Ex Parte Wong et alDownload PDFPatent Trial and Appeal BoardAug 15, 201713393754 (P.T.A.B. Aug. 15, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/393,754 05/18/2012 Onn Chee Wong 480300.401USPC 5511 500 7590 08/15/2017 SEED INTELLECTUAL PROPERTY LAW GROUP LLP 701 FIFTH AVE SUITE 5400 SEATTLE, WA 98104 EXAMINER WANG, HARRIS C ART UNIT PAPER NUMBER 2439 MAIL DATE DELIVERY MODE 08/15/2017 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ONN CHEE WONG, SHI JIE DING, and JUN LIANG DARYL WOO Appeal 2017-000284 Application 13/3 93,7541 Technology Center 2400 Before DEBRA K. STEPHENS, BRADLEY W. BAUMEISTER, and MICHAEL J. ENGLE, Administrative Patent Judges. ENGLE, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a non-final rejection of claims 1, 3—11, 13—17, 19-27, and 29-33, which are all of the claims pending in the application. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. Technology The application relates to preventing transmission of malicious content by intercepting, identifying, and blocking malicious content at a network gateway device. Spec. Abstract. 1 According to Appellants, the real party in interest is Infotect Security Pte Ltd. App. Br. 2. Appeal 2017-000284 Application 13/393,754 Illustrative Claim Claim 1 is illustrative and reproduced below with the limitations at issue emphasized: 1. A method for preventing transmission of malicious contents, the method comprising: intercepting, at a network gateway device of a server network, a digital first communication being sent from the server network to an external network, wherein the server network comprises one or more web servers; searching, at the network gateway device, the digital first communication for a malicious transmission schema that can be used to cause a second communication comprising malicious contents to be transmitted from a source outside the server network to a recipient of the digital first communication on the external network; and taking an action, at the network gateway device, to hinder the transmission of the malicious contents transmitted by the second communication if a malicious transmission schema is found; wherein taking an action, at the network gateway device, to hinder the transmission of malicious contents comprises blocking the digital first communication being sent from the server network to the external network by the network gateway device. Rejections Claims 1, 3—5, 11, 13—17, 19-21, 27, and 29-332 stand rejected under 35 U.S.C. § 103(a) as obvious over the combination of Overcash et al. (US 2008/0034425 Al; Feb. 7, 2008) and Shastri (US 2008/0196099 Al; Aug. 14, 2008). Non-Final Act. 4—11. 2 Claims 2 and 18 are listed in the rejection; however, these claims have been cancelled. Additionally, although claim 33 is not listed in the overview of the rejection, the Examiner sets forth the basis for rejection in the body. Non-Final Act. 4, 11. Appellants acknowledge claim 33 was rejected as obvious over Overcash and Shastri. App. Br. 15. 2 Appeal 2017-000284 Application 13/393,754 Claims 6, 7, 22, and 23 stand rejected under 35 U.S.C. § 103(a) as obvious over the combination of Overcash, Shastri, and Teo et al. (US 2009/0037976 Al; Feb. 5, 2009). Non-Final Act. 11-13. Claims 8, 9, 24, and 25 stand rejected under 35 U.S.C. § 103(a) as obvious over the combination of Overcash, Shastri, and Unmask Parasites, Gogo2me — Hidden IFrame Injection (Jan. 14, 2009), http://blog.unmaskparasites.com/2009/01/14/gogo2me-hidden-iframe- injection/. Non-Final Act. 13—14. Claims 10 and 26 stand rejected under 35 U.S.C. § 103(a) as obvious over the combination of Overcash, Shastri, and Bishop et al. (US 2004/0243520 Al; Dec. 2, 2004). Non-Final Act. 15-16. ISSUE Did the Examiner err in concluding the combination of Overcash and Shastri renders claim 1 obvious? CONTENTIONS & ANALYSIS Claim 1 recites “a network gateway device of a server network” and a communication “from the server network to an external network.” The communication is intercepted, searched, and blocked “at the network gateway device.” According to Appellants, such a gateway protects the external network (e.g., clients) from the server network (e.g., web servers) based on actions at the server side. See App. Br. 9-10; see also Spec. 127. The Examiner relies on the combination of Overcash and Shastri for teaching these limitations. Non-Final Act. 4—7. Overcash teaches a server- side gateway that “monitors outbound traffic as well as inbound traffic to prevent data leakage such as Identity Theft.” Overcash 169. Shastri teaches 3 Appeal 2017-000284 Application 13/393,754 a client-side gateway that can “block any outgoing IM or email messages” containing a “newly detected malicious URL.” Shastri 1163, Fig. 2. Appellants contend both Overcash and Shastri focus on protecting the servers from the clients and therefore, the changes proposed by the Examiner would change the principle of operation of Overcash and would not have been obvious without the benefit of hindsight. App. Br. 10—14. We are