PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov










BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/339,229
Filing Date: 10/31/2016
Appellant(s): Armis Security Ltd.; Schwartz, Tomer; Izrael, Nadir 


__________________
Ryan McCormick
Reg. No. 73,188
For Appellant


EXAMINER’S ANSWER







This is in response to the appeal brief filed 10/14/2020, 10/22/2020.
 (1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated on 06/24/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading "WITHDRAWN REJECTIONS." New grounds of rejection (if any) are provided under the subheading "NEW GROUNDS OF REJECTION."
(2) Response to Argument
A. Claims 1-6, 10-18, and 22-25 are not properly rejected under 35 U.S.C. §103 as allegedly unpatentable over Gray in view of Griffith.
Appellant argued "Paragraph [0067] of Gray does not mention a vulnerable wireless network, let alone determining a vulnerable wireless network amongst a plurality of wireless networks or determining if a wireless connection forms such a vulnerable wireless network… Paragraph [0067] Gray does not mention multiple networks or otherwise even remotely suggest that any of those networks is detected as being vulnerable… Paragraph [0082] of Gray does not teach that the system of Gray determines whether any new active wireless connections form a vulnerable wireless network of a plurality of wireless networks… Paragraph [0082] of Gray also does not suggest that the administrator determines that a wireless network is vulnerable. Rather, Gray notes that an access point could be bridging the LAN to other persons if the WEP is disabled. Accordingly, Gray at best teaches determining whether an access point could or might be vulnerable… Further, the example wireless environment cited by the Examiner in FIG. 1 shows a single LAN and does not mention any other networks... At best, Gray is silent on a wireless environment including a plurality of wireless networks. The Office Action does not provide another explanation for this unaddressed feature. Thus, Gray also does not teach a plurality of wireless networks as claimed." (Pages 7-12 of Appeal Brief).
Examiner respectfully disagrees with Appellant for the following reasons.  
It should first be noted that the claim and the specification do not provide any special definition for the term "wireless network" as recited in the claim, the claim also does not further clarify the type or structure of the wireless network(s). Secondly, Examiner notes that in computer networking, a network can be formed by at least two devices communicating with each other. In the case of a wireless network, the at least two devices are connected wirelessly/via a wireless connection which forms the wireless network. A wireless network can of course also be formed by more than two devices connected via multiple wireless connections. Thirdly, note that the specification discloses in e.g. [0046]: "Any wireless connection between or among a legitimate device and at least one unknown device is considered as a suspicious connection and, thus, a wireless network formed based on such connected wireless connection is considered suspicious." 
Now, turning to cited prior art Gray, Examiner notes that a wireless access point (AP) is a wireless network device that is used to create a wireless network (e.g. a wireless LAN/WLAN) to allow other wireless devices to connect to a wired network. The wireless AP connects directly to the wired network, the wireless AP then provides wireless connections for the other wireless devices to use that wired connection, that is, the other wireless devices are connected to the wireless AP wirelessly/via wireless connections. Gray teaches in fig. 1, a wireless environment comprising a plurality of wireless devices (e.g. wireless client devices 60 and the other unnumbered wireless client devices) that are connected to a wired network (e.g. wired network A Basic Service Set (BSS) 64 refers to the wireless network implemented by a given wireless access point 52 that manages and bridges wireless communications for all wireless client devices 60 within its operating range…"

