Ex Parte DinovDownload PDFPatent Trial and Appeal BoardMay 31, 201612382023 (P.T.A.B. May. 31, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/382,023 0310612009 102824 7590 05/31/2016 HAVERSTOCK & OWENS, LLP 162 N. WOLFE ROAD SUNNYVALE, CA 94086 FIRST NAMED INVENTOR Konstantin D Dinov UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. SONY-51000 5009 EXAMINER EDWARDS, LINGLAN E ART UNIT PAPER NUMBER 2491 MAILDATE DELIVERY MODE 05/31/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte KONSTANTIN D. DINOV Appeal2014-007723 Application 12/382,023 1 Technology Center 2400 Before ERIC S. FRAHM, LARRY J. HUME, and SCOTT B. HOWARD, Administrative Patent Judges. HUME, Administrative Patent Judge. DECISION ON APPEAL This is a decision on appeal under 35 U.S.C. § 134(a) of the Final Rejection of claims 1--4, 6-12, and 14--27. Appellant has previously canceled claims 5 and 13. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 According to Appellant, the real parties in interest are Sony Corp. and Sony Electronics, Inc. App. Br. 2. Appeal2014-007723 Application 12/382,023 STATEMENT OF THE CASE2 The Invention Appellant's disclosed and claimed invention relates generally to a system and method for implementing enhanced encryption and authentication by decoupling the user authentication from data storage and access, and more particularly, to a system and method whereby user information stored by a service provider is encrypted using a Transient Password and whereby access to the encrypted user information is protected by a separate access control server. Spec. ,-r 1. Exemplary Claims Claims 1, 17, and 27, reproduced below, are representative of the subject matter on appeal (emphasis added to contested limitations): 1. An authentication system, comprising: a cryptograph module, that receives a user password from a client terminal and generates a first password using a first one-way cryptographic scheme and a second password using a second one-way cryptographic scheme; an access control server device, including an access control database that stores an access password, and an interface for communicating with the cryptograph module to obtain the first password from the cryptograph module, and communicating with a service provider to authorize a client terminal when the first password matches the access password; 2 Our decision relies upon Appellant's Appeal Brief ("App. Br.," filed Jan. 16, 2014); Reply Brief ("Reply Br.," filed June 25, 2014); Examiner's Answer ("Ans.," mailed May 8, 2014); Final Office Action ("Final Act.," mailed Sept. 30, 2013); and the original Specification ("Spec.," filed Mar. 6, 2009). 2 Appeal2014-007723 Application 12/382,023 the service provider having a user information database that stores encrypted user information, and a decryption module that decrypts user information using the second password and grants the client terminal access to services when the access control server authenticates the client terminal, wherein the encrypted user information is encrypted using a transient password and the service provider deletes the transient password when communication with the client terminal concludes. 17. An authentication method used by an access control server, comprising: receiving a password, corresponding to a client; matching the password to an access password, from an access database, corresponding to the client; authenticating the client, to a service provider, if the password matches the access password, wherein the service provider stores encrypted user information, wherein the encrypted user information is encrypted using a transient password and the service provider deletes the transient password when communication with a client terminal concludes. 27. An authentication system, comprising: a cryptograph module, that receives a user password from a client terminal and generates a first password using a first one-way cryptographic scheme and a second password using a second one-way cryptographic scheme; an access control server device, including an access control database that stores an access password, and an interface for communicating with the cryptograph module to obtain the first password from the cryptograph module, and communicating with a plurality of service providers to authorize a client terminal when the first password matches the access password; the plurality of service providers each having a user information database that stores encrypted user information, 3 Appeal2014-007723 Application 12/382,023 and a decryption module that decrypts user information using the second password and grants the client terminal access to services when the access control server authenticates the client terminal, wherein the encrypted user information is encrypted using different transient passwords on each service provider of the plurality of service providers and each service provider deletes a transient password when communication with the client terminal concludes. Prior Art The Examiner relies upon the following prior art as evidence in rejecting the claims on appeal: Brickell Annie et al. ("Annie") Ko et al. ("Ko") US 6,834, 112B1 Dec. 21, 2004 US 2007 /0056021 Al Mar. 8, 2007 US 2008/0307020 Al Dec. 11, 2008 Appellant's Admitted Prior Art, Specification, i-fi-1 4--10 (Background) and Fig. 1 ("Prior Art") (hereinafter "AAP A"). Rejections on Appeal RI. Claims 1--4, 6-12, 14--16, and 21-27 stand rejected under 35 U.S.C. § 103(a) as being obvious over the combination of Brickell, Annie, AAP A, and Ko. Final Act. 4. R2. Claims 17 and 20 stand rejected under 35 U.S.C. § 103(a) as being obvious over the combination of Brickell, AAP A, and Ko. Final Act. 12. R3. Claims 18 and 19 stand rejected under 35 U.S.C. § 103(a) as being obvious over the combination of Brickell, AAP A, Ko, and Annie. Final Act. 13. 