Ex Parte Shetty et alDownload PDFPatent Trial and Appeal BoardJun 30, 201613090258 (P.T.A.B. Jun. 30, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/090,258 04/20/2011 92791 7590 07/05/2016 Global IP Services, PLLC/LSI Corporation 10 Crestwood Lane Nashua, NH 03062 FIRST NAMED INVENTOR V ARUN SHE TTY UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. Ll 0-0496US 1 2079 EXAMINER DAVIS, ZACHARY A ART UNIT PAPER NUMBER 2492 NOTIFICATION DATE DELIVERY MODE 07/05/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): pnama@globalipservices.com docketing@globalipservices.com pradeep@globalipservices.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte V ARUN SHETTY, CHETHAN SURESH, and SHRIDHAR DODDAMATEKURKE GANGADHARAPP A Appeal2015-000766 Application 13/090,258 Technology Center 2400 Before ROBERT E. NAPPI, CARLA M. KRIVAK, and JEFFREY A. STEPHENS, Administrative Patent Judges. KRIVAK, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a Final Rejection of claims 1, 3-7, and 9-12. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Appeal2015-000766 Application 13/090,258 STATEMENT OF THE CASE Appellants' invention is directed to the "secure exchange of keystroke information between a kernel and an application in a computing system" (Spec. ii 1 ). Independent claim 7, reproduced below, is representative of the subject matter on appeal. 7. A system for secure exchange of information in a computing system, comprising: a processor; memory including an operating system, wherein the operating system includes a kernel configured to receive a request to switch to a safe mode from a target application; generate encryption/ decryption keystring based on the received request; respond to the target application with the decryption keystring; encrypt a key-stroke using the encryption keystring; and store the encrypted key-stroke in a keyboard buffer; maintain a list of applications registered to be notified of key-stroke event and notify the registered applications of the stored key- stroke in the keyboard buff er by the kernel; and wherein the target application is configured to retrieve the encrypted key-stroke from the keyboard buffer upon receiving the notification; and decrypt the encrypted key-stroke using the decryption keystring. REFERENCES and REJECTION The Examiner rejected claims 1, 3-7, and 9-12 under 35 U.S.C. § 103(a) based upon the teachings of Breakthrough ("KeyScrambler-A Breakthrough in Battling Keyloggers," 2010), Manual 2 Appeal2015-000766 Application 13/090,258 ("KeyScrambler User Manual & Tutorial," 2010), Kassner ("KeyScrambler: How Keystroke Encryption Works to Thwart Keylogging Threats," 2010), Goh ("The Design and Implementation of Protocol-Based Hidden Key Recovery," 2003), and Thomas ("Hooking the Keyboard," 2001). ANALYSIS With respect to claim 7, the Examiner finds Manual, Breakthrough, and Kassner describe KeyScrambler technology that secures the exchange of information by protecting a computing system from keylogger malware (Ans. 3; Final Act. 3, 7). The Examiner finds KeyScrambler exists in the operating system's kernel because "KeyScrambler 'encrypts your keystrokes at the keyboard driver level in the kernel'" (Ans. 4 (citing Breakthrough p. 1, i-f 4)). The Examiner further finds the kernel's KeyScrambler receives a request to switch to a safe mode as claimed, because a hot key requests KeyScrambler protection to be turned on (Ans. 4 (citing Manual p.1 ); Final Act. 7). Appellants contend Manual does not teach or suggest a kernel module is requested to switch to a safe mode by a target application as required in claim 7, rather, Manual only teaches changing default settings and enabling KeyScrambler protection with a keyboard shortcut (Br. 11 ). Appellants' arguments do not address the Examiner's findings that the kernel's KeyScrambler component receives a request to switch to a safe mode in which KeyScrambler encryption is activated to encrypt keystrokes in the kernel (Ans. 4, 5). We agree with the Examiner's reasonable findings. Appellants further contend Breakthrough and Kassner do not teach or suggest a kernel configured to respond to a target application with a 3 Appeal2015-000766 Application 13/090,258 decryption keystring, as required by claim 7 (Br. 11, 12). According to Appellants, Breakthrough and Kassner at most describe a decryption component of KeyScrambler that decrypts keystrokes at a destination application, but do not teach or suggest "the decryption component of KeyScrambler as being sent by Kernel to the target application" (Br. 12). We are not persuaded by Appellants' arguments as they do not address the Examiner's rejection based on the combination of Breakthrough and Kassner in combination with Goh. We agree with the Examiner's findings that Breakthrough and Kassner teach a kernel KeyScrambler component encrypting keystrokes in the kernel, and an application level component of KeyScrambler decrypting keystrokes at a destination application (Ans. 4, 6, 7 (citing Breakthrough p. 1, i-fi-14--5); Final Act. 7 (citing Kassner p. 2)). 