Ex Parte BenantarDownload PDFBoard of Patent Appeals and InterferencesSep 28, 201009821064 (B.P.A.I. Sep. 28, 2010) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________________ Ex parte MESSAOUD BENANTAR ____________________ Appeal 2009-000773 Application 09/821,064 Technology Center 2400 ____________________ Before JAMES D. THOMAS, THU A. DANG, and CAROLYN D. THOMAS, Administrative Patent Judges. DANG, Administrative Patent Judge. DECISION ON APPEAL1 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, as recited in 37 C.F.R. § 41.52, begins to run from the “MAIL DATE” (paper delivery mode) or the “NOTIFICATION DATE” (electronic delivery mode) shown on the PTOL-90A cover letter attached to this decision. Appeal 2009-000773 Application 09/821,064 I. STATEMENT OF CASE Appellant appeals the Examiner’s final rejection of claims 1-8 and 10- 26 under 35 U.S.C. § 134(a). We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. A. INVENTION According to Appellant, the invention relates to multicomputer data transferring, and more particularly, to computer-to-computer authentication and authorization (Spec. 1, ll. 8-13). B. ILLUSTRATIVE CLAIM Claim 1 is exemplary and reproduced below: 1. A method for an authentication process within a data processing system, the method comprising: receiving at a single sign-on (SSO) agent an initial authentication request for a user; authenticating the user at the SSO agent for the initial authentication request; retrieving by the SSO agent an attribute certificate associated with the user; and authenticating the user for subsequent authentication requests via the SSO agent using authentication data within the attribute certificate. 2 Appeal 2009-000773 Application 09/821,064 C. REJECTIONS The prior art relied upon by the Examiner in rejecting the claims on appeal is: Parker US 5,339,403 Aug. 16, 1994 Olden US 6,460,141 B1 Oct. 1, 2002 Wood US 6,691,232 B1 Feb. 10, 2004 Butt US 6,754,829 B1 Jun. 22, 2004 Riggins US 6,766,454 B1 Jul. 20, 2004 Claims 1, 3, 11, 13, 19, and 21 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker. Claims 2, 5, 12, 15, 20, and 23 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and Riggins. Claims 4, 6, 7, 10, 14, 16, 17, 22, 24, and 25 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and Olden. Claims 8, 18, and 26 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and Butt. Claim 9 is not rejected over prior art. 2 II. ISSUE Has the Examiner erred in finding that Wood in view of Parker would have disclosed or suggested “authenticating the user for subsequent authentication requests via the SSO agent using authentication data within 2 Although the Final Rejection indicates that claims 1-26 stand rejected, as noted by Appellant, “claim 9 has not been rejected over the cited references” (App. Br. 2). In fact, the Examiner does not address claim 9 at all in the Final Rejection and does not address Appellant’s note of the omission in the Examiner’s Answer. 3 Appeal 2009-000773 Application 09/821,064 the attribute certificate” (claim 1), as Appellant contends? In particular, the issue turns on whether Wood would have disclosed or suggested authenticating the user for subsequent authentication requests via the SSO agent, as required by claim 1. III. FINDINGS OF FACT The following Findings of Fact (FF) are shown by a preponderance of the evidence. Wood 1. Wood discloses a single login component that obtains login credentials wherein the login credentials obtained are selected from a set of credential types that, if authenticated, are sufficient to achieve the trust level requirement of an application or information resource to be accessed (col. 5, ll. 49-60) 2. Login credential types include those based on passwords, certificates, biometric techniques, and the like (col. 5, ll. 60-65). 3. If the entity requesting access has not yet been authenticated to the trust level required for the particular access, the authorization component indicates that the access request is to be redirected to the login component so that login credentials may be obtained and authenticated to a particular trust level (col. 6, ll. 4-10). 4. The browser sends the login component a new access request using the URL specified in the redirect from gatekeeper/entry handler component (col. 10, ll. 58-60). 