UNITED STATES pATENT AND TRADEMARK OFFICE
`
`UNITED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Orfice
`Address: COMMISSIONER FOR PATENTS
`P.O. Box 1450
`Alexandria, Virginia 22313-1450
`www.uspto.gov
`
`APPLICATION NO.
`
`FILING DATE
`
`FIRST NAMED INVENTOR
`
`ATTORNEY DOCKET NO.
`
`CONFIRMATION NO.
`
`10/611,472
`
`06/30/2003
`
`Peter Szor
`
`SYMCI034
`
`1598
`
`05/04/2007.
`7590
`34350
`GUNNISON, MCKAY & HODGSON, L.L.P.
`1900 GARDEN ROAD, SUITE 220.
`MONTEREY, CA 93940
`
`EXAMINER
`
`BAUM, RONALD
`
`ART UNIT
`
`PAPER NUMBER
`
`2136
`
`MAIL DATE
`
`DELIVERY MODE
`
`05/04/2007
`
`PAPER
`
`Please find below and/or attached an Office communication concerning this application or proceeding.
`
`The time period for reply, if any, is set in the attached communication.
`
`PTOL-90A (Rev. 04/07)
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`UNITED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Orfice
`Address: COMMISSIONER FOR PATENTS
`P.O. Box 1450
`Alexandria, Virginia 22313-1450
`www.uspto.gov
`
`APPLICATION NO.
`
`FILING DATE
`
`FIRST NAMED INVENTOR
`
`ATTORNEY DOCKET NO.
`
`CONFIRMATION NO.
`
`10/611,472
`
`06/30/2003
`
`Peter Szor
`
`SYMCI034
`
`1598
`
`05/04/2007.
`7590
`34350
`GUNNISON, MCKAY & HODGSON, L.L.P.
`1900 GARDEN ROAD, SUITE 220.
`MONTEREY, CA 93940
`
`EXAMINER
`
`BAUM, RONALD
`
`ART UNIT
`
`PAPER NUMBER
`
`2136
`
`MAIL DATE
`
`DELIVERY MODE
`
`05/04/2007
`
`PAPER
`
`Please find below and/or attached an Office communication concerning this application or proceeding.
`
`The time period for reply, if any, is set in the attached communication.
`
`PTOL-90A (Rev. 04/07)
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`~----------------------~~~~------~~~~------~~~
`
`Application No.
`
`Applicant(s)
`
`Office Action Summary
`
`10/611,472
`
`Examiner
`
`SZOR, PETER
`
`Art Unit
`
`2136
`Ronald Baum
`-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address --
`Period for Reply
`
`A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE~ MONTH(S) OR THIRTY (30) DAYS,
`WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION.
`• Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however. may a reply be timely filed
`after SIX (6) MONTHS from the mailing date of this communication.
`If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication.
`-
`- Failure to reply within the set or extended period for reply will, by statute. cause the application to become ABANDONED (35 U.S.C. § 133).
`Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any
`earned patent term adjustment. See 37 CFR 1.704(b).
`Status
`
`1 )[gl Responsive to communication(s) filed on 30 June 2003.
`2a)0 This action is FINAL.
`2b)[gj This action is non-final.
`3)0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is
`closed in accordance with the practice under Ex parte Quayle, 1935 C.D. 11, 453 O.G. 213.
`
`Disposition of Claims
`
`4)[gl Claim(s) 1-29 is/are pending in the application.
`4a} Of the above claim(s) __ is/are withdrawn from consideration.
`5)0 Claim(s) __ is/are allowed.
`6)[gj Claim(s) 1-29 is/are rejected.
`7)0 Claim(s) __ is/are objected to.
`8)0 Claim(s) __ are subject to restriction and/or election requirement.
`
`Application Papers
`
`9)0 The specification is objected to by the Examiner.
`10)[gl The drawing(s) filed on 14 October 2003 is/are: a)[gl accepted or b}O objected to by the Examiner.
`Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a).
`Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d).
`11 )0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PT0-152.
`
`Priority under 35 U.S.C. § 119
`
`12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S. C. § 119(a)-(d) or (f).
`a)O All· b}O Some* c)O None of:
`1.0 Certified copies of the priority documents have been received.
`2.0 Certified copies of the priority documents have been received in Application No. __ .
`3.0 Copies of the certified copies of the priority documents have been received in this National Stage
`application from the International Bureau (PCT Rule 17.2(a)).
`* See the attached detailed Office action for a list of the certified copies not received.
