Ex Parte Thomas Hall et alDownload PDFPatent Trial and Appeal BoardFeb 27, 201713876574 (P.T.A.B. Feb. 27, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/876,574 03/28/2013 Matthew Richard Thomas Hall 83220860 7733 56436 7590 Hewlett Packard Enterprise 3404 E. Harmony Road Mail Stop 79 Fort Collins, CO 80528 EXAMINER LI, MENG ART UNIT PAPER NUMBER 2437 NOTIFICATION DATE DELIVERY MODE 03/01/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): hpe.ip.mail@hpe.com chris. mania @ hpe. com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MATTHEW RICHARD THOMAS HALL and REINOUD JELMER JEROEN KOORNSTRA Appeal 2016-0028541 Application 13/876,574 Technology Center 2400 Before ALLEN R. MacDONALD, DANIEL J. GALLIGAN, and AMBER L. HAGY, Administrative Patent Judges. HAGY, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants seek review under 35 U.S.C. § 134(a) from the Examiner’ Final Rejection of claims 1—15, which are all of the pending claims. We have jurisdiction over these claims under 35 U.S.C. § 6(b). We affirm. 1 Appellants identify Hewlett-Packard Development Company, LP, as the real party in interest. (App. Br. 2.) Appeal 2016-002854 Application 13/876,574 Introduction According to Appellants, the claims are directed to “methods and systems for detecting suspected data leakage in a network” using samples of traffic in a network. (See Abstract.) Claim 1, reproduced below with the disputed limitation italicized, is exemplary of the claimed subject matter: 1. A method of detecting suspected data leakage in a network including a plurality of networked devices, the method comprising: receiving a packet from a networked device of the plurality of networked devices; determining the packet includes sampled traffic data, the sampled traffic data comprising a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic; analyzing the payload data of the sampled traffic data; determining, by a data loss detector, whether sensitive data is detected in the payload data of the sampled traffic data based on the analysis; and performing a remedial action in response to determining that sensitive data is detected. The prior art relied upon by the Examiner in rejecting the claims on Exemplary Claim REFERENCES appeal is: Burrows et al. Zakas Hemacki Acquisti et al. US 2002/0073338 Al US 2006/0026682 Al US 7,792,147 B1 US 8,775,353 B2 June 13, 2002 Feb. 2, 2006 Sept. 7,2010 July 8, 2014 2 Appeal 2016-002854 Application 13/876,574 REJECTIONS Claims 1, 2, 4, and 5 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Burrows and Zakas. (Final Act. 6—9.) Claims 3 and 6—10 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Burrows, Zakas, and Acquisti. (Final Act. 9—14.) Claims 11—15 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Burrows, Zakas, and Hemacki. (Final Act. 14—18.) ISSUES (1) Whether the Examiner erred in finding the combination of Burrows and Zakas teaches or suggests “determining the packet includes sampled traffic data,” as recited in independent claim 1 and commensurately recited in independent claim 6. (2) Whether the Examiner erred in finding the combination of Burrows, Zakas, and Hemacki teaches or suggests “a network management server comprising a data collector and a data loss detector ... the data collector configured to receive a sampled traffic datagram from a sampling agent of a networked device of the plurality of networked devices,” as recited in independent claim 11. ANALYSIS We have reviewed the Examiner’s rejections in light of Appellants’ arguments the Examiner has erred. We disagree with Appellants’ conclusions and we adopt as our own: (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken (Final Act. 3— 18) and (2) the reasons set forth by the Examiner in the Examiner’s Answer 3 Appeal 2016-002854 Application 13/876,574 in response to Appellants’ Appeal Brief. (Ans. 17—22.) We concur with the conclusions reached by the Examiner, and we highlight the following for emphasis.2 A. Claims 1—10 The Examiner finds Burrows teaches or suggests “determining the packet includes sampled traffic data,” as recited in independent claim 1. (Final Act. 6.) In particular, the Examiner finds Burrows teaches a “monitor that observes packets [of] traffic at various points on the network” and further teaches “various points on the networks can be randomly