13199964 - (D) (P.T.A.B. May. 7, 2020)

Pavel Turbin et al.

Patent Trials and Appeals BoardMay 7, 2020

13199964 - (D) (P.T.A.B. May. 7, 2020)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/199,964 09/14/2011 Pavel Turbin 060B.0047.U1 (US) 8905 29683 7590 05/07/2020 Harrington & Smith, Attorneys At Law, LLC 4 RESEARCH DRIVE, Suite 202 SHELTON, CT 06484-6212 EXAMINER POPHAM, JEFFREY D ART UNIT PAPER NUMBER 2432 NOTIFICATION DATE DELIVERY MODE 05/07/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): USPTO@HSPATENT.COM PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte PAVEL TURBIN and JANI JÄPPINEN Appeal 2018-005404 Application 13/199,964 Technology Center 2400 Before MIRIAM L. QUINN, IRVIN E. BRANCH, and AMBER L. HAGY, Administrative Patent Judges. HAGY, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1–7, 9, 12–19, 21, 23, 25, and 26, which are all of the pending claims.2 See Final Act. 1. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 We use the word Appellant to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies the real party-in-interest as F-Secure Corporation. Appeal Br. 2. 2 Claims 8, 10, 11, 20, 22, and 24 have been cancelled. Appeal Br. 26, 29, 30 (Claims App.). Appeal 2018-005404 Application 13/199,964 2 CLAIMED SUBJECT MATTER According to Appellant, “[t]he present invention relates to methods and apparatus for performing malware scanning for detecting malware, or other potentially unwanted programs.” Spec. 1:5–6. “More particularly, the invention relates to methods and apparatus for performing malware scanning of a computer device when an operating system running on the computer device prevents applications installed on the device from accessing/reading the files of other applications installed on the device.” Id. at 1:6–10. By way of background, Appellant’s Specification describes “malware” as “malicious software” that is “designed to infiltrate or damage a computer device . . . without the owner’s informed consent.” Id. at 1:14– 17. Appellant’s Specification also describes “anti-virus” applications that “provide on-demand scanning” of files on a device for presence of malware. Id. at 2:15–17. According to Appellant’s Specification, a “common malware infection” of electronic devices that run “Google’s AndroidTM operating system typically occurs” by way of malware that is hidden within an application installed on the device. Id. at 3:22–24. Appellant’s Specification explains that, due to the design of that operating system, once an application has been installed on a device, its executable files cannot be accessed by an anti-virus application and hence the executable files cannot be scanned for malware. Id. at 3:25–29. The installation files (Android Package, or “APK” files) also may not be available for later scanning, as they may have been deleted subsequent to installation. See Appeal Br. 12; Reply Br. 3. Appellant’s claimed invention purports to address that situation by storing information from the APK installation files during installation, when the malware scanning application has “guaranteed access” to the APK Appeal 2018-005404 Application 13/199,964 3 installation files, and then using that information to later scan for malware. Appeal Br. 12 (emphasis omitted); see also Reply Br. 4; Spec. 9:9–11. Claims 1, 12, 13, 23, 25, and 26 are independent. Claim 1, reproduced below, illustrates the claimed subject matter: 1. A method of malware scanning a computer device, using a malware scanning application which has been installed on the computer device, in order to detect potential malware when an Android operating system running on the computer device prevents malware scanning applications from accessing files of other applications installed on the computer device, except Android Package (APK) installation files, the method comprising running the malware scanning operation to perform steps of: detecting, by a hardware processor configured as an installation detection unit, installation of an application on the device, detecting comprising registering with the Android operating system for an Android install message and subsequently receiving an Android install message when the application is being installed; identifying, by the hardware processor configured as an installation file inspection unit, one or more Android Package (APK) installation files that are required to perform the installation of the application; performing, at the time of installation of the application, by the hardware processor configured as a malware scanning unit, a malware scan of