    PNG
    media_image2.png
    631
    883
    media_image2.png
    Greyscale


Gray also teaches wireless access points 52 that are registered with the management platform 56 can be used to scan for rogue access points and rogue client devices, that is, the wireless environment comprises scanning access points which in addition to the capabilities of allowing wireless client devices to connect to the wired network, they also have scanning functionalities operative to monitor their surrounding airspaces for rogue devices that could affect the performance and security of the wireless environment. See e.g. [0009]: "the present invention allows any conforming access point the ability to routinely scan its airspace, collect data on all operating frequencies and report this information back to a management platform…The present invention facilitates isolation of rogue wireless devices affecting the computer network environment and effective decision-making as to management of the detected device" [0049]: "at least one wireless network access point 52 includes scanning agent functionality operative to monitor its surrounding airspace…gather data characterizing detected wireless traffic, and transmit the data to airspace management platform 56…In WLAN environments employing 802.11 protocols, the wireless access point(s) 52 are equipped with 802.11-compliant WLAN network interface cards which support Radio Frequency (RF) monitoring mode" [0052]: "Wireless access point(s) 52 that are registered with the airspace management platform 56 can then be used to scan for rogue access points and client devices" [0069]: "the scanning agent executed by the access point(s) 52 can be configured to detect for the presence of rogue access points and transmit corresponding SNMP traps to airspace management platform 56" [0071]: "Rogue wireless devices encompass any wireless device 
In addition, referring to fig. 8 (which shows a scan for rouge devices, note that the same wireless connection can be detected on different scanning channels), fig. 8 discloses the scanning AP detects, for example on scanning channel 3 (third and fourth rows in the table), a rogue AP (e.g. the rouge AP with MAC address 00:02:2D:03:4C:B0) establishing a new/unknown connection with a wireless client device (e.g. the wireless client device with MAC address 00:02:2D:56:5B:FF) which forms a wireless network (e.g. the wireless network with network name "AirPort Network"), this wireless network is formed via the rouge AP which is an unregistered and unauthorized access point installed without authorization and/or knowledge of a network administrator and could affect the performance and security of the wireless network (see e.g. [0007]: "rogue access points (i.e., access points installed without authorization and/or knowledge of a network administrator)" [0009]: "detection of rogue and other devices that may affect the performance and/or security of the wireless computer network" [0071]: "Rogue wireless devices encompass any wireless device (client or access point) in the enterprise's airspace that is not registered as an authorized or ignored device"), and the WEP security protocol is disabled on this "AirPort Network" wireless network, that is, this wireless network is not WEP-protected (see e.g. the WEP column in fig. 8, and [0082], "The WEP column allows an administrator to determine how large a security breach the access point really is. If WEP is disabled then the access point could potentially be bridging the enterprise LAN to any person within the access point's radio coverage cell"), thus, this detected wireless network is considered as "a vulnerable wireless network." See also e.g. [0067]: "on channel 1, the scanning access point detected a data packet transmitted from/to a wireless client…associated with an access point having a WLAN MAC address or BSSID of 00:02:2D:03:4C:B0. Further, the second row indicates that the scanning access point also detected a data packet from the same client on channel 2…scanning on channels 3 and 4, the scanning access point 52…detected beacon packets from an access point having a MAC address of 00:02:2D:03:4C:B0 and configured with an SSID of "AirPort Network…"

