09883301 - (D) (B.P.A.I. May. 25, 2010)

Ex Parte Bedell et al

Board of Patent Appeals and InterferencesMay 25, 2010

09883301 - (D) (B.P.A.I. May. 25, 2010)

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte JEFFREY A. BEDELL, BENJAMIN Z. LI, LUIS V. OROZCO, and STEPHEN S. TRUNDLE ____________ Appeal 2009-004977 Application 09/883,3011 Technology Center 2400 ____________ Decided: May 25, 2010 ____________ Before JOHN A. JEFFERY, LEE E. BARRETT, and JEAN R. HOMERE, Administrative Patent Judges. Opinion for the Board filed by BARRETT, Administrative Patent Judge. Dissenting Opinion filed by HOMERE, Administrative Patent Judge. BARRETT, Administrative Patent Judge. DECISION ON APPEAL 1 Filed June 19, 2001, titled "Method and System for Implementing Database Connection Mapping for Reporting Systems." Appeal 2009-004977 Application 09/883,301 2 This is a decision on appeal under 35 U.S.C. Â§ 134(a) from the final rejection of claims 1-18. We have jurisdiction pursuant to 35 U.S.C. Â§ 6(b). We reverse. STATEMENT OF THE CASE The invention The invention relates generally to implementing security features for reporting systems, such as decision support, Business Intelligence, on-line analytical processing and other systems. In particular, the invention relates to a method and system for implementing database connection mapping for mapping a user to an appropriate database via a database connection where the database connection comprises information for locating and logging into the appropriate database. Spec. 1, ll. 5-10. Illustrative claim Claim 1 is reproduced below for illustration: 1. A method for implementing database connection mapping for connecting a user to at least one database in a reporting system, comprising the steps of: enabling a user to submit a user identification input and a user request to a reporting system; identifying the user based on user identification input; and controlling access to at least one database through a centralized server wherein the centralized server maps the user to at least one appropriate database based on the user request and at least one database connection definition. Appeal 2009-004977 Application 09/883,301 3 The references Freeman US 2001/0049717 A1 Dec. 6, 2001 (filed Jan. 23, 2001) Lewis US 7,062,563 B1 Jun. 13, 2006 (filed Feb. 27, 2002) The rejections Claims 1-5, 7-11, and 13-17 stand rejected under 35 U.S.C. Â§ 102(e) as being anticipated by Lewis. Claims 6, 12, and 18 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Lewis and Freeman. ANTICIPATION Issues The issues, as argued, are: Issue 1: Does Lewis teach "enabling a user to submit a user identification input and a user request to a reporting system"? Issue 2: Does Lewis teach "controlling access to at least one database through a centralized server wherein the centralized server maps the user to at least one appropriate database based on the user request and at least one database connection definition"? Principles of law "Anticipation requires the presence in a single prior art disclosure of all elements of a claimed invention arranged as in the claim." Connell v. Sears, Roebuck & Co., 722 F.2d 1542, 1548 (Fed. Cir. 1983). Appeal 2009-004977 Application 09/883,301 4 Findings of fact Lewis describes, as an overview: [T]he present invention provides an improved method and system for managing access information for users and other entities in a distributed computing system. In an embodiment of the present invention, information relating to user access (e.g., name, authentication information, and user roles) is stored in a centralized directory. When the user connects to the database, the database looks up the necessary information about the user in the directory. In an embodiment, the present invention addresses the user, administrative, and security challenges described above by centralizing storage and management of user-related information in an LDAP-compliant directory service. When an employee changes jobs in such an environment, the administrator need only modify information in one location--the directory--to make effective changes in multiple databases and systems. This centralization lowers administrative costs and improves enterprise security. Col. 1, l. 53 to col. 2, l. 2. The specifics of Lewis are best described in the analysis to prevent undue redundancy. Analysis Issue 1 The Examiner finds that the limitation of "enabling a user to submit a user identification input and a user request to a reporting system" is taught at column 5, lines 49-60 and column 7, line 47 to column 8, line 5. Final Office Action (FOA) 3. Appeal 2009-004977 Application 09/883,301 5 Appellants argue that column 5 of Lewis describes that databases refer to entries in a directory information