or selectively ‘sampled’ rather than being exhaustively monitored, where a representative sampling of the packets is obtained rather than all of them.” (Id. (citing Burrows 169).) The Examiner further finds Burrows teaches a sample “includes payload data from the packet constituting network traffic.” (Final Act. 6 (citing Burrows 16).) Appellants argue the Examiner’s findings are in error because “while Burrows monitors traffic, Burrows does not disclose a device that receives a packet of sample traffic data generated at a network device, or determines that the packet includes sampled traffic data.” (App. Br. 8 (emphasis added).) In other words, according to Appellants, “because the packet traffic monitor is monitoring and analyzing traffic behavior, the packet traffic monitor does not receive packets of sample traffic data but instead monitors packet traffic behavior.” (Id. (emphases added).) 2 Only those arguments made by Appellants have been considered in this decision. Arguments Appellants did not make in the briefs have not been considered and are deemed to be waived. See 37 C.F.R. § 41.37(c)(l)(iv). 4 Appeal 2016-002854 Application 13/876,574 We do not find Appellants’ argument persuasive of Examiner error. As an initial matter, the argument is not commensurate with the scope of the claims. See In re Self, 671 F.2d 1344, 1348 (CCPA 1982) (“Appellant’s arguments fail from the outset because . . . they are not based on limitations appearing in the claims.”). As the Examiner notes, Appellants’ argument that “Burrows doesn’t receive packets of sampled traffic data” is not persuasive because it is premised on a limitation that is not in the claims. (Ans. 17 (emphasis added).) We agree. Claim 1 recites “receiving a packet from a networked device” and “determining the packet includes sampled traffic data,” which, by virtue at least of the open-ended term “includes,” is of broader scope than “receiving packets of sampled traffic data,” as Appellants inaccurately characterize claim 1. (See App. Br. 8 (emphasis added).) Furthermore, as the Examiner further correctly notes, the term “sampled traffic data” is itself “a broad term that can be interpreted by a person with ordinary skill in the art as any information contained either in [the] packet header or payload.” (Ans. 18.) This is clear from the language of claim 1, which states broadly that “the sampled traffic data compris[es] a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet constituting network traffic.” (App. Br. 20 (Claims App’x) (emphasis added).) Thus, we agree the claim term “sampled traffic data,” reasonably construed, encompasses “payload data from the packet constituting network traffic.” In turn, “determining the packet includes sampled traffic data” encompasses determining a packet includes payload data, which the Examiner finds is taught by Burrows. (Ans. 18—19.) In particular, the Examiner finds, and we 5 Appeal 2016-002854 Application 13/876,574 agree, Burrows teaches a traffic monitor that “look[s] into [the] packet header or payload information to determine how to selectively react[] to the received packet.” (Ans. 18.) We, therefore, agree Burrows teaches “receiving a packet” and “determining the packet includes sampled traffic data,” within the broadest reasonable interpretation of claim 1. With regard to the Zakas reference, which the Examiner cites as teaching the last three steps of claim 1 (Final Act. 7—8), Appellants do not challenge the Examiner’s findings, but argue only that “Zakas does not remedy” the “deficiency” Appellants argue with regard to Burrows. (App. Br. 8.) As noted above, however, we are not persuaded the Examiner’s findings are deficient with regard to Burrows. For the foregoing reasons, we are not persuaded of error in the Examiner’s 35 U.S.C. § 103(a) rejection of independent claim 1, and we, therefore, sustain that rejection, along with the rejection of dependent claims 2, 4, and 5, which Appellants do not argue separately. (App. Br. 9.) With regard to claim 3, which depends from claim 1, and which the Examiner rejects under 35 U.S.C. § 103(a) over Burrows, Zakas, and Acquisti, Appellants do not present separate substantive arguments, but assert only that “Acquisti does not remedy the deficiencies of Burrows and Zakas with respect to independent claim 1.” (App. Br. 