Ex Parte Bennett et alDownload PDFPatent Trial and Appeal BoardAug 2, 201613034907 (P.T.A.B. Aug. 2, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/034,907 02/25/2011 87220 7590 08/03/2016 Walder Intellectual Property Law (END) C/O Walder Intellectual Property Law, P.C. 17304 Preston Road Suite 200 Dallas, TX 75252 FIRST NAMED INVENTOR Paul W. Bennett UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. AUS920110013US 1 1748 EXAMINER PAN, HANG ART UNIT PAPER NUMBER 2197 MAILDATE DELIVERY MODE 08/03/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte PAUL W. BENNETT, ELISA FERRACANE, WILLIAM J. O'DONNELL, and MICHAEL C. THOMPSON Appeal2014-009446 Application 13/034,907 Technology Center 2100 Before MICHAEL J. STRAUSS, JOHN F. HORVATH, and AMBER L. HAGY, Administrative Patent Judges. STRAUSS, Administrative Patent Judge. DECISION ON APPEAL Appeal2014-009446 Application 13/034,907 STATEMENT OF CASE Appellants appeal under 35 U.S.C. § 134(a) from a rejection of claims 1, 2, 4, 5, 9-11, 13, 14, and 18-20. We have jurisdiction under 35 U.S.C. § 6(b ). We affirm. THE INVENTION The claims are directed to security role testing using an embeddable container and properties object. Spec., Title. Claim 1, reproduced below, is representative of the claimed subject matter: 1. A method, in a data processing system having at least one processor, for performing security role definition testing, compnsmg: receiving, in a container of a runtime environment of the data processing system, an application having one or more methods and one or more security role definitions associated with the one or more methods; receiving, in the container, a properties object specifying both a user identifier to security role mapping structure that maps a plurality of user identifiers to corresponding security roles, and one or more test user identifiers to use to test an execution of the one or more methods of the application; executing, in the container, by the processor, a test application on the execution of the one or more methods of the application based on the user identifier to security role mapping structure in the properties object, the one or more test user identifiers in the properties object, and the security role definitions, wherein the test application tests an operation of the application with regard to the security role definitions by correlating the one or more test user identifiers with corresponding security roles using the user identifier to security role mapping structure and comparing the corresponding security roles of the one or more test user identifiers to the security role definitions associated with the one or more methods; and outputting a result of the execution of the test application on the execution of the one or more methods of the application. 2 Appeal2014-009446 Application 13/034,907 REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Mason Chang Styslinger US 2003/0093717 Al US 2003/0149893 Al US 2005/0138426 Al REJECTION May 15, 2003 Aug. 7, 2003 June 23, 2005 The Examiner rejected claims 1, 2, 4, 5, 9--11, 13, 14, and 18-20 under 35 U.S.C. § 103(a) as being unpatentable over Mason, Styslinger, and Chang. Final Act. 2-6. APPELLANTS' CONTENTIONS 1. There is no teaching of passing a properties object that has both a mapping structure and one or more test user identifiers in it to a . . . 1. . ,..1 1 · . . ,..1 • contamer contammg an app11cat10n anu a test app11cat10n, as rec1teu m the present independent claims. App. Br. 7, Reply Br. 2-10. 2. The combination of applied references fails to teach or suggest execution of the claimed test application in a container as required by the independent claims. App. Br. 9-11, Reply Br. 11-14. 3. The prior art fails to teach or suggest using more than one test user identifier in a sequential manner as required by claims 4 and 13. App. Br. 12-14. ANALYSIS We have reviewed the Examiner's rejections in light of Appellants' arguments that the Examiner has erred. We disagree with Appellants' conclusions. We adopt as our own (1) the findings and reasons set forth by 3 Appeal2014-009446 Application 13/034,907 the Examiner in the action from which this appeal is taken (Final Act. 2-8) and (2) the reasons set forth by the Examiner in the Examiner's Answer in response to Appellants' Appeal Brief (Ans. 2-11) and concur with the conclusions reached by the Examiner. We highlight the following for emphasis. Appellants argue none of the applied references disclose a properties object passed to a container including an application and a test application, the properties object including both (i) a structure mapping users to security roles and (ii) at least one test user identifier. App. Br. 7. According to Appellants, in Mason, "[t]here is no mention of a properties object such as is defined in the present independent claims." App. Br. 8. The Examiner responds by finding Mason discloses a container for performing security checks used in a run time environment and the need to receive test user ID information including test user ID and security roles. Ans. 7. The Examiner relies on Styslinger for teaching the need to correlate user names and authentication information in a file structure in a test environment and on Chang for teaching mapping user IDs with the role the user has for authentication purposes. Ans. 8. The Examiner concludes Id. [I]t would have been obvious at the time of the invention to a person of ordinary skill in the art to combine Mason, Styslinger and Chang to provide in a container file, a file structure that contains a plurality of test user IDs and a security mapping table for software testing (the file structure can provide the information of the user IDs that have been mapped to security roles to the container); this would save time compared to let user manually enter user IDs and authentication information during runtime. 4 Appeal2014-009446 Application 13/034,907 Appellants fail to persuasively rebut the Examiner's findings and conclusions. Appellants' argument that the individual references fail to teach or suggest the disputed generating step of receiving a properties object (App. Br. 7-9) is unpersuasive because it is based on an asserted deficiency of the individual references rather than addressing the Examiner's findings that the combination of Mason, Styslinger, and Chang teaches or suggests the disputed limitation. Nonobviousness cannot be established by attacking the references individually when the rejection is predicated upon a combination of prior art disclosures. See In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). In the present instance, Mason teaches the "how" (using containers in EJB) and Styslinger and Chang teach the "what" (what information would you want to automate using the programming structure of Mason), such that the combination teaches or suggests the entirety of the argued limitation. In contrast, Appellants' contention is merely attorney argument, unsupported by sufficient evidence to be persuasive of Examiner error. 