4 Appeal 2009-000773 Application 09/821,064 IV. ANALYSIS Claims 1, 3, 11, 13, 19, and 21 Appellant contends that “the centrality of the SSO agent to the initial and subsequent authentication requests is simply not addressed by either of the cited Wood or Parker references” (App. Br. 6, emphasis omitted). In particular, Appellant contends that “the rejection analysis in no way acknowledges the specifically-claimed role of the SSO agent in both the initial authentication request and in the subsequent authentication requests” (id.). According to Appellant, “the cited passage from Wood confirms that, once login credentials are obtained for a user, ‘the access will typically be allowed without the need for further login credentials and authentication’” and thus, “there are no ‘susequent authentication requests’ in the Wood scheme” (id.). Appellant further contends that “the motivational statement in the rejection fails to explain why one would have been motivated to employ the attribute certificates of Parker in the system of Wood” (App. Br. 7). Furthermore, “Wood’s disclosure that no further authentication will be required actually teaches away from Applicant’s claim requirement of performing subsequent authentication requests” (App. Br. 8, emphasis omitted). The Examiner finds that “Wood teaches an SSO agent 120 that accepts login credentials including certificates to authenticate a user” (Ans. 6) wherein “the user may have to be authenticated [at] an initial and subsequent time” (Ans. 7). In particular, the Examiner finds that “Wood describes subsequent authentication requests are to achieve a sufficient trust level with the SSO component” wherein “a certificate may be used as a 5 Appeal 2009-000773 Application 09/821,064 credential” and “[t]he SSO agent retrieves the certificate form the user to authenticate the user” (id.). Wood discloses a login component that obtains login credentials that, if authenticated, are sufficient to achieve the trust level requirement of an application or information resource to be accessed (FF 1), wherein the login credential types include those based on certificates and the like (FF 2). Thus, we find that Wood discloses receiving at an SSO agent an initial authentication request for a user, authenticating the user at the SSO agent for the initial authentication request, and retrieving by the SSO agent a certificate associated with the user. Further, in Wood, if the entity requesting access has not yet been authenticated to the trust level required for the particular access, the authorization component indicates that the access request is to be redirected to the login component so that login credentials may be obtained and authenticated to a particular trust level (FF 3), and the browser sends the login component a new access request using the URL specified in the redirect from gatekeeper/entry handler component (FF 4). We find that Wood also discloses “authenticating the user for subsequent authentication requests via the SSO agent using authentication data within the attribute certificate,” as recited in claim 1. That is, we find the new access request using the URL specified in the redirect to be a subsequent authentication request at the login component. Further, since the redirect is based upon the initial authentication data, which can be within a certificate, we find the subsequent authentication to be using the initial authentication data within the certificate. 6 Appeal 2009-000773 Application 09/821,064 Though Appellant contends that the SSO agent does not have a role “in both the initial authentication request and in the subsequent authentication requests” (App. Br. 6), the login agent of Wood plays a role in both the initial authentication request and the subsequent authentication request in the redirected process. As to Appellant’s argument that Wood’s “access will typically be allowed without the need for further login credentials and authentication” (id., emphasis omitted), such argument is not commensurate in scope with the language of claim 1. That is, claim 1 does not preclude typical access without the need for further login credentials and authentication but rather merely requires that there will be subsequent authentication. Thus, contrary to Appellants’ argument that in Wood’s disclosure, “no further authentication will be required” and that Wood “actually teaches away from Applicant’s claim requirement of performing subsequent authentication requests” (App. Br. 8), Wood does teach that subsequent authentication is required if the trust level is insufficient. We note also that the language of claim 1 does not require the subsequent authentication requests to be after a subsequent sign-on. That is, claim 1 merely requires that the subsequent authentication be made using authentication data within the attribute certificate (without any specifics as to how it is being used). Thus, we find claim 1 to merely require numerous authentications, wherein the subsequent authentication is by “using” authentication