10856018 (B.P.A.I. Jun. 14, 2010)

Ex Parte D et al

Board of Patent Appeals and InterferencesJun 14, 2010

10856018 (B.P.A.I. Jun. 14, 2010)

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte ANTHONY D’AGOSTINO, DAVID A. MEYER, GEORGE DELLARATTA, and VINCENT ARCELO ____________ Appeal 2009-006897 Application 10/856,018 Technology Center 2400 ____________ Decided: June 14, 2010 ____________ Before JOHN A. JEFFERY, JEAN R. HOMERE, and JAMES R. HUGHES, Administrative Patent Judges. JEFFERY, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1, 4-9, 11-13, 15-26, and 28-30. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. STATEMENT OF THE CASE Appellants’ invention pertains to managing credential information to connect to a network. Specifically, a user’s credentials are stored in a device Appeal 2009-006897 Application 10/856,018 2 in accordance with a defined retaining period such that the credentials are purged from storage when the defined retaining period expires. See generally Abstract; Spec. 2-4. Claim 1 is illustrative with a key disputed limitation emphasized: 1. A portable device that facilitates management of a user credential to connect to a network, the portable device comprising: an input component that defines a selected input method to input the user credential into the portable device; and a retention component that includes a retention option, the retention option defines a period for retaining the user credential within a data store; and a purging component that erases the user credential from the data store upon expiration of the defined retaining period. The Examiner relies on the following as evidence of unpatentability: Sun US 2004/0078597A1 Apr. 22, 2004 Mozilla.org, Privacy & Security Preferences – Web Passwords, 2001, available at www.mozilla.org (“Mozilla”). THE REJECTION The Examiner rejected claims 1, 4-9, 11-13, 15-26, and 28-30 under 35 U.S.C. § 103(a) as unpatentable over Sun and Mozilla. Ans. 3-5.1 1 Throughout this opinion, we refer to (1) the Appeal Brief filed June 9, 2008; (2) the Examiner’s Answer mailed August 21, 2008; and (3) the Reply Brief filed October 21, 2008. Appeal 2009-006897 Application 10/856,018 3 CLAIM GROUPING Appellants argue all appealed claims together as a group. See App. Br. 4-5. Accordingly, we select claim 1 as representative. See 37 C.F.R. § 41.37(c)(1)(vii). CONTENTIONS Regarding representative claim 1, the Examiner finds that Sun discloses all of the recited subject matter except for (1) a retention component that defines a period for retaining an inputted user credential within a data store, and (2) a purging component that erases the user credential from the data store upon expiration of the defined retaining period. Ans. 3-4. The Examiner, however, cites Mozilla for inherently purging a “credential” comprising a master password and its authorization from a data store upon expiration of a predetermined time period in concluding the claim would have been obvious. Ans. 4-5, 16-19. Appellants argue that the Examiner’s reliance on Mozilla is misplaced since Mozilla’s password manager stores credentials on the user’s hard disk, and merely requests the master password after a predetermined time period to identify the user and allow access. App. Br. 4-5; Reply Br. 2-4. Appellants emphasize that this periodic request for the master password does not involve erasing the user credential from the data store upon expiration of a defined retaining period as claimed. Id. Appeal 2009-006897 Application 10/856,018 4 The issue before us, then, is as follows: ISSUE Under § 103, has the Examiner erred in rejecting claim 1 by finding that Sun and Mozilla collectively would have taught or suggested a purging component that erases a user credential from a data store upon expiration of defined retaining period? FINDINGS OF FACT (FF) 1. The Examiner’s findings regarding Sun’s disclosure (Ans. 3-4) are undisputed. Ans. 16. 2. Mozilla’s “Password Manager” (1) stores user names and passwords on the user’s computer hard disk, and (2) enters the passwords automatically when the user visits sites requiring those passwords. Mozilla, at 1.2 3. Mozilla’s system enables the user to set or change a master password which protects a “security device” (i.e., a software or hardware device that stores sensitive information associated with the user’s identity, such as keys or certificates). Mozilla, at 3. 4. Mozilla’s system also enables the user to control how often the browser (via the Certificate Manager) requests the user’s master password by selecting one of three options. Specifically, the user can specify that the browser request the master password: (1) only the first time it is needed to 2 Although the Mozilla reference is not individually paginated, we nevertheless refer to reference’s pages in the order that they appear in the record. Appeal 2009-006897 Application 10/856,018 5 access the private key database; (2) every time it is needed to access the private key database; or (3) if it has not been used for at least a predetermined time period (e.g., 20 minutes). Mozilla, at 4-5 (“Master Password Timeout” section). 