Ex Parte Austin et alDownload PDFPatent Trial and Appeal BoardDec 29, 201612817985 (P.T.A.B. Dec. 29, 2016) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 12/817,985 06/17/2010 KYLE DEAN AUSTIN A608 6725 36378 7590 VMWARE, INC. DARRYL SMITH 3401 Hillview Ave. PALO ALTO, CA 94304 EXAMINER POPHAM, JEFFREY D ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 01/03/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipteam @ vmware. com ipadmin@vmware.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte KYLE DEAN AUSTIN, BRETT JASON SCHOPPERT, and MICHAEL ALMOND Appeal 2015-006218 Application 12/817,985 Technology Center 2400 Before JOHN A. JEFFERY, THU A. DANG, and KAMRAN JIVANI, Administrative Patent Judges. JEFFERY, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s decision to reject claims 1—29. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. STATEMENT OF THE CASE Appellants’ invention uses an identity broker to authenticate users to a network device, system, or hosted application that uses certain legacy protocols for authentication. In one aspect, an identity provider server validates authentication requests from an identity broker. See generally Abstract; Spec. 11. Claim 1 is illustrative: Appeal 2015-006218 Application 12/817,985 1. A computer-implemented method for facilitating a user request for access to a computing resource, the method comprising: generating, by an identify provider server, in response to authenticating an identity of the user using a first authentication protocol, a token value; passing the token value to a client application, wherein the client application is configured to pass a username and the token value, as a password, to the computing resource, and wherein the computing resource is configured to pass the token value and the username to an identity broker server in a message formatted according to a second authentication protocol understood by the computing resource and not understood by the identity provider server; receiving, by the identity broker server from the computing resource, a request formatted according to the second authentication protocol, the request including instructions for the identity broker server to authenticate a copy of the token value and the username; after receiving the request to authenticate a copy of the token value and the username, sending a request, formatted according to the first authentication protocol, from the identity broker server to the identity provider server to authenticate the token value; and upon determining a match between the generated token value and the copy of the token value received from the identity broker server, passing a validation message formatted according to the first authentication protocol to the identity broker server indicating that the token has been authenticated and passing a username associated with the generated token value to the identity broker server. THE REJECTIONS The Examiner rejected claims 1—5 and 7—29 under 35 U.S.C. § 103(a) as unpatentable over Kramer (US 6,986,040 Bl; Jan. 10, 2006), Le Van Gong (US 2007/0136786 Al; June 14, 2007), and Bohmer (US 2008/0046984 Al; Feb. 21, 2008). Final Act. 3-13.1 1 Throughout this opinion, we refer to (1) the Final Rejection mailed May 1, 2014 (“Final Act.”); (2) the Appeal Brief filed November 26, 2014 (“App. 2 Appeal 2015-006218 Application 12/817,985 The Examiner rejected claim 6 under 35 U.S.C. § 103(a) as unpatentable over Kramer, Bohmer, Le Van Gong, and C. Rigney et al., Remote Authentication Dial in User Authentication (RADIUS), RFC 2865 (2000) (“Rigney”). THE REJECTION OVER KRAMER, BOHMER, AND LE VAN GONG The Examiner finds that Kramer discloses many recited elements of independent claim 1 including, among other things, generating, by an “identity provider server” (ticket service 60) responsive to authenticating a user’s identity using a first authentication protocol, a token value (“ticket/ID”) that is passed to a client application. Final Act. 4; Ans. 6—7. The Examiner also finds that Kramer’s client application passes the token value as a password to a “computing resource” (application server 15) that then passes the token value to an “identity broker server” (web server 20) in a message formatted according to a second authentication protocol understood by the computing resource. Final Act. 4; Ans. 7. According to the Examiner, Kramer’s identity provider server (ticket service) receives a request from the computing resource (application server) formatted according to the second protocol and including the recited authentication instructions. Final Act. 4—5. Although the Examiner acknowledges that Kramer does not pass a username with a token value to the computing resource and identity broker server, the Examiner cites Bohmer for teaching this feature. Final Act. 5—6. Br.”); (3) the Examiner’s Answer mailed April 6, 2015 (“Ans.”); and (4) the Reply Brief filed June 8, 2015 (“Reply Br.”). 3 Appeal 2015-006218 Application 12/817,985 The Examiner also acknowledges that Kramer’s authentication protocols are not different, where the second protocol is understood by the computing resource, but not the identity provider server. Final Act. 5. The Examiner, however, cites Le Van Gong for teaching this feature in concluding that the claim would have been obvious. Final Act. 6—7. Appellants argue that the Examiner’s reliance on Le Van Gong is misplaced because, among other things, a token value/usemame is not sent as a password to a service provider 201 (resource), nor does the service provider send the token value/usemame to identity provider 205 (identity broker) upon a principal requesting access to the service provider. App. Br. 10—12; Reply Br. 1^4. According to Appellants, Le Van Gong not only lacks the recited token value/usemame transmission and recited authentication protocols, but also does not teach or suggest that the identity broker server receives a request formatted according to the second authentication protocol as claimed. App. Br. 10-12, 14; Reply Br. 1^4. Appellants add that Kramer’s web server is not an identity broker server that communicates between different systems with different protocols for authentication