Ex Parte Perez et alDownload PDFPatent Trials and Appeals BoardApr 30, 201914917839 - (D) (P.T.A.B. Apr. 30, 2019) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 14/917,839 03/09/2016 22879 7590 05/02/2019 HP Inc. 3390 E. Harmony Road Mail Stop 35 FORT COLLINS, CO 80528-9544 FIRST NAMED INVENTOR David S Perez UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 84465954 3760 EXAMINER JEUDY, JOSNEL ART UNIT PAPER NUMBER 2438 NOTIFICATION DATE DELIVERY MODE 05/02/2019 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipa.mail@hp.com barbl@hp.com yvonne.bailey@hp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte DAVID S. PEREZ, HELEN BALINSKY, and STEVEN J. SIMSKE Appeal2018-007671 Application 14/917,839 1 Technology Center 2400 Before JOHN A. EV ANS, JAMES W. DEJMEK, and MICHAEL M. BARRY, Administrative Patent Judges. EV ANS, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a final rejection of claims 1-20. We have jurisdiction under 35 U.S.C. § 6(b). We reverse. 1 Appellants identify Hewlett-Packard Development Company, L.P. as the real party in interest. App. Br. 2. Appeal2018-007671 Application 14/917,839 STATEMENT OF THE CASE Introduction Appellants' disclosed and claimed invention relates to systems and methods for injecting a data flow control object into an application process. Spec. ,-J 7. Application programs such as e-mail clients and internet browsers often handle sensitive information while providing export functionalities. Spec. ,-J 7. To address the problem of possible data leaks, Appellants' invention injects a data flow control object into an application process. Spec. ,-J 7. The data flow control object may intercept a system call made by the application process and control flow of data being handled by the system call. Spec. ,-J 9. In a disclosed embodiment, a callback is assigned to a creation event at an operating system's kernel module (KM) or management instrumentation (MI). Spec. ,-J 8. In response to detecting the creation event, the KM or MI executes the callback. Spec. ,-J 8. In response to executing the callback, a data flow control object may be injected into the application process. Spec. ,-J 9. "Thus, sensitive data may not be exported out of the system unprocessed prior to the injection, because the application process may not have had a chance to make any system calls to the operating system." Spec. ,-J 8. Claim 1 is illustrative of the subject matter on appeal and is reproduced below with the disputed limitations emphasized in italics: 1. A non-transitory computer readable storage medium including executable instructions that, when executed by a processor, cause the processor to: execute a callback that is assigned, using at least one of a kernel module and management instrumentation of an operating system, to a creation event of an application process; and 2 Appeal2018-007671 Application 14/917,839 in response to the execution, inject a data flow control object into the application process prior to the application process having any chance of making system calls to the operating system, the data flow control object to intercept a system call made by the application process and to control flow of data being handled by the system call wherein data is not exported out of the operating system unprocessed by the data flow control object prior to the injection. The Examiner's Rejections 1. Claims 1-15, 19, and 20 stand rejected under 35 U.S.C. § 103 as being unpatentable over Avni et al. (US 2011/0239306 Al; Sept. 29, 2011) ("Avni") and Niemi et al. (US 6,470,388 Bl; Oct. 22, 2002) ("Niemi"). Final Act. 3-6. 2. Claims 16-18 stand rejected under 35 U.S.C. § 103 as being unpatentable over A vni, Niemi, and Flautner (US 2005/0034002 A 1; Feb. 10, 2005) ("Flautner"). Final Act. 6-8. ANALYSIS2 In rejecting claim 1, the Examiner relies on the combined teachings and suggestions of A vni and Niemi. Final Act. 3-4. We begin our analysis with a review of these references. A vni relates to a data leak protection method for managing user interaction with a computing device. A vni, Abstract. In a disclosed embodiment, the kernel mode of the computing device is monitored in order 2 Throughout this Decision, we have considered the Appeal Brief, filed April 23, 2018 ("App. Br."); the Reply Brief, filed July 20, 2018 ("Reply Br."); the Examiner's Answer, mailed July 10, 2018 ("Ans."); the Specification (filed March 9, 2013, "Spec,"), and the Final Office Action, mailed December 28, 2017 ("Final Act."), from which this Appeal is taken. 3 Appeal2018-007671 Application 14/917,839 to detect user-initiated events. Avni, Abstract. A data leak protection object can be provided in the user mode of the computing device, such that the object may be injected into every running application in the user mode by injecting computer code into executable files. Avni ,i 38. The data leak protection object may either listen to the kernel mode message traffic or receive notifications from an operating system object in the kernel mode whenever a user-initiated event occurs. Avni ,i 39. Additionally, a data leak protection agent in the kernel mode of the computing device may intercept a system call from a user mode application. A vni ,i 40. Having detected a given user-initiated event, whether the event has a forbidden or an allowed status is determined and, in response, an appropriate action is performed. A vni, Abstract, ,i 115. The Examiner relies on A vni' s data leak protection method comprising a data leak protection object and data leak protection agent to teach the entirety of claim 1, except for the "execute a callback" limitation. See Final Act. 3-4 (citing Avni ,i,i 5, 21, 