Ex Parte Cromer et alDownload PDFBoard of Patent Appeals and InterferencesAug 11, 200609281852 (B.P.A.I. Aug. 11, 2006) Copy Citation The opinion in support of the decision being entered today was not written for publication and is not binding precedent of the Board. UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte DARYL CARVIS CROMER, HOWARD LOCKER, ANDY LLOYD TROTTER, and JAMES PETER WARD ____________ Appeal No. 2006-1717 Application No. 09/281,852 ____________ ON BRIEF ____________ Before HAIRSTON, BLANKENSHIP, and SAADAT, Administrative Patent Judges. BLANKENSHIP, Administrative Patent Judge. DECISION ON APPEAL This is a decision on appeal under 35 U.S.C. § 134 from the examiner’s final rejection of claims 1-7 and 10-16, which are all the claims remaining in the application. We reverse. Appeal No. 2006-1717 Application No. 09/281,852 -2- BACKGROUND The invention relates to security of data in a data processing system. The disclosed invention relates in particular to security of cookies on a user’s system. An Internet service may provide a block of data (a “cookie”), which includes information typically needed by the service, to a client computer system. According to appellants, the cookies, which may contain personal data, are typically not secure on the user’s system. (Spec. at 2-3.) Representative claim 1 is reproduced below. 1. A method for protecting the security of a cookie stored within a data processing system, said method comprising: storing a encryption key pair having a private key and a public key in a protected storage device within said data processing system; in response to the receipt of a cookie generated by an application from a remote server, encrypting said cookie with said public key; storing said encrypted cookie in a non-protected storage device within said data processing system; in response to an access request for said encrypted cookie by a browser program executing within said data processing system, decrypting said encrypted cookie with said private key; and sending said decrypted cookie to said browser program. The examiner relies on the following references: Win et al. (Win) US 6,182,142 B1 Jan. 30, 2001 (filed Jul. 10, 1998) Schrader et al. (Schrader) US 6,374,359 B1 Apr. 16, 2002 (filed Nov. 19, 1998) Appeal No. 2006-1717 Application No. 09/281,852 -3- Claims 1-7 and 10-16 stand rejected under 35 U.S.C. § 103 as being unpatentable over Win and Schrader. We refer to the Final Rejection (mailed May 21, 2004) and the Examiner’s Answer (mailed Nov. 18, 2005) for a statement of the examiner’s position and to the Brief (filed Aug. 19, 2004) and the Reply Brief (filed Dec. 6, 2005) for appellants’ position with respect to the claims which stand rejected. OPINION Appellants argue, inter alia, that the proposed combination of Win and Schrader fails to teach or suggest, in response to the receipt of a cookie generated by an application from a remote server, encrypting the cookie with the public key, and storing the encrypted cookie in a non-protected storage device within the data processing system, as required by instant claim 1. The statement of the rejection asserts that Win teaches the steps. According to the rejection, with reference to material at columns 6 and 11, the Authentication Client Module (414; Fig. 4) encrypts and sends information in a “cookie” to the user’s browser after verifying a user with Registry Server 108. As shown by state 524 (Fig. 5C), cookie 528 and cookie 530 are encrypted and returned to browser 100. (Answer at 4.) However, the cited sections of Win do not describe encrypting a cookie in response to the receipt of a cookie generated from a remote server. Consistent with the examiner’s paraphrasing of the relevant sections (e.g., col. 6, ll. 47-56; col. 10, l. 63 - Appeal No. 2006-1717 Application No. 09/281,852 -4- col. 11, l. 8), Win teaches that a “cookie” is a packet of data sent by Web servers to Web browsers. Win further teaches that Authentication Client Module 414 (on Access Server 106) receives information from a remote source, encrypts the information, and sends the encrypted information in the form of a cookie to browser 100, as shown in Figures 4 and 5C. We do not find any satisfactory explanation in the Final Rejection or Answer as to how Win might teach or suggest the above-noted claim recitations that are attributed to the reference. In an Advisory Action mailed August 3, 2004, the examiner indicated that Win teaches, in one embodiment, that all the components are stored on, and executed by, one physical server or computer. In alternate embodiments, according to the Advisory, one or more components are deemed to be installed on separate computers, referring to column 4, lines 56-60. Win teaches, at the bottom of column 4, that in one embodiment all the “components” are stored on and executed by one physical server or computer, and that in alternate embodiments one or more “components” are installed on separate computers. The “components” that Win addresses, when read in context, may include Access Server 106 and Registry Server 108 (Fig. 1), but do not include browser 100 (Fig. 1), which is separately treated at column 5, lines 7 through 18. Thus, while Win teaches that components that provide information, receive the information, encrypt the information, and send the information in the form of a “cookie” to a Web browser may reside on one server or computer, the examiner has identified no Appeal No. 2006-1717 Application No. 09/281,852 -5- teaching for placing any of these functions on a Web browser. Moreover, the rejection has not identified any teaching for encrypting a cookie in response to reception of the cookie, even if all the described elements, including the browser, might somehow reside on the same computer (notwithstanding Win’s definition of what constitutes a cookie). We thus agree with appellants that the rejection fails to show prima facie obviousness of the subject matter of instant claim 1. Claim 10, the other independent claim on appeal, recites limitations similar to those we have discussed. We therefore cannot sustain the rejection of claims 1-7 and 10-16 under 35 U.S.C. § 103 as being unpatentable over Win and Schrader. Appeal No. 2006-1717 Application No. 09/281,852 -6- CONCLUSION The rejection of claims 1-7 and 10-16 under 35 U.S.C. § 103 is reversed. REVERSED KENNETH W. HAIRSTON ) Administrative Patent Judge ) ) ) ) ) BOARD OF PATENT HOWARD B. BLANKENSHIP ) APPEALS Administrative Patent Judge ) AND ) INTERFERENCES ) ) ) MAHSHID D. SAADAT ) Administrative Patent Judge ) Appeal No. 2006-1717 Application No. 09/281,852 -7- DILLON & YUDELL LLP 8911 N. CAPITAL OF TEXAS HWY., SUITE 2110 AUSTIN, TX 78759 Copy with citationCopy as parenthetical citation