10202816 (B.P.A.I. Mar. 31, 2008)

Ex Parte Edwards et al

Board of Patent Appeals and InterferencesMar 31, 2008

10202816 (B.P.A.I. Mar. 31, 2008)

UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ________________ Ex parte NIGEL J. EDWARDS and JASON ROUAULT ________________ Appeal 2007-3921 Application 10/202,816 Technology Center 2100 ________________ Decided: March 31, 2008 ________________ Before JOSEPH L. DIXON, ALLEN R. MACDONALD, and ST. JOHN COURTENAY III, Administrative Patent Judges. COURTENAY, Administrative Patent Judge. DECISION ON APPEAL This is a decision on appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1-25. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. Appeal 2007-3921 Application 10/202,816 THE INVENTION The disclosed invention relates generally to multi-domain authorization and authentication. More particularly, Appellants’ invention relates to techniques for allowing users of one domain to access information that is located on another domain or domains. Independent claim 1 is illustrative: 1. A method of multi-domain authorization/authentication on a computer network comprises: a user making a request to a policy enforcement point (PEP) of a computer for access to a service on the computer of a first domain which requires authorisation [sic.]for access from a second domain: providing a location address for a meta policy decision point (MPDP) maintaining the user’s authorisation [sic.] and/or authentication information provided from different issuing authorities, at which address authorisation [sic.] and/or authentication information and/or further personal information of the user has been pre-stored at a remote location; a policy decision point (PDP) of the service on the computer network then verifying the authorisation [sic.]/authentication information received from the MPDP or seeking authorisation [sic.]/authentication from an address received from the MPDP, the address provided in the pre-stored authorisation [sic.]/authentication/further personal information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the MPDP is hosted by a party independent from the user. 2 Appeal 2007-3921 Application 10/202,816 THE REFERENCE The Examiner relies upon the following reference as evidence in support of the rejection: Schell US 6,615,350 Sep. 2, 2003 THE REJECTION Claims 1-25 stand rejected under 35 U.S.C. §102(e) as being anticipated by Schell. PRINCIPLES OF LAW Under 35 U.S.C. § 102, “[a] single prior art reference that discloses, either expressly or inherently, each limitation of a claim invalidates that claim by anticipation.” Perricone v. Medics Pharm. Corp., 432 F.3d 1368, 1375-76 (Fed. Cir. 2005) (citation omitted). To anticipate, every element and limitation of the claimed invention must be found in a single prior art reference, arranged as in the claim. Karsten Mfg. Corp. v. Cleveland Golf Co., 242 F.3d 1376, 1383 (Fed. Cir. 2001); Scripps Clinic & Research Foundation v. Genentech, Inc., 927 F.2d 1565, 1576 (Fed. Cir. 1991). ISSUE(S) We decide the question of whether Appellants have shown the Examiner erred in holding that the cited Schell reference anticipates the claimed subject matter. More particularly, we have determined that the following issue is dispositive in this appeal: 3 Appeal 2007-3921 Application 10/202,816 Whether Appellants have shown the Examiner erred in finding that Schell teaches providing a location address for a meta policy decision point (MPDP) maintaining the user’s authorization and/or authentication information provided from different issuing authorities, at which address authorization and/or authentication information has been stored, as required by the language of independent claim 1, and also the equivalent language found within independent claims 2, 4, and 25. ANALYSIS Claim Construction “[T]he PTO gives claims their ‘broadest reasonable interpretation.’” In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 211 F.3d 1367, 1372 (Fed. Cir. 2000)). Here, the Examiner broadly interprets the recited element “meta policy decision point” (hereinafter “MPDP”) as an example of metadata (i.e., data about data). The Examiner further asserts that metadata is structured, encoded data that describes characteristics of information-bearing entities to aid in the identification, discovery, assessment and management of the described entities. (Ans. 11, ll. 1-6). The Examiner construes the claimed policy decision point (PDP) as referring to the allow/deny decision that occurs as the last step in authorization (Ans. 11, ll. 6-8). The process of authorization uses a provided identifier to, inter alia, collect attributes associated with that identifier and access rules appropriate to the policy decision point and apply rules to the attributes, resulting in a binary allow/deny access decision (Id.). 