not persuaded the Examiner erred. We agree with the Examiner that “Shastri. . . intercepts outgoing traffic and searches ... a first communication for malicious transmission schema that can be used to cause a second communication if a malicious transmission schema is found.” Ans. 5. Specifically, Shastri discloses “an IM security module can be implemented as part of a gateway or firewall through which all IM traffic for a particular network must pass, which allows the IM security module to check every IM message that passes out of or in to a network.” Shastri 1157 (emphasis added). Thus, contrary to Appellants’ assertions, Shastri teaches protecting both clients and servers by searching both incoming and outgoing messages. We further agree “Shastri clearly teaches blocking an outgoing IM or email message.” Ans. 5. For example, “the newly detected malicious URL can be sent to an enforcement module, which can . . . block any outgoing IM or email messages containing the URL.” Shastri 1163. Appellants additionally argue Shastri’s gateway is “at the client side and not at the server side.” App. Br. 12. That is, Shastri’s gateway is located between clients and an external network, whereas the claims require a gateway between servers and an external network. However, “[n]on- obviousness cannot be established by attacking references individually where the rejection is based upon the teachings of a combination of 4 Appeal 2017-000284 Application 13/393,754 references.” In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986). Here, the Examiner relies on Overcash for teaching the claimed “network gateway device of a server network,” not Shastri alone. Non-Final Act. 5. Appellants argue that because Overcash is focused on protecting servers rather than clients, “to modify Overcash to instead address client- side security . . . would change the principle of operation and intended purpose of Overcash.” App. Br. 10. Yet merely because there is a “difference” between two prior art references does not necessarily affect the “principle of operation.” In reMouttet, 686 F.3d 1322, 1332 (Fed. Cir. 2012). Here, Appellants have not shown that adding Shastri’s functionality (i.e., a gateway searching and blocking outgoing messages based on a malicious URL) would change Overcash’s existing functionalities in any way. We see no reason in the record why a gateway cannot scan both incoming and outgoing messages, or scan messages for both “data leakage” and “malicious URLs.” Nor have Appellants pointed us to any evidence in the record that Shastri’s functionality for scanning outgoing messages would be substantively any different in a server-side gateway than in a client-side gateway. See also Shastri 1157 (showing Shastri’s gateway analyzes messages in both directions, which would include messages from servers as well as messages from clients). Accordingly, we are not persuaded the modification of Overcash by Shastri would have changed the principle of operation or would have used impermissible hindsight. Appellants also contend “the Office does not provide any reason why one of skill in the art would [have been] motivated to modify” Overcash and Shastri. App. Br. 13. We are not persuaded and instead agree with the Examiner that “Overcash and Shastri are . . . both in the same field of 5 Appeal 2017-000284 Application 13/393,754 detecting a network attack using a gateway device” (Ans. 2); Overcash and Shastri both intercept outgoing traffic (Ans. 5); and the Examiner has articulated reasoning with some rational underpinning to combine the two references — “to prevent the spreading of malicious content.” Non-Final Act. 7 (citing Shastri 1163 (“This can limit the spreading of the malicious URL”)). Given the record here, Appellants have not persuaded us the Examiner erred in finding a person of ordinary skill in the art would have been motivated to apply Shastri’s interception of malicious URLs in outbound messages to expand Overcash’s existing interception of outbound messages, thereby preventing the spread of further malicious content.3 Appellants further contend the deficiencies of Overcash and Shastri are not cured by the other references. App. Br. 16—17. We are not persuaded there are deficiencies for the reasons discussed above. Accordingly, we sustain the rejection of claim 1, and claims 3—11, 13— 17, 19-27, and 29—33, which Appellants argue are patentable for similar reasons. See App. Br. 14—17; 37 C.F.R. § 41.37(c)(l)(iv). DECISION For the reasons above, we affirm the Examiner’s decision rejecting claims 1, 3—11, 13—17, 19-27, and 29-33. No time for taking subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 41.50(f). AFFIRMED 3 Though not relied on in affirming the rejection, Overcash acknowledges the concern that “a successful XSS attack can include . . . redirecting the user to another Web site” and encourages actions “[t]o effectively . . . protect users from XSS attacks.” Overcash 148 (emphasis added). 6 Copy with citationCopy as parenthetical citation
