PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/920,049
Filing Date: 13 Mar 2018
Appellant(s): Comcast Cable Communications, LLC



__________________
Joshua L. Davenport (Reg. No. 72,756)
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed April 5, 2022.

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated November 2, 2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”

(2) Response to Argument
	(A) On pg. 6 of the Appeal Brief: Appellant contends that the modifications by D. H. Sharma et al. (hereinafter, “Sharma”), "Implementing Intrusion Management as Security-as-a-service from cloud," (CSITSS), 2016, pp. 363-366 to Yin (hereinafter, “Yin”), US 2014/0366118 would have resulted in re-locating the cloud-based logging service settings module 202 in the security gateway appliance 200 in Yin to the cloud. The module 202 corresponds to the claimed “security agent”, where the claims required the agent to execute on the gateway device and not in the cloud.

	(B) On pp. 7-8 of the Appeal Brief: Appellant contends that Sharma expressly teaches away from the partial relocation that the Office needs for its rejection. Sharma states that “[i]n this model the security is provided from the cloud in place of on-premise implementation” (see Abstract). 

	(C) On pg. 9 of the Appeal Brief: Appellant contends that no rationale is provided for the role of Sharma in the rejection of claim 3.

	(D) On pg. 9 of the Appeal Brief: Appellant contends that no rational is provided for the role of Yin in the rejection of claim 35.

In response to Argument (A):
Regarding the Appellant’s arguments that the teachings of Sharma would result in moving the cloud-based service settings module 202 of Yin to the cloud, the Examiner respectfully disagrees.
Appellant contends that the cloud-based logging service settings module 202 would have been re-located to the cloud based on the objectives disclosed in Sharma. Specifically, Appellant points out to the Abstract of Sharma that the “security is provided from the cloud in place of on-premise implementation”. However, the Examiner believes this reasoning to be insufficient to why the cloud-based service settings module 202 would have been re-located from the gateway appliance 108 in Yin to the cloud. The functions of the module 202 are stated in [0042]-[0045] of Yin. Specifically, the module 202 is provided in the security appliance gateway 200 as a means for users to configure and manage the cloud service. For example, [0042] of Yin discloses (emphasis added):
“…cloud-based logging service settings module 202, also referred to as settings module 202 hereinafter, is configured to integrate cloud-based logging service with network appliance 200, and customize settings and configurations by means of which the cloud-based logging service would be accessible to users/network administrators through the network appliance 200. Integrating and customizing settings for access to cloud-based logging service on network security gateway appliance 200 allows a means to access cloud-based logging service on interface/graphical user interface of network security gateway appliance 200.”

Therefore, moving the module 202 into the cloud would remove any means for administrators to remotely manage and configure cloud-based services from their enterprise network (e.g. LAN 104 in Fig. 1 of Yin). The module 202 is intended to serve as an interface to the cloud security services from the administrator’s network. Even if all the cloud security services were centralized, as argued by the Appellant, there would still need to be some interface for administrators to use for interacting with the cloud security services (e.g. disable services, configure services, etc.). For example, in Sharma (see pg. 365, the “Control” bullet point), a central portal is provided such that clients can access the service from various devices viz desktops and handheld mobile devices, etc. The module 202 would have provided the means to interface with this central portal to manage cloud services, such as how the module 202 interfaces with the cloud-based logging service to enable administrators to manage it. This is consistent with the role of the “security agent” in the claims, wherein the “security agent” merely “support[s] the network security service”. Thus, there is no rationale to why such a module in Yin would have to be re-located to the cloud in view of Sharma.
Sharma also states their model helps “enhance the capability of existing on-premise solutions by working with them in a hybrid manner” (see I. Introduction, 1st paragraph, pg. 363; and V. Conclusion and Future Work, pg. 365). Therefore, Sharma is not solely intended to replace an on-premise implementation of a network security system, rather Sharma leaves that as one of the options for their model. Additionally, Sharma was not intended to completely modify the existing core architecture of Yin in the rejection. Sharma was provided as supporting prior art to depict multiple security services that would have been offered in the cloud in addition to cloud-based logging services. In [0030], Yin also suggests the notion of applying “any other purpose or function for which the explained structure or configuration can be used”, such that other security services could have been utilized. 
Thus, it would have been obvious to one of ordinary skill in the art to modify Yin in view of Sharma to incorporate a security agent and network security service entity as claimed.

In response to Argument (B):
Regarding the Appellant’s arguments against the combination of Yin and Sharma, the Examiner contends that the combination was reasonable and the teachings of Yin and Sharma do not teach away from each other.
As stated in the Examiner’s response to Argument (A), Sharma also provides means to “enhance the capability of existing on-premise solutions by working with them in a hybrid manner”. Specifically, the IM-SecaaS of Sharma would not have replaced all network security services of Yin, rather it would have complemented any existing network security services of Yin. For example, any existing security services provided by the security gateway appliance would not have been modified, altered, or re-located in view of Sharma, since Sharma’s framework is capable of working with existing network solutions. The only modification of Yin in view of Sharma would have been the implementation of additional cloud-based security services to supplement the cloud-based logging service (refer to the rejection of claim 1 on pg. 5 of the Final Office Action dated 11-02-2021).
Furthermore, the Examiner notes that the security gateway appliance was configured for a range of security and monitoring technologies and may contain an intrusion prevention system (IPS). See [0033] of Yin: “…wherein the gateway appliance 108 can be configured to integrate a range of security and monitoring technologies and provide features such as, but not limited to firewall, IPS, application control, threat monitoring, VPN, web content filtering, and the like.” The Appellant’s notion that the security gateway appliance must contain an IPS, or any specific network security function, is incorrect. Rather, an IPS is just one of the network security functions that can be available in the gateway appliance.
Thus, Sharma was not intended to modify the existing features of the security gateway appliance of Yin but to add additional security services alongside the cloud-based logging services.

In response to Argument (C):
Regarding the Appellant’s arguments that no rationale is provided for the role of Sharma in the rejection to claim 3, the Examiner contends that the rejection incorporates the rationale provided in the rejection of parent claim 1.  Moreover, the rejection relies on Yin to teach the limitations recited in claim 3.
As stated in the above responses, the role of Sharma adds additional network security services to the cloud of Yin. The incorporation of Sharma does not modify the networks in Yin, and the configuration of the networks would have remained the same in Yin (e.g. the LAN 104 and the cloud server 118 – see [0032], [0034], Fig. 1 of Yin).

In response to Argument (D):
Regarding the Appellant’s arguments that no rationale is provided for the role of Yin in the rejection to claim 35, the Examiner contends that the rejection incorporates the rejection of parent claim 1.
Yin is used to teach a security gateway appliance that interfaces with cloud-based security services, and Sharma expands upon the range of available cloud-based security services to include intrusion detection/prevention. The rejection to parent claim 1 provided the rationale of incorporating an intrusion detection/prevention system as a cloud-based security service for Yin. A basic function of an intrusion detection/prevention system is to block and/or filter unwanted traffic as disclosed in Sharma, IV. EVALUATION OF IM-SECAAS, pg. 365.

	(3) Conclusion
For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        
Conferees:
/SHANTO ABEDIN/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494     
                                                                                                                                                                                                   
Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.