system, but at this time, a user is already connected to a database and, so, Lewis does not disclose "enabling a user to submit a user identification input and a user request to a reporting system." Br. 6. It is argued that columns 7-8 discloses mapping objects and how a mapping object may be used to map an enterprise user to a schema, which is said to be a subset of a database, not a reporting system. Br. 7. It is argued that Lewis clearly discloses at column 1, lines 53-60, that a user connects to the "database" and not to a "reporting system" and Lewis cannot disclose mapping a user to a database because a database obtains a user's global rights when the user signs in. Br. 7-8. Appellants argue that the difference between connecting to a "database" as opposed to a "reporting system" is that a user who submits a user identification input and a request to a reporting system "need not have a known account to a database." Br. 9. The Examiner reads the claimed "reporting system" on the "directory information system" in Lewis because the Examiner does not find an explicit definition of a "reporting system." Ans. 6. The Examiner recognizes that the Specification describes that examples of "reporting systems" include "decision support, Business Intelligence, on-line analytical processing and other systems" (Spec. 1, ll. 5-7), and states that "[t]he examiner has read the claims in light of the specification as clearly shown above." Ans. 6-7. Appellants argue that a directory information system is not a reporting system per the examples in the specification. Reply Br. 4. It is argued that Lewis discloses that the directory information system may comprise a Appeal 2009-004977 Application 09/883,301 6 "Lightweight Directory Access Protocol (LDAP) directory" but this is not a reporting system. Id. It is argued that "Appellants were unable to find a disclosure of a reporting system or of reports in Lewis." Reply Br. 5. The Specification states that examples of "reporting systems" include "decision support, Business Intelligence, on-line analytical processing [OLAP] and other systems" (Spec. 1, ll. 5-7). The "other systems" is very broad. We interpret "reporting system" broadly to include any system that returns an answer to a query. We do not agree with or understand the Examiner's reading of "reporting system" onto a directory information system because we fail to see how it "reports" anything. Nevertheless, Lewis has databases and one of ordinary skill in the art would understand that the databases must have some sort of front end reporting system, not explicitly shown, to respond to queries from users for information from the databases. For example, Lewis describes that the user at the first database may execute a database query at column 9, lines 55-58. The whole purpose of databases is for use in a database query system. Thus, the databases in Lewis are considered part of a reporting system, so sending authentication information and requests to the databases in Lewis is considered to meet the limitation "enabling a user to submit a user identification input and a user request to a reporting system." It is not determinative that Lewis does not expressly mention "reports" or a "reporting system." We note that "enabling a user to submit a user identification input and a user request to a reporting system" does not specify any order or time sequence of submitting the "user identification Appeal 2009-004977 Application 09/883,301 7 input" and the "user request." Thus, a user can submit a user identification input to log on to a database (reporting system) and once authenticated and authorized, can later submit a request. Therefore, we find that Lewis teaches "enabling a user to submit a user identification input and a user request to a reporting system." Issue 2 The Examiner finds that the limitation of "controlling access to at least one database through a centralized server wherein the centralized server maps the user to at least one appropriate database based on the user request and at least one database connection definition" (emphasis added) is taught at column 7, line 47 to column 8, line 5 of Lewis. FOA 3; Ans. 4. Appellants argue that columns 7-8 of "Lewis, at best, discloses mapping objects and how a mapping object may be used to map an enterprise user to a schema, which is a subset of the database." Br. 10. It is argued: Mapping objects are created for a particular database therefore a mapping object cannot map a user to an appropriate database because it belongs to one database in particular. A mapping object, at best, maps a user to a schema within a database (which the user is already connected to), not to the database. Br. 10; see also Reply Br. 5-6. Thus, it is argued, Lewis