12925482 (P.T.A.B. Sep. 14, 2018)

Ex Parte Turbin

Patent Trial and Appeal BoardSep 14, 2018

12925482 (P.T.A.B. Sep. 14, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/925,482 10/21/2010 29683 7590 09/18/2018 Harrington & Smith, Attorneys At Law, LLC 4 RESEARCH DRIVE, Suite 202 SHELTON, CT 06484-6212 FIRST NAMED INVENTOR Pavel Turbin UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 060B.0025.Ul(US) 8216 EXAMINER TRAN,NAMT ART UNIT PAPER NUMBER 2452 NOTIFICATION DATE DELIVERY MODE 09/18/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): USPTO@HSPATENT.COM PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte PAVEL TURBIN Appeal2018-000495 Application 12/925,482 Technology Center 2400 Before MAHSHID D. SAADAT, CATHERINE SHIANG, and JOYCE CRAIG, Administrative Patent Judges. SAADAT, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. Â§ 134(a) from the Examiner's Final Rejection of claims 1, 2, 4, 5, and 7-16, which constitute all the claims pending in this application. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We affirm. 1 According to Appellant, the real party in interest is F-Secure Corporation. App. Br. 1. Appeal2018-000495 Application 12/925,482 STATEMENT OF THE CASE Appellant's disclosure describes "a method and apparatus for analysing computer systems and in particular for analysing applications installed on computer systems. In particular, though not necessarily, the present invention relates to a method and apparatus for utilizing said analysis in the detection and removal of malware, and also in system optimization." Spec. 1:4--7. Exemplary claim 1 under appeal reads as follows: 1. A method of analyzing a computer on which are installed a plurality of applications each comprising a set of inter-related objects, the method comprising: identifying a local dependency network for each of one or more of said applications, a local dependency network comprising at least a set of object paths and inter-object relationships; wherein a local application dependency network is identified by: 1) for a given input object, performing a search for all other objects dependent upon the input object; 2) storing the paths of the input object and any other objects found by the search, and their inter-object relationships, in a results file; 3) recursively repeating steps 1) and 2) for each other object until no further dependent objects are found; and 4) normalizing the object paths within the results file; comparing the or each local application dependency network against a database of known application dependency networks to determine whether the application associated with the local dependency network is known; and using the results of the comparison to identify malware and/or orphan objects. App. Br. 22 (Claims Appendix). 2 Appeal2018-000495 Application 12/925,482 Claims 1, 2, 4, 5, and 7-16 stand rejected under 35 U.S.C. Â§ I03(a) as being unpatentable over Mahaffey et al. (US 2011/0047620 Al, published Feb. 24, 2011) ("Mahaffey") and Capomassi et al. (US 2007/0022023 Al, published Jan. 25, 2007) ("Capomassi"). See Final Act. 2-17. ANALYSIS We have reviewed the Examiner's rejection in light of Appellant's arguments in Appellant's Appeal Brief and Reply Brief that the Examiner has erred. We are unpersuaded by Appellant's contentions and concur with the findings and conclusions reached by the Examiner as explained below. Regarding independent claim 1, Appellant contends "Mahaffey does not disclose determining whether the application associated with the local dependency network is known as claimed." App. Br. 10. Appellant asserts that "the 'whitelisting' process of Mahaffey does not refer to the grouping of multiple data objects together" and instead, describes grouping multiple objects together as part of the initial analysis and not for storage in a database. App. Br. 11 ( citing Mahaffey ,r 187). Additionally, Appellant refers to paragraphs 33, 65, and 129 of Mahaffey and argues: [T]he use of "inter-object dependencies" as they pertain to claim 1 clearly identifies some functional relationship between objects, e.g., the launching of a particular application when an object having a particular file extension is selected. This does not happen in Mahaffey because the metadata pertaining to location of storage, a hash, a name, or a unique identifier is not a functional relationship as claimed. Similar with regard to the behavioral data disclosed in Mahaffey. Mahaffey may disclose that "the grouped relationship" (i.e., the fact the objects are grouped) may be stored on the server to access this information during analysis, but it does not disclose that the group as stored on the server would include such functional relationships 3 Appeal2018-000495 Application 12/925,482 between the objects. The group as stored on the server is merely a list of objects so that they can be efficiently accessed together during analysis of the