Ex Parte Swander et alDownload PDFBoard of Patent Appeals and InterferencesMay 15, 200910882537 (B.P.A.I. May. 15, 2009) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ________________ Ex parte BRIAN D. SWANDER and BERNARD D. ABOBA ________________ Appeal 2008-4728 Application 10/882,537 Technology Center 2400 ________________ Decided:1 May 15, 2009 ________________ Before ALLEN R. MACDONALD, Vice-Chief Administrative Patent Judge, JAMES D. THOMAS, and JEAN R. HOMERE, Administrative Patent Judges. THOMAS, Administrative Patent Judge. DECISION ON APPEAL 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, begins to run from the decided date shown on this page of the decision. The time period does not run from the Mail Date (paper delivery) or Notification Date (electronic delivery). Appeal 2008-4728 Application 10/882,537 2 STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1 through 8, 13, 16 through 21, and 26 through 34, the Examiner having objected to claims 9 through 12, 14, 15, and 22 through 25. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Invention In a system to provide a secured link among plural users/services on a single machine with a remote machine, a subsystem is provided to filter or otherwise separate traffic for each user/service. This subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user/service and the traffic, and employs the SA to establish the secured link. An Internet Key Exchange module and a policy module may be included to generate and associate the SA. (Spec. 33, Abstract; Figures 1a, 4, and 5). Representative Claims 1. A system that establishes a secure link among multiple users on a single machine with a remote machine, comprising: a subsystem that filters traffic so that traffic from each user is separate, the subsystem generates and associates a Security Association (SA) with at least one filter that corresponds with the user and the traffic and employs the SA to establish the secure link. Appeal 2008-4728 Application 10/882,537 3 31. A data packet transmitted between at least two processes, comprising: a first component that filters traffic between a first process, associated with multiple users, and a second process so that traffic for the first process is separated in accordance with the respective users; and a second component that generates and associates a Security Association (SA) with at least one filter, corresponding to at least one of the users and the respective traffic, and employs the SA to establish a secure link between the first and second processes. Prior Art and Examiner’s Rejections The Examiner relies on the following reference as evidence of anticipation: Boden U.S. 6,330,562 B1 Dec. 11, 2001 (filed Jan. 29, 1999) Claims 28 and 29 stand rejected under 35 U.S.C. § 112, second paragraph, as being vague and indefinite. Claims 31, 33, and 34 stand rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter. These two rejections are properly labeled “New Grounds of Rejection” in the Answer and have been appropriately signed and approved by the group Director. Appeal 2008-4728 Application 10/882,537 4 Claims 1 through 8, 16 through 21, and 26 through 34 stand rejected under 35 U.S.C. § 102(e) as being anticipated by Boden.2 Claim Groupings Although Appellants appear to present separate arguments as to independent claims 1 and 16 as a group at pages 7 and 8 of the principal Brief, to claims 26 through 29 as a separate group at pages 8 and 9 of the principal Brief, and to claims 30 through 33 as a separate group at page 9 of the principal Brief, all arguments essentially focus upon the features recited in the subsystem clause in representative claim 1 on appeal. All of these claims are independent claims and no arguments are presented as to any dependent claim on appeal. ISSUES 1. Have Appellants shown that the Examiner erred in finding that the subject matter of independent claims 28 and 29 is indefinite within 35 U.S.C. § 112, second paragraph? 2. Have Appellants shown that the Examiner erred in finding that the subject matter of independent claims 31 and 33, and its dependent claim 34, recites non-statutory subject matter within 35 U.S.C. § 101? 2 The Examiner appears to have inadvertently included dependent claim 13 within this prior art rejection. Claim 13 depends directly from objected to dependent claim 12. Therefore, claim 13 must also be considered to be objected to. Appeal 2008-4728 Application 10/882,537 5 3. Have Appellants shown that the Examiner erred in finding that the subject matter of independent claims 1, 16, and 26 through 33 is anticipated by Boden within 35 U.S.C. § 102(e)? FINDINGS OF FACT 1. The Specification, at page 6, lines 16 through 18, states: “[a]s used in this application, the term ‘component’ is intended to refer to a computer-related entity; either hardware, a combination of hardware and software, software, or software in execution.” In like manner, we reproduce the subject matter of the Specification at page 23, lines 19 through 24: While the invention has been described above in the general context of computer-executable instructions of a computer program that runs on a computer and/or computers, those skilled in the art will recognize that the invention also may be implemented in combination with other program modules. Generally, program modules include routines, programs, components, data structures, etc. that perform particular tasks and/or implement particular abstract data types. Data packets are contemplated within the scope of the disclosed invention at page 5 of the Specification. The transmission of these and the software “components” is contemplated in