Ex Parte Brown et alDownload PDFPatent Trial and Appeal BoardDec 19, 201411750568 (P.T.A.B. Dec. 19, 2014) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte MICHAEL S. BROWN, NEIL ADAMS, STEVEN FYKE, and HERBERT LITTLE ____________ Appeal 2012-008492 Application 11/750,568 Technology Center 2600 ____________ Before LEE E. BARRETT, JEAN R. HOMERE, and DANIEL N. FISHMAN, Administrative Patent Judges. BARRETT, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1–3, 9–16, and 21–25. Claims 4–8 and 17–20 have been canceled. We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. THE INVENTION The invention relates to protecting data in a mobile communications device which may be lost or stolen. The Specification describes that a mobile device memory may be wiped in response to a “kill packet” or a policy message to protect the security of stored data. However, it is possible that a device wipe that should otherwise have occurred will not occur due to Appeal 2012-008492 Application 11/750,568 2 the mobile device turning off due to a discharged battery. Spec. ¶ 44. The claims relate to determining if a battery level in a mobile communications device falls below a predetermined threshold below and performing a security action of encrypting at least some of the data on a storage element if the battery power falls below the predetermined threshold. Id. Claim 1 is reproduced below. 1. A mobile communications device, comprising: a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a battery connected to the processor; a persistent storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to determine if a battery level of the battery falls below a predetermined threshold and perform a security action comprising encrypting at least some of the data on the storage element if the battery power falls below the predetermined threshold. THE PRIOR ART Knapczyk US 5,131,040 July 14, 1992 Wright et al. (Wright) US 2004/0123153 A1 June 24, 2004 Dunstan US 2005/0044433 A1 Feb. 24, 2005 Kim US 2005/0070339 A1 Mar. 31, 2005 Dietl et al. (Dietl) US 2005/0136979 A1 June 23, 2005 Levi et al. (Levi) US 2007/0100978 A1 May 3, 2007 (filed Nov. 3, 2005) Appeal 2012-008492 Application 11/750,568 3 THE REJECTIONS Claims 1, 3, 12, 13, 15, 24, and 25 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Wright in view of Knapczyk, further in view of Dunstan. Claims 2, 14, and 16 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Wright, Knapczyk, and Dunstan, further in view of Kim. Claims 9, 10, 21, and 22 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Wright, Knapczyk, and Dunstan, further in view of Dietl. Claims 11 and 23 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Wright, Knapczyk, and Dunstan, further in view of Levi. ANALYSIS Claims 1, 3, 12, 13, 15, 24, and 25 – Wright, Knapczyk, Dunstan Independent claim 1 Wright teaches a mobile communications device. Wright, ¶ 46. Knapczyk discloses actively erasing encryption keys stored in static memory if the battery level of a back-up battery falls below a threshold while a successful erase can still be guaranteed. Knapczyk states that “[e]ncryption keys are normally stored in memory devices that require a constant power source in order to preserve memory integrity,” Knapczyk, 1:36–38, e.g., a static memory. Knapczyk discloses that an AC power source can be used with fixed equipment installations to maintain the memory, but “some kind of backup power supply is required in order to preserve encryption keys should partial or total failure of A.C. power come to pass.” Knapczyk, 1:45–48. Knapczyk states that it is important to keep Appeal 2012-008492 Application 11/750,568 4 encryption keys out of the hands of an adversary and if main voltage fails, a battery backup may “decay to the point where it is no longer possible to successfully erase an associated key store.” Knapczyk, 1:54–56, 3:21–24. Knapczyk describes that when a back-up battery falls below a predetermined threshold, the microprocessor is powered up and executes a code segment that writes logic zeros or any other predetermined values into the associated memory. Knapczyk, 3:17–40. Simultaneously, a memory shutoff pulse is applied to the memory regulator: The memory shutoff pulse causes power to be removed from the memory (104) for a short interval. As is well-known, the removal of power form a static memory device tends to result in stored information being lost. This additional attempt at key erasure affords added security. Knapczyk, 3:53–58. Knapczyk discloses that “the removal of power from a static memory device tends to result in stored information being lost,” and therefore recognizes that there is some amount of persistence in a static memory (known in the art as “data remanence”) or it would not be necessary to take the step of overwriting the encryption keys in memory; the step of removing power is an additional step at erasure. However, the static memory in Knapczyk is not a “persistent storage element.” Knapczyk corresponds to Appellants’ embodiment of overwriting data stored on permanent and transient storage with meaningless bits (e.g., all zeros or all ones), paragraph 41, and the security sub-process of Figure 4, paragraph 44. Knapczyk discloses “a security module operable to determine if a battery level of the battery falls below a predetermined threshold and perform