Ex Parte Brennan

Board of Patent Appeals and Interferences

Jun 16, 2008

10050752 (B.P.A.I. Jun. 16, 2008)

UNITED STATES PATENT AND TRADEMARK OFFICE
____________

BEFORE THE BOARD OF PATENT APPEALS
AND INTERFERENCES
____________

Ex parte SEAN BRENNAN
____________

Appeal 2007-3485
Application 10/050,752
Technology Center 2100
____________

Decided: June 16, 2008
____________

Before JOSEPH L. DIXON, HOWARD B. BLANKENSHIP, and
JAY P. LUCAS, Administrative Patent Judges.

DIXON, Administrative Patent Judge.

DECISION ON APPEAL
This is a decision on appeal under 35 U.S.C. § 134 from the
Examiner's final rejection of claims 4, 5, 7-13, and 16-34. Claims 1-3, 14,
and 15 have been withdrawn from consideration after a restriction
requirement, and claims 6, 24-27, and 31-34 have been canceled. We have
jurisdiction under 35 U.S.C. § 6(b).

Appeal 2007-3485
Application 10/050,752

We AFFIRM.

BACKGROUND
Appellant’s invention relates to a system and method for
accomplishing two-factor user authentication using the Internet. An
understanding of the invention can be derived from a reading of exemplary
claim 4 which is reproduced below.
4. A method of accomplishing two-factor user
authentication, comprising:

providing first and second user authentication methods, wherein
the first and second user authentication methods are selected to
authenticate at least two factors associated with the user;

enabling a user to communicate authentication data for both
authentication methods to a first web site using the internet;

authenticating the user at the first web site using the first
authentication method;

enabling the communication of at least some of the
authentication data from the first web site to a second web site using
the internet;

authenticating the user at the second web site based on the
authentication data transferred from the first web site using the second
authentication method; and

wherein both web sites are involved in user authentication using
the authentication data and wherein access to content on the first web
site is restricted if the user is not authenticated to both web sites.

2
Appeal 2007-3485
Application 10/050,752

PRIOR ART
The prior art references of record relied upon by the Examiner in
rejecting the appealed claims are:

Ying US 6,853,980 B1 Feb. 8, 2005
Tan US 2001/0045451 A1 Nov. 29, 2001
Krueger US 2002/0077837 A1 Jun. 20, 2002

Aladdin. "eToken: The Key to Security for the Internet Age", July 20,
2000.

RSA Security, Inc. "RSA Web Security Portfolio - How RSA SecurID
Agents Can Secure Your Website", August 2000.

Stallings, William. Network Security Essentials, Applications and
Standards, Prentice- Hall, Inc., pp. 203-223.

REJECTIONS
Claims 4-5, 7-9, 18, 21, and 28 stand rejected under 35 U.S.C. 103(a)
as being unpatentable over Ying and Krueger.
Claims 10-12, 19-20, 22, 23, 29, and 30 stand rejected under 35
U.S.C. 103(a) as being unpatentable over Ying and Krueger further view of
RSA.
Claim 13 stands rejected under 35 U.S.C. 103(a) as being
unpatentable over Ying, Krueger and RSA further view of Tan and Aladdin.
Claims 16-17 stands rejected under 35 U.S.C. 103(a) as being
unpatentable over Ying, Krueger and RSA further in view of Stallings.

3
Appeal 2007-3485
Application 10/050,752

Rather than reiterate the conflicting viewpoints advanced by the
Examiner and Appellant regarding the above-noted rejection, we make
reference to the Examiner's Answer (mailed Jan. 17, 2007) for the reasoning
in support of the rejections, and to Appellant’s Brief (filed Oct. 18, 2006) for
the arguments thereagainst.

OPINION
In reaching our decision in this appeal, we have given careful
consideration to Appellant’s Specification and claims, to the applied prior art
references, and to the respective positions articulated by Appellant and the
Examiner. As a consequence of our review, we make the determinations
that follow.
35 U.S.C. § 103(a)

"Section 103 forbids issuance of a patent when 'the differences
between the subject matter sought to be patented and the prior art are
such that the subject matter as a whole would have been obvious at
the time the invention was made to a person having ordinary skill in
the art to which said subject matter pertains.'" KSR Int'l Co. v.
Teleflex Inc., 127 S. Ct. 1727, 1734 (2007).

