PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/133,238
Filing Date: 17 Sep 2018
Appellant(s): STAN et al.



__________________
Andrei D. Popovici Reg. No. 42,401
For Appellant


EXAMINER’S ANSWER




This is in response to the appeal brief filed 07/10/2021 appealing from the office action mailed on 01/28/2021.
(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 01/28/2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
(2) Response to Argument
Claim Rejections under 35 U.S.C. § 103
	Applicant’s arguments have been reviewed by the examiner and summarized as follows:
A2. i) 	A hypothetical combination of the identified teachings of Straatsma, GitHub, and Delatorre, performed without hindsight for the reasons presented in the Office Action would not have led a POSITA to the subject matter of claims 1, 11, and 21, because: 
The Office Action ignores the claim limitation that all recited steps are performed by the same device (See Pages 15-16). 
A2 ii)	The motivation advanced by the Office Action for adding Delatorre to the identified teachings of Straatsma and GitHub is improper in that it does not support the specific claimed combination (See Pages 16-17). 
A3 iii)	The prior art relied upon by the Office Action teaches away from the claimed subject
Matter (See Page 18).
B2 i) 	None of Straatsma, GitHub, and Delatorre shows protect[ing] the client system against computer security threats according to a service subscription associated with the network regulator (See Page # 20).
B2 ii)	Regarding claims 4 and 14 in particular, the Office Action’s argument is internally inconsistent in its mapping of the network regulator and security server to prior art elements (See Pages # 20-21).
B2 iii) 	The prior art teaches away from combining the identified prior art elements as claimed (See Page # 21).
C2	A hypothetical combination of the identified teachings of Straatsma, GitHub, Delatorre and Lukacs would not have led a POSITA to the subject matter of claims 9 and 19, because Lukacs does not show a security agent executing on the client system and configured to change a security setting of a client system according to a configuration request received from a remote configuration server (See Pages # 23-24).
Examiner’s Response
	Regarding last Office Action dated 01/28/2021, Appellant is of the opinion that combination of cited prior art fails to teach the claimed subject matter. However, examiner respectfully disagrees. 
	Regarding argument A2 i), Appellant alleges that “A hypothetical combination of the identified teachings of Straatsma, GitHub, and Delatorre, performed without hindsight for the reasons presented in the Office Action would not have led a POSITA to the subject matter of claims 1, 11, and 21, because: 
The Office Action ignores the claim limitation that all recited steps are performed by the same device”. 
Appellant’s broader argument is against the physical combination of the references. This is a fallacious argument against an obviousness type rejection. The obviousness inquiry does whether the references could be physically combined but whether the claimed inventions are rendered obvious by the teachings of the prior art as a whole." In re Etter, 756 F.2d 852 (Fed. Cir. 1985) (en banc); see also In re Keller, 642 F.2d 413 (CCPA 1981) (stating "[t]he test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference"). Rather, in a case such as this, where each of the elements of the claim are known to the art, the obviousness inquiry requires a finding that the combination of known elements was obvious to a person with ordinary skill in the art." In re Chevalier (Fed. Cir. 2013).
In particular, the examiner’s proposed rejection is that one of ordinary skill would find it obvious to have a single device to perform all the steps, in light of the 3 references cited.
The examiner looks at whether the claimed element are suggested by the combination of the prior art as a whole. Here, the claimed features are taught by the references as a whole (as mapped in the rejection). The physical combination of the references, as argued by the Applicant, is thus not possibly persuasive against the instant obviousness rejection because the instant obviousness rejection is not proposing a physical combination of the references, but rather that it would be obvious to one of ordinary skill in the art to arrive at the claimed “network regulator” that performs all the steps/functions of the claim.   For example, it is very clear from the rejection that the device performing the takeover in Straatsma is being modified to include various other functions disclosed by GitHub and Delatorre.  Furthermore, no claim limitation has been “ignored”.  The examiner concludes it would be obvious to one of ordinary skill in the art to arrive at the claimed network regulator based on the teachings of Straatsma, GitHub, and Delatorre, as articulated in the rejection.
[which are performed by a single device in the claim] are known within the art to be either performed by distinct physical devices or all be performed by a single physical device.  The functions include a network router, a Dynamic Host Configuration Protocol (DHCP) server and a network/host based firewall. A network router can be used to perform the traffic directing functions between computer networks. A dedicated DHCP server can be deployed or functionality of DHCP can be deployed in the router that automatically provides and assigns IP addresses, default gateways and other network parameters to client devices based on broadcast queries by clients. And a network/host based firewall can be deployed as hardware or software that monitor traffic to or from your network, it allows or blocks network traffic based on a defined set of security rules.  Alternatively, all of these functions are also known to be performed by a single physical device.  For example, nearly every single home network router (issued by your ISP when you sign up for service) at the time of applicant’s invention performs these three functions.  Thus, it’s not like the examiner proposing all these functions being performed by a single entity is such an outlandish assertion.
