Ex Parte Himmel et alDownload PDFBoard of Patent Appeals and InterferencesJan 7, 201010242489 (B.P.A.I. Jan. 7, 2010) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________________ Ex parte BANJAMIN ANDREW HIMMEL, MARIA AZUA HIMMEL, HERMAN RODRIGUEZ and NEWTON JAMES SMITH JR ____________________ Appeal 2009-003958 Application 10/242,489 Technology Center 2100 ____________________ Decided: January 7, 2010 ____________________ Before LEE E. BARRETT, LANCE LEONARD BARRY, and THU A. DANG, Administrative Patent Judges. DANG, Administrative Patent Judge. DECISION ON APPEAL Appeal 2009-003958 Application 10/242,489 I. STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134 (2002) from a Final Rejection of claims 1-27. We have jurisdiction under 35 U.S.C. § 6(b) (2008). We AFFIRM. A. INVENTION According to Appellants, the invention relates to data processing, and more particularly to securing valid authentication and authorization for access to computer resources and other items (Spec. 1, ll. 12-15). B. ILLUSTRATIVE CLAIM Claim 1 is exemplary and is reproduced below: 1. A method of controlling access to a resource, the method comprising: creating a security object in dependence upon user- selected security control data types, the security object comprising security control data and at least one security method; receiving a calendar security control message from a calendar application; receiving a request for access to the resource; determining access to the resource in dependence upon the calendar security control message; and Appeal 2009-003958 Application 10/242,489 3 providing the determined access to the resource if access to the resource in dependence upon the calendar security control message is granted. C. REJECTIONS The prior art relied upon by the Examiner in rejecting the claims on appeal is: Foley 2002/0087894 A1 Jul. 4, 2002 Flanagan, JAVA in a Nutshell 6-8, 61-64, 74-75 (Paula Ferguson, ed., O’Reilly & Assocs., 3rd ed. 1999). Claims 1-27 stand rejected under 35 U.S.C. § 103(a) over the teachings of Foley in view of Flanagan. II. ISSUE Have Appellants shown that the Examiner erred in finding that the combination of Foley in view of Flanagan teaches or would have suggested “creating a security object in dependence upon user-selected security control data types, the security object comprising security control data and at least one security method” and “determining access to the resource in dependence upon the calendar security control message” (claim 1). The issue turns on whether Foley teaches or at the least would have suggested a “user-selected security control data types” and “calendar security control message” as required by claim 1. Appeal 2009-003958 Application 10/242,489 4 III. FINDINGS OF FACT The following Findings of Fact (FF) are shown by a preponderance of the evidence. Appellants’ Invention 1. Appellants define a “calendar application” as “any application software capable of accepting user input to define and store calendar events” (Spec. 17, ll. 5-9). Foley 2. Foley discloses facilitating access to a restricted service related to secure transactions via a network, wherein the user is allowed to select its own authentication method (Abstract). 3. The user is queried regarding the desired level of security for authentication (p. 3, ¶ [0025]). 4. Examples of authentication methods include user identification and pass-phrase, biometric with or without a password (e.g., key latency, fingerprint, palm print, eye/retina scan, voice recognition, and/or the like), smart card and digital certificate, palm pilot and digital certificate, sound verification, radio frequency and password, infrared and password, and/or the like (Id. at ¶ [0026]). 5. The method of authentication may only be required at certain locations, during certain times of day, during certain days, while the user is a member of a certain group, during certain periods of high security alerts, and/or the like (p. 4, ¶ [0028]). Appeal 2009-003958 Application 10/242,489 5 IV. PRINCIPLES OF LAW "[T]he PTO gives claims their 'broadest reasonable interpretation.'" In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 211 F.3d 1367, 1372 (Fed. Cir. 2000)). "Moreover, limitations are not to be read into the claims from the specification." In re Van Geuns, 988 F.2d 1181, 1184 (Fed. Cir. 1993) (citing In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 1989)). Our reviewing court has repeatedly warned against confining the claims to specific embodiments described in the specification. Phillips v. AWH Corp., 415 F.3d 1303, 1323 (Fed. Cir. 2005) (en banc). V. ANALYSIS Appellants contend that “Foley’s user-selected authentication methods do not disclose user-selected security control data type as claimed in the present application” because “[m]ethods are clearly not security control data types” (App. Br. 6). In particular, Appellants contend that “Foley does not mention, not even once, ‘data types,’ ‘control data types,’ or ‘security control data types’” (Id.). Furthermore, though Appellants admit that Foley “discloses an authentication method that is different during certain times of day or during certain days,” Appellants contend that “Foley’s authentication method that is different during certain times of day or during certain days does not disclose or suggest receiving a calendar security control message from a calendar application” (Id. at 7). However, the Examiner explains that “the examiner never equated the authentication methods [of Foley] to user-selected data types” (Ans. 10), and Appeal 2009-003958 Application 10/242,489 6 that “a person of ordinary skill in the art at the time the claimed invention was made would have understood that each authentication scheme which secures access to a resource must use a different type of security control data type, i.e., password, pin, biometric, certificates, etc.” and “[i]n choosing the method of authentication, the user also chooses the security control data type that the user would like to use to authenticat[e] himself/herself to access the restricted service” (Ans. 11). The Examiner also finds that “[a] detection of … events causes a type of authentication method to be chosen, thus one of ordinary skill in the art would understand that this implies sending and receiving of a calendar security control message from a calendar application” (Id. at 12-13). Thus, the issue we address on appeal is whether the combination of Foley in view of Flanagan teaches or would have suggested “creating a security object in dependence upon user-selected security control data types, the security object comprising security control data and at least one security method” and “determining access to the resource in dependence upon the calendar security control message” (claim 1). In particular, we address whether Foley teaches or at the least would have suggested a “user-selected security control data types” and “calendar security control message” as required by claim 1. We give the claims their broadest reasonable