the sentence bridging Specification pages 23 and 24 where it is stated that the “illustrated aspects of the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.” The discussion at page 25, line 16 through page 26, line 17 contemplates (electronic) signals performing the transmissions between devices and between the processes executing within any device. Appeal 2008-4728 Application 10/882,537 6 2. As part of his background assessment of the art Boden indicates at column 2, lines 38 through 41, “a need in the art for enabling connection filter rules to be generated and loaded dynamically at negotiation time, and thus handle remote initiating hosts with dynamically assigned IP addresses.” Consistent with this, column 3, lines 13 through 16, Boden states that his data model “allows for dynamically establishing VPN connections with different security policies and other attributes, based solely on an unfixed IP address (e.g. a user ID).” 3. Boden teaches at column 6, lines 13 through 31: In accordance with the preferred embodiment of the invention, previously unknown client ID pairs (IDci and IDcr values) are accepted from a remote system. The user writes as few as one filter rule (also referred to as an anchor rule) for the subset of IP traffic to be protected, similar to conventional filter rules. However, this anchor filter rule, by way of its association with a connection definition, is not explicit about what future security associations (SAs) will be used to protect any of the traffic defined by the anchor rule. It only specifies things like what policy to negotiate and what granularity of client IDs to accept. Connection filters are generated and loaded dynamically based on either locally defined connections (user client pair objects 52), IDci/IDcr from a remote system, or from an IP packet (for on demand connections). If a remote system offers client IDs of, say, only TCP traffic between the local host and a given subnet, connection filters for that traffic only would be generated and loaded, with all other traffic between the local host and the given subnet discarded. 4. Additionally, Boden teaches at column 7, lines 26 through 49, and lines 58 through 63: Anchor filters 20 are provided to indicate to the system that certain IP traffic is to be protected using IPSec. These filters 20 Appeal 2008-4728 Application 10/882,537 7 reference a connection definition (CD) 26 that describes the role of the endpoints (host or gateway), and other connection information. There are two ways to establish a connection between systems: initiate the negotiation of a connection, or respond to the negotiation of a connection. In the case of connections with static keys (i.e. Connections that do not manage keys via IKE), both connection endpoints are said to initiate the negotiation of the connection, even though no actual negotiation takes place. Initiators of connections between systems using this connection definition (CD) 26 require a User Client Pair (UCP) 52 for each connection that it can initiate. There may be a multiplicity of UCPs 52 referring to a single CD 26. CDs 26 also have a reference to the Security Policy (SP) 58 necessary for this connection. There may be a multiplicity of CDs 26 referring to a SP 58. For systems that derive their IP address dynamically, which is usually the case for systems attaching to an Internet Service Provider (ISP) and that want to establish VPN connections to their home gateway, the home gateway can use deferred selectors 22 to associate an unresolved identifier (ID), that is an ID that does not have an IP address associated with it, with a CD 26. The resolution occurs dynamically during connection negotiation. . . . . Each object in a database has a unique key for keyed reference. This key is either a name or an ID, depending or the database. An ID is an identification of a system or group of systems in the VPN (e.g. An FQDN or an IPV4 subnet). All references between objects of different databases is via object name. 5. Boden teaches at column 8, lines 1 through 14: Some databases have their objects customer-ordered and therefore also support referencing objects by the ID(s) associated with objects of that database (a pair of client identifiers (client ID pair) in the case of connection definitions, and a single ID in the case of remote ID groups), on a first applicable object basis. Client ID pairs define a subset of IP traffic and are made up of the ID of a local system (or group of systems), a local port, the ID of a remote system (or group of systems), a remote port, and a transport protocol (e.g. TCP). Client ID pairs are sometimes referred to as Data Endpoints (in Appeal 2008-4728 Application 10/882,537 8 contrast to connection endpoints). When referencing customer- ordered objects in this way, the objects are checked in order by the API. The first object that is associated with a superset of the input IDs is returned. 6. Boden further teaches at column 9, lines 54 through 65: Remote ID group 32 is a customer-generated (via the GUI) list of IDs 108 (or single ID 108) associated with a group name 96. It also directly references the local ID 34, key management security policy 36, and NAT pool 38 objects for this group 108 of IDs. This is the database that IKE starts with to locate key management (phase I) security policy 36, given a remote ID (IDii, if responding or IDir, if initiating). Since a single ID may map to multiple remote ID group objects 32, a customer-defined order between remote ID groups 32 exist in the database. Therefore, a remote ID group 32 can be referenced on the ‘get first applicable’ function of the API based on identifier (ID). 