purposes, but rather merely relays information to a client and ticket service, nor does Bohmer cure that deficiency. App. Br. 13; Reply Br. 4. ISSUES I. Under Section 103, has the Examiner erred in rejecting claim 1 by finding that Kramer, Bohmer, and Le Van Gong collectively would have taught or suggested (1) passing a username and token value to a computing resource that then passes the username and token value to a identity provider 4 Appeal 2015-006218 Application 12/817,985 server in a message formatted according to a second authentication protocol understood by the computing resource, but not by the identity provider server, and (2) the identity broker server receives a request formatted according to the second authentication protocol with instructions for that server to authenticate a copy of the token value and username? II. Is the Examiner’s proposed combination supported by articulated reasoning with some rational underpinning to justify the Examiner’s obviousness conclusion? ANALYSIS We begin by noting that the Examiner’s obviousness rejection relies principally on Kramer for teaching many of the recited elements of claim 1, and cites Bohmer and Le Van Gong for very limited purposes. See Final Act. 4—7. First, not only are the Examiner’s findings from Bohmer undisputed, Bohmer is cited merely to show that including a username with Kramer’s passed token value, and passing a username to an identity broker server would have been obvious—an enhancement that predictably uses prior art elements according to their established functions yielding a predictable result. See Final Act. 6; see also KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398,417 (2007). The Examiner also cites Le Van Gong for a limited purpose, namely merely to show that using different authentication protocols among different architectures, namely “Circles of Trust,” is known in the art, where one such architecture includes a “computing resource” (service provider 210), and the other includes an identity provider server 105. See Final Act. 6—7; Ans. 3—5. 5 Appeal 2015-006218 Application 12/817,985 Although the Examiner finds that Kramer formats a message according to a second authentication protocol understood by the computing resource, the Examiner cites Le Van Gong merely to show that such a message could also be formatted such that it would not be understood by an identity provider server in another architecture, or “Circle of Trust,” that uses a different protocol in light of Le Van Gong’s ability to translate identity assertions between these independent and distinct architectures. Final Act. 4, Ans. 8—9 (citing Le Van Gong 123). That is, the Examiner cites Le Van Gong merely to show that Kramer’s formatting a message in a protocol that is also not understood by the identity provider server would have been obvious in light of Le Van Gong’s translation functionality. Therefore, Appellants’ arguments regarding Le Van Gong’s alleged shortcomings with respect to the recited limitations pertaining to passing a username and token value, and the identity broker server’s receiving the recited request formatted according to the second authentication protocol (Reply Br. 10-12, 14; Reply Br. 1—4), are unavailing where, as here, the rejection is not based solely on Le Van Gong, but rather on the cited references’ collective teachings. See In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). Nor do we find error in the Examiner’s mapping the recited identity broker server to Kramer’s web server 20. See Final Act 4; Ans. 7. As the Examiner explains, Kramer’s web server not only delivers web pages to clients, but also, among other things, verifies session IDs and transmits corresponding session keys to application server 15—functions that at least suggest an identity broker server given the scope and breadth of the term. See Ans. 13—14 (citing Kramer, col. 6,11. 29-39). Appellants’ arguments to 6 Appeal 2015-006218 Application 12/817,985 the contrary (App. Br. 13) are unavailing and not commensurate with the scope of the claim. We also find no error in the Examiner’s articulated reason to combine the references (Final Act. 6—7; Ans. 11—12)—proposed enhancements to Kramer that, as noted above, predictably use prior art elements according to their established functions to yield a predictable result. See KSR, 550 U.S. at 417. Despite Appellants’ arguments to the contrary (Reply Br. 5—6), the Examiner’s proposed combination is not based solely on impermissible hindsight, but rather supported by articulated reasoning with some rational underpinning to justify the Examiner’s obviousness conclusion. Lastly, Appellants’ argument that neither Kramer nor Le Van Gong teach or suggest an identity provider server passing a validation message upon determining a match between the generated token value and a copy of the token value received from an identity broker (Reply Br. 6—7) is raised for the first time in this appeal in the Reply Brief and is, therefore, deemed to be waived as untimely. See 37 C.F.R. § 41.41(b)(2) (2012): Any argument raised in the reply brief which was not raised in the appeal brief, or is not responsive to an argument raised in the examiner’s answer, including any designated new ground of rejection, will not be considered by the Board for purposes of the present appeal, unless good cause is shown. Therefore, we are not persuaded that the Examiner erred in rejecting claim 1, and claims 2—5 and 7—29 not argued separately with particularity. THE OTHER OBVIOUSNESS REJECTION We also sustain the Examiner’s obviousness rejection of claim 6. Final Act. 13—14. Despite nominally arguing this claim separately, 7 Appeal 2015-006218 Application 12/817,985 Appellants reiterate similar arguments made in connection with claim 1, and allege that Rigney fails to cure those purported deficiencies. App. Br. 15. We are not persuaded by these arguments for the reasons previously discussed. CONCLUSION The Examiner did not err in rejecting claims 1—29 under Section 103. DECISION The Examiner’s decision rejecting claims 1—29 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 8 Copy with citationCopy as parenthetical citation