Waratek LimitedDownload PDFPatent Trials and Appeals BoardJul 1, 20212020002020 (P.T.A.B. Jul. 1, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/851,113 12/21/2017 John Matthew Holt FOS-P0053.1 1089 35775 7590 07/01/2021 DESIGN IP, P.C. 1575 POND RD. SUITE 201 ALLENTOWN, PA 18104 EXAMINER DHRUV, DARSHAN I ART UNIT PAPER NUMBER 2498 NOTIFICATION DATE DELIVERY MODE 07/01/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): eofficeaction@appcoll.com pair@designip.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte JOHN MATTHEW HOLT ____________________ Appeal 2020-002020 Application 15/851,113 Technology Center 2400 ____________________ Before ERIC S. FRAHM, JENNIFER S. BISK, and JOHN A. EVANS, Administrative Patent Judges. FRAHM, Administrative Patent Judge. DECISION ON APPEAL Appeal 2020-002020 Application 15/851,113 2 STATEMENT OF THE CASE Appellant1 appeals under 35 U.S.C. § 134 from a rejection of claims 12–24. Claims 1–11 have been canceled (see Appeal Br. 10). We have jurisdiction under 35 U.S.C. § 6(b). We affirm. DISCLOSED AND CLAIMED INVENTION According to Appellant, the disclosed invention “relates to computer programs written in the JAVA language” (Spec. ¶ 3), and particularly concerns preventing security dangers arising “from a class of application vulnerabilities called command-injection vulnerabilities” (Spec. ¶ 4). As Appellant discloses, “[t]aint tracking is a prior art technique that aims to mitigate, or alert the potential occurrence of, command injection vulnerabilities, exploits, or attacks. Taint tracking works by labeling untrusted input arriving into an application program from an untrusted source (such as a HTTP request header)” (Spec. ¶ 5). By identifying and tracking tainted input data (i.e., taint tracking), potential future attacks using the taint data as input into the application can be prevented (see Spec. ¶ 6). Sole independent claim 12 recites “[a] method of enhancing secure operation of a computer which receives input data from an untrusted source, and which operates an application program which can utilize said input data” (claim 12), including storing input data in a tainted value cache while determining whether or not to forward the data or implement a security 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. “The word ‘applicant’ when used in this title refers to the inventor or all of the joint inventors, or to the person applying for a patent as provided in §§ 1.43, 1.45, or 1.46.” 37 C.F.R. § 1.42(a). Appellant identifies the real party in interest as Waratek Limited (Appeal Br. 3). Appeal 2020-002020 Application 15/851,113 3 action based on a data content test (see claim 12). Claim 12, reproduced below with bracketed lettering and emphases added, is illustrative of the claimed subject matter: 12. A method of enhancing secure operation of a computer which receives input data from an untrusted source, and which operates an application program which can utilize said input data, said method comprising the steps of: creating a tainted value cache, storing in said cache said input data to create stored data and without passing said stored data to said application program for utilization, if said application program invokes a method which utilizes stored data from said cache, intercepting said stored data before it is utilized by said application program to create intercepted data and subjecting the intercepted data to a data content test, [A] forwarding said intercepted data to said application program for utilization when said intercepted data passes said data content test, [B ] implementing a security action when said intercepted data fails said data content test, and [C] deleting a portion of said stored data from said cache when said application program no longer requires utilization of said portion of said stored data, wherein said deleting is performed independently of operation of said application program. Appeal Br. 10, Claims Appendix (bracketed lettering and emphases added). REJECTION The Examiner made the following rejection: Claims 12–24 stand rejected under 35 U.S.C. § 103 as being unpatentable over Mitchell et al. (US 7,870,610 B1; issued Jan. 11, 2011) (hereinafter, “Mitchell”), Michelsen (US 9,015,668 B1; issued April 21, Appeal 2020-002020 Application 15/851,113 4 2015), and Wilkerson et al. (US 2014/0283040 A1; published Sept. 18, 2014) (hereinafter, “Wilkerson”). Final Act. 3–10; 3–6. ISSUE Based on Appellant’s arguments in the Appeal Brief (Appeal Br. 4– 9),2 the following principal issue is presented on appeal: Did the Examiner err in rejecting claims 12–24 under 35 U.S.C. § 103 as being unpatentable over the combination of Mitchell, Michelsen, and Wilkerson because the combination is not properly combinable to teach or suggest the method of enhancing secure operation of a computer, including the forwarding (see claim 12, limitation A), implementing (see claim 12, limitation B), and deleting (see claim 12, limitation C) steps, as set forth in representative claim 12? ANALYSIS We have reviewed the Examiner’s rejection (Final Act. 3–10) in light of Appellant’s arguments (Appeal Br. 4–9) that the