`
`Attachment(s)
`1) [gj Notice of References Cited (PT0-892}
`2) 0 Notice of Draftsperson's Patent Drawing Review (PT0-948)
`3) [gj Information Disclosure Statement(s) (PTO/SB/08)
`Paper No(s)/Mail Date 1218103 2/26107.
`
`4) 0 Interview Summary (PT0-413)
`Paper No(s)/Mail Date. __ .
`5) 0 Notice of Informal Patent Application
`6) 0 Other: __ .
`
`U.S. Patent end Trademark Office
`PTOL-326 (Rev. 08-06)
`
`Office Action Summary
`
`Part of Paper No./Mail Date 20070426
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page2
`
`DETAILED ACTION
`
`This action is in reply to applicant's correspondence of30 June 2003.
`
`Claims 1-29 are pending for examination.
`
`Claims 1-29 are rejected.
`
`1.
`
`2.
`
`3.
`
`Claim Rejections- 35 USC§ 102
`
`The following is a quotation of the appropriate paragraphs of35 U.S.C. 102 that form the
`
`basis for the rejections under this section made in this Office action:
`
`(e) the invention was described in (I) an application for patent, published under section 122(b), by another
`filed in the United States before the invention by the applicant for patent or (2) a patent granted on an
`application for patent by another filed in the United States before the invention by the applicant for patent,
`except that an international application filed under the treaty defined in section 351 (a) shall have the effects
`. for purposes of this subsection of an application filed in the United States only if the international
`application designated the United States and was published under Article 21 (2) of such treaty in the English
`language.
`
`5.
`
`Claims 1-29 are rejected under 35 U.S.C. 102(e) as being anticipated by Magdych et al,
`
`U.S. PatentNo. 6,546,493 Bl.
`
`6.
`
`As per claim 1; "A method comprising:
`
`detecting an attack by
`
`malicious code on
`
`a first computer system [Abstract, figures 1-5 and associated descriptions,
`
`col..2,lines 8-56, whereas a system utilizing predetermined policy based
`
`intrusion/attack detection/risk assessment/remediation that is embodied in
`
`multiple processing elements (i.e., first/second computer systems) configured in a
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Appli.cation/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 3
`
`network architecture, clearly encompasses the claimed limitations as broadly
`
`interpreted by the examiner.];
`
`extracting a malicious code signature from
`
`said malicious code [Abstract, figures 1-5 and associated descriptions, col. 2,lines
`
`8-56, and more particularly col. 3,lines 23-49, whereas the comparison of 'a plurality of
`
`virus/attack signatures ... or extract the harmful information from the infected
`
`communications : .. ' aspects of the intrusion/attack detection/risk
`
`assessment/remediation, clearly encompasses the claimed limitations as broadly
`
`interpreted by the examiner.];
`
`creating an extracted malicious code packet including
`
`said malicious code signature [Abstract, figures 1-5 and associated descriptions,
`
`col. 2,lines 8-56, whereas the intrusion/attack detection/risk assessment/remediation that
`
`is embodied in multiple processing elements (i.e., separate intrusion/attack detection (first
`
`computer) system versus the risk assessment/remediation (second computer) system
`
`where the first to second extracted malicious code information clearly is transferred in a
`
`coded packet), clearly encompasses the claimed limitations as broadly interpreted by the
`
`examiner.]; and
`
`sending said extracted malicious code packet from
`
`said first computer system to
`
`a second computer system [Abstract, figures 1-5 and associated
`
`descriptions, col. 2,lines 8-56, whereas the intrusion/attack detection/risk
`
`assessment/remediation that is embodied in multiple processing elements (i.e.,
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 4.
`
`separate intrusion/attack detection (first computer) system versus the risk
`
`assessment/remediation (second computer) system where the first to second
`
`extracted malicious code information clearly is transferred in a coded packet),
`
`clearly encompasses the claimed limitations as broadly interpreted by the
`
`.
`] "
`exammer ...
`
`And further as per claim 27, this claim is an apparatus (system) claim for the method
`
`claim 1 above, and is rejected for the same reasons provided for the claim 1 rejection; "A
`
`computer system comprising:
`
`an intrusion prevention application for
`
`detecting an attack by malicious code on
`
`a first computer system;
`
`a host signature extraction application for
`
`extracting a malicious code signature from
`
`said malicious code;
`
`said host signature extraction application further for
`
`creating an extracted malicious code packet including
`
`said malicious code signature; and
`
`said host signature extraction application further for
`
`sending said extracted malicious code packet from
`
`said first computer system to
`
`a second computer system.".
