2019005109 (P.T.A.B. Jan. 4, 2021)

Amazon Technologies, Inc.

Patent Trials and Appeals BoardJan 4, 2021

2019005109 (P.T.A.B. Jan. 4, 2021)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/172,750 06/03/2016 JESPER M. JOHANSSON 170103-1102 1587 71247 7590 01/04/2021 Client 170101 c/o THOMAS HORSTEMEYER, LLP 3200 WINDY HILL RD SE SUITE 1600E ATLANTA, GA 30339 EXAMINER AMBAYE, SAMUEL ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 01/04/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): docketing@thomashorstemeyer.com uspatents@tkhr.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parteJESPER M. JOHANSSON Appeal 2019-005109 Application 15/172,750 Technology Center 2400 BEFORE LARRY J. HUME, JENNIFER L. McKEOWN, and MATTHEW J. McNEILL, Administrative Patent Judges. MCKEOWN, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1–20. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM-IN-PART. 1 We use the word Appellant to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies the real party in interest as Amazon Technologies, Inc. Appeal Br. 2. Appeal 2019-005109 Application 15/172,750 2 CLAIMED SUBJECT MATTER The claims are directed to an authentication manager. For example, in one embodiment: the authentication manager performs an identity verification on a network site. The authentication manager determines that a particular portable data store is present in the client computing device, and then reads a security credential from the particular portable data store. The authentication manager automatically sends data encoding the security credential to the network site. Abstract. Claims 1 and 9, reproduced below, are illustrative of the claimed subject matter: 1. A system, comprising: a client computing device; and an authentication manager executable in the client computing device, wherein when executed the authentication manager causes the client computing device to at least: perform an identity verification on a network site; determine that a particular portable data store is present in the client computing device; read a security credential from the particular portable data store; and automatically send data encoding the security credential to the network site. 9. A method, comprising: receiving, via an authentication manager executed by a client, a configuration file including a security credential specification for a network site, the configuration file further Appeal 2019-005109 Application 15/172,750 3 including a description of an interface of an authentication endpoint; extracting, via the authentication manager executed by the client, a maximum credential length and a character set from the security credential specification; and automatically generating, via the authentication manager executed by the client, a security credential for the network site based at least in part on the maximum credential length and the character set allowed by the security credential specification. REFERENCES The prior art relied upon by the Examiner as evidence is: Name Reference Date Sharif US 2010/0037303 A1 Feb. 11, 2010 Grajek US 2010/0217975 A1 Aug. 26, 2010 RoboForm Reference Manual, Siber Systems, Inc. 2007–2013 REJECTIONS The Examiner rejected claims 1–8 under 35 U.S.C. 103 as unpatentable over Grajek and Sharif. Final Act. 4–8. The Examiner rejected claims 9–20 under 35 U.S.C. 103 as unpatentable over Sharif and RoboForm Reference Manual. Final Act. 8–14. OPINION THE OBVIOUSNESS REJECTION BASED ON GRAJEK AND SHARIF Claims 1–8 Appellant argues that Sharif fails to teach or suggest “determine that a particular portable data store is present in the client computing device” and “read a security credential from the particular portable data store,” as recited Appeal 2019-005109 Application 15/172,750 4 in claim 1. Appellant contends “Sharif also does not explicitly disclose that ‘storing the generated username and password such that it can be recalled by the computing system for future authentication at the application or website’ (¶ [0059]) includes reading from a portable data store.” Appeal Br. 5–6. Appellant also asserts that although Sharif discloses recalling a generated username and password for future authentication, Sharif does not determine that a generated username and password or present or determining they are present on a particular portable data store. Id. Appellants also assert that, because Sharif describes storing the username and password on both client and portable computing devices, Sharif does not teach reading from a particular portable data store. Reply Br. 5. We find these arguments unpersuasive. The Specification describes, “The portable data store 118 may comprise, for example, a universal serial bus (USB) flash storage device, a solid-state storage device, a portable hard disk, a floppy disk, an optical disc, and/or other portable storage devices.” Spec. ¶ 24. The Specification further describes portable data store 118 may be configured to store account data 163, including, for example, security credentials used to access various network sites 140 or network pages 145, information regarding