Wednesday, September 19, 2012

BPAI affirms anticipation based on reasoning that performing action on whole implies peforming action on all parts

Takeaway: In a reexamination appeal, the BPAI considered the Patentee's arguments that a reference did not disclose "monitoring the operating system for an event". The Board first found that the reference taught monitoring a computer system for an event and also taught that the computer system included an operating system. The Board then affirmed the rejection since "Appellant does not sufficiently demonstrate any differences between ... continuously monitoring the computer system (including the operating system contained therein) for an event ... and the claimed feature of monitoring the operating system for an event. Nor do we identify any differences since in both cases, a computer system and operating system of the computer system are being monitored for an event." The Board's reasoning thus appeared to be that since the whole (computer system) was monitored, any included component (operating system) was also monitored.

Details:

Ex parte Finjan, Inc.
Appeal 2011003035; Reexam 90/008,684; Tech. Center 3900
Decided  June 6, 2011

The patent under ex parte reexamination involved virus protection software. A representative independent claim read:
1. A computer-based method, comprising:
     monitoring the operating system during runtime for an event caused from a request made by a Downloadable;
     interrupting processing of the request;
     comparing information pertaining to the Downloadable against a predetermined security policy; and
     performing a predetermined responsive action based on the comparison, the predetermined responsive action including storing results of the comparison in an event log.
(Emphasis added.)

During the reexam, the Examiner rejected claim 1 as anticipated by a non-patent reference (Rx PC - The Anti-Virus Handbook) which described a software package ("Virex PC") containing two anti-virus programs, VPCScan and VirexPro. The Patentee responded by arguing that several of the claim elements were not taught by the reference – and submitted declaration evidence to supplement these arguments.

One of the elements argued on appeal by the Patentee was the "monitoring" element. The Patentee argued in the Appeal Brief that Virex monitored a user-selected target file rather than the operating system. More specifically, the Patentee argued that Virex "sat in front of" a user-selected target file to intercept all requests associated with this file – regardless of which executable made the request. The Patentee contrasted this with claim 1, which described "monitoring all requests from Downloadable [files] to the operating system, not just requests to particular files." (Emphasis in original.) The Patentee then referred to the expert declaration to provide more technical detail about the workings of Virex:
In order to monitor the operating system for events caused by requests from Downloadables as required by the claims, requests to both selected and non-selected files and file types must be monitored. Per the expert affidavit of Dr. Giovanni Vigna (Paragraph 4), file-based Virex and VirexPRO did not and could not monitor an entire operating system for a requested action or resulting event from a requesting file or program (hereafter "virus file"), the Virex programs could only monitor actions to be taken on pre-determined target files. More particularly, the Virex programs hijack the response routine of specific software interrupts. By doing this, they are able to monitor only a subset of the operations that can be performed by a program (that is, those that are associated with the software interrupt), and, as a result, they are not capable of monitoring the operating system in a comprehensive fashion.

In the Answer, the Examiner responded to the Patentee's arguments. In response to the Patentee's assertion that Virex did not monitor the operating system, the Examiner cited to teachings in the Handbook that Virex monitored requests for disk formatting and requests for disk reads and write. According to the Examiner, "detecting these activities requires that Virex monitor subsystems of the operating system such as the file system, memory system, network system, and run-time execution system." In response to the Patentee's assertion that Virex monitored only user-selected files, the Examiner clarified that the rejection relied on teachings about installation. The Examiner explained that Virex's installation options allowed the user to select all files (via a wildcard ). With this option chosen, Virex would then monitor all files, i.e. "an entire operating system", at runtime.

The Patentee filed a Reply Brief to rebut points in the Examiner's Answer. According to the Patentee, "protecting every file on the computer is not the same as monitoring the operating system." Having the user "manually select every file or extension" is "incredibly inefficient and substantively different from monitoring the operating system" since "if any new files or extensions are added to the computer then the user would need to manually select those files."The Patentee then characterized user selection of every file on the computer as "a construction of the Examiner" that is "not mentioned in [the Handbook]." As for the Examiner's reliance on the teachings about disk formatting and disk reads/writes, "the 'features' are never described in any detail and [the Handbook] does not disclose anything about how these features are performed."

The Board affirmed the anticipation rejection. With regard to the Patentee's "monitoring" argument, the Board referred to the Handbook in making these findings of fact: Virex continuously monitored a computer system which included an operating system; and Virex created an alert when an attempt was made to perform tasks such as executing a program. The Board then drew the following conclusion:
Since [Virex] continuously monitors a computer system that includes an operating system for an “event” (e.g., an attempt to run a program or an attempt to terminate and stay resident – the attempt being a “request” for an event), we agree with the Examiner that Endrijonas discloses monitoring the operating system of the computer system for the event as recited in claim 1.