a security action comprising [overwriting with logic zeros or any other predetermined values] at least some of the data on the storage element Appeal 2012-008492 Application 11/750,568 5 if the battery power falls below the predetermined threshold,” as recited in claim 1. The differences are that Knapczyk discloses that the security action is “overwriting with logic zeros or any other predetermined values,” not “encrypting,” and discloses a static memory, not a “persistent storage element,” Ans. 14. Dunstan describes that a “system, such as a Personal Computer (PC), may enter a low-power state during a period of relative inactivity,” Dunstan, ¶ 1. “In some cases, context information may be saved when the system enters the low-power state (e.g., by saving an operating system and memory image to a non-volatile storage device). The context information may then be retrieved when the system returns to a higher-power state.” Dunstan, ¶ 2. Dunstan recognizes that by saving context information to a non-volatile storage device, such as a hard disk drive 220 or another type of non-volatile storage device, confidential information may be exposed. Dunstan, ¶¶ 18, 40. Dunstan describes determining when a system is to enter a low-power state based on current system workload, power failure, or user action. Dunstan, ¶ 20. Power failure is the relevant teaching here. In response to determining that the system is to enter a low-power state, “the system context information is encrypted before being saved directly to non-volatile memory.” Dunstan, ¶ 21. Dunstan further states: [I]n some cases the system context information might be saved to non-volatile memory because of a system power failure (e.g., the power failure might have triggered a transition to a low-power state). As a result, the maximum amount of information that can be saved might be limited by the amount of power available from a back-up power source. To reduce the amount of information that needs to be saved, FIG. 5 is a flow chart of a method that includes compression according to some embodiments. Appeal 2012-008492 Application 11/750,568 6 Dunstan, ¶ 26. Thus, Dunstan teaches taking a security action of encrypting and saving system context information to a non-volatile memory (“persistent storage element”) when it is determined that the system has lost power (i.e., the power has fallen below a predetermined threshold) and while sufficient power is available from a back-up power source. Accordingly, both Knapczyk and Dunstan teach taking a security action on data in memory in response to loss of power. Further, both Knapczyk and Dunstan teach taking the security action while sufficient battery (back-up) power remains to perform the security action. Knapczyk teaches taking a security action of overwriting data in memory when it is determined that the battery power falls below a predetermined threshold. Knapczyk’s teaching of writing “any predetermined values into the associated memory, not just logic zeros” (Knapczyk, 3:39–40) suggests using other methods to destroy the data. While we think that one of ordinary skill in the art would appreciate that Knapczyk’s teaching of overwriting (wiping or erasing) data in a memory in response to the level of a battery falling below a predetermined level is not limited to erasing encryption keys (the specific type of data) or the type of memory, volatile or non-volatile, Dunstan teaches encrypting data in a persistent memory in response to determining a loss of power and while sufficient back-up power remains. It would have been obvious in view of Dunstan to encrypt data in a non- volatile memory instead of overwriting the data in static memory as taught by Knapczyk. Encrypting data instead of overwriting is simply an alternate way of making the data in memory unusable. Dunstan encrypts the data Appeal 2012-008492 Application 11/750,568 7 because it later decrypts and uses it, but there is no such recovery of data claimed here; encryption merely is another way of erasing the data. Appellants argue that because Knapczyk discloses erasing encryption keys in static memory, “Knapczyk is in a different field from mobile communication devices and in particular persistent storage elements on those devices.” Appeal Br. 13. Knapczyk discloses that “the removal of power from a static memory device tends to result in stored information being lost,” and therefore that some amount of data may remain in a static memory or it would not be necessary to take the additional step of overwriting the encryption keys in memory. The fact that Knapczyk describes keys in static memory does not make it nonanalogous art as Appellants argue. In fact, Appellants’ Specification describes erasing data on permanent and transient storage. Spec. ¶ 41. Knapczyk is clearly related to the problem faced by Appellants of making sure that data stored in memory cannot be recovered. Appellants argue that because Knapczyk teaches overwriting encryption keys, combining Knapczyk with any reference would not result in the combination recited in claim 1 that recites the encryption of data stored on a persistent storage element. Appeal Br. 13. However, Dunstan teaches encrypting data on a persistent storage element. Appellants’ attack of the references individually is not persuasive because the Examiner’s rejection is based on obviousness