authentication endpoints 139, and/or other information. Spec. ¶ 25. The Specification further describes that an authentication manager may authenticate a user by, for example, considering the presence of the portable data store at the client. Spec. ¶ 41. As such, the Specification broadly describes the claimed particular data store and does not limit the manner of determining whether the particular portable data store is present. Appeal 2019-005109 Application 15/172,750 5 Sharif is directed to creating and saving a digital identity and then using that information to fill in a form of a website. Abstract. As the Examiner points out, Sharif expressly describes storing information, such as a username and password, on a client computing system, a portable computing device, or a portable storage media, for example, flash memory or smart card. Sharif ¶ 60. Sharif also describes automatically generating a username and password and storing the username and password for future authentication. Sharif ¶ 61. In other words, a skilled artisan would then understand at the time of the future authentication, Sharif teaches determining a particular portable data store is present, for example by accessing the particular portable data store, and reading the username and password from the particular portable data store, as required by the claims. Thus, we are not persuaded that Sharif fails to teach or suggest these limitations. Appellant also argues the Examiner fails to support sufficiently the combination of Sharif and Grajek. Appeal Br. 7–8; Reply Br 5. Specifically, Appellant contends: Sharif in view of Grajek does not provide a reason why a POSITA seeking to use the generated username and password pair “on any computer which the user has occasion to access” would modify the cited reference to “determin[e] that a particular portable data store is present,” as recited in claim 1. See, e.g., Sharif, [0060]. Appeal Br. 8. According to Appellant, Grajek already contemplates specialized hardware in other contexts but not in relationship to transmitting the user identifier and password to the authentication server. Appeal Br. 8. Appellant, though, fails to address the rejection as presented by the Examiner. The Examiner, generally, relies on Sharif as teaching storing Appeal 2019-005109 Application 15/172,750 6 account information, including security credentials, in a particular portable data store for future authentication. See Final Act. 5. Sharif also expressly discloses that including a portable storage media such as flash memory or a portable device such as a smart card allows the stored information to be used on any computer which the user has occasion to access. Final Act. 5 (citing Sharif ¶ 60). As such, a skilled artisan at the time of the invention would have been motivated to include a particular portable data store, as disclosed in Sharif, to the system of Grajek such that the generated username and password pair could be used from any computer the user can assess. Based on the record before us, Appellant does not persuasively identify error in the Examiner’s determination of obviousness. Accordingly, we affirm the Examiner’s rejection of claims 1–8 as unpatentable over Sharif and Grajek. THE OBVIOUSNESS REJECTION BASED ON SHARIF AND ROBOFORM REFERENCE MANUAL Claims 9–20 Appellant argues that Grajek and Sharif fail to teach or suggest a “configuration file further including a description of an interface of an authentication endpoint,” as required by independent claims 9 and 18. Reply Br. 6, 9–10. For example, Appellant asserts: Paragraph [0056] of Sharif states that "the username and password specification may be contained in the form field specification 214 or may be communicated by other means of transferring data across a network 205[,]" but does not teach or suggest that the form field specification 214 includes a description of an interface of an authentication endpoint. Appeal 2019-005109 Application 15/172,750 7 Appeal Br. 9–10; see also Appeal Br. 14 (presenting the same argument for claim 18). We agree. While Sharif’s form field specification may include a security credential, the Examiner fails to sufficiently explain how Sharif’s form field specification includes “a description of an interface of an authentication endpoint.” See Ans. 4 (discussing Sharif’s new digital identity selection, but failing to explain how this reads on a description of an interface of an authentication endpoint). As such, based on the record before us, we are persuaded that the Examiner erred in rejecting independent claims 9 and 18 and claims 10–17, 19 and 20 dependent therefrom. Accordingly, we reverse the rejection of claims 9–20 as unpatentable over Sharif and Roboform. CONCLUSION We affirm the Examiner’s rejection of claims 1–8, but reverse the Examiner’s rejection of claims 9–20. DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1–8 103 Grajek, Sharif 1–8 9–20 103 Sharif, Roboform 9–20 Overall Outcome 1–8 9–20 Appeal 2019-005109 Application 15/172,750 8 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). See 37 C.F.R. § 41.50(f). AFFIRMED-IN-PART