data. As to Appellant’s contention that “the motivational statement in the rejection fails to explain why one would have been motivated to employ the attribute certificates of Parker in the system of Wood” (App. Br. 7), since 7 Appeal 2009-000773 Application 09/821,064 Parker discloses an attribute certificate, we conclude that the exchange of one known element (Parker’s attribute certificate) with another (Wood’s certificate) would have yielded predictable results to one of ordinary skill in the art at the time of the invention. That is, we find that using an attribute certificate as that of Parker in place of the certificate of Wood is no more than a simple arrangement of old elements, with each performing the same function it had been known to perform, yielding no more than one would expect from such an arrangement. See KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The skilled artisan would “be able to fit the teachings of multiple patents together like pieces of a puzzle” since the skilled artisan is “a person of ordinary creativity, not an automaton.” Id. at 420-21. Appellants have presented no evidence that using Parker’s attribute certification as Wood’s certificate was “uniquely challenging or difficult for one of ordinary skill in the art” or “represented an unobvious step over the prior art.” See Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR, 550 U.S. at 418-19). Accordingly, for the above reasons, we affirm the rejection of claim 1 and claims 3, 11, 13, 19, and 21 falling therewith under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker. Claims 2, 5, 12, 15, 20, and 23 Appellant merely repeats that “Wood[’]s disclosure actually teaches way from the claim requirements” (App. Br. 10) for claims 2, 5, 12, 15, 20, and 23, and adds that “Riggins fails to remedy the deficiencies of a hypothetical combination of Wood[] and Parker” (id.). As discussed above, we do not find Wood to teach away and find no deficiencies with respect to 8 Appeal 2009-000773 Application 09/821,064 the combination of Wood and Parker. Accordingly, we also affirm the rejection of claims 2, 5, 12, 15, 20, and 23 under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and Riggins. Claims 4, 6, 7, 10, 14, 16, 17, 22, 24, and 25 Appellant again repeats that “Wood[’]s disclosure actually teaches away from the claim requirements” (App. Br. 11) for claims 4, 6, 7, 10, 14, 16, 17, 22, 24, and 25, and similarly contends that “Olden fails to remedy the deficiencies of a hypothetical combination of Wood[] and Parker” (id.). Since, as discussed above, we find that Wood does not teach away from the claim requirement of performing subsequent authentication requests, we also affirm the rejection of claims 4, 6, 7, 14, 16, 17, 22, 24, and 25 under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and Olden. However, since claim 10 depends from claim 9 which has not been rejected over prior art, we reverse the rejection of claim 10 under 35 U.S.C. § 103(a). Claims 8, 18, and 26 Appellant further repeats that “Wood[’]s disclosure actually teaches away from the claim requirements” (App. Br. 13) for claims 8, 18, and 26, and similarly contends that “Butt fails to remedy the deficiencies of a hypothetical combination of Wood[] and Parker” (App. Br. 12). For the reasons discussed above, we also affirm the rejection of claims 8, 18, and 26 under 35 U.S.C. § 103(a) as being unpatentable over Wood in view of Parker and Butt. 9 Appeal 2009-000773 Application 09/821,064 V. CONCLUSIONS A) Appellant has not shown that the Examiner erred in finding that 1) claims 1, 3, 11, 13, 19, and 21 are unpatentable over the teachings of Wood in view of Parker; 2) claims 2, 5, 12, 15, 20, and 23 are unpatentable over the teachings of Wood in view of Parker and Riggins; 3) claims 4, 6, 7, 14, 16, 17, 22, 24, and 25 are unpatentable over the teachings of Wood in view of Parker and Olden; and 4) claims 8, 18, and 26 are unpatentable over the teachings of Wood in view of Parker and Butt. B) Claim 9 is not rejected over prior art. C) Appellant has shown that the Examiner erred in finding that claim 10 depending from claim 9 is unpatentable over the teachings of Wood in view of Parker and Olden. D) Claims 1-8 and 11-26 are not patentable. VI. DECISION The Examiner’s decision rejecting claims 1-8 and 11-26 under 35 U.S.C. § 103(a) is affirmed and the Examiner’s decision rejecting claim 10 under 35 U.S.C. § 103(a) is reversed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART 10 Appeal 2009-000773 Application 09/821,064 peb HAMILTON & TERRILE, LLP IBM AUSTIN P.O. BOX 203518 AUSTIN, TX 78720 11 Copy with citationCopy as parenthetical citation