data objects for malware. App. Br. 12. We are not persuaded by Appellant's contention. As explained by the Examiner, the rejection is based on the teachings of Mahaffey in paragraphs 27, 35, and 65, which disclose grouping multiple data objects together to be analyzed for identifying malware. Ans. 3. We observe that Mahaffey's paragraph 65 mentions such grouping and further teaches storing the grouped relationship on a server or data storage that may be accessed during analysis. We also agree with the Examiner that Appellant's claims and the Specification do not describe the "inter-object relationships" and "inter- object dependencies" or how they are related, whereas Mahaffey does disclose "behavioral data as 'behavior of the data object when run ( e.g., system calls, API calls, libraries used, inter-process communication calls, etc.)', which is functional in nature." Ans. 3--4. In other words, any relationship between objects, as disclosed in Mahaffey, would meet the recited claim feature. See Mahaffey ,r,r 65, 75. With respect to the teachings of Capomassi, Appellant contends the cited portion of Capomassi in paragraph 36 discloses gathering data from target computers and storing them in a "relational database in a normalized form," but fails to teach normalizing the object paths within the results file. App. Br. 12-13. The Examiner responds that storing file paths is taught by Mahaffey whereas normalizing the paths is suggested by Capomassi. Ans. 4. We agree with the Examiner. One cannot show non-obviousness by attacking references individually when the rejection is based on a 4 Appeal2018-000495 Application 12/925,482 combination of references. See In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986); see also In re Keller, 642 F.2d 413,425 (CCPA 1981). Appellant's argument that Capomassi fails to disclose normalizing the object paths within the results file fails to address the Examiner's finding that Mahaffey discloses storing file paths in a results file. See Final Act. 2-5 (citing Mahaffey ,r,r 27, 33, 65, 75). As Appellant's arguments do not specifically address the Examiner's findings supporting the rejection, they are not persuasive. Appellant also contends the Examiner failed to establish a prima facie case of obviousness. App. Br. 13. Appellant argues that one of ordinary skill in the art would not have combined the references "because Mahaffey lacks a method in which a local dependency network comprises objects and inter-object dependencies, the inter-object dependencies describing the identification of a functional relationship between objects, and because Capomassi does not (contrary to the Examiner's allegation) normalize object paths within the results file." See id.; see also Reply Br. 6. 2 2 In the Reply Brief, Appellant additionally argues, for the first time, that "Mahaffey does not disclose using an application dependency network as a 'fingerprint' for an application," because "Mahaffey uses the mobile communication device 101 or the server 151 to perform grouping by comparing application data between multiple data objects from a particular application." See Reply Br. 6. As the aforementioned findings were first articulated in the Final Office Action (see Final Act. 2-5), Appellant's argument is entitled to no consideration because it was not presented for the first time in the opening brief, and Appellant has not shown good cause why it should be considered, as required by our procedural rule (see 37 C.F.R. Â§ 41.41(b)(2) (2012); Optivus Technology, Inc. v. Ion Beam Applications S.A., 469 F.3d 978, 989 (Fed. Cir. 2006) (argument raised for the first time in the reply brief that could have been raised in the opening brief is waived). 5 Appeal2018-000495 Application 12/925,482 We are not persuaded by this contention either. The Supreme Court has rejected the rigid requirement of demonstrating a teaching, suggestion, or motivation to combine references in order to show obviousness. See KSR Int'! Co., v. Teleflex Co., 550 U.S. 398,419 (2007). Instead, a rejection based on obviousness only needs to be supported by "some articulated reasoning with some rational underpinning" to combine known elements in the manner required by the claim. Id. at 418. As found by the Examiner, one of ordinary skill in the art would have been motivated to modify the data object paths disclosed by Mahaffey by normalizing them to identify the files by their content instead of their name and improve reliability if a file is renamed. See Final Act. 5. We conclude that the Examiner's articulated reasoning is sufficient to support the rejection of claim 1, independent claims 15 and 16, as well as claims 2, 4, 5, and 7-14, which are argued based on the same reasoning presented for claim 1, under 35 U.S.C. Â§ 103(a). DECISION We affirm the Examiner's rejection of claims 1, 2, 4, 5, and 7-16. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED 6