Ex Parte BenantarDownload PDFBoard of Patent Appeals and InterferencesDec 29, 201110045112 (B.P.A.I. Dec. 29, 2011) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte MESSAOUD BENANTAR ____________ Appeal 2009-011814 Application 10/045,112 Technology Center 2400 ____________ Before JOSEPH L. DIXON, HOWARD B. BLANKENSHIP, and DEBRA K. STEPHENS, Administrative Patent Judges. BLANKENSHIP, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1-30, which are all the claims remaining in the application. We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. Appeal 2009-011814 Application 10/045,112 2 Invention Appellant’s invention relates to managing digital certificates for computer-to-computer authentication. See Abstract; Spec. 1:8-12. Representative Claims 1. A method for processing digital certificates within a data processing system, the method comprising: determining a set of trust relations between a set of certificate authorities (CAs) in a trust web; representing the set of trust relations in an adjacency matrix, wherein a cell in the adjacency matrix corresponds to a pair of certificate authorities; performing a transitive closure computation on the adjacency matrix to generate a set of inter-CA trust path indicators that represent whether a trust path exists between a pair of certificate authorities; and performing an all-pairs-shortest-paths computation on the adjacency matrix to generate multiple sets of shortest trust paths between the certificate authorities. 10. A method for operating certificate authorities within a data processing system, the method comprising: establishing at a first certificate authority (CA) a trust relation with a second certificate authority; and sending a trust relation update message to a central trust web agent, wherein the central trust web agent processes trust relation information for a set of certificate authorities within a trust web. Appeal 2009-011814 Application 10/045,112 3 Examiner’s Rejections Claims 1-30 stand rejected under 35 U.S.C. § 102(b) as being anticipated by Van Oorschot (US 6,134,550). ANALYSIS Claims 1-9, 24, 27, 30 For purposes of our review of the § 102(b) rejection of claims 1-9, 24, 27, and 30, we consider claim 1 to be representative. The Examiner rejects claim 1 over Van Oorschot, finding that the reference describes both of performing a transitive closure computation on the adjacency matrix and performing an all-pairs-shortest-paths computation on the adjacency matrix, as claimed, at column 4, lines 52 through 57. Ans. 3. In response to Appellant’s arguments that Van Oorschot fails to disclose the two distinct computations that are claimed, the Examiner expands the basis and reasoning for the rejection in the Answer. VO [Van Oorschot] discloses compilation of certificate chain data to generate a table of trust relationships among the certificate issuing units (VO: column 4 lines 52-62 and figure 7a; column 10 lines 59-62: the intermediate level chain data) and the compilation of certificate chain data is different from the shortest-path computation (VO: column 4 lines 65-67 and figure 7b; column 11 lines 24-26: the shortest path table is the high level certificate chain data) in which the compilation of certificate chain data takes place before the shortest-path computation to ensure validity of path. . . . . [T]he table of trust relationships (transitive disclosure computation) is intermediate level chain data while the Appeal 2009-011814 Application 10/045,112 4 shortestes [sic; shortest] path table (shortest path computation) is high level certificate chain data derived from the intermediate level chain data. Ans. 7. Appellant’s Specification teaches what constitutes a “transitive closure computation.” The transitive closure is then computed over the adjacency matrix (step 406) [Fig. 4]. The transitive closure represents whether there is a path, i.e. set of edges, through the directed graph for any two nodes in the directed graph. Hence, the transitive closure can also be represented with a matrix with each cell reflecting whether or not there is a path between the entities that correspond to the row and the column for the cell. Several algorithms exist for computing the transitive closure matrix from an adjacency matrix; “Warshall’s algorithm” is frequently used for this type of computation, which is also known as solving the reachability problem for a set of nodes in a graph. Spec. 26:11-23. Thus, while the Specification admits that a “transitive closure computation” was well known and conventional, 1 we agree with Appellant to the extent that Van Oorschot has not been shown to disclose a transitive closure computation as claimed. In particular, we find no clear description of such a computation in the portions of the reference relied upon in the Answer. While the rejection might contemplate that the “intermediate level chain data” (Van Oorschot Fig. 7a) represents an intermediate operation before approaching the shortest trusted certificate chain (Fig. 7b), in the sense that the transitive closure computation is an intermediate step prior to 1 “The present invention recognizes that a transitive closure computation can be applied to a trust web.” Spec. 26:24-25. Appeal 2009-011814 Application 10/045,112 5 the “all pairs shortest paths” computation as taught by the Specification, the rejection fails to show that the “intermediate level chain data” of the reference corresponds to a transitive closure computation as claimed. The rejection does not set out how and why one of ordinary skill in the art would conclude that the “intermediate level certificate chain data” as depicted in Figure 7A of the reference represents or results from a transitive closure computation. Moreover, as noted