The Board explained why the Patentee's arguments were unpersuasive:
Appellant does not sufficiently demonstrate any differences between the [Virex program] continuously monitoring the computer system (including the operating system contained therein) for an event (e.g., an attempt to run a program or an attempt to terminate and stay resident) and the claimed feature of monitoring the operating system for an event. Nor do we identify any differences since in both cases, a computer system and operating system of the computer system are being monitored for an event.

Postscript: The Patentee appealed to the Federal Circuit. But the appeal involved another issue (whether or not the Virus Handbook was an enabling reference) so that Fed. Cir. stayed the appeal pending decision on another case on the presumption of enablement for non-patent references, In re Antor Media. Antor was decided in Aug. 2012, but no decision has been issued yet in In re Finjan.

My two cents: Right result. Bad reasoning.

The Board's simplistic reasoning was based on the unsupportable premise that performing an action on a whole implies performing the action on the components of the whole. Probably true in some contexts, but it's hardly a general truth. Does "painting a house" mean painting: 1) the exterior; 2) the exterior and the interior; 3) exterior, interior, and contents of the house; 4) exterior including the window panes and shingles on the roof? Generally, we mean #1. Maybe #2. #3 and #4 are unlikely choices.

In this case, "monitoring a computer system" might mean monitoring only the hardware components, or might mean monitoring only the software application components, or might mean monitoring only the operating system. I'm inclined to say that the Virus Handbook was talking about monitoring the operating system, since the entity that provides services for detecting actions like file access and program execution is usually referred to as an "operating system." But my point is that I reached that conclusion from the specific teachings of the reference, as understood by a POSITA –not from a premise that actions on a system applying to all components of the system.

17 comments:

  1. lol software patents

    anyway doesnt the claim read like something stupid old and/or obvious? even before 2007 i can already think up something like AVG Antivirus off the top of my head

    ReplyDelete
    Replies
    1. nm actually the filing date of the original was 1997 so i cant think of passive scanning for interwebz downloads at that time

      still, lol software patents

      Delete
  2. Nah Karen you got that a bit wrong. The board simply doesn't buy into your "software is totz a "component"" bs. Therefore, they simply understand the reference to be saying monitor everything running on the computer.

    "The Board's simplistic reasoning was based on the unsupportable premise that performing an action on a whole implies performing the action on the components of the whole."

    Nah, it wasn't. Guess again lil missy.

    ReplyDelete
  3. "In this case, "monitoring a computer system" might mean monitoring only the hardware components, or might mean monitoring only the software application components, or might mean monitoring only the operating system."

    It very well may. Or it might mean what it says, and means monitoring the whole shebang. But that is immaterial in either event.

    Because even if it did mean any of those three or something else, that's where fact finders come in, to find which of the three or whatever else it in fact says. They did. And their factual findings have substantial evidence, therefore, you are the boned.

    ReplyDelete
  4. "But my point is that I reached that conclusion from the specific teachings of the reference, as understood by a POSITA –not from a premise that actions on a system applying to all components of the system.

    "

    So did the board, they just didn't spell it out for you nice and pretty.

    ReplyDelete

  5. "Since [Virex] continuously monitors a computer system that includes an operating system for an “event” (e.g., an attempt to run a program or an attempt to terminate and stay resident – the attempt being a “request” for an event), we agree with the Examiner that Endrijonas discloses monitoring the operating system of the computer system for the event as recited in claim 1."

    This is like a bad running joke. Bad rejection, followed by bad advocacy, followed by a bad BPAI decision. The BPAI is making an inherency argument. They are arguing that, in essence, that monitoring of a computer system inherently teaches monitoring the operating system.

    For something to be inherent, it must necessarily be present. However, I would have argued that monitoring the "computer system" can encompass solely monitoring the processor, or monitoring the memory, or monitoring the hard drive, or monitoring a particular application – none of which NECESSARILY requires the monitoring of the operating system. Thus, the teachings of the prior art do not either explicitly or inherently teach the claimed limitations.

    "Does 'painting a house' mean painting: 1) the exterior; 2) the exterior and the interior; 3) exterior, interior, and contents of the house; 4) exterior including the window panes and shingles on the roof? Generally, we mean #1. Maybe #2. #3 and #4 are unlikely choices."
    Again, this goes back to my point about an inherency argument. Examiners love to pull this trick. They state "A = X" but what they mean is "A inherently implies X." When you see that, you have to identify the (unstated) inherency argument and make the appropriate arguments.

    ReplyDelete
    Replies
    1. >[BPAI is] arguing that, in essence, that
      >monitoring of a computer system inherently
      >teaches monitoring the operating system

      Hmm. I hadn't thought of it that way, which is why I didn't couch the post in terms of inherency.

      After reading your comment, I've thought about it a bit. Now I think that my characterization of the Board's theory of anticipation -- a general principle that performing an action on the whole implies performing the action on all its components -- is something very close to inherency.

      I still think there is a slight difference, in that "necessarily requires" is not the same as "implies". My characteriztion of the Board's theory also shades into claim construction, i.e., what do we mean when we say "monitor the system".