the identified one or more APK installation files to determine if the application is potentially malware; at the time of installation of the application, storing information obtained from the one or more APK installation files in an installed applications database; and accessing, after the installation of the application has been completed, by the hardware processor configured as the malware scanning unit, the information obtained from the one or more APK installation files to determine, based on the Appeal 2018-005404 Application 13/199,964 4 information obtained from one or more the APK installation files, the installed application is potentially malware. REFERENCES The prior art relied upon by the Examiner is:3 Johnson Abdulhayoglu Mahaffey US 2010/0235748 A1 US 2010/0313268 A1 US 2011/0145920 A1 Sept. 16, 2010 Dec. 9, 2010 June 16, 2011 REJECTION4 Claims 1–7, 9, 12–19, 21, 23, 25, and 26 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Mahaffey, Johnson, and Abdulhayoglu. Final Act. 16–27. OPINION5 We have reviewed the Examiner’s rejection in light of Appellant’s arguments the Examiner has erred. We disagree with Appellant’s arguments.6 We concur with the findings and conclusions reached by the Examiner, and we highlight the following for emphasis. 3 All references herein are identified by the first-named inventor. 4 The Leahy-Smith America Invents Act (“AIA”) included revisions to 35 U.S.C. § 103 that became effective on March 16, 2013. Because the present application was filed before March 16, 2013, the Examiner applies the pre- AIA version of the statutory basis for unpatentability. Final Act. 2. 5 Appellant argues patentability of independent claims 1, 12, 13, 23, 25, and 26 collectively. See Appeal Br. 11. We select claim 1 as the representative claim, pursuant to our authority under 37 C.F.R. § 41.37(c)(1)(iv). Claims 12, 13, 23, 25, and 26 stand or fall with claim 1. Appellant also does not present separate arguments with regard to dependent claims 2, 4–7, 9, 14, or 16–19. Therefore, those claims also stand or fall with the independent claims from which they, respectively, depend. 6 Arguments Appellant did not make are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(iv). Appeal 2018-005404 Application 13/199,964 5 The Examiner relies on Mahaffey as teaching most of the limitations of claim 1 (Final Act. 16–20), except the limitation of “registering with the Android OS for an Android install message and subsequently receiving an Android install message when the applications is being installed,” for which the Examiner relies on Johnson (id. at 20–21). The Examiner also relies on Abdulhayoglu as teaching “storing a copy of one or more APK installation files in the installed applications database.” Id. at 21–22. Appellant argues the Examiner’s findings are in error for several reasons. Appellant first argues that “Mahaffey fails to teach storing information obtained from an APK installation file in the local cache or database ‘at the time of installation of the application’ as required by claim 1.” Appeal Br. 14. We disagree. As the Examiner finds, and we agree, Mahaffey discloses a mobile communication device that stores a database containing identification information for data objects (which include APK installation files), wherein a data object may be identified by a hash of its contents. Ans. 16–17 (citing Mahaffey ¶¶ 36, 105). Appellant’s Specification similarly discloses that “information obtained from the installation files may comprise . . . a hash of the installation files.” Spec. 4:20–21. The Examiner also finds Mahaffey discloses this information may be obtained at the time of installation, as Mahaffey states: When the data object is first installed on a mobile communication device 101, the database may contain no data for the data object. Because there is no identifying information for the data object, the mobile communication device 101 recognizes the data object as new and transmits application data for the data object to server 151 indicating that the object is new. Id. (quoting Mahaffey ¶ 105). Mahaffey also emphasizes the importance of Appeal 2018-005404 Application 13/199,964 6 analyzing the new application promptly: “If a mobile communication device downloads a new application that is malicious, it is important that the security system detect this new item as soon as possible.” Mahaffey ¶ 105 (emphasis added). This further underscores the Examiner’s finding that Mahaffey discloses obtaining information about the data object (e.g., APK installation file) at the time of