4 Appeal 2007-3921 Application 10/202,816 In reviewing the record before us, we disagree with the Examiner’s interpretation of the aforementioned MPDP as metadata. We broadly but reasonably interpret the “meta policy decision point” as an entity that stores authorization and/or authentication information provided from different issuing authorities (See claim 1). This interpretation is consistent with the features recited in claim 1, and is also consistent with Appellants’ Specification (See Spec. 21 l. 1 – 22 l. 18). We note that Appellants have described a “Policy Decision Point” (PDP) as an entity that can be used to store and/or access information and make decisions about users of a particular domain, e.g., the user’s roles and entries as to what parts of the system that user can access (See Spec. 2, ll. 1- 10). Elements under § 102 Independent Claims 1, 2, 4, and 25 Appellants contend that Schell fails to teach the element of “providing a location address for a meta policy decision point (MPDP) maintaining the user’s authorization and/or authentication information provided from different issuing authorities, at which address authorization and/or authentication information and/or further personal information of the user has been pre-stored at a remote location,” as recited in claim 1 (App. Br. 8). Thus, Appellants contend that the Examiner has not established a prima facie case of anticipation. As discussed above, to anticipate, every element and limitation of the claimed invention must be found in a single prior art reference. We agree with Appellants’ assertion that the Examiner’s interpretation of the meta policy decision point (MPDP) as metadata is inconsistent with the 5 Appeal 2007-3921 Application 10/202,816 limitations recited in claim 1 (Reply Br. 2, ll. 7-17). In light of our interpretation of the claimed MPDP as discussed above, we agree with Appellants’ that Schell fails to disclose the meta policy decision point (MPDP) recited in each of independent claims 1, 2, and 4. In addition, even if we adopt the Examiner’s interpretation of the MPDP as a type of metadata, we find that Schell is silent regarding “metadata.” Regarding each of independent claims 1, 2, 4, and 25, we also agree with Appellants’ assertion that Schell fails to teach providing a location address, as claimed (Reply Br. 3, ll. 6-9). The Examiner asserts that in order to obtain access to the desired information, the location of the information will be well-known by the system and, as is known in the art, devices and storage locations within a network environment contain, inter alia, location information in the form of a MAC address, an IP address, or other such identifications (Ans. 11, l. 15 – 12, l. 8). The Examiner further notes that a MAC address is a hardware address that uniquely identifies each node on a network, and also that every machine on a network (i.e., a local network, or the Internet, which is a larger network) has a unique IP address (Ans. 11, l. 15 – 12, l. 8). However, we agree with Appellants that Schell fails to disclose providing a location address for a meta policy decision point (MPDP) (see independent claims 1, 2, and 4), or “a location address independent from a user for the user’s authorisation [sic.] and/or authentication information provided from different issuing authorities,” as claimed (see independent claim 25). We further agree with Appellants’ arguments regarding a lack of a nexus between the portions of Schell that were cited by the Examiner as purportedly teaching the elements of the independent claims (Reply Br. 3, ll. 13-15). 6 Appeal 2007-3921 Application 10/202,816 For at least the aforementioned reasons, we conclude that Appellants have met their burden of showing error in the Examiner’s prima facie case of anticipation. Therefore, we reverse the Examiner’s rejection of independent claims 1, 2, 4 and 25 as being anticipated by Schell since the Examiner has not set forth a proper initial showing of anticipation. Dependent Claims 3 and 5-24 Claims 3 and 5-24 depend directly or indirectly from independent claims 1, 2, and 4. Therefore, we reverse the Examiner’s rejection of these claims as being anticipated by Schell for the same reasons discussed above regarding independent claims 1, 2, and 4. CONCLUSION OF LAW Based on the findings of facts and analysis above, we conclude that Appellants have shown the Examiner erred in rejecting claims 1-25 under 35 U.S.C. § 102(e) for anticipation. 7 Appeal 2007-3921 Application 10/202,816 DECISION The decision of the Examiner rejecting claims 1-25 is reversed. REVERSED pgc HEWLETT-PACKARD COMPANY Intellectual Propety Administration P.O. Box 272400 Fort Collins CO 80527-2400 8