does not describe a centralized server that maps a user to a database. Br. 10; Reply Br. 6. The Examiner also finds that Lewis discloses mapping a user to a database at column 10, lines 37-52. FOA 3; Ans. 4. In the Examiner's Appeal 2009-004977 Application 09/883,301 8 Answer, the Examiner cites for the first time to the "current user links" described at column 10, line 53 to column 11, line 3. Ans. 8. Appellants argue that column 10 of Lewis describes that "named links allow a user on a first database to execute a procedure at a second database using the security context of another user" (col. 10, ll. 42-44), which only discloses connecting a first user who is already mapped to a database, from one database to another, not mapping a user to a database. Br. 11; Reply Br. 7. It is argued that the "named link" contains the user name and password of the other user to execute the stored procedure, which is not "controlling access to at least one database through a centralized server." Br. 11; Reply Br. 7. It is argued that Lewis teaches away from using a named link for controlling access to a database because "Lewis teaches that named links are a potential security problem, not a method of 'controlling access.'" Br. 11. Appellants argue connecting from a first database to a second database using a stored procedure does not meet the limitation of "controlling access to at least one database through a centralized server" and does not "map the user to at least one appropriate database based on the user request and at least one database connection definition." Reply Br. 7. It is argued that the named link will always connect to the same database utilizing a connect string and the appropriate user credentials. Id. Appellants argue that the Examiner continues to confuse a centralized server mapping the user to a database, as claimed, and a user mapping to a database directly. Br. 12; Reply Br. 5. It is argued that Lewis describes that a user is already mapped to the database and is seeking authorization to the Appeal 2009-004977 Application 09/883,301 9 database. Br. 12. It is argued that Lewis, at best, is directed towards centralizing the scope of privileges and does not provide a disclosure of mapping a user to an appropriate database. Id. Initially, as a matter of claim interpretation, the verb "map" is defined as "[t]o establish a correspondence between the elements of one set and the elements of another set." The New IEEE Standard Dictionary of Electrical and Electronics Terms (5th ed. IEEE 1993). We interpret "the centralized server maps the user to at least one appropriate database" to require an explicit function of establishing a correspondence between the user and a database, even if there is only one database. That is, merely logging onto a server which is associated with only a single database is not sufficient to meet the claim limitation because there is no explicit mapping function. Lewis describes "information related to user access (e.g., name, authentication information, and user roles) is stored in a centralized directory. When the user connects to the database, the database looks up the necessary information about the user in the directory." (Emphasis added.) Col. 1, ll. 56-60. Clearly, the centralized directory in Lewis does not map a user to a database because the user is already connected to the database before the database asks for user information from the centralized directory. Thus, if the claim limitation is to be met, we must rely on some other reading of Lewis. One possibility relied upon by the Examiner is the description of "mapping objects" at columns 7-8. Manifestly, not all mapping is mapping of a user to an appropriate database, so we must examine the mapping in Appeal 2009-004977 Application 09/883,301 10 more detail. Lewis describes that a "[m]apping object contains mapping information between a full or partial distinguished name ('DN') in the directory information system and a user/schema name" (col. 5, ll. 55-57) and the "mapping object contains the mapping of an enterprise DN and a native database username" (col. 7, ll. 50-52). A "DN" is a unique name which identifies an entry in a directory, and may be defined as a collection of one or more entry attributes. Col. 5, l. 34 to col. 6, l. 18. A "schema" is defines a "set of statements, expressed in a data definition language, that completely describe the structure of a database." IBM Dictionary of Computing (10th ed. 1994). Thus, we disagree with Appellants' statement that a "schema" is "a subset of a database" (Br. 7); i.e., a schema is the organization of the database, not the database itself. In any case, we do not see how mapping between a full or partial DN (distinguished name) and a user/schema