PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office
Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE BOARD OF PATENT APPEALS
AND INTERFERENCES



Application Number: 15/702,102
Filing Date: September 12, 2017
Appellant(s): Comcast Cable Communications, LLC



__________________
Charley F. Brown
For Appellant


EXAMINER'S ANSWER






11/27/2020.  

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 3/26/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
The following ground(s) of rejection are applicable to the appealed claims:

Claim Rejections - 35 USC § 103
1.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

2.	Claims 2-21 are rejected under 35 U.S.C. 103 as being unpatentable over Hulten (US PG Pub. 2009/0006575) further in view of Choe (US PG Pub. 20070143392).
As regarding claim 2, Hulten discloses A method, comprising: 
sending, by a computing device, a device identifier associated with a user device in a compromised state, wherein the device identifier comprises an address element associated with the user device [para. 43-44; transmitting, by a user device client, network addresses assigned to the user device included collection of information that represents suspicious behavior associated with the user device].
receiving, based on the compromised state of the user device and the address element, a service identifier that indicates a server associated with a service provider, wherein the service provider is associated with the user device.  However, Choe discloses it [para. 6, 8, 31-35, 49-50, and 73-78; receiving address of a server, e.g. url, from which the client may obtain information concerning remediation].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Hulten’s system to further comprise the missing claim features, as disclosed by Choe, in order to provide a simplified remediation process for a user device that has been identified not in compliance with the security policy [Choe para. 5-6].

As regarding claim 3, Hulten and Choe further discloses The method of claim 2, wherein the device identifier comprises information indicating one or more of a manufacturer, a model, a type of device, and a class of the user device [Hulten para. 64; network address of user device group/class, e.g. user devices used within a household, an organization, etc], the method further comprising determining, based on a user identifier associated with the user device, the service identifier [Choe para. 8, 31, 33; remediation provided to a specific user].

As regarding claim 4, Hulten and Choe further discloses The method of claim 2, wherein the service identifier comprises a uniform resource locator of the server associated with the service provider [Choe para. 49 and 78-79; url].
5, Hulten and Choe further discloses The method of claim 2, wherein the service identifier is stored at a domain name system server [Choe para. 49 and 78-79; url].

As regarding claim 6, Hulten and Choe further discloses The method of claim 2, further comprising sending a notification that indicates that the user device is in the compromised state [Hulten para. 40; notifying the user of the user device].

As regarding claim 7, Hulten and Choe further discloses The method of claim 2, further comprising receiving, based on the service identifier, data directing the user device to a service location [Choe para. 49 and 51; the url directing the user to a location to obtain remediation].

As regarding claim 8, Hulten and Choe discloses A method, comprising: 
sending, by a computing device, a user identifier associated with a user device in a compromised state, wherein the user identifier facilitates determining an address element associated with the user device [Hulten para. 43-44; transmitting, by a user device client, network addresses assigned to the user device included collection of information that represents suspicious behavior associated with the user device]; and 
receiving, based on the compromised state of the user device and the address element, a remediation service identifier that indicates a server associated with a service provider, wherein the service provider is associated with the user device [Choe para. 6, 8, 31-35, 49-50, and 73-78; receiving address of a server, e.g. url, from which the client may obtain information concerning remediation].

As regarding claim 9, Hulten and Choe further discloses The method of claim 8, wherein the user identifier comprises an internet protocol address [Hulten 44-45].

As regarding claim 10, Hulten and Choe further discloses The method of claim 8, wherein the remediation service identifier is stored as a text record [Choe para. 33 and 49; url is stored as text].

As regarding claim 11, Hulten and Choe further discloses The method of claim 8, wherein the remediation service identifier comprises a uniform resource locator associated with an online remediation service [Choe para. 49 and 78-79; url].

12, Hulten and Choe further discloses The method of claim 8, wherein the remediation service identifier is stored by a domain name system server [Choe para. 33 and 49; url is stored on a server].