4 Appeal2014-007723 Application I2/382,023 CLAIM GROUPING3 Based on Appellant's arguments (App. Br. 6-I3), we decide the appeal of obviousness Rejection RI of claims I--4 and 6-8 on the basis of representative claim I; we decide the appeal of obviousness Rejection RI of claims 9-I2 and I4-I6 on the basis of representative claim 9; and we decide the appeal of obviousness Rejection RI of claims 2 I-26 on the basis of representative claim 2 I. We decide Rejection RI of separately argued claim 27, infra. We decide Rejection R2 of claims I 7 and 20 on the basis of representative claim I 7. Remaining claims I8 and I9 in Rejection R3, not argued separately, stand or fall with independent claim I 7 from which they depend. 4 ISSUES AND ANALYSIS In reaching this decision; we consider all evidence presented and all arguments actually made by Appellants. We do not consider arguments that Appellants could have made but chose not to make in the Briefs, and we deem any such arguments waived. 37 C.F.R. § 41.37(c)(l)(iv). 3 Appellant states, "[t]he claims are grouped separately below to indicate that they do not stand or fall together." App. Br. 9. Although Appellant notionally argues the claims separately as grouped herein, we note the same dispositive issue is presented with respect to Rejections RI and R2 of claims I, 9, I 7, and 2 I, and their respective claim groupings. 4 "Notwithstanding any other provision of this paragraph, the failure of appellant to separately argue claims which appellant has grouped together shall constitute a waiver of any argument that the Board must consider the patentability of any grouped claim separately." 37 C.F.R. § 41.37(c)(l)(iv). 5 Appeal2014-007723 Application 12/382,023 We disagree with Appellant's arguments with respect to claims 1--4, 6-12, and 14--27, and we incorporate herein and adopt as our own: (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken, and (2) the reasons and rebuttals set forth in the Examiner's Answer in response to Appellant's arguments. We incorporate such findings, reasons, and rebuttals herein by reference unless otherwise noted. However, we highlight and address specific findings and arguments regarding claim 1 for emphasis as follows. 1. Rejection RI of Claims 1--4 and 6-8 Issue 1 Appellant argues (App. Br. 6-10; Reply Br. 4---6) the Examiner's rejection of claim 1under35 U.S.C. § 103(a) as being obvious over the combination of Brickell, Annie, AAP A, and Ko is in error. These contentions present us with the following dispositive issue: Did the Examiner err in finding the cited prior art combination teaches or suggests a system that includes, inter alia, a "service provider having a user information database that stores encrypted user information," "wherein the encrypted user information is encrypted using a transient password and the service provider deletes the transient password when communication with the client terminal concludes," as recited in claim 1? Analysis Appellant generally contends none of the cited prior art teaches or suggests the contested limitation of claim 1, i.e., "wherein the encrypted user information is encrypted using a transient password and the service provider deletes the transient password when communication with the client terminal 6 Appeal2014-007723 Application 12/382,023 concludes." App. Br. 6-8. Appellant specifically argues that Ko, relied upon by the Examiner as teaching the contested limitation (Final Act. 6-7), is deficient, because "Ko merely mentions the system removes the temporary password but does not specify when. Ko does not teach the service provider deletes the transient password when communication with the client terminal concludes. Ko also does not teach the transient password is deleted after the user information is encrypted." App. Br. 8. In response, the Examiner finds Ko teaches or at least suggests the contested limitation of claim 1: the concept of a "transient" (i.e. temporary) password I key for encryption I decryption purpose and deleting of the transient password/key after it is used and no longer needed - the purpose of the transient key is for decrypting user information and provide service based on the decrypted information, therefore, when the communication concludes, the decryption key will not be needed. One of ordinary skill in the art would readily recognize that deleting a temporary password/key when it is no longer needed would reduce the change unauthorized access to the data and thus make the system more secure. Ans. 4--5. Appellant further contends: The password of Ko could be removed before it is used, thus requiring another temporary password - this is similar to a "time out" implementation used by many websites for added security. The password of Ko could be removed immediately after it is used to minimize the amount of time the temporary password is available. The password of Ko could be made available for a longer or shorter period of time. Ko simply does not indicate when the temporary password is removed. Applicants assert more is being read into Ko to assume one of ordinary skill in the art would know to delete the temporary password when communication ends ... Ko does not teach or make obvious the 7 Appeal2014-007723 Application 12/382,023 limitation that: the service provider deletes the transient password when communication with the client terminal concludes. App. Br. 8. The Examiner responds by finding, "although Ko teaches an added feature that deletes the password based on a 'time out' consideration as an additional security measure, such added feature is clearly optional .... Therefore, the examiner maintains ... Ko clearly teaches the concept of deleting a transient I temporary password after it is no longer used." Ans. 5. We note Appellant's challenge to the references individually is not convincing of error in the Examiner's position. See In re Keller, 642 F.2d 413, 426 (CCPA 1981) ("one cannot show nonobviousness by attacking references individually where, as here, the rejections are based on combinations of references" (citations omitted)). Additionally, "the combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results." KSR Int'! Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). Furthermore, the artisan is not compelled to blindly follow the teaching of one prior art reference over the other without the exercise of independent judgment. See Lear Siegler, Inc. v. Aeroquip Corp., 733 F.2d 881, 889 (Fed. Cir. 1984). In the present case, the Examiner finds that the proposed combination would have resulted in using Brickell, Annie, and the AAP A in combination with the known techniques of Ko "to improve [a] similar system in the same way [as] provided in [the prior art teachings]." Ans. 5. We find this articulated rationale to be sufficient to justify the combination. See also Final Act. 6-7. 8 Appeal2014-007723 Application 12/382,023 Therefore, based upon the findings above, on this record, we are not persuaded of error in the Examiner's reliance on the combined teachings and suggestions of the cited prior art combination to teach or suggest the disputed limitation of claim 1, nor do we find error in the Examiner's resulting legal conclusion of obviousness. Therefore, we sustain the Examiner's obviousness rejection of independent claim 1, and grouped claims 2--4 and 6-8 which fall therewith. See Claim Grouping, supra. 2. Rejection RI of Claims 9-12 and 14--16 Issue 2 Although notionally argued and grouped separately for purposes of this Appeal (App. Br. 9), Appellant's arguments regarding claim 9 (App. Br. 10-11; Reply Br. 4--6) tum on the same dispositive issue identified above with respect to claim 1, i.e., Issue 1, supra.5 Therefore, for the same reasons discussed above with respect to Issue 1 and claim 1, and on this record, we are not persuaded of error in the Examiner's reliance on the combined teachings and suggestions of the cited prior art combination to teach or suggest the disputed limitation of claim 9, nor do we find error in the Examiner's resulting legal conclusion of obviousness. Therefore, we sustain the Examiner's obviousness rejection of independent claim 9, and grouped claims 10-12 and 14--16 which fall therewith. See Claim Grouping, supra. 5 The contested limitation of method claim 9 is the step of "encrypting user information using a transient password to generate the encrypted user information, wherein the transient password is deleted after the user information is encrypted" (emphasis added), which we find presents substantially the same issue as the contested limitation of claim 1. 9 Appeal2014-007723 Application 12/382,023 3. Rejection RI of Claims 21-26 Issue 3 Although notionally argued and grouped separately for purposes of this Appeal (App. Br. 9; Reply Br. 4---6), Appellant's arguments regarding claim 21 tum on the same dispositive issue identified above with respect to claim 1, i.e., Issue 1, supra.6 With respect to dependent claim 25, Appellant "respectfully disagree[s] with Official Notice being taken regarding Claim 25.7 Although a unique user login is well known in the art, Applicants assert that a transient password being unique to a user is not well known in the art. Thus, Applicants respectfully request support for the Official Notice." App. Br. 11. As noted by the court in In re Ahlert, 424 F .2d 1088, 1091 (CCP A 1970), the notice of facts beyond the record which may be taken by the Examiner must be "capable of such instant and unquestionable demonstration as to defy dispute" (citing In re Knapp Monarch Co., 296 F.2d 230 (CCPA 1961)). 6 The contested limitation of method claim 21 is the step of" granting the client access to services after receiving the authentication transmission and decrypting the user information, wherein the encrypted user information is encrypted using a transient password and the transient password is deleted when communication with a client terminal concludes" (emphasis added), which we find presents substantially the same issue as the contested limitation of claim 1. 7 Claim 25 recites, " [ t ]he authentication method of claim 21 wherein the transient password is unique to a user." 10 Appeal2014-007723 Application 12/382,023 We find Appellant has not adequately traversed the Examiner's taking of Official Notice. "To adequately traverse such a finding, an applicant must specifically point out the supposed errors in the examiner's action, which would include stating why the noticed fact is not considered to be common knowledge or well-known in the art. See 37 CPR 1.11 l(b)." MPEP § 2144.03(C) (emphasis added). An adequate rebuttal of the Examiner's taking of Official Notice must contain sufficient information or argument to create on its face a reasonable doubt regarding the circumstances justifying the Examiner's notice of what is well known to one of ordinary skill in the art. In re Boon, 439 F.2d 724, 728 (CCPA 1971). In this appeal, Appellant has not stated why the noticed fact is not well known in the art, and has not created a reasonable doubt as to the circumstances justifying the Examiner's notice of what is well known. We find the fact that the use of transient passwords unique to a user is capable of "instant and unquestionable demonstration as being well-known." Therefore, for the same reasons discussed above with respect to Issue 1 and claim 1, and on this record, we are not persuaded of error in the Examiner's reliance on the combined teachings and suggestions of the cited prior art combination to teach or suggest the disputed limitation of claim 21, nor do we find error in the Examiner's resulting legal conclusion of obviousness. Therefore, we sustain the Examiner's obviousness rejection of independent claim 21, and grouped claims 22-26 which fall therewith. See Claim Grouping, supra. 