and the collective teachings of the references. Appellants argue that “Dunstan does not contemplate a security action based on battery level falling below a threshold.” Appeal Br. 13. Knapczyk teaches a security action based on a battery level falling below a threshold. Appeal 2012-008492 Application 11/750,568 8 Appellants’ attack of the references individually is unavailing because the Examiner’s rejection is based on obviousness, and on the combination of the references. In addition, however, Dunstan discloses determining when the system is to enter a low power state and taking a security action on data in non-volatile memory (Fig. 3) and discloses that the encryption must take place while sufficient back-up power remains, which indicates that Dunstan must be aware of the battery level. Appellants argue here and with respect to other claims that “[n]either [Knapczyk nor Dunstan] discloses encrypting data stored on a persistent memory of a mobile communications device in response to the battery level of the device falling below a threshold.” Appeal Br. 15. This fails to address the combination: Knapczyk discloses a security action to destroy data in memory in response to the battery level of the device falling below a threshold, Dunstan discloses encrypting data on a persistent memory in response to a loss of power but where sufficient backup power remains, and Wright discloses a mobile communications device in which the security techniques of Knapczyk and Dunstan would be useful. Appellants argue that there is no motivation to combine Knapczyk and Dunstan because “encrypting data would require encryption keys, which Knapczyk teaches to overwrite.” Appeal Br. 13. Again, Appellants do not address the obviousness combination. Dunstan discloses a security action of encrypting data which takes the place of overwriting in Knapczyk. Appellants argue that the Examiner erred in stating that the “persistent storage element” in claims 1, 13, and 25 includes RAM because one skilled in the art would understand RAM to be volatile and not persistent. Appeal Br. 14. The Examiner states that substituting a persistent memory for RAM Appeal 2012-008492 Application 11/750,568 9 would yield predictable results. Ans. 16. Dunstan discloses encrypting data in a persistent memory so arguments about Knapcyzk’s RAM are, once again, irrelevant in view of the Examiner’s rejection based on the combined teachings. Appellants argue that “a person skilled in the art would not have been motivated to look to Dunstan because encrypting data stored on RAM in the context of the present claims would not be useful, as any data stored on RAM would be lost once the battery of the mobile device loses power.” Appeal Br. 14. This sounds like a nonanalogous art argument. However, Dunstan discloses that a security danger occurs when data is stored on non- volatile storage device, Dunstan, ¶ 18, and that “the system context information might be saved to non-volatile memory because of a system power failure” and encrypting data before storing it on non-volatile memory. Dunstan, ¶ 26; Fig. 5. Thus, Dunstan discloses encrypting data stored in non-volatile (persistent) memory. Dunstan is clearly related to the same problem facing the Appellants of making data in memory unusable. Appellants argue that an advantage of the security module recited in claim 1 is “that data stored on the device is encrypted before the battery loses power so that the data is stored in a secure manner should the mobile device subsequently become lost or stolen and unable to receive a security command via wireless communications.” Appeal Br. 14. It is argued that this is not a concern for data stored on RAM because the data will be lost once the battery loses power. Dunstan discloses encrypting and storing data into non-volatile memory after a system power failure and while the back-up power supply has sufficient power. Dunstan, ¶ 26. This is in addition to the teachings of taking a security action before the battery loses too much power Appeal 2012-008492 Application 11/750,568 10 in Knapczyk. The claims do not recite anything about the mobile device being unable to receive a security command via wireless communication. Appellants argue there is no motivation to combine Knapczyk with any reference that teaches encrypting the data based on battery level because the data in Knapczyk would be lost in any event. Reply Br. 3. Knapczyk indicates that the data may not be completely lost or there would be no reason for overwriting data. One of ordinary skill in the art would have been motivated to use Knapczyk’s teaching of overwriting data in memory based on the battery threshold whenever it is necessary to protect data. Appellants argue that it makes no sense to replace the RAM in Dunstan with persistent memory because Dunstan already includes non-volatile memory. Reply Br. 3. It is sufficient for the rejection that Dunstan discloses encrypting data in non-volatile memory. For the reasons stated above, we affirm the rejection of claim 1. Independent claim 13 Appellants rely on the same arguments for the method of claim 13 as for claim 1. Appeal Br. 15. The rejection of claim 13 is affirmed for the reasons stated with respect to claim 1. Independent claim 25 Appellants rely on the same arguments for the computer program product of claim 25 as for claim 