      My biggest beef -- which I should have mentioned in my post -- is that it's not clear what theory the Board relied on. The comments here show that the question of what the Board was really relying on is open to several different interpretations. A well-written opinion shouldn't be open to so many different interpretations.

      Delete
    2. "I still think there is a slight difference, in that 'necessarily requires' is not the same as 'implies'."
      I've gotten that response before – and my response is "no." For a 102 rejection, you can either have an explicit teaching or an inherent teaching. I have found no Federal Circuit that recognizes an "implied" teaching. To imply is "to involve or indicate by inference, association, or necessary consequence rather than by direct statement." In other words, Y necessary flows from X. This is an inherency argument.

      The fact that a reference COULD teach something, however, doesn't mean that the reference DOES teach something pursuant to 35 USC 102. A finding that a reference could teach something is not sufficient to establish anticipation.

      "it's not clear what theory the Board relied"
      They rely on the Make S__T Up (MSU) theory. Most APJs are former examiners and the MSU theory is widely practiced at the examiner level. I have only slightly higher respect for the BPAI than I have for examiners, and this decision indicates why. They BPAI bent (broke) the law to get the result they wanted, and it happens far too many times.

      "My characteriztion of the Board's theory also shades into claim construction, i.e., what do we mean when we say 'monitor the system'."
      The claims recite "monitoring the operating system." Although there is wiggle room there, you cannot render superfluous any of the claim language (i.e., ignore the "operating" from "operating system").

      The example you provided is a perfect example of why the BPAI's analysis is flawed.

      Delete
    3. "I've gotten that response before – and my response is "no." "

      You should have added after "no": "because I'm a tard and cannot tell the difference lol". You could also add: "I'm also kind of bad at making factual findings lol, plz help me".

      Delete
    4. "I have found no Federal Circuit that recognizes an "implied" teaching. "

      Because you didn't look very hard, I've seen like 4 in the last two years. Try using west.

      Delete
    5. "Because you didn't look very hard, I've seen like 4 in the last two years. Try using west."

      Start rattling them off ...

      Delete
    6. "start rattling them off "

      I will as I see more issued, they aren't particularly rare. I didn't make a list of them especially for you as I was reading these past two years, nor am I especially willing to look through my whole browsing history to find them.

      Delete
    7. "nor am I especially willing to look through my whole browsing history to find them"

      What? You cannot do a simple search and find them? Supposedly 4 over the last two years ... the Federal Circuit doesn't issue much.

      You must be an Examiner -- make a statement and then fail to back it up with any evidence. Is that one of the training courses they give at the USPTO?

      Delete
  6. It's decisions like this that motivated me to apply for one of the open APJ positions.

    The BPAI is looking to sustain Examiner rejections. As long as the Examiner makes a de minimus argument, the BPAI will uphold it absent any some egregiously blatant error.

    ReplyDelete
  7. Great post and discussion, Karen!

    I'm late to the party, but I wonder if the Board's reasoning could be viewed as "performing action on genus" anticipates "performing action on species." When a genus allows a PHOSITA to envisage all species therein, 102 rejections to the species are upheld all the time under cases like In re Petering and ClearValue v. Pearl River (without any inherency / implying issues). Admittedly, these cases deal with chemical-ish claims that recite the species alone over prior art that discloses the genus. But is there any good reason they should not apply to non-chemical claims reciting performing an action on the species over prior art disclosing performing the action on the genus? Aren't we still in a genus/species situation? And, specifically, here, doesn't a genus of monitoring a computer system make it pretty easy to list out each member of that genus? (monitoring the file system, the operating system, the hardware, etc.)? I feel like the case is defensible on these grounds.

    On another note, I recently did a post on Antor at the Federal Circuit. Antor seems to foreshadow grim results for Finjan's non-enablement argument.

    ReplyDelete
  8. >Board's reasoning could be viewed as
    >"performing action on genus" anticipates
    >"performing action on species."

    Gotta disagree. I feel strongly this is *not* a genus-species relationship.

    Genus-species in this context would be if the reference made the statement "monitoring a computer system" and this genus teaching was found to anticipate the species of "monitoring a PC," "monitoring a laptop", "monitoring a smart phone," and "monitoring a DVR" -- since all those are species of the genus "computer system."

    Here, the relationship was whole-part. And I'll agree that in some contexts, a teaching about the whole is understood to be a teaching about each of its parts. For example, the statement "deleting a [file system] folder" is understood to mean "deleting each file in the folder and then deleting the folder itself." That understanding is implicit and/or a matter of interpreting what the phrase means.

    My position is that's simply not true in this context. A POSITA does *not* understand "monitoring the computer" to mean monitoring each and every one of its components. Depending on context, it might mean monitoring its hardware components, or monitoring the operating system, or monitoring applications, or any number of other things.

    ReplyDelete