11 Appeal2014-007723 Application 12/382,023 4. Rejection RI of Claim 27 Issue 4 Appellant argues (App. Br. 12; Reply Br. 4---6) the Examiner's rejection of claim 27 under 35 U.S.C. § 103(a) as being obvious over the combination of Brickell, Annie, AAP A, and Ko is in error. These contentions present us with the following issue: Did the Examiner err in finding the cited prior art combination teaches or suggests a system that includes, inter alia, a plurality of service providers "each having a user information database that stores encrypted user information ... wherein the encrypted user information is encrypted using different transient passwords on each service provider of the plurality of service providers and each service provider deletes a transient password when communication with the client terminal concludes," as recited in claim 27 (emphasis added)? Analysis Regarding claim 27, Appellant recites portions of the claim limitations (i.e., encryption "using different transient passwords"), and contends the references do not teach the limitation. App. Br. 12. Such statements are not considered to be arguments. 37 C.F.R. § 41.37(c)(l)(iv) ("A statement which merely points out what a claim recites will not be considered an argument for separate patentability of the claim."); In re Lovin, 652 F.3d 1349, 1357 (Fed. Cir. 201 l)("[W]e hold that the Board reasonably interpreted Rule 41.37 to require more substantive arguments in an appeal brief than a mere recitation of the claim elements and a naked assertion that 12 Appeal2014-007723 Application I2/382,023 the corresponding elements were not found in the prior art."). Thus, we do not find Appellant's arguments to be persuasive. Therefore, based upon the findings above, on this record, we are not persuaded of error in the Examiner's reliance on the combined teachings and suggestions of the cited prior art combination to teach or suggest the disputed limitation of claim 27, nor do we find error in the Examiner's resulting legal conclusion of obviousness. Therefore, we sustain the Examiner's obviousness rejection of independent claim 27. 5. Rejection R2 of Claims I 7 and 20 Issue 5 Although claim I 7 is rejected over a different combination of references in Rejection R2 than in Rejection RI of claim I, and is notionally argued and grouped separately for purposes of this Appeal (App. Br. 9), Appellant's arguments regarding claim I 7 (App. Br. I2-I3; Reply Br. 4---6) tum on the same dispositive issue identified above with respect to claim I, i.e., Issue 1, supra.8 Similar to Appellant's response to Rejection RI of claim I 7, supra, we find Appellant also does not substantively argue any deficiency in the Examiner's position, other than to recite the claim language, and merely assert that the reference combination does not teach or suggest the contested limitation of claim I 7. 8 The contested limitation of method claim I 7 is the "authenticating" step "wherein ... the service provider deletes the transient password when communication with a client terminal concludes" (emphasis added), which we find presents substantially the same issue as the contested limitation of claim I. I3 Appeal2014-007723 Application 12/382,023 Therefore, for the same reasons discussed above with respect to Issue 1 and claim 1, and on this record, we are not persuaded of error in the Examiner's reliance on the combined teachings and suggestions of the cited prior art combination to teach or suggest the disputed limitation of claim 17, nor do we find error in the Examiner's resulting legal conclusion of obviousness. Therefore, we sustain the Examiner's obviousness rejection of independent claim 17, and grouped claim 20 which falls therewith. See Claim Grouping, supra. 6. Rejection R3 of Claims 18 and 19 In view of the lack of any substantive or separate arguments directed to obviousness rejection R3 of claims 18 and 19 under § 103 (see App. Br. 13), we sustain the Examiner's rejection of these claims. Arguments not made are waived. REPLY BRIEF To the extent Appellant may advance new arguments in the Reply Brief (Reply Br. 4---6) not in response to a shift in the Examiner's position in the Answer, we note arguments raised in a Reply Brief that were not raised in the Appeal Brief or are not responsive to arguments raised in the Examiner's Answer will not be considered except for good cause (see 37 C.F.R. § 41.41(b)(2)), which Appellant has not shown. CONCLUSION The Examiner did not err with respect to obviousness Rejections RI through R3 of claims 1--4, 6-12, and 14--27 under 35 U.S.C. § 103(a) over the cited prior art combinations of record, and we sustain the rejections. 14 Appeal2014-007723 Application 12/382,023 DECISION We affirm the Examiner's decision rejecting claims 1--4, 6-12, and 14--27. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv) (2011). AFFIRMED 15 Copy with citationCopy as parenthetical citation