    PNG
    media_image3.png
    475
    928
    media_image3.png
    Greyscale

Furthermore, Examiner would like to point out that in addition to the explanations provided above showing that Gray teaches "the plurality of wireless networks" in e.g. fig. 1, notice that fig. 8 also shows that there are other connections being detected in the wireless environment during the rogue AP scan (in addition to the example given above with the rouge AP 00:02:2D:03:4C:B0 and the wireless client device 00:02:2D:56:5B:FF), for example, the connection between the rouge AP with BSSID 00:03:2F:00:12:AE and the wireless client device 
Thus, Gray teaches "the detected at least one new active wireless connection forms a vulnerable wireless network amongst the plurality of wireless networks" as recited in the claim. 
Moreover, in response to Appellant argument that because the sentence in [0009] discloses "the wireless network" thus Gray only teaches a single network, Examiner respectfully disagrees. Examiner notes that the wireless network in the sentence mentioned by Appellant is a particular wireless computer network implemented by a particular wireless access point in an airspace of the wireless environment as shown in fig. 1 of Gray, however, as seen in fig. 1 of Gray and as explained above, there are multiple wireless computer networks (e.g. the multiple WLANs) that are implemented by multiple wireless access points in the wireless environment. Appellant appears to only see the wired LAN network 20 as the only "network" in the environment, however, as explained above, Gray clearly teaches an environment that includes multiple wireless networks. In fact, without the multiple wireless networks formed by the wireless connections between the wireless access points and the wireless client devices, the wireless access points would not be able to route data between the wireless client devices or bridge wireless communications for the wireless client devices in the wireless environment as disclosed by Gray (see e.g. [0048]: "Wireless access points 52 can act as a hub to route data 
For at least the above reasons, Gray teaches "detecting a vulnerable wireless network coexisting in a wireless environment of an organization in an area in which there exists a plurality of separate wireless networks" and "determining if the detected at least one new active wireless connection forms a vulnerable wireless network amongst the plurality of wireless networks" as recited in the claim. 
In response to Appellant argument "As to the alleged motivation for combining the references, any such motivation is irrelevant at least because the references do not teach all of the claim features. Thus, even assuming that a person having ordinary skill in the art would be motivated to combine the references, such a combination would not result in all of the claim features" (page 12 of Appeal Brief), Examiner respectfully disagrees. The motivation is not irrelevant because the references do teach all of the claim features as explained above by Examiner. 
Appellant argued "Additionally, the supposed motivation suggested by the Office Action does not explain why a person having ordinary skill in the art would modify Gray using Griffith at all, let alone to result in the claim features. The Office Action asserts that it would be obvious to incorporate Griffith into Gray "for the purpose of remotely monitoring wireless networks and preventing an unauthorized communication session from being established, to prevent future attacks, and/or to catch the attacker." Final Office Action dated June 24, 2020, page 9… The stated motivation does not mention different types of users or otherwise explain why a person having ordinary skill in the art would be motivated to modify the teachings of Gray to detect connections between known users and unknown users." (Page 12 of Appeal Brief).
Examiner respectfully disagrees with Appellant for the following reasons.  
Examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, Examiner has provided motivation for combining the references (as seen in the last final Office action). In addition to the motivation provided (e.g. for the purpose of preventing future attacks and catching the attackers), a person of ordinary skill in the art would also be motivated to modify the teachings of Gray to detect connections between known users and unknown users for the purpose of reacting in time to prevent the unauthorized communication session from being established. This provides an advantage over security systems based on an analysis of unauthorized communication sessions performed after the sessions have been established or even completed (see e.g. Griffith [0011]).
Appellant argued "Further, Gray already teaches remote management of network access points (see Gray, para. [0047]) and detecting unauthorized wireless access points (see Gray, para. [0008]). At best, the alleged motivation is redundant with existing capabilities of Gray. Thus, a person having ordinary skill in the art would not be motivated to combine Gray and Griffith based on this supposed motivation… the proposed motivation of modifying Gray "for the purpose of remotely monitoring wireless networks and preventing an unauthorized communication session from being established, to prevent future attacks, and/or to catch the attacker" are indeed redundant with benefits which Gray can already provide… Accordingly, despite the Office Action's assertions, the motivation provided for combining Gray and Griffith is redundant with features already possible by Gray…" (Pages 12-13 of Appeal Brief).
Examiner respectfully disagrees with Appellant for the following reasons.  
Examiner notes that even if Gray "already teaches remote management of network access points…and detecting unauthorized wireless access points" as argued by Appellant, this doesn’t mean a person having ordinary skill in the art would not be motivated to combine Gray and Griffith. In addition, it is merely an assumption by Appellant that the motivation is redundant because of the "benefits which Gray can already provide" or "features already possible by Gray," Appellant has not provided any evidence to support the argument that the benefits or features in Gray would prevent a person of ordinary skill in the art from combing Gray and Griffith. Examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). Indeed, the motivation is not redundant, in fact, one of ordinary skill in the art would be motivated to incorporate the teachings described by Griffith into the invention of Gray to extend and expand the function and structure of Gray's monitoring system for the purpose of initiating one or 
In response to Appellant argument that "Claim 13 is rejected for substantially similar reasons as claim 1. Accordingly, Appellants respectfully submit that claim 13 is likewise allowable over the combination of references for the reasons noted above… Claim 25 is rejected for substantially similar reasons as claim 1. Accordingly, Appellants respectfully submit that claim 25 is likewise allowable over the combination of references for the reasons noted above" (pages 13-15 of Appeal Brief), Examiner respectfully disagrees. Claims 13 and 25 are not allowable for at least the same reasons as set forth above with regards to claim 1.
For at least the above reasons, the rejections of claims 1-6, 10-18, and 22-25 under 35 U.S.C. 103 as being unpatentable over Gray in view of Griffith have been maintained. 
B. Claims 7, 8, 19, and 20 are not properly rejected under 35 U.S.C. §103 as allegedly unpatentable over Gray and Griffith in view of Muddu.
In response to Appellant argument that "Claims 7 and 8 depend from claim 1, and claims 19 and 20 depend from claim 13. For the reasons noted above, Appellants respectfully submit that claims 1 and 13 are allowable over Gray and Griffin. Appellants respectfully submit that claims 7, 8, 19, and 20 are therefore allowable by virtue of their respective dependencies from allowable base claims" (pages 15-16 of Appeal Brief), Examiner respectfully disagrees. Claims 7, 
For at least the above reasons, the rejections of claims 7, 8, 19, and 20 under 35 U.S.C. 103 as being unpatentable over Gray in view of Griffith further in view of Muddu have been maintained. 
(3) Conclusion
For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/AMIE C. LIN/Examiner, Art Unit 2436                                                                                                                                                                                                        
Conferees:
/TRONG H NGUYEN/Primary Examiner, Art Unit 2436    
                                                                                                                                                                                                    /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436                                                                                                                                                                                                        


Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.