7. At column 13, lines 62 though 67, Boden teaches: One or more connections can be created from a single connection definition 26, depending on that connection definition's connection granularity 86. Connection granularity 86 defines what subset of the IP traffic that is associated with this connection definition will be associated with each connection created from this connection definition 26. Boden further teaches at column 14, lines 53 through 55: A connection's client IDs are generated using client ID pairs, local and remote endpoint roles 84, 85, connection granularity 86 and the connection definition's selectors 83. The subsequent material through the top of column 15 explains the manner in which this is done. Appeal 2008-4728 Application 10/882,537 9 8. Lastly, Boden summarizes the advantages of his invention over the prior art at column 15, lines 32 through 37: It is a further advantage of the invention that there is provided flexibility in policy definition in the areas of dynamically-assigned IP addresses, remotely-defined ISAKMP client IDs (IDci/IDcr), and separation of ISAKMP Phase I (key management) policy information from ISAKMP Phase II (data management) policy information. Correspondingly, Boden further summarizes the advantages of his invention at column 15, lines 54 through 60, where it is taught that his data model: allows for dynamically establishing VPN connections with different security policies and other attributes, based solely on an unfixed IP address (e.g. a user ID)--these connections may or may not have been previously defined. This aspect is used for supporting systems with dynamically-assigned IP addresses that wish to establish a VPN connection with the local system. PRINCIPLES OF LAW Statutory Subject Matter The appropriate case law governing the statutory subject matter will be set forth in the Analysis section. Anticipation “A claim is anticipated only if each and every element as set forth in the claim is found, either expressly or inherently described, in a single prior art reference.” Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 628, 631 (Fed. Cir. 1987). Analysis of whether a claim is patentable over the prior art under 35 U.S.C. § 102 begins with a determination of the scope Appeal 2008-4728 Application 10/882,537 10 of the claim. We determine the scope of the claims in patent applications not solely on the basis of the claim language, but upon giving claims their broadest reasonable construction in light of the specification as it would be interpreted by one of ordinary skill in the art. In re Am. Acad. of Sci. Tech. Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). The properly interpreted claim must then be compared with the prior art. ANALYSIS Rejection under 35 U.S.C. § 112, second paragraph We reverse the Examiner’s rejection of independent claims 28 and 29 under the second paragraph of 35 U.S.C. § 112, since we do not agree with the Examiner’s view that the respective means recited in these claims are not clearly defined in the Appellants’ Specification. We reach this conclusion because of the detailed correlation and explanation of the recited features in these claims to correspondingly disclosed structure and acts referenced at pages 2 through 4 of the Reply Brief. These correlations are consistent with our study of the Specification and drawings as filed. This discussion goes well beyond the rather brief correlation in the summary of the invention set forth in the initial Brief on appeal. Therefore, the rejection of independent claims 28 and 29 under the second paragraph of 35 U.S.C. § 112 is reversed. Rejection under 35 U.S.C. § 101 We affirm the Examiner’s rejection of independent claims 31and 33, and dependent claim 34, as being directed to non-statutory subject matter within 35 U.S.C. § 101. Appeal 2008-4728 Application 10/882,537 11 The preamble of independent claims 31 and 33 recites a “data packet” which is set to “comprise” in the body of the claim respective first and second components. As established from our referenced material in Finding of Fact 1 from the Specification as filed, the claimed components comprise software elements per se. The material referenced from this finding of fact at page 23 of the Specification as filed indicates that the program modules comprise the software components that are further set to “perform particular tasks and/or implement particular abstract data types.” In fact, Appellants admit at the middle of page 6 of the Reply Brief that the subject matter clearly pertains to software code. The United States Supreme Court has held that a claim is not a patent- eligible “process” if it claims “laws of nature, natural phenomena, [or] abstract ideas.” Diamond v. Diehr, 450 U.S. 175, 185 (1981) (citing Parker v. Flook, 437 U.S. 584, 589 (1978) and Gottschalk v. Benson, 409 U.S. 63, 67 (1972)). The subject matter of the present claims on appeal is clearly not a machine, a manufacture, a process, or a composition of matter permitted within 35 U.S.C. § 101. Moreover, our reviewing court has stated that “[t]he four categories [of § 101] together describe the exclusive reach of patentable subject matter. If the claim covers material not found in any of the four statutory categories, that claims falls outside the plainly expressed scope of § 101 even if the subject matter is otherwise new and useful.” In re Nuijten, 500 F.3d 1346, 1354 (Fed. Cir. 2007), reh’g en banc denied, 515 F.3d 1361 (Fed. Cir. 2008), cert. denied, __ U.S.