In KSR, the Supreme Court emphasized "the need for caution in
granting a patent based on the combination of elements found in the prior
art," Id. at 1739, and discussed circumstances in which a patent might be
determined to be obvious. KSR, 127 S. Ct. at 1739 (citing Graham v. John
Deere Co., 383 U.S. 1, 12 (1966)). The Court reaffirmed principles based
on its precedent that "[t]he combination of familiar elements according to
known methods is likely to be obvious when it does no more than yield
4
Appeal 2007-3485
Application 10/050,752

predictable results." Id. The operative question in this "functional
approach" is thus "whether the improvement is more than the predictable use
of prior art elements according to their established functions." Id. at 1740.
The Federal Circuit recently recognized that "[a]n obviousness
determination is not the result of a rigid formula disassociated from the
consideration of the facts of a case. Indeed, the common sense of those
skilled in the art demonstrates why some combinations would have been
obvious where others would not." Leapfrog Enters., Inc. v. Fisher-Price,
Inc., 485 F.3d 1157, 1161 (Fed. Cir. 2007) (citing KSR, 127 S. Ct. 1727,
1739 (2007)). The Federal Circuit relied in part on the fact that Leapfrog
had presented no evidence that the inclusion of a reader in the combined
device was “uniquely challenging or difficult for one of ordinary skill in the
art” or “represented an unobvious step over the prior art." Id. (citing KSR,
127 S. Ct. at 1740-41).
One cannot show nonobviousness by attacking references individually
where the rejections are based on combinations of references. In re Merck
& Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986).
However, nonfunctional descriptive material cannot render
nonobvious an invention that would have otherwise been obvious. In re
Ngai, 367 F.3d 1336, 1339 (Fed. Cir. 2004). Cf. In re Gulack, 703 F.2d
1381, 1385 (Fed. Cir. 1983) (when descriptive material is not functionally
related to the substrate, the descriptive material will not distinguish the
invention from the prior art in terms of patentability).

5
Appeal 2007-3485
Application 10/050,752

The Patent and Trademark Office (PTO) must consider all claim
limitations when determining patentability of an invention over the prior
art." In re Lowry, 32 F.3d 1579, 1582 (Fed. Cir. 1994) (citing In re Gulack,
703 F.2d 1381, 1385 (Fed. Cir. 1983)). "Claims must be read in view of the
specification, of which they are a part." Markman v. Westview Instruments,
Inc., 52 F.3d 967, 979 (Fed. Cir. 1995) (en banc). "[T]he PTO gives claims
their 'broadest reasonable interpretation.'" In re Bigio, 381 F.3d 1320, 1324
(Fed. Cir. 2004) (quoting In re Hyatt, 211 F.3d 1367, 1372 (Fed. Cir. 2000)).
"Moreover, limitations are not to be read into the claims from the
specification." In re Van Geuns, 988 F.2d 1181, 1184 (Fed. Cir. 1993)
(citing In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 1989)).
At the outset, we note that Appellant has elected to group independent
claims 4, 21, and 28 together in a group as indicated at page 11 of the Brief.
Therefore, we select independent claim 4 as the representative claim and
will address arguments thereto.
From our initial review of the teachings of Ying in view of Krueger,
we find the combined teachings to teach and fairly suggest the use of
multiple user authentications or verifications of a user and user’s credit card
information across plural websites to allow a user to access content on the
first website which is restricted if the user is not authenticated to both
websites. Clearly, if the credit card information for a user is not verified,
authenticated, or approved by the second website, the user will not be able to
access the content (which is the fonts available for purchase) if payment is
not made. We find this combination clearly teaches the invention as recited
6
Appeal 2007-3485
Application 10/050,752

in independent claim 4. Therefore, we look to Appellant's responsive
arguments to show error in the Examiner's initial showing of obviousness
over the combined teachings of Ying and Krueger.
Appellant argues that neither Ying nor Krueger teaches or suggests an
authentication method and system using at least two different factors at two
or more websites as taught by Appellant and claimed in independent claim 4.
(App. Br. 12 and 13). Appellant relies upon Appellant’s Specification at
page 9, lines 10-18, to support this position. From our review of Appellant’s
Specification, we find that the relied upon portion is not commensurate in
scope with the broader language of independent claim 4. Therefore,
Appellant's reliance thereon is not persuasive of error in the Examiner's
initial showing of obviousness.
Appellant argues that it is well-known in the security field that
authentication can be based upon three factors: (1) what you know, (2) what
you have, and (3) what you are. Authentication based on one of these
factors is termed a single-factor authentication and authentication based on
two of these factors is termed a two-factor authentication. (App. Br. 13).
Here, Appellant maintains that Appellant teaches adding a token to a
password authenticated website to authenticate not only what you know
(password) but also what you have (token).
Unfortunately, we do not find support in the language of independent
claim 4 for Appellant’s proffered inclusion of a token in independent claim
14, which is expressly recited in dependent claim 10. Hence, independent
7
Appeal 2007-3485
Application 10/050,752