Examiner has erred, as well as the Examiner’s response to Appellant’s arguments in the Appeal Brief (Ans. 3–6). With regard to representative claim 12, we agree with and adopt as our own the Examiner’s findings of facts and conclusions as set forth in the Final Rejection (Final Act. 4–6) and Answer (Ans. 3–6). We provide the following explanation for emphasis only. 2 Appellant argues claims 12–24 on the basis of claim 12 (see Appeal Br. 4– 8). Based on Appellant’s arguments, we select claim 12 as representative of claims 12–24. Appeal 2020-002020 Application 15/851,113 5 We emphasize that the Examiner’s ultimate legal conclusion of obviousness is based upon the combined teachings of the cited references. Moreover, “‘the question under 35 USC 103 is not merely what the references expressly teach but what they would have suggested to one of ordinary skill in the art at the time the invention was made.’” Merck & Co. v. Biocraft Labs., Inc., 874 F.2d 804, 807 (Fed. Cir. 1989) (quoting In re Lamberti, 545 F.2d 747, 750 (CCPA 1976)) (emphasis added); see also MPEP § 2123. In this light, we agree with the Examiner that the combined teachings and suggestions of Mitchell, Michelsen, and Wilkerson support the legal conclusion of obviousness as to claim 12. In view of the foregoing, we agree with the Examiner’s (i) findings that Mitchell teaches or suggests storing tainted data in a cache and intercepting data failing a security test for purposes of taking security actions, Michelsen teaches forwarding data when the data passes a security test (see Michelsen col. 12, ll. 32–37; Fig. 3, steps 310, 315, 320), and Wilkerson teaches deleting certain portions of data when the data is no longer needed (see Wilkerson ¶¶ 44, 589, 642), as recited in claim 12; and (ii) conclusion of obviousness for claim 12 (see Final Act. 4–6; Ans. 3–6). Appellant’s contentions (see Appeal Br. 4–8) that there is no motivation to combine Mitchell, Michelsen, and Wilkerson are unpersuasive. Moreover, we are not persuaded that modifying Mitchell with Michelsen and Wilkerson would not merely produce predictable results or was “uniquely challenging or difficult for one of ordinary skill in the art” at the time of Appellant’s invention (see Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007)). This is evidenced by the fact that all three Appeal 2020-002020 Application 15/851,113 6 references (in addition to Appellant’s claimed invention) concern computer security and the protection of application programs from malicious data, as does Appellant’s recited invention. As the Examiner determines, and we agree, it would have been obvious to modify Mitchell’s tainted data detection with Michelsen’s forwarding of intercepted data when the data passes a security test “to implement forwarding the intercepted data when it passes because that is a normal process of vetting data before passing it on” (Final Act. 5). Such a procedure provides the benefit of only passing on data to an application if/when it is safe. And, as the Examiner determines, and we also agree, it would have been obvious to modify Mitchell in view of Michelsen with Wilkerson “to implement deleting a portion of stored data from said cache because it would free up space for further use of the memory and prevent memory leaks” (Final Act. 6). As recognized by Wilkerson, deleting certain unneeded or unsafe data saves money by reducing the amount of memory needed to operate the system (see Wilkerson ¶ 589). Appellant’s contention that because Mitchell permanently stores tainted data, it would not be obvious to modify Mitchell with Michelsen and Wilkerson because doing so would render Mitchell unsatisfactory for its intended purpose is not persuasive, because Mitchell does not discourage the path taken by Appellant (or by Michelsen and/or Wilkerson). In fact, as the Examiner finds (see Ans. 4–5), Mitchell does teach the concept of deleting certain data from memory (see Ans. 4 citing Mitchell Fig. 4A, step 314; see also Ans. 5 citing Mitchell col. 14, ll. 57–67 and col. 15, ll. 36–42). Therefore, one of ordinary skill in the art, reading Mitchell, Michelsen, and Wilkerson, would not be discouraged from following the Appeal 2020-002020 Application 15/851,113 7 paths set out in Michelsen (i.e., forwarding intercepted data that passes a security test) and Wilkerson (i.e., garbage collection and deletion), and would not be led in a direction divergent from the path that was taken by Appellant. See In re Gurley, 27 F.3d 551, 553 (Fed. Cir. 1994); Para- Ordnance Mfg., Inc. v. SGS Importers Int’l, Inc., 73 F.3d 1085, 1090 (Fed. Cir. 1995). In view of the foregoing, Appellant has not overcome the Examiner’s prima facie case of obviousness with respect to independent claim 12. As a result, we are not persuaded the Examiner erred in rejecting claim 12. Accordingly, we sustain the Examiner’s rejection of claim 12, as well as claims 13–24 grouped therewith. CONCLUSION In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 12–24 103 Mitchell, Michelsen, Wilkerson 12–24 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Copy with citationCopy as parenthetical citation