1. The rejection of claim 25 is affirmed for the reasons stated with respect to claim 1. In addition, it is noted that Dunstan describes that the method of determining a low-power state and performing a security action including encrypting and storing data on non- volatile storage is performed by a computer and, thus, a computer program. Appeal 2012-008492 Application 11/750,568 11 Dependent claims 3 and 15 Appellants rely on the same arguments as for claims 1 and 13. The rejection of claims 3 and 15 is affirmed for the reasons stated with respect to claims 1 and 13. Dependent claims 12 and 24 Appellants argue that claims 12 and 24 are patentable because they depend on claims 1 and 13. Appeal Br. 17. Because we sustain the rejection of claims 1 and 13 this argument is not persuasive. Appellants also argue that “neither [Knapczyk nor Dunstan] discloses selectively erasing or encrypting data store in persistent memory. In both Knapczyk and Dunstan, all of the encryption keys or information is treated the same.” Appeal Br. 17. The Examiner states that Knapczyk teaches a key erase sequence and Dunstan teaches encrypting stored data. Ans. 7. Claim 12 and 24 recite that the security module or security action “is configurable by the user to encrypt the data on the storage element, or selectively encrypt portions of the data on the storage element.” That is, the security module or action is configurable to encrypt all or some of the data. Knapczyk discloses selectively erasing encryption keys. Dunstan discloses that “a BIOS may arrange for some or all of the system context information in volatile memory to be encrypted and/or compressed by a streaming engine 710 and saved to non-volatile memory.” Dunstan, ¶ 38. It would have been obvious to encrypt all or selective portions of the data in view of Dunstan. Furthermore, Dunstan discloses that “the maximum amount of information that can be saved might be limited by the amount of power available from a back-up power source” (Dunstan, ¶ 26) and one of ordinary skill in the art Appeal 2012-008492 Application 11/750,568 12 would have been motivated to decide to selectively encrypt only critical portions of the data based on the limited amount of power available. The rejection of claims 12 and 24 is affirmed. Claims 2, 14, and 16 -- Wright, Knapczyk, Dunstan, Kim Dependent claims 2 and 14 Appellants argue that claims 2 and 14 are patentable because they depend on claims 1 and 13. Appeal Br. 17. Because we sustain the rejection of claims 1 and 13 this argument is not persuasive. Claims 2 and 14 depend on independent claims 1 and 13, respectively, and recite that a threshold of battery power level at which the security action taken is the battery power level at which the mobile communication device disables the communication subsystem. The Examiner finds that Kim discloses disabling the operability of the communications subsystem in a power saving mode and concludes that it would have been obvious to take a security action and disable the communication subsystem at the same battery power level. Ans. 9. Appellants argue that “[w]hile Kim discloses power saving modes, it does not disclose taking the security action recited, i.e. encrypting data, at the same threshold.” Appeal Br. 18. We agree with the Examiner that the limitation of claims 2 and 12 would have been obvious to one of ordinary skill in the art. Appellants argue the lack of an express teaching in Kim rather than considering the collective teachings of the references. Knapczyk teaches the processor taking a security action at a predetermined battery level while sufficient power remains available. Dunstan teaches the processor taking a security action of encrypting and saving information to a non-volatile memory when Appeal 2012-008492 Application 11/750,568 13 it is determined that the system has lost power and while sufficient power remains available from a back-up power source. Kim teaches that a number of power saving mode items, including “Bar Incoming/Outgoing Calls,” may be selected to occur at a specific battery level. Kim, Figs. 3B and 3C; ¶¶ 37–39. Thus, Kim teaches that a number of actions can be selected to take place at the same battery level and it would have been obvious to disable the communications subsystem and take the security action at the same battery level as two of the actions. Further, it would have been obvious to one skilled in the art to disable the communications subsystem at the same battery level that triggers the security action is taken in order to conserve power to let the processor carry out the security action. The rejection of claims 2 and 14 is affirmed. Dependent claim 16 Claim 16 depends on claim 13 and recites that the monitoring to determine if a battery level falls below a predetermined threshold is enabled and disabled by policy messages received on the mobile communications device. The Examiner cites paragraph 38 of Kim as disclosing the controller receiving a request to set the power saving mode ON. Appellants argue that Kim does not disclose that monitoring a battery level and performing a security action of encrypting data in response to monitoring a battery level is enabled and disabled by way of a policy message. Appeal Br. 18. We agree with Appellants. Enabling and disabling a power saving mode in Kim is not the same as enabling