5. Mozilla’s system enables the user to reset the master password, resulting in permanently erasing all web and email passwords and saved form data. Mozilla, at 6. ANALYSIS We note at the outset that the Examiner’s reliance on Sun’s disclosure is undisputed. FF 1. Accordingly, we confine our analysis to Mozilla— specifically whether Mozilla’s “master password timeout” feature erases a user credential from a data store upon expiration of a defined retaining period? To answer this question, we first highlight a key discrepancy between the Examiner’s and Appellants’ interpretations of the term “user credential” in claim 1. The Examiner construes the term “user credential” to include not only the user’s master password in Mozilla, but also its “authorization” (Ans. 4, 18-19). Appellants, however, limit their interpretation of a “user credential” to only the master password. See Reply Br. 3.3 3 Compare Ans. 18 (“The master password and its authorization are the user credential.”) with Reply Br. 3 (“Nowhere does Mozilla disclose a purging component that erases the user credential (master password) from the data store (file on the hard disk) upon expiration of the defined retaining period.”) (emphases added). Appeal 2009-006897 Application 10/856,018 6 Another key term in the claim is the “data store”: a term that Appellants seemingly equate to solely the user’s hard disk in Mozilla. See Reply Br. 3-4. Based on the record before us, however, we see no reason why the “data store” in Mozilla should be so limited. Although Mozilla stores the master password on the user’s hard disk (FF 2)—a password that would remain stored on this disk until it is reset (see FF 5)—ordinarily skilled artisans nevertheless would have recognized that the authorization process itself would involve at least temporarily storing the inputted master password responsive to requests from the user’s browser (e.g., at periodic intervals) for verification. See FF 4. This temporary storage reasonably comports with the Examiner’s interpretation of “user credential,” for the Examiner did not limit the interpretation of this term solely to the master password on the user’s hard disk as Appellants seem to suggest (Reply Br. 3-4), but also to its authorization as noted above (Ans. 4, 18-19). And skilled artisans would have recognized that this authorization would involve temporarily storing at least the inputted master password responsive to the browser’s request for verification (e.g., by comparing the inputted version of the master password with the version stored on the user’s hard disk to determine if they match). See FF 4. And since this authorization can be performed automatically after a predetermined time period elapses (e.g., at least every 20 minutes) (FF 4), the subsequently-entered “user credentials” (e.g., the re-entered master passwords from the user responsive to these periodic requests) would supersede or overwrite the previously-entered master passwords (i.e., Appeal 2009-006897 Application 10/856,018 7 entered responsive to previous requests for such passwords). As a result, the previously-entered master passwords would be erased from the “data store” upon expiration of the “defined retaining period” (i.e., the predetermined time interval that requests entry of the master password) and the re-entry of the requested password. See id. We reach this conclusion noting that nothing in claim 1 precludes the manual entry of a master password responsive to requests, and the resultant temporary storage of this entered password for verification as noted above, particularly since the preamble of claim 1 includes the open-ended term “comprising” which does not preclude additional unrecited elements.4 That Appellants’ claims 4, 9, 13, 18, and 26 call for caching data, and claim 5 recites a volatile memory only bolsters our conclusion that the data store need not be a permanent memory, but rather can be temporary—a feature amply suggested by Mozilla as noted above. We are therefore not persuaded that the Examiner erred in rejecting representative claim 1, and claims 4-9, 11-13, 15-26, and 28-30 which fall with claim 1. CONCLUSION The Examiner did not err in rejecting claims 1, 4-9, 11-13, 15-26, and 28-30 under § 103. 4 “‘Comprising’ is a term of art used in claim language which means that the named elements are essential, but other elements may be added and still form a construct within the scope of the claim.” Genentech, Inc. v. Chiron Corp., 112 F.3d 495, 501 (Fed. Cir. 1997) (citation omitted). Appeal 2009-006897 Application 10/856,018 8 ORDER The Examiner’s decision rejecting claims 1, 4-9, 11-13, 15-26, and 28-30 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED pgc MOTOROLA, INC. 1303 EAST ALGONQUIN ROAD IL01/3RD SCHAUMBURG, IL 60196