10294993 (B.P.A.I. Aug. 28, 2009)

Ex Parte Chang et al

Board of Patent Appeals and InterferencesAug 28, 2009

10294993 (B.P.A.I. Aug. 28, 2009)

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte DAVID YU CHANG, CHING-YUN CHAO, HYEN VUI CHUNG, and VISHWANATH VENKATARAMAPPA ____________ Appeal 2008-004217 Application 10/294,9931 Technology Center 2100 ____________ Decided: August 28, 2009 ____________ Before JOHN C. MARTIN, HOWARD B. BLANKENSHIP, and CAROLYN D. THOMAS, Administrative Patent Judges. THOMAS, Administrative Patent Judge. DECISION ON APPEAL 1 Application filed November 14, 2002. The real party in interest is International Business Machines Corporation. Appeal 2008-004217 Application 10/294,993 2 I. STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from a final rejection of claims 1-15 mailed April 12, 2006, which are all the claims remaining in the application. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. A. INVENTION Appellants invented a system, method, and computer program product for integrating Java and CORBA computer systems security. (Spec. 42, Abstract.) B. ILLUSTRATIVE CLAIMS The appeal contains claims 1-15. Claims 1, 5, 6, 10, 11, and 15 are independent claims. Claims 1 and 5 are illustrative: 1. A method of integrating Java and CORBA security, the method comprising the steps of: executing Java authentication of a client, including creating a Java credential object associated with a Java subject object; executing CORBA authentication of the client, including creating a CORBA credential object; and associating the CORBA credential object with the Java subject object. 5. A method for integrating Java and CORBA security, the method comprising the steps of: Appeal 2008-004217 Application 10/294,993 3 calling, for a client, from a Java environment, a method in a target CORBA object; determining that no CORBA credential object for the client is associated with a security current object of a CORBA security service; determining that no CORBA credentials object for the client is available from a Java subject object; and executing CORBA authentication of the client, including prompting the client for authentication data, inserting the authentication data into a CORBA credential object, and associating the CORBA credential object with CORBA security current object of the CORBA security service. C. REFERENCES The references relied upon by the Examiner as evidence in rejecting the claims on appeal are as follows: Blakley, III US 6,067,623 May 23, 2000 Apte US 6,269,373 Jul. 31, 2001 Westphall et al., “JaCoWeb Security – A CORBA Security Discretionary Prototype” CLEI Electronic Journal 3 (2), 2000, pp. 1-17. D. REJECTIONS The Examiner entered the following rejections which are before us for review: (1) Claims 1, 2, 6, 7, 11, and 12 are rejected under 35 U.S.C. § 102(b) as being anticipated by Westphall; and Appeal 2008-004217 Application 10/294,993 4 (2) Claims 3-5, 8-10, and 13-15 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Westphall and Apte and over Westphall, Apte and Blakley2. II. FINDINGS OF FACT The following findings of fact (FF) are supported by a preponderance of the evidence. Westphall 1a. Westphall discloses that “JaCoWeb Security Project is developing an authorization scheme for large-scale networks that is based on structures and concepts introduced in Web, Java and CORBA for security.” (Abstract.)(emphasis omitted.) 1b. Westphall discloses that “[t]he JaCoWeb Security Project . . . aims to understand and integrate CORBA security model with Web and Java security models to compose an authorization scheme for distributed applications in large-scale networks.” (8:4th paragraph.) 1c. Westphall discloses that “[t]he client (Java applet) interacts with a CORBA server (remote object) through an ORB, in a traditional client/server model.” (9:last sentence.) 1d. Westphall discloses that “[t]o implement this trustworthy base that validates the local accesses, we use the Java security model and its access control procedures. The Java security model, in its version 1.2, has 2 The Examiner clarified in the Answer that Blakley has not been used as prior art but is relevant to Appellants’ disclosure (Ans. 13). Appeal 2008-004217 Application 10/294,993 5 file policies that identify which operations can be carried through by the loaded codes (applets).” (10:6th paragraph.) 1e. Westphall discloses that “it is necessary for the mobile code to undergo an authentication phase and, during its execution, it is necessary to validate the access to local resources. . . . The privileges returned (credentials) from the user authentication determine the construction of the protection domain associated with the application applet activated by the user.” (11:1st paragraph.) III. PRINCIPLES OF LAW In rejecting claims under 35 U.S.C. § 102, “[a] single prior art reference that discloses, either expressly or inherently, each limitation of a claim invalidates that claim by anticipation.” Perricone v. Medicis Pharm. Corp., 432 F.3d 1368, 1375 (Fed. Cir. 2005), citing Minn. Mining & Mfg. Co. v. Johnson & Johnson Orthopaedics, Inc., 976 F.2d 1559, 1565 (Fed. Cir. 1992). Anticipation of a patent claim requires a finding that the claim at issue ‘reads on’ a prior art reference. In other words, if granting patent protection on the disputed claim would allow the patentee to exclude the public from practicing the prior art, then that claim is anticipated, regardless of whether it also covers subject matter not in the prior art. Atlas Powder Co. v. IRECO, Inc., 190 F.3d 1342, 1346 (Fed Cir. 1999) (internal citations omitted). Appeal 2008-004217 Application 10/294,993 6 “What matters is the objective reach of the claim. If the claim extends to what is obvious, it is invalid under § 103.” KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 419 (2007). To be nonobvious, an improvement must be “more than the predictable use of prior art elements according to their established functions.” Id. at 417. Appellants have the burden on appeal to the Board to demonstrate error in the Examiner’s position. See In re Kahn, 441 F.3d 977, 985-86 (Fed. Cir. 2006) (“On appeal to the Board, an applicant can overcome a rejection [under § 103] by showing insufficient evidence of prima facie obviousness or by rebutting the prima facie case with evidence of secondary indicia of nonobviousness.”) (quoting In re Rouffet, 149 F.3d 1350, 1355 (Fed. Cir. 1998)). Therefore, we look to Appellants’ Brief to show error in the proffered prima facie case. Only those arguments actually made by Appellants have been considered in this decision. Arguments which Appellants could have made but chose not to make in the Brief has not been considered and are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(vii). IV. ANALYSIS Grouping of Claims In the Brief: Appellants argue claims 1-4, 6-9, and 11-14 as a group (App. Br. 6- 14). For claims 2-4, 6-9, and 11-14, Appellants repeat the same argument made for claim 1. We will, therefore, treat claims 2-4, 6-9, and 11-14 as standing or falling with claim 1. Appeal 2008-004217 Application 10/294,993 7 Appellants argue claims 5, 10, and 15 as a group (App. Br. 14-24). For claims 10 and 15, Appellants repeat the same argument made for claim 5. We will, therefore, treat claims 10 and 15 as standing or falling with claim 5. See 37 C.F.R. § 41.37(c)(1)(vii). See also In re Young, 927 F.2d 588, 590 (Fed. Cir. 1991). The Anticipation Rejection We first consider the Examiner’s rejection of the claims under 35 U.S.C. § 102(b) as being anticipated by Westphall. Independent Claims 1, 6, and 11 Appellants contend that “Westphall at page 10, paragraph 6, never even once mentions a credential object or a subject object. Westphall at page 10, paragraph 6, therefore cannot disclose creating a Java credential object associated with a Java subject object as claimed in the present application.” (App. Br. 7.) Appellants further contend that “Westphall’s ‘validating local accesses of an application applet by a trustworthy base’ does not mention associating Java and CORBA credentials in a Java subject.” (App. Br. 9.) The Examiner found that “Westphall discloses JaCoWeb security that integrates CORBA security model with Web and Java security models to compose an authorization scheme for distributed applications by combining Appeal 2008-004217 Application 10/294,993 8 CORBA, Java and Web security models, considering discretionary authorization policies.” (Ans. 8-9.) Issue: Have Appellants shown that the Examiner erred in finding that Westphall discloses “associating the CORBA credential object with the Java subject object?” Although Appellants contend that Westphall never mentions a credential object or a subject object (App. Br. 7), we find that Westphall clearly discloses a scheme that integrates CORBA security with Web and Java security models (FF 1a thru 1c). Westphall further discloses a Java security model that executes and returns credentials from the user (FF 1d and 1e). In other words, Westphall expressly discloses executing Java authentication of a client thereby returning credentials and integrating CORBA security with Java security models. Furthermore, Appellants admit in the Specification that “[a] Java subject object therefore may represent any entity, including persons, software processes, computer service, and so on” (Spec. 2:21-22). As such, we find that Westphall’s Java authentication phase is consistent with the claimed “executing Java authentication of a client” and Westphall’s JaCoWeb Security Project is consistent with the claimed “associating the CORBA credential object with the Java subject object.” As such, Appellants’ arguments have not shown error in the Examiner's evaluation of the claimed invention and the application of the teachings of Westphall thereto. Thus, Appellants have not persuaded us of error in the Examiner’s conclusion of anticipation for representative claim 1. Therefore, we affirm Appeal 2008-004217 Application 10/294,993 9 the Examiner’s § 102 rejection of independent claim 1 and of claims 2, 6, 7, 11, and 12, which fall therewith. The Obviousness Rejection We now consider the Examiner’s rejection of the claims under 35 U.S.C. § 103(a). Claims 3, 4, 8, 9, 13, and 14 Regarding dependent claims 3, 4, 8, 