and disabling monitoring a battery threshold level and then performing a security action in response to the battery level. The rejection of claim 16 is reversed. Appeal 2012-008492 Application 11/750,568 14 Claims 9, 10, 21, and 22 – Wright, Knapczyk, Dunstan, Dietl Dependent claims 9 and 21 Claims 9 and 21 depend on independent claims 1 and 13, respectively, and further recite that the “security action comprises encrypting substantially all of the user application data from the storage element.” The Examiner cites paragraph 25 of Dietl as disclosing a security action encrypting application data. Appellants argue that the claims must be read in light of the context of the independent claims, i.e., that the security action is in response to a battery level falling below a threshold and that the data is on a persistent storage element. Appeal Br. 19. Appellants argue that Dietl does not discuss encrypting any type of data if a battery level falls below a threshold and the encryption of data in Dietl is in the context of storing the data on a removable storage medium. Appeal Br. 19–20. The rejection is based on the combination of Wright, Knapczyk, and Dunstan which meets all the limitations of the independent claims. Dietl is not relied on for monitoring battery level or storing data on a persistent, non- removable, storage medium. Dietl is only relied on to evidence that user application data can be encrypted and Appellants do not contest this finding. Dunstan also discloses encrypting “context information” and we see no reason why this cannot include user application data. One of ordinary skill in the art would recognize that the data that is encrypted for security reasons could be anything. The rejection of claims 9 and 21 is affirmed. Dependent claims 10 and 22 Claims 10 and 22 depend on independent claims 1 and 13, respectively, and further recite that the “security action comprises encrypting Appeal 2012-008492 Application 11/750,568 15 substantially all of the service data from the storage element.” As with the rejection of claims 9 and 21, the Examiner cites paragraph 25 of Dietl as disclosing a security action encrypting application data. As with the response to the rejection of claims 9 and 21, Appellants argue that the claims must be read in light of the context of the independent claims, i.e., that the security action is in response to a battery level falling below a threshold and that the data is on a persistent storage element. Appeal Br. 20. Appellants argue that Dietl does not discuss encrypting any type of data if a battery level falls below a threshold and the encryption of data in Dietl is in the context of storing the data on a removable storage medium. Appeal Br. 20. The rejection is based on the combination of Wright, Knapczyk, and Dunstan which meets all the limitations of the independent claims. Dietl is not relied on for monitoring battery level or storing data on a persistent, non- removable, storage medium. Dietl is only relied on to teach encrypting service data and Appellants do not contest this finding. Also, Dunstan discloses encrypting “context information” and we see no reason why this cannot include service data. One of ordinary skill in the art would recognize that the data that is encrypted for security reasons could be anything. The rejection of claims 10 and 22 is affirmed. Claims 11 and 23 – Wright, Knapczyk, Dunstan, Levi Claims 11 and 23 depend on independent claims 1 and 13, respectively, and further recite that “the service data further includes data required to establish communications through a wireless gateway connected to the wireless network.” Claim 11 adds a wireless gateway limitation. There is no antecedent basis in claim 13 for the service data in claim 23. Appeal 2012-008492 Application 11/750,568 16 The Examiner cites paragraph 110 and Figure 2 of Levi as disclosing a mobile device connected to a wireless gateway. Ans. 12. Appellants argue that “[w]hat claims 11 and 23 recite is that the security action of claims 1 or 13 comprises encrypting substantially all of the service data, including data required to establish communications through a wireless gateway connected to a wireless network, from the persistent storage element.” Appeal Br. 21. However, claims 1 and 13 only recite encrypting at least some of the data; claim 1 does not recite encrypting the service data and claim 13 does not recite service data. The mobile devices in Wright and Levi have service data required to establish communications through a wireless gate connected to a wireless network which is all that is required. Appellants argue that the “claims must be read in the context of their respective independent claims, i.e. that the security action in response to a battery level falling below a threshold and that the data is on a persistent storage element on the device.” Appeal Br. 21. The rejection is based on the combination of Wright, Knapczyk, and Dunstan for the independent claims. Levi is not relied on for the limitations of the independent claims. The rejection of claims 11 and 23 is affirmed. CONCLUSION The rejections of claims 1–3, 9–15, and 21–25 are affirmed. The rejection of claim 16 is reversed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART Appeal 2012-008492 Application 11/750,568 17 msc Copy with citationCopy as parenthetical citation