11.) Because, as noted above, we are not persuaded the Examiner’s findings are deficient with regard to claim 1, we also sustain the Examiner’s rejection of claim 3. With regard to independent claim 6, which also recites “determining the packet includes sampled traffic data,” Appellants present the same arguments that we have addressed above regarding claim 1. (App. Br. 10.) Therefore, for the reasons stated above with regard to claim 1, we also 6 Appeal 2016-002854 Application 13/876,574 sustain the Examiner’s rejection of independent claim 6, as well as the rejection of dependent claims 7—10, which Appellants do not argue separately. (App. Br. 11—12.) B. Claims 11—15 Independent claim 11 recites, inter alia, “a network management server comprising a data collector and a data loss detector, the data collector configured to receive a sampled traffic datagram from a sampling agent of a networked device.” (App. Br. 22 (Claims App’x).) The Examiner relies on the combination of Burrows, Zakas, and Hemacki as teaching or suggestions the limitations of claim 11. (Final Act. 14—17.) Appellant raises several challenges to the Examiner’s reliance on each of these references. For example, Appellants raise arguments with regard to the Burrows reference that are substantially similar to the arguments Appellants present with regard to the similar limitation of claims 1 and 6— that is, that Burrows “merely monitors traffic behavior and does not receive a sampled traffic datagram.” (App. Br. 14.) We do not find these arguments persuasive. Similarly to claim 1, claim 11 further states that the “sampled traffic datagram” comprises “a sample of a packet constituting network traffic through the networked device, the sample includes payload data from the packet.” (App. Br. 22 (Claims App’x).) Thus, “sampled traffic datagram,” broadly but reasonably construed similarly to the term “sampled traffic data,” encompasses “payload data.” As the Examiner finds in connection with claim 1, and we agree, Burrows teaches the traffic monitor receives packets that include payload data. (See Ans. 17—18; see also Ans. 21.) 7 Appeal 2016-002854 Application 13/876,574 We further note that Appellants principally rely on piecemeal challenges to the Examiner’s findings regarding the teachings of the individual references. (App. Br. 14—17.) Such arguments are not persuasive of Examiner error, because the test for obviousness is not whether the claimed invention is expressly suggested in any one or all of the references. “Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425 (CCPA 1981) (citations omitted) (emphasis added). Thus, where, as here, the rejections are based upon the teachings of a combination of references, “[n]on-obviousness cannot be established by attacking references individually.” In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986) (citing Keller, 642 F.2d at 425). In addition, a reference “must be read, not in isolation, but for what it fairly teaches in combination with the prior art as a whole.” Id. For example, with regard to the Burrows reference, Appellants argue Burrows “does not decode a sampled traffic datagram.” (Reply Br. 4.) Appellants raise a similar challenge with regard to Zakas. (Id.) The Examiner, however, does not rely on Burrows and Zakas, alone, as teaching that limitation, but combines the teachings of those references with the teachings of Hemacki. (Final Act. 16—17; Ans. 21—22.) Also with regard to the Zakas reference, Appellants argue Zakas “does not disclose a server or data collector configured to receive sample traffic data or sampled datagram.” (App. Br. 14.) The Examiner, however, does not rely on Zakas, alone, as teaching or suggesting that limitation, but relies on Zakas in combination with Burrows. (Final Act. 15—16; Ans. 21.) Similarly, with regard to the Hemacki reference, Appellants argue Hemacki does not teach 8 Appeal 2016-002854 Application 13/876,574 “a data collector configured to receive a sampled traffic datagram” but “receives a data stream from an attacker, and merely reassembles the data.” (App. Br. 14—15.) Again, the Examiner does not rely on Hemacki, alone, as teaching the disputed limitation, but relies on the combination of Hemacki with Burrows and Zakas. (Ans. 21—22.) In particular, in combining the cited references, the