As regarding claim 13, Hulten and Choe further discloses The method of claim 8, further comprising sending a notification that indicates that the user device is in the compromised state of the user device [Hulten para. 40; notifying the user of the user device].

As regarding claim 14, Hulten and Choe further discloses The method of claim 8, further comprising receiving, based upon the remediation service identifier, data directing the user device to a remediation service [Choe para. 49 and 51; the url directing the user to a location to obtain remediation].

As regarding claim 15, Hulten and Choe discloses An apparatus, comprising: 
one or more processors [Hulten para. 77]; and 
a memory comprising processor executable instructions [Hulten para. 77] that, when executed by the one or more processors, cause the apparatus to: 
send a user identifier associated with the apparatus, wherein the user identifier facilitates determining an address element associated with the apparatus, wherein the apparatus is in a compromised state [Hulten para. 43-44; transmitting, by a user device client, network addresses assigned to the user device included collection of information that represents suspicious behavior associated with the user device]; and 
receive, based on the compromised state of the apparatus and the address element, a remediation service identifier that indicates a server associated with a service provider, wherein the service provider is associated with the apparatus [Choe para. 6, 8, 31-35, 49-50, and 73-78; receiving address of a server, e.g. url, from which the client may obtain information concerning remediation].

As regarding claim 16, Hulten and Choe further discloses The apparatus of claim 15, wherein the user identifier comprises an internet protocol address [Hulten 44-45].

As regarding claim 17, Hulten and Choe further discloses The apparatus of claim 15, wherein the remediation service identifier is stored as a text record [Choe para. 33 and 49; url is stored as text].

As regarding claim 18, Hulten and Choe further discloses The apparatus of claim 15, wherein the remediation service identifier comprises a uniform resource locator associated with an online remediation service [Choe para. 49 and 78-79; url].
19, Hulten and Choe further discloses The apparatus of claim 15, wherein the remediation service identifier is stored by a domain name system server [Choe para. 33 and 49; url is stored on a server].

As regarding claim 20, Hulten and Choe further discloses The apparatus of claim 15, wherein the processor executable instructions, when executed by the one or more processors, further cause the apparatus to send a notification that indicates that the apparatus is in the compromised state [Hulten para. 40; notifying the user of the user device].

As regarding claim 21, Hulten and Choe further discloses The apparatus of claim 15, wherein the processor executable instructions, when executed by the one or more processors, further cause the apparatus to receive, based on the remediation service identifier, data directing the apparatus to a remediation service [Choe para. 49 and 51; the url directing the user to a location to obtain remediation].

(2) Response to Arguments
Appellant's arguments filed 2/28/2020 have been fully considered but they are not persuasive.
a)	With respect to claim 2:
(i)	In the arguments, Appellant contended that “Hulten does not support the Examiner’s reasoning that being “virtually certain” that a user device is infected teaches “a user device that is compromised” and “because, if so, Hulten would not teach that “the item management module 216 can identify more than [] four levels of certainty”” (page 5 of the Appeal Brief).   Examiner respectfully disagrees.  Hulten discloses or teaches four different degrees of confidence “levels of certainty” that a user device is infected with an undesirable item [para. 5 and 81].  Hulten specifically discloses or teaches that at the highest level of certainty, “d) it is virtually certain that the user device infected” [para. 81].  Thus, at this highest level, it is “certain that the user device infected” [para. 81] and Hulten’s “functionality can prevent the user device from accessing the entire network-accessible service” [para. 5].  In other words, when the item management module determines that a user device is certainly infected, the user device is prevented from accessing any network service.  Hulten teaches that “[t]he breakdown of certainty levels into four levels is merely illustrative; in other cases, the item management module 216 can identify more than (or less than) four levels of certainty” (emphasis added).  What Hulten is explicitly disclosing is that the four levels in this example is illustrative in one case and “in other cases, the item management module 216 can identify more than (or less than) four levels of certainty.”  Thus, the threshold for determining “a user device in a compromised state” has been reached at the fourth highest level “d) it is virtually certain that the user device infected”.