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 5
`
`7.
`
`Claim 2 additionally recites the limitations that; "The method of Claim 1 wherein
`
`prior to said sending, said method further comprising
`
`determining that said extracted malicious code packet is
`
`a new extracted malicious code packet.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect encompasses the initial (i.e., new)
`
`determination of an extracted malicious code/attack, clearly encompasses the claimed limitations
`
`as br~adly interpreted by the examiner.) suggest such limitations.
`
`8.
`
`Claim 3 additionally recites the limitations that; "The method of Claim 1 wherein
`
`prior to said sending, said method further comprising
`
`determining that a maximum number of extracted malicious code packets have
`
`not been sent from
`
`said first computer system.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect encompasses the threshold (i.e.,
`
`maximum number) d~termination of an extracted malicious code/attack, clearly encompasses the
`
`claimed limitations as broadly interpreted by the examiner.) suggest such limitations.
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page6
`
`9.
`
`Claim 4 additionally recites the limitations that; "The method of Claim 1 wherein
`
`,
`
`said extracted malicious code packet is sent from
`
`said first computer system to
`
`said second computer system
`
`on a secure channel.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas the intrusion/attack detection/risk assessment/remediation that is embodied in
`
`multiple processing elements (i.e., first computer/second computer) system where the first to
`.
`.
`second extracted malicious code information clearly is transferred across the Internet _(i.e.,
`
`WWW) such that the secure (i.e., SSL, HTTPS) aspects of secure Web communications, clearly
`
`encompasses the claimed limitations as broadly interpreted by the examiner.) suggest such
`
`limitations.
`
`10.
`
`As per claim 5; "A method comprising:
`
`detecting an attack by
`
`malicious code on
`
`a first computer system [Abstract, figures 1-5 and associated descriptions,
`
`col. 2,lines 8-56, whereas a system utilizing predetermined policy based
`
`intrusion/attack detection/risk assessment/remediation that is embodied in
`
`multiple processing elements (i.e., first/second computer systems) configured in a
`
`network architecture, clearly encompasses the claimed limitations as broadly
`
`interpreted by the examiner.];
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 7
`
`creating an extracted malicious code packet including
`
`parameters associated with
`
`said malicious code [Abstract, figures 1-5 and associated descriptions, col.
`
`2,lines 8-56, whereas the intrusion/attack detection/risk assessment/remediation
`
`that is embodied in multiple processing elements (i.e., separate intrusion/attack
`
`detection (first computer) system versus the risk assessment/remediation (second
`
`computer) system where the first to second extracted malicious code information
`
`(i.e., malicious code and network node communications support/address
`
`parameters and associated protocol information) clearly is transferred in a coded
`
`packet), clearly encompasses the claimed limitations as broadly interpreted by the
`
`examiner.]; and
`
`sending said extracted malicious code packet from
`
`said first computer system to
`
`a second computer system [Abstract, figures 1-5 and associated
`
`descriptions, col. 2,lines 8-56, whereas the intrusion/attack detection/risk
`
`assessment/remediation that is embodied in multiple processing elements (i.e.,
`
`separate intrusion/attack detection (first computer) system versus the risk
`
`assessment/remediation (second computer) system where the first to second
`
`extracted malicious code information clearly is transferred in a coded packet),
`
`clearly encompasses the claimed limitations as broadly interpreted by the
`
`.
`] "
`exammer ...
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 8
`
`And further as per claim 28, this claim is an apparatus (system) claim for the method
`
`claim 5 above, and is rejected for the same reasons provided for the claim 5 rejection; "A
`
`computer system comprising:
`
`an intrusion prevention application for
`
`detecting an attack by malicious code on
`
`a first computer system;
`
`a host signature extraction application for
`
`creating an extracted malicious code packet including
`
`parameters associated with said malicious code; and
`
`said host signature extraction application further for
`
`sending said extracted malicious code packet from
`
`said first computer system to
`
`a second computer system.".
`
`11.
`
`Claim 6 additionally recites the limitations that; "The method of Claim 5 wherein
`
`prior to said sending, said method further comprising
`
`determining that said extracted malicious code packet is
`
`a new extracted malicious code packet.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect encompasses the initial (i.e., new)
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 9
`
`determination of an extracted malicious code/attack, clearly encompasses the claimed limitations
`
`as broadly interpreted by the examiner.) suggest such limitations.