Examiner finds: Burrows discloses “network management server comprising a data collector . . . configured to receive a sampled traffic datagram from a sampling agent of a networked device of the plurality of networked devices.” Zakas ... in combination with Burrows discloses “analyzing the payload data of the sampled traffic datagram and determine whether sensitive data is detected in the payload data of the sampled traffic datagram.” See para [0053]: “a traffic sensor 8 may receive a list of objects to watch for while observing traffic from the central manager 2. RTA may find that packet payload data matches a stored binary/text pattern from the watch list” and in para [0017]: “Certain keywords or digital watermarks may be an indication that sensitive or suspicious traffic is attempting to traverse the network(s).” Further, in combination with Burrows and Zakas, Hemacki . . . discloses “[a] data loss detector configured to decode the sampled traffic datagram.” See in [Col. 2, Line 62-63] “As datagrams are received by host 108, information contained in the datagram of the packets are evaluated” and [Col. 4, Line 67- Col .5, Line 1-2 “a datagram is decoded during reassembly (502). Once decoded, the datagram may be examined to resolve the data into a header and payload (504))[.”] Therefore, Burrow[s] in view of Zakas and Hemacki discloses receive a sampled datagram from sampling agent, the sampled datagram is decoded using the method disclosed in Hemacki and then analyzed and determined by the method of Zakas to see if sensitive data is in payload data. (Ans. 21—22.) We agree with the Examiner’s findings, which are supported by the teachings of the cited references and which are not persuasively rebutted by Appellants. 9 Appeal 2016-002854 Application 13/876,574 For the foregoing reasons, we are not persuaded of error in the Examiner’s 35 U.S.C. § 103(a) rejection of independent claim 11, and we, therefore, sustain that rejection, along with the rejection of dependent claims 12—15, which Appellants do not argue separately. (App. Br. 17.) Appellants additionally challenge the Examiner’s conclusions, first presented in the Examiner’s Answer, that the terms “data collector” and “data loss detector” in independent claim 11 are to be construed according to 35 U.S.C. § 112, sixth paragraph. (See Ans. 3-A; Reply Br. 4—5.) Specifically, the Examiner finds these terms are “generic placeholder^]” that are “coupled with . . . functional language . . . without reciting sufficient structure to achieve the function.” (Ans. 3—4.) The Examiner does not, however, make any findings regarding the corresponding structure in the Specification (or lack thereof). (Id.) Appellants, on the other hand, argue these terms “are plainly understood by persons of ordinary skill in the art to have a more than sufficiently definite meaning as the name for structure.” (Reply Br. 5.) Although Appellants’ arguments are somewhat conclusory, they are commensurate with the conclusory nature of the Examiner’s findings. When a claim term does not use the term “means,” the claim term is presumed not to invoke § 112, sixth paragraph. See Williamson v. Citrix Online, LLC, 792 F.3d 1339, 1349 (Fed. Cir. 2015). The presumption can be overcome and § 112, sixth paragraph, applies, however, if “the claim term fails to recite sufficiently definite structure or else recites function without reciting sufficient structure for performing that function.” Id. (quoting Watts v. XISys., Inc., 232 F.3d 877, 880 (Fed. Cir. 2000) (internal quotation marks omitted)). Although the Examiner states, conclusorily, that 10 Appeal 2016-002854 Application 13/876,574 the terms “data collector” and “data loss detector” are “generic placeholder^],” the Examiner makes no findings regarding these terms in the context of the Specification or otherwise regarding their usage by persons of ordinary skill in the art so as to overcome the presumption afforded these non-means terms. As we are primarily a reviewing body, rather than a place of initial examination, we leave to the Examiner, in the event of further prosecution on remand, to make these findings. DECISION For the above reasons, the Examiner’s rejections of claims 1—15 are affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 11 Copy with citationCopy as parenthetical citation