by Appellant in the Reply Brief, Van Oorschot makes no reference to an “adjacency matrix,” much less to any step of performing a “transitive closure computation on the adjacency matrix.” As a consequence of the noted deficiencies, we cannot sustain the § 102(b) rejection of claims 1-9, 24, 27, and 30 over Van Oorschot. Claims 10-23, 25, 26, 28, 29 Appellant groups claims 10 through 30 together but argues specifics of claims 10 and 22. Accordingly, we will decide the appeal with respect to this group of claims on the basis of claim 10 and claim 22. See 37 C.F.R. § 41.37(c)(1)(vii). However, as noted in the previous section, we do not sustain the rejection of claims 24, 27, and 30. Appellant contends that Van Oorschot does not disclose sending a trust relation update message to a central trust web agent, as recited in claim 10. According to Appellant, Van Oorschot discloses a variety of techniques for updating the certificate chain database 208 (which include periodically polling the distributed directory or other sources of certificate data), but fails to disclose using trust relation update messages from the certificate authorities. App. Br. 8-9. Appeal 2009-011814 Application 10/045,112 6 The Examiner finds that Figure 3 of Van Oorschot shows a “distributed” central web agent that interacts with a plurality of certificate authorities, which provide certificate chain information to the central web agent for compilation, and periodically provide an update or revocation list to the central agent in order to establish the up-to-date certificate chain data. The Examiner further refers to column 5, lines 53 through 60 of the reference, which discloses that the certificate authority trust data may include cross-certification data and revocation data, which is periodically updated as needed. Ans. 8. Appellant responds in turn that Van Oorschot discloses the “reverse” process for updating the certificate chain database 208 by having the certificate chain data generator 400 periodically poll the distributed directory 302 or other sources of certificate data to determine whether updates in the certificate trust data have occurred. Reply Br. 3. Appellant refers to column 7, line 62 through column 8, line 13 of the reference. Id. With respect to “sending a trust relation update message” to a central trust web agent as recited in claim 10, we agree with the Examiner that the claim does not distinguish over a certificate validating unit sending a query and receiving certificate chain information in response. In particular, Van Oorschot discloses that the certificate chain constructing unit “transmits” the certificate chain information in response to the query (col. 6, ll. 1-11). The received certificate chain information qualifies as a “trust relation update message” within the meaning of claim 10, because the data updates the trust relation data with respect to the certificate validating unit. Claim 22 is more specific in that a central trust web agent receives “from a certificate authority (CA)” a trust relation update message. Appeal 2009-011814 Application 10/045,112 7 However, we agree with the Examiner that Van Oorschot’s description of periodically polling the distributed directory or other sources of certificate data to determine whether updates in the certificate trust data has occurred (col. 7, l. 63 - col. 8, l. 13) is sufficient to meet the terms of claim 22, as the source of the update data are the certification authorities (CA’s) themselves. Claim 22 is also more specific than claim 10 in that it recites modifying a set of trust relations for the set of certificate authorities within the trust web, but which is also described by Van Oorschot at least at column 7, line 63 through column 8, line 13. The reference at the indicated section discloses modifying the certificate chain database when a certification authority is added to the community of interest. To the extent that we have considered Appellant’s bare allegation that the reference does not disclose modifying “based on an indicated request in the trust relation update message,” we note that the update data from the newly added CA’s in the community of interest is at least an implied request to modify the set of trust relations in the certificate chain database.2 2 Moreover, the name given to the data, “indicated request,” is not entitled to weight in the patentability analysis. See Ex parte Nehls, 88 USPQ2d 1883, 1887-90 (BPAI 2008) (precedential) (discussing non-functional descriptive material). Similarly, although we agree with the Examiner that Van Oorschot describes a “trust relation update message,” what the data is called is not entitled to patentable weight, as the “trust relation update message” of representative claims 10 and 22 affects neither the functionality of the recited methods nor the structure or function of any underlying apparatus implied by the methods. At most, the only functional or structural change related to the “trust relation update message” is the claim 22 recitation of “modifying a set of trust relations for the set of certificate authorities within the trust web” based on data received at a central trust web agent from a certificate authority (CA). Appeal 2009-011814 Application 10/045,112 8 We therefore are not persuaded of error in the rejection of claims 10- 23, 25, 26, 28, 29. We sustain the § 103(a) rejection over Van Oorschot. DECISION The rejection of claims 1-30 under 35 U.S.C. § 102(b) as being anticipated by Van Oorschot is reversed with respect to claims 1-9, 24, 27, and 30 but affirmed with respect to claims 10-23, 25, 26, 28, and 29. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 41.50(f). AFFIRMED-IN-PART tkl Copy with citationCopy as parenthetical citation