Apple Inc.

Patent Trials and Appeals Board

Apr 28, 2021

2019006828 (P.T.A.B. Apr. 28, 2021)

UNITED STATES PATENT AND TRADEMARK OFFICE
UNITED STATES DEPARTMENT OF COMMERCE
United States Patent and Trademark Office
Address: COMMISSIONER FOR PATENTS
P.O. Box 1450
Alexandria, Virginia 22313-1450
www.uspto.gov
APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO.
14/292,705 05/30/2014 Ivan Krstic 4860P23618 6692
45217 7590 04/28/2021
WOMBLE BOND DICKINSON (US) LLP/ APPLE INC.
Attn: IP Docketing
P.O. Box 7037
Atlanta, GA 30357-0037
EXAMINER
CHU JOY, JORGE A
ART UNIT PAPER NUMBER
2195
NOTIFICATION DATE DELIVERY MODE
04/28/2021 ELECTRONIC
Please find below and/or attached an Office communication concerning this application or proceeding.
The time period for reply, if any, is set in the attached communication.
Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the
following e-mail address(es):
FIP_Group@bstz.com
PTO.MAIL@BSTZ.COM
PTO.MAIL@BSTZPTO.COM
PTOL-90A (Rev. 04/07)
UNITED STATES PATENT AND TRADEMARK OFFICE
____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD
____________

Ex parte IVAN KRSTIC, PIERRE-OLIVIER J. MARTEL, and
AUSTIN G. JENNINGS
____________

Appeal 2019-006828
Application 14/292,705
Technology Center 2100
____________

Before ELENI MANTIS MERCADER, NORMAN H. BEAMER, and
GARTH D. BAER, Administrative Patent Judges.

BEAMER, Administrative Patent Judge.

DECISION ON APPEAL
Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s
Final Rejection of claims 1–30. We have jurisdiction over the pending
rejected claims under 35 U.S.C. § 6(b).
We REVERSE.

1 We use the word “Appellant” to refer to “applicant” as defined in
37 C.F.R. § 1.42. Appellant identifies Apple Inc. as the real party in interest.
(Appeal Br. 3.)
Appeal 2019-006828
Application 14/292,705

2
THE INVENTION
Appellant’s disclosed and claimed invention is directed to restricted
resource classes of an operating system used to reduce or eliminate both the
attacks and influence of malicious or defective code. (Spec. ¶¶ 1, 4.)
Claims 1, 11, 17, 23, and 26 are independent; claim 1, reproduced
below, is illustrative of the subject matter on appeal:
1. A computer-implemented method, comprising:
receiving, by an access control manager, from an
application, one or more entitlements encoded in the application,
the entitlements including one or more restricted resource class
(RRC) identifiers, wherein a restricted resource class identifier
represents a class of a plurality of restricted resources and the
application is entitled to access any of the plurality of restricted
resources in the RRC having the RRC identifier;
receiving, by the access control manager, a request from
the application for accessing a resource of a data processing
system, the resource having a resource identifier;
determining, by the access control manager, whether the
resource identifier is in an access control list that contains a
plurality of resource identifiers wherein each resource identifier
is associated with an RRC identifier, indicating that the resource
is a restricted resource;
in response to determining that the resource is in the access
control list and is a restricted resource:
determining, by the access control manager, from the
access control list, a first RRC identifier associated with the
resource identifier of the restricted resource;
determining, by the access control manager, whether the
first RRC identifier matches a second RRC identifier that is in
the entitlements received from the application;
allowing, by the access control manager, the application to
access the resource if the first RRC identifier matches the second
Appeal 2019-006828
Application 14/292,705

3
RRC identifier that is in the entitlements received from the
application; and
denying, by the access control manager, the application
from accessing the resource if the first RRC identifier is not
found in the entitlements received from the application,
regardless of an operating privilege level of the application.
(Appeal Br. 45 (Claims Appendix).)

REJECTIONS2
The Examiner rejected claims 1–6, 8, 11–22, 26, and 30 under 35
U.S.C. § 103 as being unpatentable by Lewis (US 6,233,576 B1, iss. May
15, 2001), Perlin et al. (US 7,802,294 B2, iss. Sept. 21, 2010) (hereinafter
“Perlin”), and Illg et al. (US 2007/0056044 A1, pub. Mar. 8, 2007)
(hereinafter “Illg”). (Final Act. 6.)
The Examiner rejected claim 7 under 35 U.S.C. § 103 as being
unpatentable by Lewis, Perlin, Illg, and Young (US 2002/0186260 A1, pub.
Dec. 12, 2002). (Final Act. 16.)
The Examiner rejected claims 9, 27, and 28 under 35 U.S.C. § 103 as
being unpatentable by Lewis, Perlin, Illg, and Wobber et al. (US
2008/0282354 A1, pub. Nov. 13, 2008) (hereinafter “Wobber”). (Final Act.
18.)
The Examiner rejected claims 10, 23, 24, and 29 under 35 U.S.C.
§ 103 as being unpatentable by Lewis, Perlin, Illg, and Fernandes et al. (US
2007/0136465 A1, pub. June 14, 2007) (hereinafter “Fernandes”). (Final
Act. 20.)

