022 (P.T.A.B. Jun. 16, 2015) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/968,022 10/20/2004 Yaron Mayer 3204 7590 06/16/2015 YARON MAYER 21 AHAD HAAM ST. JERUSALEM, 92151 ISRAEL EXAMINER KAPLAN, BENJAMIN A ART UNIT PAPER NUMBER 2434 MAIL DATE DELIVERY MODE 06/16/2015 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte YARON MAYER and ZAK DECHOVICH ____________ Appeal 2013-001262 Application 10/968,022 Technology Center 2400 ____________ Before MAHSHID D. SAADAT, ROBERT E. NAPPI, and GARTH D. BAER, Administrative Patent Judges. SAADAT, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a Final Rejection of claims 1, 19, 69, 70, 73, 81, 82, 86, 89–91, and 94–96.1 We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. 1 Claims 2–18, 20–66, 68, 71, 72, 74–76, 78–80, 83–85, 87, 88, 92, and 93 have been canceled and claims 67 and 77 have been withdrawn from consideration. Appeal 2013-001262 Application 10/968,022 2 STATEMENT OF THE CASE Introduction Exemplary claim 1 under appeal reads as follows: 1. A security system for a computer comprising: a. a processor; b. a monitoring and capturing system that is configured to conduct, using the processor, constant statistical analyses of various events in the computer to define normal behavior to be able to subsequently identify significant deviations from the normal behavior; c. storage; d. a security rules database that is configured to store statistics of the normal behavior continuously during operation, the security rules database residing in the storage; and e. a user interface that is configured to interact with a user of the computer regarding acceptable behavior patterns and to warn the user of perceived dangers. The Rejections Claims 1, 19, 69, 70, 73, 81, 82, 86, 89–91, and 94–96 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Nachenberg (US 6,357,008 B1; Mar. 12, 2002) and Campbell (US 6,839,850 B1; Jan. 4, 2005). (See Ans. 4–16). ANALYSIS Claim 1 In rejecting claim 1, the Examiner relies on Nachenberg for disclosing the recited processor, storage, and user interface and further relies on Campbell for disclosing the monitoring and capturing system and the security rules database (Ans. 4–6). The Examiner concludes that it would Appeal 2013-001262 Application 10/968,022 3 have been obvious to one of ordinary skill in the art to combine Nachenberg with Campbell in order to improve the system capability for indicating potential security threats in real time (Ans. 7). Appellants contend the combination of the references is improper (see Br. 3–5). In particular, Appellants argue Campbell relates to “an audit agent to prevent security threats by hackers” whereas Nachenberg “is directed to virus detection” by identifying and counting suspicious computer behavior (Br. 5–6). Appellants specifically assert the combination of references is improper because Nachenberg detects a single suspicious operation and cannot use Campbell’s statistical approach (Br. 6). We are not persuaded by Appellants’ arguments that the Examiner erred. Appellants’ contentions focus on the references separately and ignore the fact that the proposed rejection is based on the combination of Nachenberg and Campbell. We must point out, however, that all of the features of the secondary reference need not be bodily incorporated into the primary reference (see In re Keller, 642 F.2d 413, 425 (CCPA 1981)) and the artisan is not compelled to blindly follow the teaching of one prior art reference over the other without the exercise of independent judgment (see Lear Siegler, Inc. v. Aeroquip Corp., 733 F.2d 881, 889 (Fed. Cir. 1984)). As found by the Examiner (Ans. 4–7), using the statistical representation obtained by Campbell’s Security Indications and Warning (SI&W) Engine in Nachenberg’s virus detection system would have increased the efficiency of the virus detection process based on monitoring usage (see, e.g., Campbell col. 5, ll. 35–55). In other words, the teaching value of Campbell is in providing statistical analysis of events and identifying threats, which would be applied to the user interface disclosed in Appeal 2013-001262 Application 10/968,022 4 Nachenberg. Additionally, we find that the Examiner has articulated how the claimed features are met by the proposed combination of the reference teachings with some rational underpinning consistent with the guidelines stated in KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398 (2007) (see Ans. 4–7, 17–18). For the above-stated reasons, we are not persuaded by Appellants’ arguments that the Examiner erred in finding the combination of Nachenberg and Campbell teaches or suggests the disputed features of claim 1. Therefore, we sustain the 35 U.S.C. § 103(a) rejection of independent claim 1, and claims 19, 69, 73, 81, 82, 86, and 94–96 not argued separately (see Br. 7, 9). Claim 70 Appellants contend Nachenberg’s access to one piece of code under investigation does not meet the claimed requirement that “the virus-scan program can access freely all the real files and directories” (Br. 7–8). The Examiner explains, although Nachenberg’s “emulation does not allow free access to all the real files and directories, by the program being tested,” the virus scan program functions properly only when all real files are accessed and scanned (Ans. 18–19). We also agree with these findings and conclusions, and observe that the claim merely requires full access by the virus scan program, without precluding a limited access by other parts of the program such as the emulated instructions in the exploration phase (see Nachenberg col. 3, l. 62 – col. 4, l. 5). Therefore, we sustain the 35 U.S.C. § 103(a) rejection of claim 70. Appeal 2013-001262 Application 10/968,022 5 Claims 89–91 Appellants contend the Examiner has not identified any portion of Nachenberg that discloses the claimed “resources/communication mechanisms for which ‘the security system prevents applications and/or drivers from accessing without user permission . . .’” (Br. 8). The Examiner reasons claims 89–91 recite features that are variations of how access to the specific devices or functions in the system without user permission is prevented (Ans. 19). The Examiner further finds the general description of how Nachenberg’s security system prevents application or driver access meets the recited features of claims 89–91 (Ans. 20). We agree with Appellants. The Examiner’s cited portions of Nachenberg do not disclose how access to the specific devices or functions is prevented in the absence of user permission (see Ans. 12, 19–20). As argued by Appellants (Br. 8), Nachenberg’s disclosure in columns 3 and 4 relates to virus detection without discussing whether access to specific devices is prevented without user permission. Therefore, we do not sustain the rejection of claims 89–91. DECISION The decision of the Examiner rejecting claims 1, 19, 69, 70, 73, 81, 82, 86, and 94–96 is affirmed, but reversed with respect to claims 89–91. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART aj Copy with citationCopy as parenthetical citation