__, 127 S. Ct. 70 (2008). Accord In re Ferguson, 2009 WL 565074, (Fed Cir.2009). This latter case held that claims directed to a “paradigm” are non-statutory under 35 U.S.C. § 101 as representing an abstract idea. Appeal 2008-4728 Application 10/882,537 12 Consistent with the above case law, we find that the data packet and its software components recited in claims 31, 33, and 34 is/are directed to abstract ideas within the types of categories proscribed by the earlier-noted case law. Indeed, abstract software code is an idea without physical embodiment; it is intangible. An idea itself, alone, has long been regarded as non-statutory and not patentable. Moreover, the preamble of claims 31 and 33 recite that a “data packet [is] transmitted between two processes.” The bottom of page 6 of the Reply Brief states “[t]he fact that the data packet encases the software code during its transmission between two processes is irrelevant to the fact that it is software code that is contained therein and is being transmitted.” This statement further supports our findings just discussed. The transmission between the noted processes and the noted processes themselves appear to be passively recited in the claims. To the extent they may be construed to be positively recited, our discussion near the latter half of Finding of Fact 1 of the nature of the disclosed invention contemplated as to the features in these claims, leads us to conclude as well that the subject matter also appears to be proscribed by the reasoning in In re Nuitjen, 500 F.3d at 1359 since these aspects are directed to the transmission of signals per se. Appellants’ reliance upon the guidance provided by earlier case law that permits subject matter to be claimed if it produces a useful, concrete, and tangible result has been considered inadequate by our earlier-noted, subsequent case law from the same court, as well as overshadowed by the earlier-noted, earlier case law from the United States Supreme Court. Additionally, because Appellants’ claims rejected by the Examiner are not Appeal 2008-4728 Application 10/882,537 13 directed to processes, the case law cited at page 6 of the Reply Brief is also inapposite. In view of the foregoing, we affirm the Examiner’s rejection of claims 31, 33, and 34 as being directed to non-statutory subject matter within 35 U.S.C. § 101. Anticipation Rejection 35 U.S.C. § 102(e) At the outset, we note that Appellants’ arguments presented at pages 7 through 10 of the Reply Brief are identical to those presented at pages 6 through 10 of the principal Brief on appeal. Appellants, therefore, have not recognized, let alone addressed and contested the Examiner’s responsive arguments beginning at the bottom of page 9 through the end of the Answer that are directed to the arguments presented in the principal Brief. The lengthy discussion and quotation of material directly from Boden’s written description in our Findings of Fact 2 through 8 are inclusive of those used by the Examiner plus additional ones that we found pertinent to the issue presented within this rejection. As noted earlier in this opinion, all arguments from Appellants focus on the features recited in the subsystem clause in representative claim 1 on appeal. Collectively, these noted teachings from Boden from these findings are persuasive to us of the concepts taught in Boden that there was known in the art approaches to filter, as claimed and argued, the traffic data between machines to separate individual users/services within one of them. The claimed and argued Security Association (SA), as recognized in Appellants’ disclosure as filed, as well as in the discussion in Boden, was well-known in the art. In a Appeal 2008-4728 Application 10/882,537 14 manner corresponding to Appellants’ utilization of unique policies in elements 40a, 40b in Figure 1a, the Specification as filed operates in a corresponding manner with the Internet Key Exchange (IKE) as disclosed and as known in the art. Correspondingly, this approach appears in Boden to generate and associate, as claimed and argued, a security association (SA) unique to every user/service contemplated within Boden’s teachings. Therefore, based on the weight of the evidence and persuasiveness of the Examiner’s findings, and on the fact that the Examiner’s responsive findings have gone unrebutted in the Reply Brief, all lead us to affirm the Examiner’s rejection of claims 1 through 8, 16 through 21, and 26 through 34 under 35 U.S.C. § 102(e) since the claimed features argued not to be present in Boden are reasonably taught to the artisan. CONCLUSIONS OF LAW 1. Appellants have shown that the Examiner erred in finding that the subject matter in independent claims 28 and 29 is indefinite within 35 U.S.C. § 112, second paragraph. 2. Appellants have not shown that the Examiner erred in finding that the subject matter of independent claims 31 and 33, and dependent claim 34, is directed to non-statutory subject matter within 35 U.S.C. § 101. 3. Appellants also have not shown that the Examiner erred in finding that the subject matter presented in independent claims 1, 16, and 26 through 33 is anticipated within 35 U.S.C. § 102(e) by Boden. Appeal 2008-4728 Application 10/882,537 15 DECISION The decision of the Examiner rejecting certain claims under the second paragraph of 35 U.S.C. § 112 is reversed. On the other hand, the Examiner’s separate rejections of other claims on appeal under 35 U.S.C. §§ 101 and 102 are both affirmed. Since at least one rejection of all claims on appeal has been affirmed, the decision of the Examiner is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED msc TUROCY & WATSON, LLP 127 Public Square 57th Floor, Key Tower CLEVELAND, OH 44114 Copy with citationCopy as parenthetical citation