2 The rejection of claims 1–30 under 35 U.S.C. § 101 was withdrawn in the
Answer. See Final Act. 2–6, Ans. 4.
Appeal 2019-006828
Application 14/292,705

4
The Examiner rejected claim 25 under 35 U.S.C. § 103 as being
unpatentable by Lewis, Perlin, Illg, Fernandes, and England et al. (US
2006/0005230 A1, pub. Jan. 5, 2006) (hereinafter “England”). (Final Act.
23.)
ISSUE ON APPEAL
Appellant’s arguments in the Appeal Brief present the following
issue:3
Whether the Examiner erred in finding the combination of Lewis,
Perlin, and Illg teaches or suggests the limitation of “the application is
entitled to access any of the plurality of restricted resources in the RRC
having the RRC identifier,” as recited in independent claim 1, and the
commensurate limitations recited in independent claims 11, 17, 23, and 26.
(Appeal Br. 19–33; Reply Br. 6–19.).
ANALYSIS
We have reviewed the Examiner’s rejections in light of Appellant’s
arguments. Arguments Appellant could have made but chose not to make
are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(iv) (2018).
In finding that the combination of Lewis, Perlin, and Illg teaches or
suggests the independent claim 1 limitation at issue, the Examiner relies on
Illg’s disclosure of a Repository of Protected Computer Resources (RPCR)
that a requesting user attempts to access when desiring access to a protected

3 Rather than reiterate the arguments of Appellant and the positions of the
Examiner, we refer to the Appeal Brief (filed Apr. 4, 2019); the Reply Brief
(filed Sept. 19, 2019); the Final Office Action (mailed Oct. 4, 2018); and the
Examiner’s Answer (mailed July 19, 2019) for the respective details.
Appeal 2019-006828
Application 14/292,705

5
computer resource. Entitlement information describes which specific
protected computer resource or group of protected computer resources are
available to (i.e., authorized for) the user. (Final Act. 11; Ans. 7; Illg
Abstract, Summary (¶¶ 3–4), ¶¶ 17, 27.)
Appellant argues that “Illg does not teach[] ‘the application is entitled
to access any of the plurality of restricted resources in the RRC having the
RRC identifier,” as recited in Appellant’s independent claim 1.” (Appeal
Br. 25.) Appellant contends that in Illg, “[a] user requests a protected
computer resource, which is only available to entitled users (not
applications)” in which “a request is sent to the EBS [entitlement broker
service] to obtain an entitlement credential (i.e.[,] identifier) for the
requesting user from an external authorization application (EAA).” (Appeal
Br. 25, citing Illg ¶ 17.)
We agree. The Examiner finds, “[w]hile the user initially is
requesting access to the resource, it is the External Client Application
(ECA), which is requesting access” and that Illg teaches that “allowing ECA
108a to afford user 110 access to the protected computer resource that is
managed by ECA 108a (block 224).” (Ans. 7, citing Illg Figs. 1, 2A–B, ¶ 27
(emphasis in original).) The Examiner further finds that “one of ordinary
skill in the art would have understood the ECA to obtain access to a
particular class of protected resources.” (Ans. 7, citing Illg Figs. 1, 2A–B,
¶ 27.)
The Examiner’s findings indicate that user identity is used, at least in-
part, to determine what computer resources are authorized, as the cited
portion of Illg also states that the “entitlement information describes which
specific protected computer resource or group of protected computer
Appeal 2019-006828
Application 14/292,705

6
resources from RPCR 107a are available to (authorized for) user 110.” (Illg.
¶ 27.) Similarly, in Perlin, “the system evaluates a request from the
application for access to the data” in which “[t]he request is allowed or
rejected based in part on comparison of the application ID from within the
security token to a listing of approved application IDs.” (Perlin 3:14–18.)
In other words, in both Illg and Perlin a resource group identifier is a
necessary but not sufficient identifier for an application to be allowed
access to a particular resource.
The claim limitation does not condition the RRC identifier to be
dependent on user identification. Further, Appellant’s disclosure explicitly
teaches that user identification is independent of RRC identifier, stating that
[i]f both RRC identifiers match, it means that the application is
entitled to access the requested resource. Otherwise, the
application’s request is denied, even though the application may
have the highest the accessing privilege level, such as root or
administrative level. Therefore, even though a malware
somehow illegally gains the root or administrative privilege, the
malware cannot access the resource because the malware does
not possess the proper RRC entitlements in its executable image
that has been authorized and signed by a proper authority.
(Spec. ¶ 20.) As the combination of Lewis, Perlin, and Illg does not teach or
suggest an entitlement in which “the application is entitled to access any of
the plurality of restricted resources in the RRC having the RRC identifier”
(emphasis added), we are constrained by the record to reverse the rejection
of independent claim 1, as well as independent claims 11, 17, 23, and 26
commensurate in scope, and all dependent claims.

Appeal 2019-006828
Application 14/292,705

7
DECISION SUMMARY
In summary:
Claims
Rejected
35 U.S.C. § Reference(s)/Basis Affirmed Reversed
1–6, 8, 11–
22, 26, 30
103 Lewis, Perlin, Illg 1–6, 8,
11–22,
26, 30
7 103 Lewis, Perlin, Illg,
Young
7
9, 27, 28 103 Lewis, Perlin, Illg,
Wobber
9, 27, 28
10, 23, 24,
29
103 Lewis, Perlin, Illg,
Fernandes
10, 23,
24, 29
25 103 Lewis, Perlin, Illg,
Fernandes, England
25
Overall
Outcome
1–30

REVERSED