installation. This also contradicts Appellant’s contention that “Mahaffey provides no specific teaching that the time an application is installed is relevant.” See Appeal Br. 15. Appellant next raises a series of arguments premised on the contention that the APK installation files themselves cannot be “the information obtained from the one or more APK installation files,” as recited in claim 1. See Appeal Br. 14–19. For example, Appellant argues that, once the APK file is copied or moved into a directory of the file system, it would later be inaccessible to malware scanning applications. Id. at 14–15. These arguments do not persuade us of Examiner error because the Examiner’s findings are premised on mapping “information obtained from the one or more APK installation files” to Mahaffey’s disclosure of storing and analyzing hashes of the APK installation files. See Ans. 16–19 (citing Mahaffey ¶¶ 36, 105). As noted above, we agree the Examiner’s findings in that regard are supported by the cited disclosures. Appellant does not dispute that Mahaffey’s hash of an APK installation file persists even if the APK installation file is later removed. Appellant also challenges the Examiner’s reliance on Johnson as erroneous because Johnson does not disclose “detecting potential malware.” Appeal Br. 20. However, as the Examiner correctly points out (Ans. 29, 40), the Examiner relies on Mahaffey as teaching this limitation. It is well Appeal 2018-005404 Application 13/199,964 7 established that one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 425 (CCPA 1981); In re Merck & Co., 800 F.2d 1091 (Fed. Cir. 1986). Appellant is thus arguing a finding the Examiner never made, which is unavailing to show Examiner error. Appellant also argues that the Examiner’s reliance on Johnson’s disclosure of “ANYAPPINST” is insufficient to show “registering with the Android OS for an Android install message . . . ,” as recited in claim 1. Appeal Br. 20. We are not persuaded of Examiner error. The Examiner relies on a combination of Mahaffey and Johnson as disclosing this limitation. In particular, as the Examiner finds, and we agree, “Mahaffey discloses registering for receiving events from Android, such as PACKAGE_UPDATED and PACKAGE_REPLACED intents.” Ans. 42; Final Act. 20. The Examiner also finds, and we agree, that Johnson discloses “setting a value, such as ANYAPPINST and receiving application install event based thereon,” which means that ANYAPPINST is set and install events are received. Ans. 41–42; Final Act. 21 (citing Johnson ¶¶ 214–226). The Examiner finds, “This is clearly registering for an install event and receiving information regarding the event (e.g., a message, which is similar to the intents of Mahaffey) when an application is installed. Johnson discloses Android devices, for example, in paragraph 3 (‘Android enabled devices’).” Ans. 41–42. The Examiner further finds that “Johnson’s ANYAPPINST allows reception of application install events,” indicating that “such registering is done in the Android OS when on an Android enabled device.” Id. at 42. We are not persuaded of error in the Appeal 2018-005404 Application 13/199,964 8 Examiner’s finding that the combination of Mahaffey and Johnson teaches the entirety of the argued limitation. Appellant next argues that Abdulhayoglu “does not disclose storing information obtained from APK installation files in an installed applications database.” Appeal Br. 21. Rather, according to Appellant, Abdulhayoglu stores only a “list of files” that are already installed on the device, instead of storing the files themselves. Id. Appellant’s argument is not persuasive of Examiner error because it is premised on reading the Examiner’s findings as based on storing entire APK installation files in a database. As the Examiner notes, however, the Examiner made that finding with regard to claims previously submitted by Appellant that recited storing the actual APK installation files in the database. See Ans. 44. As the Examiner further notes, Appellant removed such limitation from the claims “after a written description rejection showing that the application as originally filed did not have basis for such subject matter was provided on pages 8–9 of the non- final office action dated 3/21/2017.” Id. The Examiner explains that Abdulhayoglu was nevertheless kept in the rejection in part “for purposes of compact prosecution.” Id. In any event, as noted above, the Examiner finds, and we agree, that Mahaffey discloses storing hashes of APK installation files in a database (e.g., Ans. 