1 Therefore, based on a preponderance of the evidence, we agree with the Examiner in finding the combination of Mason, Styslinger, and Chang teaches or suggests the argued step of receiving, in the container, a properties object specifying both a user identifier to security role mapping structure that maps a plurality of user identifiers to corresponding security roles, and one or more test user identifiers to use to test an execution of the one or more methods of the application. 1 Attorney arguments and conclusory statements that are unsupported by factual evidence are entitled to little probative value. See In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997); see also In re De Blauwe, 736 F.2d 699, 705 (Fed. Cir. 1984). 5 Appeal2014-009446 Application 13/034,907 In connection with contention 2, Appellants argue the prior art merely teaches "testing of an application in a container using a role of a user that submits a request to the container," not "a ... mechanism that performs such testing within the container using the mapping data structure and test user identifiers as received within the container as part of a properties object [as claimed]." Reply Br. 11. Appellants continue: At most, the alleged combination of references teaches the passing in of a user identifier and corresponding role as a parameter to the container at run time and determining if the user has access to a URI or EJB method based on the user's role using the EJB security mechanisms of the container. There is no properties object as recited in the present independent claims in any one, or a combination, of the references and thus, there is no teaching or suggestion to implement the specific features of executing as recited in the independent claims. Id. The Examiner responds, finding "[t]he combination of Mason, Styslinger and Chang discloses a container that contains an object with 1) a plurality of test user names, and 2) a role table that maps user names to their security roles." Ans. 10. The Examiner further finds [ d]uring execution time, the plurality of test user names and user roles that have been mapped using the role table are provided to the container, and the container (Mason paragraph [0015]) compares the role of a requesting user to the roles associated with a method to determine if the user can access the method. Id. The Examiner concludes the combination of Mason, Styslinger, and Chang teaches or suggests the argued limitation. To the extent Appellants are arguing the prior art is deficient because parameters are passed to the container at run time rather than at some other time, Appellants fail to explain where such argument is supported by claim language excluding performing such activities at run time or otherwise. 6 Appeal2014-009446 Application 13/034,907 Furthermore, we note in passing there are only a finite number of ways to (a) provide necessary data including (i) user identifier to security role mappings and (ii) test user identifiers to the test software, e.g., using a "container" or otherwise, and (b) run the software, whether within or outside of a container. Appellants fail to provide persuasive evidence that the claimed combination is other than the combination of familiar elements yielding no more than predictable results. See KSR Int 'l Co. v. Teleflex, Inc., 550 U.S. 398, 416-17 (2007). We further note a finite number of configurations or solutions within the skill and understanding of ordinarily skilled artisans can be indicative of obviousness: When there is a design need or market pressure to solve a problem and there are a finite number of identified, predictable solutions, a person of ordinary skill has good reason to pursue the known options within his or her technical grasp. If this leads to the anticipated success, it is likely the product not of innovation but of ordinary skill and common sense. KSR, 550 U.S. at 421. In sum, and in the absence of sufficient persuasive evidence or line of reasoning and based on a preponderance of the evidence, we agree with the Examiner in finding the combination of Mason, Styslinger, and Chang teaches or suggests the disputed executing step of the argued independent claims. Accordingly, we find Appellants' contention 2 unpersuasive of Examiner error. For the reasons supra, we are unpersuaded of Examiner error in rejecting the independent claims. Accordingly, we sustain the rejection of independent claim 1 and, for the same reasons, independent claims 10 and 20, under 35 U.S.C. § 103(a) over Mason, Styslinger, and Chang, together with the rejection of dependent claims 2, 5, 9, 11, 14, 18, and 19, which are not argued separately with specificity. 7 Appeal2014-009446 Application 13/034,907 In connection with contention 3, Appellants argue Mason's system is designed to receive a single user identifier as a runtime parameter for application testing in contrast to the plurality of user identifiers required by claim 4. App. Br. 12-13. The Examiner finds Styslinger stores a plurality of test user ID's with their authentication information in a file. The Examiner further finds [I]t would have been obvious in order to test a plurality of users, the object file containing a plurality of test user IDs and their authentication information should only provide to a container a single user ID at first, waits until the testing of this user is complete, then provides the next user ID to perform a test (i.e. providing the user IDs in a sequential manner), because the Mason's system does not disclose testing multiple users in parallel. Ans. 11. In reply, Appellants argue "[a ]t most Styslinger teaches a tester that can replay scripts using user ids and passwords, but does not teach or suggest the properties object or the testing of methods by a test application by testing using the test user identifiers specified in the properties object in a sequential manner." Reply Br. 13. We disagree with Appellants. As the Examiner finds, and we agree, Styslinger discloses plural test user ID's which, consistent with Styslinger's disclosure, one skilled in the art would have understood were to be used to sequentially test a system for the reasons articulated by the Examiner. See Ans. 11. Furthermore, we note in passing there are a finite number of ways to test a system using plural test parameters such as test user identifiers, whether sequentially as per Styslinger's system or in parallel. In the absence of evidence to the contrary, sequential versus parallel use of user identifiers to test a system amounts to mere design choice. Accordingly, having found 8 Appeal2014-009446 Application 13/034,907 Appellants' contention 3 unpersuasive of Examiner error, we sustain the rejection of claims 4 and 13 under 35 U.S.C. § 103(a) over Mason, Styslinger, and Chang. DECISION The Examiner's decision to reject claims 1, 2, 4, 5, 9--11, 13, 14, and 18-20 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 9 Copy with citationCopy as parenthetical citation