38, 40, 129, 176, Abstract). Niemi relates to centrally coordinating, collecting and storing error, trace, audit and other information in a computer network. Niemi, Abstract. In a disclosed embodiment, each network entity includes a novel, extendable logging service layer in communication with an application or process to provide common formatting and information storage services. Niemi 4:5-9. The logging service layer includes, among other things, a callback generator. Niemi 4:9-11. Upon initialization, selected applications or processes can issue calls to the respective logging service layer identifying one or more debug objects. Niemi 4: 11-14. The callback generator establishes a callback that identifies the application or process. Niemi 4: 14-15. In response to 4 Appeal2018-007671 Application 14/917,839 receiving error, trace, audit, or other information, the application or process can issue a call to one or more of its debug objects. Niemi 4: 15-18. The Examiner finds Niemi teaches the "execute a callback" limitation because Niemi discloses that a "callback generator establishes a callback that identifies the application or process ... upon obtaining the respective callback for the selected application." Final Act. 4 ( citing Niemi 4: 14-16, 40-42). The Examiner concludes: It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of A vni with the teaching of Niemi to include the callback because it would have allowed received information to be time-stamped and appended to a primary log file along with the applications. Final Act. 4. Appellants argue, among other things, the combination of A vni and Niemi does not teach or suggest "in response to the execution [ of the callback], inject a data flow control object into the application process prior to the application process having any chance of making system calls to the operating system ... wherein data is not exported out of the operating system unprocessed by the data flow control object prior to the injection." App. Br. 9-10; Reply Br. 4. In particular, Appellants contend "[t]his timing is not disclosed by A vni" because A vni discloses that its data leak protection object may be injected into an application but does not specify "when" or "how" it is injected. Reply Br. 4; see also App. Br. 9. Appellants contend Niemi does not cure the timing deficiency of A vni but, instead, "is actually teaching issuing methods or calls to the OS (logging service) before the callback generator even establishes the callback." App. Br. 9; Reply Br. 4. 5 Appeal2018-007671 Application 14/917,839 Therefore, Appellants argue that, contrary to the disputed claim language, "[t]his combination of Avni and Niemi actually discloses having multiple chances of making system calls to the OS before the callback is established allowing for potential leaks of data exported out of the OS." Reply Br. 4. In the Answer, the Examiner reiterates A vni' s disclosures of a data leak protection object injected into every running application in the user mode and a data leak protection agent intercepting a system call from a user mode application and states, "[thus, Avni teaches] upon initialization, the selected applications or processes issue methods or calls to the respective logging service layer identifying their one or more debug objects which causes the callback generator to establish a callback that identifies the application or process." Ans. 3 ( quotations omitted). We find the Examiner erred by failing to provide sufficient persuasive technical reasoning or evidence that Avni or Niemi, either alone or in combination, teaches or suggests that a data flow control object is injected into an application process prior to the application process having any chance of making system calls to the operating system, wherein data is not exported out of the operating system unprocessed by the data flow control object prior to the injection. The Examiner does not explain how or why the cited prior art would satisfy the italicized claim limitations. Nor has Examiner provided a sufficient rationale or articulated reasoning to fill the gaps in the rejection. In other words, the Examiner has not adequately identified why an ordinarily skilled artisan would have combined Avni's disclosures of (1) a data leak protection object injected into running processes of an application and (2) a data leak protection agent intercepting a system call from an application with the callback technique of Niemi to 6 Appeal2018-007671 Application 14/917,839 arrive at the italicized claim limitations. Rather, the Examiner merely provides a general, and unsupported, statement that the proposed combination "would have allowed received information to be time-stamped and appended to a primary log file along with the applications." Final Act. 4. Further, the Examiner does not provide any evidence that the Flautner reference cures the above deficiencies. See Final Act. 7-8. We decline to resort to impermissible speculation or unfounded assumptions or rationales to cure the deficiencies in the factual bases of the rejection before us. In re Warner, 379 F.2d 1011, 1017 (CCPA 1967). For the reasons discussed supra, and constrained by the evidence of record before us, we do not sustain the Examiner's rejection of independent claim 1. For similar reasons, we also do not sustain the Examiner's rejection of independent claims 7 and 13. Additionally, we do not sustain the Examiner's rejections of claims 2-6, 8-12, and 14-20, which depend directly or indirectly therefrom. DECISION We reverse the Examiner's decision rejecting claims 1-20 under 35 U.S.C. § 103. REVERSED 7 Copy with citationCopy as parenthetical citation