name can be considered to be mapping a user to a database. Moreover, Lewis describes that "[m]apping objects also reside under server objects, and are created for a particular database" (emphasis added) (col. 5, ll. 59-60), so we agree with Appellants that the mapping objects only map within a database, not to the database. Other possibilities for mapping are the descriptions of "connected- user links," "fixed user" or "named" links, and the "current user links" of the invention described at columns 9-13. The Examiner relies on the "fixed user" or "named" links described at column 10, lines 37-52, and in the Examiner's Answer cites for the first time the "current user links" described at column 10, line 53 to column 11, line 3 Lewis describes that users at a Appeal 2009-004977 Application 09/883,301 11 first database may perform operations that require access to a second database. A "named" links contains both the connect string and the appropriate user credentials. Col. 10, ll. 38-41. We agree with Appellants that this is not access controlled through a centralized server, as claimed, and does not "map" to a database because the link will always connect to the same database utilizing a connect string and user credentials. That is, we do not see how merely connecting to a database over a link is "mapping." Using the "current user links" of the invention, the link to a remote database is embedded stored into a stored object that is executed and when any user runs a stored object, the privilege domain of the object owner is used, for example, by passing the DN of the current user from the first database to the second database. "The transmitted DN is used to map the connected user to the appropriate schema at the second database and for authorizing privileges." Col. 10, l. 66 to col. 11, l. 2. Again, we fail to see that there is any "mapping" done by a centralized server. The establishment of a link between two databases does not imply that there is mapping. The rejection does not clearly identify the elements and relationships in the limitation, i.e., what is the "centralized server"?, what is the "database"?, where is the "mapping" between the user and the database?, how is any mapping "based on the user request and at least one database connection definition"?, and how does Lewis teach that all this "controls access"? The Examiner has not persuaded us that Lewis teaches "controlling access to at least one database through a centralized server wherein the centralized server maps the user to at least one appropriate database based Appeal 2009-004977 Application 09/883,301 12 on the user request and at least one database connection definition." Although Appellants' Specification describes many of the same elements found in Lewis, such as access control lists (ACLs), Lightweight Directory Access Protocol (LDAP), etc., the Examiner has not shown that the elements are connected and function as described and claimed. Conclusion Issue 1: Lewis teaches "enabling a user to submit a user identification input and a user request to a reporting system." Issue 2: Lewis does not teach "controlling access to at least one database through a centralized server wherein the centralized server maps the user to at least one appropriate database based on the user request and at least one database connection definition." Because Lewis does not teach at least "controlling access" in claim 1, and because independent claims 7 and 13 contain corresponding limitations, the anticipation rejection of claims 1-5, 7-11, and 13-17 is reversed. OBVIOUSNESS Because the Examiner does not rely on Freeman to cure the deficiencies of Lewis, the obviousness rejection of dependent claims 6, 12, and 18 is reversed. NEW GROUND OF REJECTION Claims 13-18 are rejected under 35 U.S.C. Â§ 101 as being directed to nonstatutory subject matter. Appeal 2009-004977 Application 09/883,301 13 "If a claim covers material not found in any of the four statutory categories, that claim falls outside the plainly expressed scope of Â§ 101 even if the subject matter is otherwise new and useful." In re Nuijten, 500 F.3d 1346, 1354 (Fed. Cir. 2007). "A transitory, propagating signal . . . is not a 'process, machine, manufacture, or composition of matter' [under 35 U.S.C. Â§ 101]" and therefore does not constitute patentable subject matter under Â§ 101. Id. at 1357. Claims that are so broad that they read on nonstatutory as well as statutory subject matter are unpatentable. Cf. In re Lintner, 458 F.2d 1013, 1015 (CCPA 1972) ("Claims which are broad enough to read on obvious subject matter are unpatentable even though they also read on nonobvious subject matter."). This is now USPTO policy. See Subject Matter Eligibility of Computer Readable Media, 1351 Off. Gaz. Pat. Office 212 (Feb. 23, 2010). Claims 13-18 recite a "processor-readable medium comprising code" which is broad enough to read on a transitory, propagating signal containing information and are not limited to a tangible medium within one of the statutory classes of 35 U.S.C. Â§ 101. Appeal 2009-004977 Application 09/883,301 14 CONCLUSION The rejections of claims 1-18 are reversed. A new ground of rejection is entered as to claims 13-18. This decision contains new grounds of rejection pursuant to 37 C.F.R. Â§ 41.50(b). 