Appellant’s statement that “An interpretation of “network regulator’ that encompasses a local device (the [takeover] device of Straatsma/GitHub) in combination with multiple, distributed remote servers (as in Delatorre) would go beyond the broadest reasonable interpretation consistent with the specification (BRI) of “network regulator,” and would be inconsistent with the explicit claim requirements that the recited steps be performed by a hardware processor of the claimed network regulator” (See Page # 16) is erroneous. As examiner has explained above, the examiner found it would be obvious to one of ordinary skill 
Thus, the examiner must find appellant’s argument in this regard to be unpersuasive.  
Regarding argument A2 ii), 
Appellant argues that “The motivation advanced by the Office Action for adding Delatorre to the identified teachings of Straatsma and GitHub is improper in that it does not support the specific claimed combination”, examiner respectfully disagrees. Examiner would like to note that appellant acknowledges examiner’s proposed modification in the A2 i) argument and therefore appellant’s argument A2 i) is flawed and argues that there is no motivation to move the functionality of Delatorre’s cloud based device to the takeover device disclosed by Straatsma and GitHub.  Examiner has already provided well-articulated motivation for the modification in the rejection as well as in this Examiner’s Answer, for example to improve user experience and access control at the takeover device.
Regarding argument A2 iii), 
Appellant argues that “The prior art relied upon by the office teaches away from the claimed subject matter”, Appellant further focuses by arguing that “it is not clear why and how an artisan would have chosen to combine such contradictory prior art in the manner alleged by the Office Action”.   The examiner respectfully disagrees with both statements.
Firstly, Appellant’s argument that the prior art relied upon teaches away from the claimed subject matter lacks proof.  For example, Appellant’s own claim performs a “hostile” or “forcible” takeover of a DHCP server.   And so does the prior art.  There is no direct disparaging 
Appellant’s own specification mentions implementing “malicious” activity in the section of “Network Service Takeover” (See Specification Page # 13-14). Instant specification paragraph [0055-0056] extensively describes how “DHCP Starvation” attack methodology is implemented in the claimed “network regulator” that targets existing DHCP server in the client system network and how network regulator acts [as a hostile actor] in the network which floods a DHCP server with bogus DISCOVER packets until the legitimate DHCP server exhausts its supply of current IP addresses and then network regulator use his DHCP module to broadcast its own DHCP lease offer, effectively forcing client systems to use network regulator as the default DHCP server for the traffic between client systems and extended network. 
Hence, appellant argument is that the intention of first two cited references of Straatsma and Github is for “malicious” action and would never be combined with Delatorre’s “good” intentioned functionality.
Straatsma and Github disclose a security exploit that can be used to perform a forcible takeover of a DHCP server.   One of ordinary skill in the art would readily recognize that such a regain control of your own network’s DHCP server/firewall/router, should the DHCP server/firewall/router be either i) misconfigured and therefore not actually acting as the DHCP server in the network (for example, the clients are looking to the wrong device as the DHCP server instead of the correct DHCP server), or ii) had been maliciously taken over (perhaps by the technique disclosed).  That is, a genuine well-intentioned network administrator would take whatever action necessary to defend their network against ongoing attacks, including utilizing exploits to regain control of their network.  It is a common cybersecurity defense tactic to “attack the attackers”.   Thus, the examiner finds the argument that one of ordinary skill in the art would have no motivation to combine the teachings of Delatorre and implement Delatorre’s functionality on a takeover device is not persuasive.   The examiner finds that one of ordinary would recognize the takeover device of Straatsma and Github can be for “good” intentions, such as regaining control of networked client’s DHCP server assignments.
Regarding argument B2 i), 
Appellant argues that “None of Straatsma, GitHub, and Delatorre shows protect[ing] the client system against computer security threats according to a service subscription associated with the network regulator”.  Appellant’s argument is based on the premise that Delatorre was relied upon for this teaching, and that Delatorre’s devices, which implement the claimed functionality of protecting against security threats according to a subscription model, are not equivalent to the claimed “network regulator”, which is associated with the takeover device disclosed in Straatsma and Github. 