9, 13, and 14, Appellants essentially rely on the same arguments presented supra regarding claim 1 (App. Br. 13-14). Since we have already found such arguments unpersuasive, we therefore also affirm the rejection of claims 3, 4, 8, 9, 13, and 14 under 35 U.S.C. § 103(a). Claims 5, 10, and 15 Appellants contend that Westphall discloses “authenticating users or principals using an authentication applet and a CORBA service object. Westphall’s authenticating is not determining that no CORBA credential object for the client is associated with a security current object of a CORBA security service as claimed in the present application.” (App. Br. 16.) Appellants further contend that “[v]alidating local accesses of an application applet by a trustworthy base therefore is not determining that no CORBA credentials object for the client is available from a Java subject object as claimed in the present application.” (App. Br. 18.) Appeal 2008-004217 Application 10/294,993 10 The Examiner found that Westphall discloses the limitations of claim 5 as set forth in the Answer (Ans. 9-13). Issue: Have Appellants shown that the Examiner erred in finding that Westphall in combination with Apte discloses the argued limitations as set forth in claim 5? Essentially, Appellants argue every limitation as set forth in representative claim 5. The Examiner equally set forth findings in the Answer showing where each of these limitations is believed to be found, particularly in Westphall (Ans. 9-12). We endorse and adopt these findings as set forth by the Examiner on pages 9-12 of the Answer. We add that the Examiner has also established that Westphall’s teachings are consistent with the examples given in Appellants’ Specification on page 26, particularly describing a security current object. Furthermore, contrary to Appellants’ argument, Westphall clearly discloses and is concerned with integrating CORBA security model with Web and Java security models (FF 1b), and Appellants have not shown how Westphall’s security integrations are distinguishable from the claimed invention. Furthermore, no Reply Brief has been filed to contest before us these responsive arguments of the Examiner. As such, Appellants’ direct challenge has been met by the Examiner’s responsive arguments on pages 9-12 of the Answer. Thus, we find Appellants’ arguments to be unpersuasive of error in the Examiner’s initial showing of obviousness. Appeal 2008-004217 Application 10/294,993 11 Motivation to Combine Argument Appellants contend that “[t]he Examiner has not pointed to any disclosure in Westphall, Apte, or Blakley, nor has the Examiner pointed to anything else in the knowledge of those skill in the art, suggesting integrating Java and CORBA security according to context within the meaning of the claims of the present application.” (App. Br. 23.) “[A]nalysis [of whether the subject matter of a claim would have been obvious] need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” KSR, 127 S. Ct. at 1741 (quoting In re Kahn, 441 F.3d at 988); see also DyStar Textilfarben GmbH & Co. Deutschland KG v. CH., 464 F.3d 1356, 1361 (Fed. Cir. 2006) (“The motivation need not be found in the references sought to be combined, but may be found in any number of sources, including common knowledge, the prior art as a whole, or the nature of the problem itself.”); In re Bozek, 416 F.2d 1385, 1390 (CCPA 1969) (“Having established that this knowledge was in the art, the examiner could then properly rely, as put forth by the solicitor, on a conclusion of obviousness ‘from common knowledge and common sense of the person of ordinary skill in the art without any specific hint or suggestion in a particular reference.”’); In re Hoeschele, 406 F.2d 1403, 1406-07 (CCPA 1969) (“[I]t is proper to take into account not only specific teachings of the references but also the inferences which one skilled in the art would reasonably be expected to draw therefrom”) (internal citation omitted). Appeal 2008-004217 Application 10/294,993 12 Here, we find that the Examiner took into account the inferences which one skilled in the art would reasonably be expected to draw from the teachings and found that one “would have been motivated in order to have an improved distributed data processing system by enabling transparent persistence of an object reference for a Java and CORBA server.” (Ans. 13.) This articulated reasoning is sufficient to provide motivation to combine teachings. Thus, Appellants have not persuaded us of error in the Examiner’s conclusion of obviousness for representative claim 5. Therefore, we affirm the Examiner’s § 103 rejection of independent claim 5 and of claims 10 and 15, which fall therewith. V. CONCLUSIONS We conclude that Appellants have not shown that the Examiner erred in rejecting claims 1-15. Thus, claims 1-15 are not patentable. VI. DECISION In view of the foregoing discussion, we affirm the Examiner’s rejection of claims 1-15. Appeal 2008-004217 Application 10/294,993 13 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv) (2009). AFFIRMED dal INTERNATIONAL CORP (BLF) c/o BIGGERS & OHANIAN, LLP P.O. BOX 1469 AUSTIN, TX 78767-1469