1 Further, Kassner teaches KeyScrambler applies "basically the same" principle as SSL/TLS encryption, and Goh teaches SSL/TLS encryption uses a decryption keystring of "a common set of cryptographic parameters which are used to secure further communication" (Ans. 6, 7 (citing Kassner p. 2, i-f l O; Goh pp. 7-8); Final Act. 8). The combination of Goh' s S SL/TLS decryption keystring with KeyScrambler' s kernel-level encryption and application-level decryption teaches and 1 Kassner describes the operation of KeyScrambler's components as follows: "[ w ]hat KeyScrambler does is to try to get to the keystrokes as early as possible in the Windows kernel using our encryption module . ... When these encrypted keystrokes finally arrive at the intended application, the decryption component of KeyScrambler goes to work and turns them back into the keys the user originally typed" (Kassner p. 2, i-fi-1 8-9 (emphasis added)). 4 Appeal2015-000766 Application 13/090,258 suggests the claimed kernel configured to respond with a decryption keystring (Ans. 7). Appellants have not responded to or rebutted the Examiner's reasonable and persuasive findings and conclusions in a Reply Brief. Appellants additionally contend Breakthrough and Kassner do not teach or suggest a target application configured to decrypt an encrypted key-stroke using the decryption keystring as required by claim 7 (Br. 11, 12). As discussed supra, we are persuaded the combination of Breakthrough, Kassner, and Goh teaches a decryption keystring sent by a kernel as claimed. Thus, we agree with the Examiner that "the decryption component of KeyScrambler" and "the destination application" comprise a target application that decrypts using the decryption keystring, as required by claim 7 (Ans. 7, 8 (citing Breakthrough p. 1, i-f 5; Kassner p. 2, i-f 9)). Appellants further argue Breakthrough, Kassner, and Thomas do not teach or suggest configuring the kernel to maintain a list of applications registered to be notified of a key-stroke event and notifying the registered applications of the stored key-stroke in a keyboard buffer as required by claim 7 (Br. 12, 13). The Examiner finds Thomas' hook chain is "a list [of applications] that you add a keylogger to" for receiving Windows' notifications of keyboard inputs and Kassner' s KeyScrambler runs on Windows, concluding it would have been obvious to maintain a list of applications in Windows notified of key-stroke events by KeyScrambler (Ans. 9, 10 (citing Thomas pp. 1-3; Kassner p. 2, i-f 4); Final Act. 7-9). Appellants' arguments have not addressed these specific findings by the Examiner. We also agree with the Examiner's findings that Kassner teaches and suggests KeyScrambler 5 Appeal2015-000766 Application 13/090,258 maintains a list of applications for receiving encrypted KeyScrambler key- strokes from the kernel (see Kassner p. 2, i-fi-1 5-9). We also do not agree with Appellants' argument that Breakthrough, Kassner, and Thomas do not teach or suggest the target application is configured to retrieve the encrypted key-stroke from the keyboard buffer upon receiving a notification, as required by claim 7 (Br. 13). As the Examiner finds, KeyScrambler's ability to encrypt keystrokes, which are then forwarded to the destination application and/or a keylogger, "is itself a disclosure of a list of applications that receive keystroke events" as claimed (Ans. 10 (citing Breakthrough p. 1 i-fi-14, 6)). Appellants have not persuasively rebutted the Examiner's specific findings by identifying specific errors; rather Appellants' arguments merely restate the claim language without explanation of error in the Examiner's findings (see Br. 13). In light of the above, we sustain the Examiner's rejection of independent claim 7, independent claims 1 and 12, which fall with claim 7 (Br. 13), and dependent claims 3---6 and 9-11 argued for their dependency on claims 1 and 7, respectively (Br. 13). DECISION The Examiner's decision rejecting claims 1, 3-7, and 9-12 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 6 Copy with citationCopy as parenthetical citation