Regarding argument B2 ii), 
Appellant argues “Regarding claims 4 and 14 in particular, the Office Action’s argument is internally inconsistent in its mapping of the network regulator and security server to prior art elements”, examiner respectfully disagrees. Regarding appellant’s remark that mapping of claims 4 and 14 “is internally inconsistent in that it conflates the claimed network regulator and security server, and ignores the basic logical requirement that distinct claim elements must refer to structures”.  Appellant’s argument is based on the premise that if the functions in Delatorre’s cloud-based devices are moved to the “takeover device” of Straatsma and GitHub, then there would be no “remote security server”.  
The examiner respectfully disagrees.  Appellant’s argument illogically assumes that all of Delatorre’s cloud-based functions are moved to the takeover device of Straatsma and Github.  To the contrary, the examiner finds that one of ordinary skill in the art would be motivated to keep some of the functionality with the cloud-based devices.  For example, many functionalities would make sense to maintain in the cloud, such as the correlation engine (for correlating known threats amongst many devices), the customer service server and billing functionalities, and the command and control server.  In summary, the examiner finds it would be obvious to move only the firewall-esque functionality for identifying threats and performing security 
The examiner finds one of ordinary skill in the art would find it obvious to generate an identifier and indicator according to device type (as disclosed in Delatorre par [0036]) at the takeover device of Straatsma and Github, and submit this identifier to certain cloud-based security services (such as the correlation engine, etc, of Delatorre) that are responsible for providing certain security services based on the service subscription of the client device managed by the network regulator (i.e., the takeover device of Straatsma/Github that is providing routing/firewall/DHCP services).  Any of the servers in Delatorre providing functions not moved to the takeover device are the “remote security server” of claim 4.  In addition, the examiner notes that these claims are directed to the “network regulator” and its structure, as defined by function, and that the wherein clause directed to a “remote security server” in claim 4 does not change, alter, or further limit any of the structure of the “network regulator”.

Regarding argument B2 iii), that “The prior art teaches away from combining the identified prior art elements as claimed”, examiner respectfully disagrees. 
This argument by Appellant is the same reasoning as set for argument A2 iii, above.  As such, in summary, the examiner notes this is not a “teaching away” argument because Appellant does not point out where any of the references directly disparage any claim limitation, and instead is an attack on the motivation to combine the teachings.  In response, the examiner incorporates by reference the reply to A2 iii, above.

Regarding argument C2 ii), that “A hypothetical combination of the identified teachings of Straatsma, GitHub, Delatorre and Lukacs would not have led a POSITA to the subject matter of claims 9 and 19, because Lukacs does not show a security agent executing on the client system and configured to change a security setting of a client system according to a configuration request received from a remote configuration server”, examiner respectfully disagrees. 
Examiner finds that Lukacs teaches forming a client boot agent for each respective client. The client boot agent is responsible to transmit a hypervisor image to the client system in response to receiving a boot request from a client system over the network (See Lukacs: [0007]). Lukacs further discloses sending Hypervisor Image to the requesting client according to the requesting client identity. The Hypervisor image contains Introspection Engine which contains instructions to protect components executing within the client system (See Lukacs: [0045-0046]).  Thus, the examiner’s findings were that a person of ordinary skill in the art would find it obvious to implement such a configuration push at the “takeover device” of the primary reference, when implemented by a genuine actor.  This follows logically, because once a genuine administrator forcibly regains control over the DHCP server, they would need to reconfigure all the client devices on the network to change the DHCP server assignment configuration by changing the address information that points to the true DHCP server, and not the fraudulent one.
In conclusion, examiner respectfully submits that the combination of cited references discloses and teaches each and every limitations under broadest reasonable interpretation by one of ordinary skill in the art in light of appellant’s specification, and concludes it would be obvious to combine the cited references and arrive at the claimed invention. Therefore it is believed that the 35 U.S.C. § 103 rejection should be sustained. 


Respectfully submitted,
/S.M.A./			
Patent Examiner, Art Unit 2432
/SYED A ZAIDI/Primary Examiner, Art Unit 2432                                                                                                                                                                                                        
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        


Requirement to pay appeal forwarding fee. In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an