interpretation. See In re Bigio, 381 F.3d at 1324. Furthermore, our analysis will not read limitations into the claims from the specification. See In re Van Geuns, 988 F.2d at 1184. Appeal 2009-003958 Application 10/242,489 7 Appellants’ claims simply do not place any limitation on what the term “security control data types” is to be, is to represent, or is to mean, other than that creating a security object is “in dependence upon user- selected security data types” (claim 1). Thus, the data types cannot be confined to a specific embodiment when the claims do not recite a specific embodiment. Instead, we interpret “security control data types” as types of data that is related to security which is selectable by a user. Similarly, Appellants’ claims simply do not place any limitation on what the term “calendar security control message” is to be, is to represent, or is to mean, other than that it is received “from a calendar application” and “determining access” is “in dependence upon” the message (claim 1). Thus, the calendar security control message cannot be confined to a specific embodiment when the claims do not recite a specific embodiment. Instead, we interpret a “calendar security control message” as a message from a calendar application. Since Appellants’ specification defines “calendar application” as “any application software capable of accepting user input to define and store calendar events” (FF 1), we interpret the message as being from a software capable of receiving input events. Furthermore, the terms “user-selected,” “calendar” and “security control” do not change the functionality of, or provide an additional function to, the “data types” or “message” respectively but are merely labels used to describe the data types and message. That is, there is no “selecting,” “scheduling” or “security controlling” step that would provide additional Appeal 2009-003958 Application 10/242,489 8 functions to the “creating,” “receiving,” “determining access” and “providing the determined access” steps of claim 1. In fact, we note that claim 1 does not even require that the “creating,” “receiving,” “determining access” and “providing the determined access” steps be performed by a separate machine or device, but merely that the steps are performed by an unknown person and/or element with or without assistance by a machine or device. That is, we interpret claim 1 as merely requiring the creation of a security object, receiving a message relating to a calendar, receiving a request for access, determining access in dependence on the message, and then providing the determined access. We find that claim 1 does not even preclude the control of access merely by a security guard who checks the calendar/clock, looks at the user’s ID, checks the database of IDs, and determines whether a user’s ID is approved for access for that certain date/time. Foley discloses facilitating access to a restricted service related to secure transactions via a network, wherein the user is queried and allowed to select the authentication method (FF 2-3), wherein the authentication methods include key latency, fingerprint, palm print, eye/retina scan, voice recognition, and/or the like (FF 4). The skilled artisan would have understood Foley to disclose types of data that are related to security which is selectable by a user. That is, we agree with the Examiner that “a person of ordinary skill in the art at the time the claimed invention was made would have understood that each authentication scheme which secures access to a resource must use a different type of security control data type, i.e., pass Appeal 2009-003958 Application 10/242,489 9 word, pin, biometric, certificates, etc.” (Ans. 11). In fact, even Appellants admit that Foley discloses “allowing a user to gain access in dependence upon the selected method of authentication” (App. Br. 10). Thus, we find the selecting of authentication methods in Foley to include the “user-selected security control data types” as required by claim 1. Furthermore, Foley discloses that the authentication may only be required at certain locations, during certain times of day, during certain days, while the user is a member of a certain group, during certain periods of high security alerts, and/or the like (FF 5). The skilled artisan would have understood Foley to disclose receiving input events to determine security access. That is, we agree with the Examiner that “[a] detection of … events causes a type of authentication method to be chosen, thus one of ordinary skill in the art would understand that this implies sending and receiving of a calendar security control message from a calendar application” (Ans. 12-13). Thus, we find the receiving of input events to determine security access in Foley to include receiving “calendar security control message” as required by claim 1. Though Appellants further contend that “Foley does not disclose or suggest determining access to the resource in dependence upon the calendar security control message, but instead discloses allowing a user to gain access in dependence upon the selected method of authentication” (App. Br. 10), as discussed above, we find that Foley discloses determining security access also based on scheduled events (FF 5). In fact, even Appellants admit that Foley “discloses an authentication method that is different during certain Appeal 2009-003958 Application 10/242,489 10 times of day or during certain days” (App. Br. 7). Thus, contrary to Appellants’ contention, we find this determining access based upon certain times of day or certain days to be determining access “in dependence upon calendar security control message” as required by claim 1. As to Appellants’ contention that “the Office Action must make explicit an analysis of the factual inquiries set forth in Graham [v. John Deere Co., 383 U.S. 1 (1966)]” (App. Br. 11), since the Examiner has found that Foley discloses and/or would have suggested the features recited in the claims, we find that the Examiner has sufficiently established a prima facie of obviousness. Accordingly, Appellants have neither shown that the Examiner failed to make a prima facie case of obviousness, nor have they persuasively rebutted the Examiner’s prima facie case. Accordingly, we find that Appellants have not shown that the Examiner erred in rejecting independent claim 1, independent claims 10 and 19 falling therewith, and claims 2-9, 11- 18, and 20-27 depending therefrom, under 35 U.S.C. § 103(a). VI. CONCLUSIONS OF LAW (1) Appellants have not shown that the Examiner erred in concluding that claims 1-27 are unpatentable under 35 U.S.C. § 103(a) over the teachings of Foley in view of Flanagan. (2) Claims 1-27 are not patentable. Appeal 2009-003958 Application 10/242,489 11 VII. DECISION We affirm the Examiner’s rejection of claims 1-27 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). AFFIRMED peb INTERNATIONAL CORP (BLF) c/o BIGGERS & OHANIAN, LLP P.O. BOX 1469 AUSTIN, TX 78767-1469 Copy with citationCopy as parenthetical citation