fails to teach “sending, by a computing device, a device identifier associated with a user device in a compromised state””.  Examiner also respectfully disagrees.  Hulten discloses a first collection of information including the user device identifiers, e.g. IP addresses assigned to the user device [para. 44-46].  The item detection module 216 obtains the first collection of information, or IP addresses of the user devices, thru interaction with the user devices.  In other words, the user devices sends the first collection of information, or IP addresses of the user devices, to the item detection module 216.  Hulten discloses that “a device may interact with the networks 210 using a unique network address” [para. 31].  Thus, the IP addresses of the user devices are being used as the user device identifiers for the user devices interacting with the item detection module 216.  Another aspect in Hulten’s system would also read on the claim limitation being discussed in the case when other item management modules 222, performing “the detection functions” as the item management 214, can forward information regarding suspected activity, e.g. the first collection of information or user device IP addresses, to the item detection module 216 [para. 39].  Therefore, Hulten’s sending, by suspicious or infected user devices or by other item management modules 222, IP addresses of the suspicious or infected user devices is the same as sending, by a computing device, a device identifier associated with a user device in a compromised state as recited in independent claims 2, 8, and 15.

(ii)	Applicant further contended that “[t]he Office Action completely and improperly ignores at least the limitation of “receiving, based on the compromised state of the user device, a service identifier,” as claimed” (page. 7 of the Appeal Brief) and that “a client lacking a required update, as taught by Choe, does not teach or suggest “a compromised state of the user device,” as claimed” (page. 8 of the Appeal Brief).  Examiner respectfully disagrees.  Applicant’s specification has explicitly defined “the compromised state” of a smartphone including “a virus, an outdated version of operating software, fraudulent activity, abnormal location, etc.” [para. 26].  Thus, according to Applicant’s specification, the smartphone would be considered in “the compromised state” when a version of a software on the smartphone is not up-to-date.  Similarly, client lacking of a required software update, as taught by Choe, is the same as “the compromised state of the user device”.

(iii)	In responding to Applicant’s argument “[t]he combination of Hulten and Choe is improper because it renders a reference unsatisfactory for its intended purpose, relies on impermissible hindsight reasoning, and is not rationally supported” (page. 8 of the Appeal Brief), Examiner respectfully disagrees.  It must be recognized that any judgment on obviousness is in any sense necessarily a reconstruction based upon hindsight reasoning; but so long as it takes into account only knowledge which was within the level of ordinary skill at the time the invention was made, and does not include knowledge gleaned only from the Applicant’s disclosure, such reconstruction is proper.  In re McLaughlin, 443 F.2d 1392; 170 USPQ 209 (CCPA 1971).
Hulten discloses system and method for detecting an infected or compromised user devices and performing corrective functions in resolving the assessed threat to its security [SUMMARY and para. 40].  As stated in the previous rejection, Hulten does not receiving, based on the compromised state of the user device and the address element, a service identifier that indicates a server associated with a service provider, wherein the service provider is associated with the user device.  However, Choe discloses it [para. 6, 8, 31-35, 49-50, and 73-78; receiving address of a server, e.g. url, from which the client may obtain information concerning remediation].  Thus, it would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Hulten’s system to further comprise the missing claim features, as disclosed by Choe, in order to provide a simplified remediation process for a user device that has been identified not in compliance with the security policy [Choe para. 5-6].

b)	With respect to claims 8 and 15:
	Appellant only relies on arguments for rejection of claim 1 and does not present any new arguments; therefore, the same rationales in responding to the arguments for rejection of claim 1 above are applied.


For the above reasons, it is believed that the rejections should be sustained.




(3) Requirement to pay appeal forwarding fee
 	In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.

Respectfully submitted,
/THONG P TRUONG/
Examiner, Art Unit 2433  

/JEFFREY C PWU/            Supervisory Patent Examiner, Art Unit 2433                                                                                                                                                                                                


CONFEREES:


/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433