37 C.F.R. Â§ 41.50(b) provides that "[a] new ground of rejection pursuant to this paragraph shall not be considered final for judicial review." 37 C.F.R. Â§ 41.50(b) also provides that the appellant, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new ground of rejection to avoid termination of the appeal as to the rejected claims: (1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the proceeding will be remanded to the examiner. . . . (2) Request rehearing. Request that the proceeding be reheard under Â§ 41.52 by the Board upon the same record. . . . Requests for extensions of time are governed by 37 C.F.R. Â§ 1.136(b). See 37 C.F.R. Â§ 41.50(f). REVERSED -- 37 C.F.R. Â§ 41.50(b) llw Appeal 2009-004977 Application 09/883,301 15 HOMERE, Administrative Patent Judge, dissenting-in-part. I agree with the majority opinion (â€œOp.â€ hereinafter) in all respects save one. I write separately to voice my disagreement with the majorityâ€™s holding that Lewis does not teach "controlling access to at least one database through a centralized server wherein the centralized server maps the user to at least one appropriate database based on the user request and at least one database connection definition,â€ (emphasis added,) as recited in independent claim 1. (Op. 13.) In particular, the majority finds that â€œthe centralized directory in Lewis does not map a user to a database because the user is already connected to the database before the database asks for user information from the centralized directory.â€ (Op. 9.) Because of this finding, the majority reverses the Examinerâ€™s prior art rejection of claim 1. From that decision, I respectfully dissent. In my view, the majority misapprehended the claimed invention by narrowly construing the claim limitation in question. Such a narrow interpretation of the claim language is not consistent with In re Bigio, which requires that the claim be given the broadest reasonable interpretation. In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004). The cited recitation merely requires controlling access to a single (at least) database through the centralized server that maps a user to another single (at least) database based on the userâ€™s request and the database connection definition. Appeal 2009-004977 Application 09/883,301 16 Applying the above claim construction to the definition2 set forth by the majority in the Opinion, I find that where, as in this case, each of the sets only includes a single database element, the correspondence between the two sets necessarily occurs once the databases are communicating with each other. In other words, because of the one-to-one correspondence between the central server and the database, the mapping always occurs. In this particular case, as in Lewisâ€™s, Appellantsâ€™ central server can only serve as a gate keeper by determining whether or not the user is authorized to access the single database. Put differently, where each of two sets only contains a single element, no actual mapping occurs since there is always a one-to-one correspondence between the two elements. In fact, the majority opinion supports this position by finding the following: â€œmerely logging onto a server which is associated with only a single database is not sufficient to meet the claim limitation because there is no explicit mapping function.â€ (Op. 9.) â€¦ does not "map" to a database because the link will always connect to the same database utilizing a connect string and user credentials. That is, we do not see how merely connecting to a database over a link is "mapping." (Op. 11.) I am therefore satisfied that Lewisâ€™s disclosure of the communication between the two databases teaches the disputed claim limitation. Thus, I cannot agree with the majorityâ€™s reversal of the Examinerâ€™s rejection of claim 1. Accordingly, I would affirm the Examinerâ€™s rejection of independent claim 1 as being anticipated by Lewis. 2 Mapping is defined as "establishing a correspondence between the elements of one set and the elements of another set." (Op. 9.) Appeal 2009-004977 Application 09/883,301 17 HUNTON & WILLIAMS LLP INTELLECTUAL PROPERTY DEPARTMENT 1900 K STREET, N.W. SUITE 1200 WASHINGTON, DC 20006-1109