`
`12.
`
`Claim 7 additionally recites the limitations that; "The method of Claim 5 wherein
`
`prior to said .se·nding, said method further comprising
`
`determining that a maximum number of extracted malicious code packets have
`
`not been sent from -
`
`said first computer system.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect encompasses the threshold (i.e.,
`
`maximum number) determination of an extracted malicious code/attack, clearly encompasses the
`
`claimed limitations as broadly interpreted by the examiner.) suggest such limitations.
`
`13.
`
`C.laim 8 additionally recites the limitatio·ns that; "The method of Claim 5 wherein
`
`said extracted malicious code packet is sentfrom
`
`said first computer system to
`
`said second computer system
`
`on a secure channel.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas the intrusion/attack detection/risk assessment/remediation that is embodied in
`
`multiple processing elements (i.e., first computer/second computer) system where the first to
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611 ,472
`.Art Unit: 2136
`
`Page 10
`
`second extracted malicious code information clearly is transferred across the Internet (i.e.,
`
`WWW) such that the secure (i.e., SSL, HTTPS)aspects of secure Web communications, clearly
`
`encompasses the claimed limitations as broadly interpreted by the examiner.) suggest such
`
`limitations.
`
`14.
`
`Claim 9 additionally recites the limitations that; "The method of Claim 5 further
`
`comprising
`
`determining whether said malicious code is sendable.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas the extracted malicious code information by virtue of the fact that it is extracted
`
`from a file/resident in memory/cache memory, and can be transferred to the second computer
`
`across the network (i.e., 'sendable'), clearly encompasses the claimed limitations as broadly
`
`interpreted by the examiner.) suggest such limitations.
`
`15.
`
`Claim 10 additionally recites the limitations that; "The me~hod of Claim 9 wherein
`
`upon a determination that said malicious code is sendable,
`
`said method further comprising
`
`extracting said malicious code from a memory location.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas the extracted malicious code information by virtue ofthe fact that it is extracted
`
`from a file/resident in memory ('from a memory location')/cache memory, and can be
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611 ,472
`Art Unit: 2136
`
`Page 11
`
`transferred to the second computer across the network (i.e., 'sendable'), clearly encompasses the
`
`claimed limitations as broadly interpreted by the examiner.) suggest such limitations.
`
`16.
`
`Claim 11 additionally recites the limitations that; "The method of Claim 10 wherein
`
`said extracting comprises
`
`copying or cutting said malicious code from
`
`said memory location.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas the extracted malicious code information by virtue of the fact that it is extracted (i.e.,
`
`'copying or cutting') from a file/resident in memory ('from a memory location')/cache memory,
`
`and can be transferred to the second computer acro~s the network (i.e., 'sendable'), clearly
`
`encompasses the claimed limitations as broadly interpreted by the examiner.) suggest such
`
`limitations.
`
`17.
`
`Claim 12 additionally recites the limitations that; "The method of Claim 10 further
`
`comprising
`
`appending said parameters to
`
`said malicious code after said extraction.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas the extracted malicious code information by virtue of the fact that it is extracted
`
`from a file/resident in memory ('from a memory location')/cache memory, and can be
`
`transferred to the second computer across the network (i.e., 'sendable' with associated
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`ArtUnit: 2136
`
`Page 12
`
`parameters), clearly encompasses the claimed limitations as broadly interpreted by the
`
`examiner.) suggest such limitations.
`
`18.
`
`Claim 13 additionally recites the limitations that; "The method of Claim 9 wherein
`
`upon a determination that said malicious code is not sendable,
`
`said method further comprising
`
`extracting a snippet of said malicious code from a· memory location.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas in the case of the extracted malicious code information not extractable in its entirety
`
`(i.e., the process of 'extracting a snippet') from memory ('from a memory location')/cache
`
`memory, and therefore is assessed as not a 'complete' risk so assessable/acknowledgeable by the
`
`second computer, clearly encompasses the claimed limitations as broadly interpreted by the
`
`examiner.) suggest such limitations.
`
`19.
`
`Claim 14 additionally recites the limitations that; "The method of Claim 13 wherein
`
`said extracting comprises
`
`copying or cutting a portion of said malicious code from
`
`said memory location.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas in the case of the extracted malicious code information not extractable in ·its entirety
`
`(i.e., the process of 'copying or cutting a portion of) from memory ('from a memory
`
`location')/cache memory, and therefore is assessed as not a 'complete' risk so
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 1 0/611 ,4 72
`Art Unit: 2136
`
`Page 13
`
`assessable/acknowledgeable by the second computer, clearly encompasses the claimed
`
`limitations as broadly interpreted by the examiner.) suggest such limitations ..
`
`20.
`
`Claim 15 additionally recites the limitations that; "The method of Claim 13 further
`
`comprising
`
`appending said parameters to
`
`said snippet after said extraction.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas in the case of the extracted malicious code information not extractable in its entirety
`
`(i.e., the process of 'copying or cutting a portion of) from memory ('from a memory
`
`location')/cache memory, and therefore is assessed as not a 'complete' risk so assessable (i.e.,
`
`parts of/the snippet/the parameters)/acknowledgeable by the second computer, clearly
`
`encompasses the claimed limitations as broadly interpreted by the examiner.) suggest such
`
`limitations.
`
`21.
`
`As per claim 16; "A method comprising:
`
`receiving an extracted malicious code packet from
`
`a first computer system with
`
`a second computer system [Abstract, figures 1-5 and associated
`
`descriptions, col. 2,lines 8-56, whereas the intrusion/attack detection/risk
`
`assessment/remediation that is embodied in multiple processing elements (i.e.,
`
`separate intrusion/attack detection (first computer) system versus the risk
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611 ,4 72
`Art Unit: 2136
`
`Page 14
`
`assessment/remediation (second computer, 'receiving an extracted malicious code
`
`packet ... ') system where the first to second extracted malicious code information
`
`clearly is transferred in a coded packet), clearly encompasses the claimed
`
`limitations as broadly interpreted by the examiner.]; and
`
`determining ~hether an attack threshold
`
`has been exceeded based upon
`
`said extracted malicious code packet [Abstract, figures 1-5 and associated
`
`descriptions, col. 2,lines 8-56, whereas a system utilizing predetermined policy
`
`based intrusion/attack detection/risk assessment/remediation is such that the risk
`
`assessment aspect encompasses the threshold (i.e., maximum number)
`
`determination of an extracted malicious code/attack, clearly encompasses the
`
`claimed limitations as broadly interpreted by the examiner.].".
`
`And further as per claim 29, this claim is an apparatus (system) claim for the method
`
`claim 16 above, and is rejected for the same reasons provided for the claim 16 rejection; "A
`
`computer system comprising:
`
`a local analysis center signature extraction application for
`
`receiving an extracted malicious code packet from
`
`a first computer system with
`
`a second computer system; and
`
`said local analysis center signature extraction application further for
`
`determining whether an attack threshold has been
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472.
`Art Unit: 2136
`
`Page 15
`
`exceeded based upon
`
`said extracted malicious code packet.". ·
`
`22.
`
`Claim 17 additionally recites the limitations that; "The method of Claim .16 wherein
`
`upon a determination that an attack threshold has been exceeded,
`
`said method further comprising
`
`delivering a signature update comprising
`
`a malicious code signature.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, and more particularly col. 2,lines 27-55, whereas the comparison of' ... a database of known
`
`vulnerabilities may then be updated based on risk assessment scan ... ' aspects of the
`
`intrusion/attack detection/risk assessment/remediation, clearly encompasses the claimed
`
`limitations as broadly interpreted by the examiner.) suggest such limitations.
`
`23.
`
`· Claim 18 additionally recites the limitations that; "The method of Claim 17 wherein
`
`said signature update is delivered to
`
`an intrusion detection system.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, and more particularly col. 2,lines 27-55, whereas the comparison of' ... a database of known
`
`vulnerabilities may then be updated [i.e., at the 'intrusion detection system'] based on risk
`
`assessment scan ... ' aspects of the intrusion/attack detection/risk assessment/remediation, clearly
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 1 0/611 ,4 72
`Art Unit: "2136
`
`Page 16
`
`encompasses the claimed limitations as broadly interpreted by the examiner.) suggest such
`
`limitations.
`
`24.
`
`Claim 19 additionally recites the limitations that; "The method of Claim 17 further
`
`comprising
`
`determining that a maximum number of signature updates have
`
`not been sent prior to said delivering a signature update.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-.
`
`56, and more particularly col. 2,lines 27-55, whereas the comparison of' ... a database of known
`
`vulnerabilities may then be updated [i.e., at the 'intrusion detection system'] based on risk
`
`assessment scan ... ' aspects of the intrusion/attack detection/risk assessment/remediation, clearly ·
`
`encompasses the claimed limitations as broadly interpreted by the examiner.) suggest such
`
`limitations.
`
`25.
`
`Claim 20 additionally recites the limitations that; "The method of Claim 17 further
`
`comprising
`
`creating said signature update.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, and more particularly col. 2,lines 27-55, whereas the comparison of' ... a database of known
`
`vulnerabilities may then be updated [i.e., at the 'intrusion detection system'] based on risk
`
`assessment scan ... ' aspects of the intrusion/attack detection/risk assessment/remediation, clearly
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 17
`
`encompasses the claimed limitations as broadly interpreted by the examiner.) suggest such
`
`limitations.
`
`26.
`
`Claim 21 additionally recites the limitations that; "The method of Claim 16 wherein
`
`said extracted malicious code packet includes
`
`a malicious code signature, and
`
`wherein upon a determination that said attack threshold has been exceeded,
`
`said method further comprising
`
`delivering said malicious code signature to
`
`a global analysis center.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect (i.e., at the risk assessment
`
`network element 'a global analysis center') encompasses the threshold (i.e., maximum number)
`
`determination of ap extracted malicious code/attack, clearly encompasses the claimed limitations
`
`as broadly interpreted by the examiner.) suggest such limitations.
`
`27.
`
`Claim 22 additionally recites the limitations that; "The method of Claim 21 further
`
`comprising
`
`determining that a maximum number of malicious code signatures have
`
`not been sent prior to
`
`said delivering said malicious code signature.".
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 18
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect encompasses the threshold (i.e.,
`
`maximum number) determination of an extracted malicious code/attack, clearly encompasses the
`
`claimed limitations as broadly interpreted by the examiner.) suggest such limitations. ·
`
`28.
`
`Claim 23 additionally recites the limitations that; "The method of Claim 21 further
`
`comprising
`
`. extracting said malicious code signature from
`
`said extracted malicious code packet.".
`
`The teachings ofMagdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect encompasses the extracted
`
`malicious code packet determination of an extracted malicious code/attack, clearly encompasses
`
`the claimed limitations as broadly interpreted by the examiner.) suggest such limitations.
`
`29.
`
`Claim 24 additionally.recites the limitations that; "The method of Claim 16 further
`
`comprising
`
`determining whether said extracted malicious code packet includes
`
`a malicious code signature,
`
`wherein upon a determination that said extracted malicious code packet
`
`does not include a malicious code signature, said method further comprising
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 1 0/611 ,4 72
`Art Unit: 2136
`
`Page 19
`
`extracting a malicious code signature from
`
`said extracted malicious code packet.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect encompasses the extracted
`
`malicious code packet determination of an extracted malicious code/attack, clearly encompasses
`
`the claimed limitations as broadly interpreted by the examiner.) suggest such limitations.
`
`30.
`
`Claim 25 additionally recites the limitations that; "The method of Claim 16 wherein
`
`upon a determination that
`
`said attack threshold has been exceeded,
`
`said method further comprising
`
`delivering said extracted malicious code packet to
`
`a global analysis center.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect (i.e., at the risk assessment
`
`network element 'a global analysis center') encompasses the threshold (i.e., maximum number)
`
`determination of an extracted malicious code/attack, clearly encompasses the claimed limitations
`
`as broadly interpreted by the examiner.) suggest such limitations.
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611,472
`Art Unit: 2136
`
`Page 20
`
`31.
`
`Claim 26 additionally recites the limitations that; "The method of Claim 25 further
`
`comprising
`
`determining that a maximum number of extracted malicious code packets
`
`have not been sent prior to
`
`said delivering said extracted malicious code packet.".
`
`The teachings of Magdych et al (Abstract, figures 1-5 and associated descriptions, col. 2,lines 8-
`
`56, whereas a system utilizing predetermined policy based intrusion/attack detection/risk
`
`assessment/remediation is such that the risk assessment aspect (i.e., at the risk assessment
`
`network element 'a global analysis center') encompasses the threshold (i.e., maximum number)
`
`determination of an extracted malicious code/attack, clearly encompasses the claimed limitations
`
`as broadly interpreted by the examiner.) suggest such limitations.
`
`Zscaler Exhibit 1003
`Zscaler v. Symantec, IPR 2017-01345
`
`
`
`Application/Control Number: 10/611 ,472
`.
`Art Unit: 2136
`
`\
`
`Page 21
`
`Conclusion
`
`32.
`
`Any inquiry concerning this communication or earlier communications from ex
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