claim 4 is broader than the proffered inclusion of a token. Therefore,
Appellant's argument is not persuasive of error in the Examiner's initial
showing of obviousness.
Appellant argues that the portions of Ying relied upon by the
Examiner do not describe authentication of an end user at a second site or
server. (App. Br. 14). Appellant argues that Ying described approving or
verifying an end user’s credit card information without authenticating his
identity at the second server. (App. Br. 14). Here again, Appellant's
argument regarding authenticating the identity goes beyond the express
language of independent claim 4 and is not persuasive of error in the
Examiner's initial showing.
Appellant argues that credit card "verification" does not attest what
you know, what you have, or what you are, and is therefore not user
authentication. (App. Br. 14). We disagree with Appellant wherein a user
generally has a credit card (tangible item) in his or her possession to read
and input the appropriate information. Just as with a token which may be
changing or not. Furthermore, Appellant has not identified any express
definition or interpretation of any of the recited claim limitations in
Appellant's Specification with which to further interpret the claim
limitations at issue. Therefore, we do not find Appellant's argument
persuasive of error in the Examiner's initial showing of obviousness.
Appellant argues that the credit card processor in Ying is not an
authentication method and that the card information is at most what the end
user “knows” rather than what the end user “has” such as a token-generated
synchronous code enabling the card information processing server to
8
Appeal 2007-3485
Application 10/050,752

authenticate the identity of the end user. (App. Br. 15). Again, Appellant's
argument is not commensurate in scope with the language of independent
claim 4 and therefore is not persuasive of error in the Examiner's initial
showing of obviousness.
Appellant further argues that there must be some suggestion or
motivation to modify the references or to combine the reference teachings
and that the relied upon teachings only teach a single factor authentication.
Here, we disagree with Appellant concerning the single factor authentication
of the same type. Therefore, we do not find Appellant's argument persuasive
of error in the Examiner's combination as set forth in the Answer. Since
Appellant has not shown error in the Examiner's initial showing of
obviousness of independent claim 4, we will sustain the rejection of
independent claim 4 and corresponding dependent claims 5, 9, and 18 which
are grouped therewith by Appellant.
Appellant additionally includes paragraphs directed to dependent
claims 7 and 8, but merely sets forth the language of these claims without a
specific argument for patentability. Therefore, these claims will fall with
independent claim 4.
Appellant additionally includes paragraphs directed to independent
claims 21 and 28, but reiterates the same arguments advanced with respect to
dependent claim 4. Therefore, these claims will fall with independent claim
4.

9
Appeal 2007-3485
Application 10/050,752

With respect to dependent claims 10-12, 19, 20, 22, 23, 29, and 30
(we note that Appellant has canceled claims 24-27 and 31-34), Appellant
argues that neither Ying nor Krueger discloses either user identification at a
second website or a second factor of authentication to an existing single
factor authentication system and that RSA also fails to show a two factor
authentication method. We select dependent claim 10 as the representative
claim for this grouping and address arguments thereto.
We disagree with Appellant's argument as discussed above with
respect to the two-factor authentication. Hence, we do not find Appellant's
argument persuasive of error in the Examiner's initial showing of
obviousness. Appellant further argues that there is no suggestion or
motivation to combine RSA with Ying and Krueger, but Appellant provides
no evidence to show error in the Examiner's proffered motivation.
Therefore, we do not find Appellant's argument persuasive of error in the
Examiner's initial showing of obviousness, and we will sustain the rejection
of dependent claims 10-12, 19, and 20.
Appellant additionally includes a paragraph directed to dependent
claim 22, and Appellant presents the same arguments advanced with respect
to dependent claim 10. Therefore, we do not find Appellant's argument
persuasive of error in the Examiner's initial showing of obviousness, and we
will sustain the rejection of dependent claims 22, 23, 29, and 30 as grouped
therewith by Appellant.

10
Appeal 2007-3485
Application 10/050,752

CONCLUSION
To summarize, we have sustained the rejection of claims 4, 5, 7-13,
16-23, and 28-30 under 35 U.S.C. § 103(a).
No time period for taking any subsequent action in connection with
this appeal may be extended under 37 CFR § 1.136(a).

AFFIRMED

pgc

SCHWEGMAN, LUNDBERG & WOESSNER, P.A.
P.O. BOX 2938
MINNEAPOLIS, MN 55402
11