17–19), a point that is supported by the cited disclosures (e.g., Mahaffey ¶ 105), and which Appellant has not disputed. In the Reply Brief, Appellant raises a new argument that: “Mahaffey seems to teach that file data may be sent to a remote server for scanning purposes. Mahaffey does not teach that information extracted from the installation files is stored at the client such that it can be used to perform a scan at a later time.” Reply Br. 4. We find nothing in the Examiner’s Appeal 2018-005404 Application 13/199,964 9 Answer that would have prompted this new argument raised by Appellant for the first time in the Reply Brief. Therefore, Appellant’s new argument regarding a remote server is not entitled to our consideration. Optivus Technology, Inc. v. Ion Beam Applications S.A., 469 F.3d 978, 989 (Fed. Cir. 2006) (argument raised for the first time in the reply brief that could have been raised in the opening brief is waived); accord Ex parte Borden, 93 USPQ2d 1473, 1473–74 (BPAI 2010) (informative opinion) (absent a showing of good cause, the Board is not required to address an argument newly presented in the reply brief that could have been presented in the principal brief on appeal). Nevertheless, even considering Appellant’s new argument, we are not persuaded of Examiner error. Mahaffey does not disclose that assessment of potentially malicious software is limited to sending information for scanning by a remote server. Rather, Mahaffey teaches that information extracted from the installation files also may be stored at the mobile device in a local database (a “local cache of assessment information”) and used locally for assessment of potentially malicious software. See, e.g., Mahaffey ¶¶ 174– 176, 187. For the foregoing reasons, we are not persuaded of Examiner error in the 35 U.S.C. § 103(a) rejection of claim 1, or of claims 2, 4–7, 9, 12–14, 16–19, 21, 23, 25, and 26 not argued separately, and we, therefore, sustain that rejection. Appellant purportedly raises a separate challenge to claims 3 and 15, which depend, respectively, from claims 1 and 13. Appeal Br. 22. Claims 3 and 15 recite “the information obtained from the one or more APK installation files comprise one or more of: a hash of the one or more APK Appeal 2018-005404 Application 13/199,964 10 installation files . . . .” Appellant’s sole challenge is stated: “The rejection is respectfully disagreed with. As similarly stated above, Mahaffey does mention an ‘anti-malware application’ once in paragraph [0170], however in this case the application is using a method provided by the Android OS to obtain (non-restricted) information about the other installed applications.” Appeal Br. 22. Appellant’s purported separate challenge merely recites the language of the particular claims and asserts disagreement with the rejection, followed by a general reference to the same or similar arguments already raised for other claims. See id. Without independent arguments, however, such contentions fail to constitute a separate issue of patentability. For the same reasons as addressed above, we, therefore, are not persuaded the Examiner erred in rejecting dependent claims 3 and 15. See In re Lovin, 652 F.3d 1349, 1356 (Fed. Cir. 2011) (“We conclude that the Board has reasonably interpreted Rule 41.37 to require applicants to articulate more substantive arguments if they wish for individual claims to be treated separately.”). Moreover, we further note the Examiner finds, and we agree, Mahaffey teaches the subject matter of claims 3 and 15 because “Mahaffey discloses that the information obtained from the one or more APK installation files comprise[s] one or more of a hash of the one or more APK installation files, a hash of any files contained within the one or more APK installation files, a hash of a signer certificate, and data related to the components of the application.” Final Act. 23; Mahaffey ¶¶ 105, 106. Appellant’s conclusory assertions do not persuade us of Examiner error in this rejection. Accordingly, we also sustain the Examiner’s rejection of these claims under 35 U.S.C. § 103(a). See 37 C.F.R. § 41.37(c)(1)(iv). Appeal 2018-005404 Application 13/199,964 11 CONCLUSION The Examiner’s decision rejecting claims 1–7, 9, 12–19, 21, 23, 25, and 26 under 35 U.S.C. § 103(a) is affirmed. DECISION SUMMARY Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1–7, 9, 12– 19, 21, 23, 25, 26 103(a) Mahaffey, Johnson, Abdulhayoglu 1–7, 9, 12– 19, 21, 23, 25, 26 OUTCOME SUMMARY: 1–7, 9, 12– 19, 21, 23, 25, 26 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED