AirWatch LLCDownload PDFPatent Trials and Appeals BoardSep 10, 20212020002241 (P.T.A.B. Sep. 10, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 16/019,847 06/27/2018 SACHIN VAS W150.D1 (500102-1911) 9282 152577 7590 09/10/2021 Thomas | Horstemeyer, LLP (VMW) 3200 Windy Hill Road, SE Suite 1600E Atlanta, GA 30339 EXAMINER HERZOG, MADHURI R ART UNIT PAPER NUMBER 2438 NOTIFICATION DATE DELIVERY MODE 09/10/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): docketing@thomashorstemeyer.com ipadmin@vmware.com uspatents@thomashorstemeyer.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte SACHIN VAS, RAMANI PANCHAPAKESAN, VIJAYKUMAR BHAT, and SUSHILVAS VASAVAN ____________ Appeal 2020-002241 Application 16/019,847 Technology Center 2400 ____________ Before JOHN A. JEFFERY, DENISE M. POTHIER, and STEVEN M. AMUNDSON, Administrative Patent Judges. POTHIER, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellant1,2 appeals under 35 U.S.C. § 134(a) from the rejection of claims 1–5 and 7–21. We AFFIRM. 1 Throughout this opinion, we refer to the Final Office Action (Final Act.) mailed April 8, 2019, the Appeal Brief (Appeal Br.) filed September 20, 2019, the Examiner’s Answer (Ans.) mailed November 25, 2019, and the Reply Brief (Reply Br.) filed January 27, 2020. 2 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies the real party in interest as AirWatch, LLC, which is a subsidiary of VMware, Inc. Appeal Br. 2. Appeal 2020-002241 Application 16/019,847 2 Appellant’s invention relates to “authentication. In one example, a user can gain access to secured data stored by a managed device based on the presence of the minimum quantity of other users within a threshold proximity of the user who desires access.” See Spec., Abstract. Examples of a threshold proximity may involve “locations of the respective client devices,” “the distances between the client device[s],” or users are “in the same room, on the same floor, in the same building, within a five-mile radius, or meet other presence criteria.” Id. ¶ 54. Independent claim 1 reads as follows: 1. A method, comprising: receiving an access request from a first user to access secured data stored in an encrypted state on a first computing device; determining that access by the first user to the secured data requires that a minimum quantity of a set of second users be within a threshold proximity of the first computing device, wherein the minimum quantity comprises at least two second users; determining a location of the first computing device; determining respective locations of a plurality of second computing devices individually associated with the set of second users; determining that the minimum quantity of the set of second users are within the threshold proximity based at least in part on the location and the respective locations of the plurality of second computing devices; decrypting the secured data in response to determining that the minimum quantity of the set of second users are within the threshold proximity; and facilitating access by the first user to the decrypted secured data. Appeal Br. 20 (Claims App.). Appeal 2020-002241 Application 16/019,847 3 We have reviewed the Examiner’s rejection in light of Appellant’s arguments presented in this appeal. Arguments which Appellant could have made, but did not make in the Brief are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(iv) (2016). On the record before us, we are unpersuaded the Examiner has erred. OBVIOUSNESS REJECTION OVER WALLER AND ZIRAKNEJAD Claims 1, 3–5, 7, 11, 13–16, and 18–20 are rejected under 35 U.S.C. § 103 as being unpatentable over Waller (US 2011/0040967 A1, published Feb. 17, 2011) and Ziraknejad (US 9,876,788 B1, issued Jan. 23, 2018 and filed Jan. 23, 2015). The Examiner finds that Waller teaches many of its features, including receiving an access request from a first user to access secured data on a first computing device, decrypting the secured data, and facilitating access by the user to the secured data. Final Act. 3–4 (citing Waller ¶¶ 61–63). The rejection turns to Ziraknejad, in combination with Waller, to teach the remaining features, including determining access by the first user to the secured data by requiring a minimum quantity of at least two second users to be within a threshold proximity of the first computing device, determining the location of first and second users’ computing devices, determining the minimum quantity of second users are within the threshold proximity based on the respective locations, and decrypting the secured data in response to determining the minimum quantity of second users are within the threshold proximity. Id. at 4–7 (citing Ziraknejad 7:65– 8:1, 31:5–25, 31:29–45, 32:6–45, 33:15–28). Appellant argues Ziraknejad does not teach or suggest the “determining that access by the first user to the secured data requires that a Appeal 2020-002241 Application 16/019,847 4 minimum quantity of a set of second users be within a threshold proximity of the first computing device, wherein the minimum quantity comprises at least two second users” step in claim 1. Appeal Br. 5–8. Specifically, Appellant argues that Ziraknejad requires only a single witness or user—not at least two users as recited—to be located within a threshold distance of another user for authentication. Id. at 6–7 (citing Ziraknejad 31:16–20, 32:33–47); see also Reply Br. 5–8. Appellant argues independent claims 1, 11, and 16 separately (see Appeal Br. 5–13), but the arguments presented for each claim are similar (compare id. at 5–8, with id. at 8–13). Additionally, dependent claims 4, 7, 14, and 19 are not separately argued. See id. at 5–13. We select claim 1 as representative. See 37 C.F.R. § 41.37(c)(1)(iv). ISSUE Under § 103, has the Examiner erred in rejecting claim 1 by finding that Waller and Ziraknejad would have taught or suggested “determining that access by the first user to the secured data requires that a minimum quantity of a set of second users be within a threshold proximity of the first computing device, wherein the minimum quantity comprises at least two second users” (the disputed “determining” step)? LEGAL PRINCIPLES To support the conclusion that the claimed invention is directed to obvious subject matter, either the references must expressly or impliedly suggest the claimed combination or the examiner must present a convincing line of reasoning as to why the artisan would have found the claimed invention to have been obvious in light of the teachings of the references. Appeal 2020-002241 Application 16/019,847 5 In re Oetiker, 977 F.2d 1443, 1448 (Fed. Cir. 1992) (quoting Ex parte Clapp, 227 USPQ 972, 973 (BPAI 1985)). “As our precedents make clear, . . . the analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). ANALYSIS Claims 1, 4, 7, 11, 14, 16, and 19 Based on the record before us, we find no error in the Examiner’s rejection of claim 1. The Examiner relies on Ziraknejad to teach the disputed “determining” step. Final Act. 4. We thus confine our discussion to Ziraknejad. Notably, “the name of the game is the claim.” In re Hiniker Co., 150 F.3d 1362, 1369 (Fed. Cir. 1998). Claim 1 recites that the disputed “determining” step “requires that a minimum quantity of a set of second users be within a threshold proximity of the first computing device” and “the minimum quantity comprises at least two second users.” Appeal Br. 20 (Claims App.) (emphasis added). On the other hand, to support a conclusion of obviousness, Ziraknejad need only suggest expressly or implicitly the disputed “determining” step, which recites determining that access by a first user to secured data requires that a minimum of at least two “second users be within a threshold proximity of the first computing device” as claim 1 recites. See Oetiker, 977 F.2d at 1448. Appeal 2020-002241 Application 16/019,847 6 Turning to Ziraknejad, this reference teaches receiving a request to perform an action (e.g., access to secured data) from a first user that requires authentication. Ziraknejad 31:7–10. Ziraknejad further teaches the one or more conditions may include a requirement that authentication occur while a witness is located within a threshold distance of the first user. See id. at 31:15–32. Ziraknejad explains a computing system (e.g., 102) determines that the second electronic device is within a threshold distance of the first user (id. at 32:6–8) by identifying a second user as a witness based on location data (id. at 32:31–33). These passages in Ziraknejad teach only one witness or a second user is “within a threshold proximity of the first computing device.” Nonetheless, Ziraknejad further discusses the process “may identify one or more electronic devices that are in communication with the computing system” (Ziraknejad 32:31–33 (emphasis added)), “may determine which devices are associated with a user authorized to be a witness” (id. at 32:34–35 (emphasis added)), and “may select multiple electronic devices” (id. at 32:43 (emphasis added)) that are “[f]rom the subset associated with a user authorized as a witness” (id. at 32:38–39) and are “within a particular distance threshold from the first electronic device” (id. at 32:40–41) “to serve as witnesses” (see id. at 32:43–45 (emphases added)). These further discussions teach or at least suggest that the system determines, in some disclosed embodiments, access by the first user to secured data needs or “requires” at least two “second users be within a threshold proximity of the first computing device” (e.g., selecting multiple electronic Appeal 2020-002241 Application 16/019,847 7 devices from the subset of authorized witnesses/users that are within a particular distance threshold from the first electronic device to be witnesses). See id. at 32:31–45; see also KSR, 550 U.S. at 417 (“If a person of ordinary skill can implement a predictable variation, § 103 likely bars its patentability.”) Moreover, accounting for the inferences and creative steps that an ordinarily skilled artisan would have employed upon reading the above passages discussing selecting multiple electronic devices or witnesses to authenticate a user (see Ziraknejad 31:7–10, 32:31–45), Ziraknejad at least suggests “determining that access by the first user to the secured data requires that” at least two “second users be within a threshold proximity of the first computing device” as claim 1 recites. For the foregoing reasons, Appellant has not persuaded us of error in the rejection of independent claim 1 and claims 4, 7, 11, 14, 16, and 19, which are not argued separately. Claims 3, 13, and 18 Claim 3 depends from claim 1 and further recites “comprising communicating with a management server to determine the respective locations of the plurality of second computing devices.” Appeal Br. 21 (Claims App.). Dependent claims 13 and 18 recite similar recitations. Id. at 23, 25 (Claims App.). The Examiner relies on Ziraknejad to teach claim 3’s features. Final Act. 7 (citing Ziraknejad 32:10–30). Appellant argues the cited passage of Ziraknejad does not teach “communicating with a management server” as claim 3 requires. Appeal Br. 13–14. We are not persuaded. Appeal 2020-002241 Application 16/019,847 8 As the Examiner explains (see Ans. 5), Ziraknejad teaches in column 32 a computing system that receives location data of the first and second electronic devices in order to determine whether a particular second electronic device is within a threshold distance of the first user. See Ziraknejad 32:6–10. Ziraknejad explains the location data can include GPS coordinates, data indicating communication with a location beacon, or data indicating direct communication of the first and second electronic devices through a short-range communication channel. Id. at 32:10–28; see id. at 10:44–61, cited in Ans. 5. Ziraknejad further explains a credential management application is used in some embodiments to send location data to a credential server system to determine (1) whether one electronic device (e.g., 104) is located near another (e.g., 102) and (2) a potential witness. Id. at 10:61–11:5, Figs. 1–2. Appellant does not respond to this explanation in the Reply Brief. See generally Reply Br. Thus on the record, Ziraknejad teaches or suggests “comprising communicating with a management server to determine the respective locations of the plurality of second computing devices” as claim 3 recites. In sum, we find no error in the Examiner’s rejection of claims 3, 13, and 18. Claims 5, 15, and 20 Claim 5 depends from claim 1 and further recites “the plurality of second computing devices are determined to be within the threshold proximity when direct communication between the first computing device and the plurality of second computing devices by way of a local wireless connection is successful.” Appeal Br. 21 (Claims App.). The Examiner relies on Ziraknejad to teach claim 5’s features. Final Act. 8 (citing Appeal 2020-002241 Application 16/019,847 9 Ziraknejad 32:10–30). Appellant argues the cited passage of Ziraknejad does not address “[d]etermining whether the ‘direct communication’ is ‘successful’ . . . .” Appeal Br. 15; see id. at 14–15. We are not persuaded. The phrase “when direct communication between the first computing device and the plurality of second computing devices by way of a local wireless connection is successful” in claim 5 (emphasis added) is a conditional limitation. That is, our emphasis on the term “when” underscores that the limitation specifies a condition under which the recited “determining” the second computing devices are “within the threshold proximity” occurs, namely when the direct communication between the first and second electronic devices through a local wireless connection is successful. Notably, conditional limitations need not be met to satisfy a method claim. See Ex parte Schulhauser, Appeal 2013-007847 (PTAB Apr. 28, 2016) (precedential), at 6–10, 14–153; see also Cybersettle, Inc. v. Nat’l Arbitration Forum, Inc., 243 F. App’x 603, 607 (Fed. Cir. 2007) (unpublished) (indicating the Federal Circuit has held that “[i]f the condition for performing a contingent step is not satisfied, the performance recited by the step need not be carried out in order for the claimed method to be performed”); Applera Corp. – Applied Biosystems Grp. v. Illumina, Inc., 375 F. App’x 12, 21 (Fed. Cir. 2010) (unpublished) (affirming a method claim’s 3 Although the limitations at issue in Schulhauser were rendered conditional by reciting the term “if,” we discern no meaningful distinction between the recitations of “if” or “when” in this context. See MERRIAM-WEBSTER’S COLLEGIATE® DICTIONARY 1346 (10th ed. 1993) (def. 2) (defining “when,” in pertinent part, as “in the event that: IF”). Appeal 2020-002241 Application 16/019,847 10 interpretation as including a step that need not be practiced if the condition for practicing the step is not met). As such, Ziraknejad does not need to disclose “[d]etermining whether the ‘direct communication’ is ‘successful’” to satisfy claim 5 as Appellant asserts. Appeal Br. 15. However, the same cannot be said for claims 15 and 20, which recite (1) a system having a first computing device with a processor for executing instructions that cause a first computing device to perform certain functions (due to its dependency on claim 11) and (2) a non-transitory computer- readable medium storing executable instructions that cause a first computing device to perform certain functions (due to its dependency on claim 16) respectively. See Appeal Br. 22–25 (Claims App.). These claims include structure that is capable of performing a step commensurate to claim 5 when the condition is satisfied. See id. That is, claims 15 and 20 still require structure for performing these functions should the condition occur. See Schulhauser at 6–10, 14–15; see also the Manual of Patent Examining Procedure (MPEP) § 2111.04 (II) (9th ed. Rev. 10.2019, rev. June 2020) (citing Schulhauser). Nevertheless, we see no error in the Examiner’s reliance on Ziraknejad for at least suggesting the limitations of claims 5, 15, and 20 even if the recited “when direct communication between the first computing device and the plurality of second computing devices by way of a local wireless connection is successful” had to be satisfied to meet the claim, which it does not for claim 5. The Specification discusses a client device (e.g., 106) can have a wireless interface (e.g., 139) that facilitates communication with other client devices using a local wireless network (e.g., 113). Spec. ¶ 27. The Specification also discusses a client device is Appeal 2020-002241 Application 16/019,847 11 equipped with networking interfaces, including localized networking or communication capabilities, such as radio-frequency identification (RFID) and near-field communications (NFC) capabilities. Id. Thus, construing the phrase “direct communication . . . by way of a local wireless connection is successful” in light of the disclosure, the mere establishment of a local wireless connection between the first and second computing devices, even if transitory, is a “successful” direct communication as broadly as the claims recite. As previously discussed, Ziraknejad teaches location data may include “data indicating direct communication of the first and second electronic devices through a short-range communication channel” (Ziraknejad 32:14– 16), which indicates or concerns the devices in direct communication. See id. Ziraknejad also teaches or suggests that the devices have Bluetooth, Wi- Fi, RFID, and NFC capabilities (see id. at 10:47–49, 17:26–33) and may directly communicate by way of a local wireless connection (e.g., a short- range communication channel). See id. at 32:14–16; see also Ans. 7–8. Thus, accounting for the inferences and creative steps that an ordinarily skilled artisan would have employed upon reading Ziraknejad, such an artisan would have recognized Ziraknejad’s location data in the above- discussed embodiments used to determine when electronic devices are within a threshold distance (e.g., threshold proximity) of each other (see Ziraknejad 32:6–20) occurs if and when the direct communication between the first and second devices has been established. See id. As such, whether or not Ziraknejad inherently discloses that a direct communication was successful (see Ans. 8), Ziraknejad at least suggests the disputed “the plurality of second computing devices are determined to be Appeal 2020-002241 Application 16/019,847 12 within the threshold proximity when direct communication between the first computing device and the plurality of second computing devices by way of a local wireless connection is successful” in claims 5, 15, and 20. Based on the record before us, we find no error in the Examiner’s rejection of representative claims 5, 15, and 20. OBVIOUSNESS REJECTION OVER WALLER, ZIRAKNAJED, AND KERN Claims 8 and 9 are rejected under 35 U.S.C. § 103 as being unpatentable over Waller, Ziraknejad, and Kern (US 2007/0255943 A1, published Nov. 1, 2007). Final Act. 9–12. Appellant argues claims 8 and 9 as a group. Appeal Br. 16–17. We select claim 8 as representative. See 37 C.F.R. § 41.37(c)(1)(iv). Claim 8 depends from claim 1 and further recites “comprising receiving an incorrect security credential from the first user before determining that access by the first user to the secured data requires that the minimum quantity of the set of second users be within the threshold proximity of the first computing device.” Appeal Br. 21 (Claims App.). The rejection relies on the teachings of Kern, in combination with Waller and Ziraknejad, to teach this limitation. Final Act. 10–11 (citing Kern ¶¶ 10, 33, 38, 40, 42). Appellant first refers to the arguments presented for claim 1, contending that claims 8 and 9 are patentable for the same reasons. Appeal Br. 16. We are not persuaded for reasons previously discussed. Appellant additionally argues Kern fails to teach its provided indication that the password is lost or forgotten “is the same as ‘receiving an incorrect security credential’” as claim 8 recites and the credential recovery Appeal 2020-002241 Application 16/019,847 13 process in Kern does not involve proximity of users. Appeal Br. 16–17; Reply Br. 9. Appellant further argues the motivation to combine Kern with Waller and Ziraknejad involves successfully verifying the user and being in proximity, “not merely being in proximity.” Appeal Br. 17. For this reason, Appellant contends “[t]here is no motivation to short cut the identity verification in Kern” and thus the combination does not “arrive at the claimed embodiments.” Id. MAIN ISSUE Under § 103, has the Examiner erred in rejecting claim 8 by determining that Waller, Ziraknejad, and Kern collectively would have taught or suggested “comprising receiving an incorrect security credential from the first user” as recited? ANALYSIS Based on the record, we are not persuaded of error. Appellant’s arguments focus on the recited “comprising receiving an incorrect security credential from the first user” recitation in claim 8. See Appeal Br. 16–17. We thus confine our discussion to this phrase. Kern teaches a user can provide an indication that they have lost or forgotten a password. Kern ¶ 33; see also id. ¶ 49, Figs. 2, 6 (step 120). Although not expressly discussing that the user attempted and failed to provide the correct password, this indication request at least suggests to an ordinarily skilled artisan that, in some scenarios, a user attempted to enter a correct password and was unsuccessful prior to providing the lost/forgotten password indication. See id. ¶¶ 33, 49, Figs. 2, 6. Additionally, the Appeal 2020-002241 Application 16/019,847 14 Examiner finds “[a] user indicating a lost or forgotten password by clicking on a lost or forgotten password link after the user attempts to login using an incorrect password is a well-known procedure to one of ordinary skill in the art.” Ans. 9.4 We agree and note that many users attempt to enter a password when requested, discover the password is wrong or incorrect, and then request assistance (e.g., send an indication that they have forgotten their password to an administrator). Thus, we find the Examiner’s position reasonable. Also, Appellant fails to rebut this finding and conclusion in the Reply Brief. See generally Reply Br. Appellant next contends Kern does not involve proximity of users. Appeal Br. 16. However, this argument attacks Kern individually without considering what Waller, Ziraknejad, and the proposed combination of Waller/Ziraknejad/Kern further teach to one skilled in the art. See In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986). As previously explained, in the combination as proposed, Ziraknejad teaches determining whether users (e.g., through their electronic devices) are within proximity of each other. Regarding the contention that the rejection provides no motivation to combine Kern with Waller and Ziraknejad (Appeal Br. 17), we are not persuaded. Regardless of whether Kern or the Waller/Ziraknejad/Kern combination teaches that a successful verification involves both user and proximity verifications, these references do not fail to teach the recited “comprising receiving an incorrect security credential” as claim 8 recites. In 4 Notably, the Examiner refers to “Saylor” (Ans. 8–10) but cites to paragraph found in Kern (see id.). We thus determine the references to Saylor are typographical errors. Appeal 2020-002241 Application 16/019,847 15 particular, the transitional term “comprising” in both claims 1 and 8 is an open-ended term that does not exclude other forms of verification from being performed5 and thus, does not exclude the prior art from teaching and performing additional verification steps contrary to Appellant’s arguments. See id. Moreover, the combination as proposed does not “short cut” the identity verification process in Kern as argued. See Appeal Br. 17. Both Waller and Ziraknejad teach user authentication may involve a password and biometrics. See Waller ¶ 66; Ziraknejad 1:18–23. The rejection proposes to include Kern’s security credential process with the Waller/Ziraknejad combination in order to automate a password recovery process and to prevent an administrator from obtaining a user’s access credentials. See Final Act. 10–11 (citing Kern ¶ 10). Such a combination would have resulted predictably in a process that includes an automated recovery process for credentials and prevents administrators from obtaining credentials, thus decreasing the scope of vulnerability. See Final Act. 11 (citing Kern ¶ 10); see also Ans. 10 (citing Kern ¶¶ 10–11). For the foregoing reasons, Appellant has not persuaded us of error in the rejection of claims 8 and 9. 5 “‘Comprising’ is a term of art used in claim language which means that the named elements are essential, but other elements may be added and still form a construct within the scope of the claim.” Genentech, Inc. v. Chiron Corp., 112 F.3d 495, 501 (Fed. Cir. 1997) (citation omitted). Appeal 2020-002241 Application 16/019,847 16 OBVIOUSNESS REJECTION OVER WALLER, ZIRAKNAJED, AND YANG Claim 21 is rejected under 35 U.S.C. § 103 as being unpatentable over Waller, Ziraknejad, and Yang (US 2015/0363607 A1, published Dec. 17, 2015 and filed June 12, 2015). Claim 21 depends from claim 1 and further recites “comprising erasing the decrypted secured data from the first computing device in response to receiving a command from a management service.” Appeal Br. 26 (Claims App.). The rejection relies on the teachings of Yang, in combination with Waller and Ziraknejad, to disclose this feature. Final Act. 14–15 (citing Yang ¶¶ 57, 90, 243). Appellant argues Yang does not teach or suggest the recited “in response to receiving a command from a management service” in claim 21. Appeal Br. 18–19 (citing Yang ¶¶ 90, 243); Reply Br. 10. This argument is unavailing. The Specification describes a computing environment (e.g., 109) can execute a management service (e.g., 118). Spec. ¶ 12, Fig. 1. The Specification explains that the management service can manage or oversee the operation of multiple client or users devices (e.g., 106) within an enterprise environment and may involve the client’s operating system. Id. ¶¶ 12–15. As such and without importing embodiments from the disclosure into claim 21, the phrase “management service” in light of the disclosure includes a program that manages or oversees the operations of client devices. Turning to Yang, this reference teaches some embodiments include a Q-Agent (e.g., 104) that stores decrypted files in memory and may erase the decrypted file from a first device (e.g., 102a) once the first user closes a file Appeal 2020-002241 Application 16/019,847 17 or ceases to access the Q-Agent. Yang ¶ 90, Fig. 1. Yang further explains the Q-Agent is an application that can be installed on each device. See id. ¶ 62, Fig. 1. Thus, one skilled in the art would have recognized Yang’s Q- Agent is a program. Additionally, because Yang teaches its Q-Agent performs the function of erasing decrypted files from a user device (id. ¶ 90), Yang suggests to one skilled in the art that the Q-Agent sends instructions (e.g., a command) to erase the decrypted file to the relevant parts of the user device and thus manages a client device operation. See id. Despite contentions to the contrary (see Reply Br. 10), we thus conclude Yang, when combined with Waller’s and Ziraknejad’s teachings, suggests erasing decrypted secured data from the first computing device “in response to receiving a command from a management service” as claim 21 recites. Also, regardless of whether or not the feature of erasing decrypted data from a computing device in response to a command is inherent in Yang (see Ans. 12), we explained above how Yang at least suggests this feature recited in claim 21. Moreover, the rejection itself relies on what Yang teaches or suggests, rather than inherency, in formulating the obviousness rejection. See Final Act. 14–15. For the foregoing reasons, Appellant has not persuaded us of error in the rejection of claim 21. OBVIOUSNESS REJECTIONS OVER WALLER, ZIRAKNAJED, AND SAYLOR AND WALLER, ZIRAKNAJED, AND MOLOIAN Claims 2, 12 and 17 are rejected under 35 U.S.C. § 103 as being unpatentable over Waller, Ziraknejad, and Saylor (US 9,378,386 B1, issued Appeal 2020-002241 Application 16/019,847 18 June 28, 2016 and filed Mar. 13, 2014). Final Act. 9 (citing Saylor 6:5–30, 10:27–35). Claim 10 is rejected under 35 U.S.C. § 103 as being unpatentable over Waller, Ziraknejad, and Moloian (US 2016/0078203 A1, published Mar. 17, 2016 and filed Sept. 11, 2014). Final Act. 12–14 (citing Ziraknejad 31:29–45; Moloian ¶¶ 2, 5). For claims 2, 10, 12, and 17, Appellant contends these claims are patentable “for at least the same reasons as the independent claim[s] from which they depend.” Appeal Br. 15; see id. at 18. We are not persuaded and sustain the rejections of claims 2, 10, 12, and 17 for reasons previously discussed. DECISION In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1, 3–5, 7, 11, 13–16, 18–20 103 Waller, Ziraknejad 1, 3–5, 7, 11, 13–16, 18–20 2, 12, 17 103 Waller, Ziraknejad, Saylor 2, 12, 17 8, 9 103 Waller, Ziraknejad, Kern 8, 9 10 103 Waller, Ziraknejad, Moloian 10 21 103 Waller, Ziraknejad, Yang 21 Overall Outcome 1–5, 7–21 Appeal 2020-002241 Application 16/019,847 19 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Copy with citationCopy as parenthetical citation