10923964 (B.P.A.I. May. 12, 2011)

Ex Parte Hind et al

Board of Patent Appeals and InterferencesMay 12, 2011

10923964 (B.P.A.I. May. 12, 2011)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/923,964 08/23/2004 John R. Hind RSW920040085US1 (162) 4610 46320 7590 05/13/2011 CAREY, RODRIGUEZ, GREENBERG & PAUL, LLP STEVEN M. GREENBERG 950 PENINSULA CORPORATE CIRCLE SUITE 2022 BOCA RATON, FL 33487 EXAMINER TOLENTINO, RODERICK ART UNIT PAPER NUMBER 2439 MAIL DATE DELIVERY MODE 05/13/2011 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte JOHN R. HIND and MARCIA L. STOCKTON ____________ Appeal 2009-010096 Application 10/923,964 Technology Center 2400 ____________ Before JOHN A. JEFFERY, THU A. DANG, and DENISE M. POTHIER, Administrative Patent Judges. POTHIER, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1-20. We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. STATEMENT OF THE CASE Appellants’ invention relates to a technique for detecting and preventing content distribution site spoofing. See generally Spec. ¶ 0008. Claim 1 is reproduced below with the key disputed limitations emphasized: Appeal 2009-010096 Application 10/923,964 2 1. A method for detecting and preventing content distribution site spoofing comprising the steps of: loading a markup language document and a corresponding digital signature for processing; ensuring that said digital signature originates from a pre-specified source of said markup language document incorporated within said markup language document; dynamically computing a hash value for said markup language document and comparing said dynamically computed hash value to a hash value encrypted within said digital signature; and, detecting content distribution site spoofing either if said digital signature does not originate from said pre-specified source, or if said dynamically computed hash value does not match said hash value encrypted within said digital signature. The Examiner relies on the following as evidence of unpatentability: Kenmochi Iverson US 2003/0196117 A1 US 6,839,842 B1 Oct. 16, 2003 Jan. 4, 2005 (filed Dec. 27, 1996) Satake US 7,024,558 B1 Apr. 4, 2006 (filed Oct. 11, 2000) Douglas US 7,152,242 B2 Dec. 19, 2006 (filed Sept. 11, 2002) THE REJECTIONS 1. The Examiner rejected claims 1-5,1 7, 8, 10-16, 18, and 19 under 1 While the Examiner includes claim 6 in the heading of this rejection (Ans. 3), the rejection’s body does not discuss this claim (see Ans. 3-5). Rather, claim 6 is rejected over Iverson, Satake, and Kenmochi. See Ans. 5-6. Appellants correctly include claim 6 with the later rejection. App. Br. 4. Appeal 2009-010096 Application 10/923,964 3 35 U.S.C. § 103(a) as unpatentable over Iverson and Satake. Ans. 3-5.2 2. The Examiner rejected claims 6 and 17 under 35 U.S.C. § 103(a) as unpatentable over Iverson, Satake, and Kenmochi. Ans. 5-6. 3. The Examiner rejected claims 9 and 20 under 35 U.S.C. § 103(a) as unpatentable over Iverson, Satake, and Douglas. Ans. 6-7.3 THE OBVIOUSNESS REJECTION OVER IVERSON AND SATAKE Claims 1, 2, 10, 12, and 13 Regarding representative independent claim 1, the Examiner finds that Iverson teaches all the recited limitations, except for a markup language document. For example, the Examiner maps detecting content distribution site spoofing to Iverson’s step of determining whether a computer hash value matches a hash value within a digital signature. See Ans. 3-4, 7-8. Appellants argue that Iverson fails to detect content distribution site spoofing. App. Br. 7-8. In particular, Appellants argue claim 1 does not just recite detecting spoofing but “content distribution site” spoofing and that Iverson’s process only assures the document comes from a content source not a content distribution site. App. Br. 8; Reply Br. 2-3. The issue before us, then, is as follows: 2 Throughout this opinion, we refer to (1) the Appeal Brief filed December 1, 2008; (2) the Examiner’s Answer mailed January 16, 2009; and (3) the Reply Brief filed March 16, 2009. 3 The § 112, second paragraph rejection of claims 7 and 18 has been withdrawn. See Ans. 2. Appeal 2009-010096 Application 10/923,964 4 ISSUE Under § 103, has the Examiner erred in rejecting claim 1 by finding that Iverson and Satake collectively would have taught or suggested detecting content distribution site spoofing? FINDINGS OF FACT (FF) 1. Appellants map the discussion of computing and comparing a hash for the document and a decrypted digital signature to preventing content distribution site spoofing. App. Br. 2-4; Spec. ¶¶ 0023-24, 0026; Fig. 3. 2. Appellants render an invalid message at step 385, when the hash within the decrypted signature (step 360) does not match (at step 365) the computed hash for the markup language document (step 355). Spec. ¶ 0030; Fig. 3. 3. Iverson describes digital signature technology that includes an information provider creating information and digitally signing the information. For example, a university provides an electronic transcript for a student and authenticates the information by digitally signing or encrypting a hash of the document with the university’s private key. Iverson explains the digital signature is then transmitted with the transcript to the recipient (e.g., a prospective employer). Iverson, col. 1, ll. 48 -61 4. Iverson also explains the digital signature assures (1) the document actually comes from the university and (2) the document has not been modified or altered in any way. The recipient may obtain these assurances by decrypting the signature using the university’s public key and then matching the result with the original document’s hash. If the original Appeal 2009-010096 Application 10/923,964 5 document’s hash matches the decrypted hash, the recipient may assume that the document has not been changed since being encrypted. Iverson, col. 1, l. 61 – col. 2, l. 4; col. 5, ll. 6-19. 5. Iverson’s encryption and digital signature technologies are used to authenticate electronic information and to provide a foundation that the information’s source, accuracy, and integrity can be trusted by verifying a document’s authenticity. Iverson, col. 1, ll. 6-24. 6. Iverson teaches preventing inauthentic information from being viewed or generating a warning message if the information is inauthentic. Iverson, col. 8, ll. 10-15. ANALYSIS The crux of this appeal involves what the phrase, “detecting content distribution site spoofing” means. Appellants have not defined this phrase but do map detecting content distribution site spoofing to computing and comparing hashes. See FF 1. Appellants also have not provided any evidence that the phrase, “content distribution spoofing,” has a particular meaning to those of ordinary skill in the art. See App. Br. 7-8; Reply Br. 2- 4. Thus, notwithstanding the ordinary meaning of “spoofing,”4 the broadest reasonable construction for “detecting content distribution spoofing” in light of the disclosure includes detecting when a document’s computed hash distributed by a site and a decrypted hash obtained from the document’s digital signature do not match. See In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004) (internal citations omitted). 4 “Spoofing” is the “practice of making a transmission appear to come from an authorized user.” Microsoft® Computer Dictionary 494 (5th ed. 2002). Appeal 2009-010096 Application 10/923,964 6 Iverson teaches a process for assuring that a document (e.g., an electronic transcript) comes from a university. See FF 3-4. As this document and its content (e.g., the transcript) are sent or distributed from the university electronically (see FF 3), the university must use some electronic device, such as a computer or server, to deliver the document. See id. We therefore find that ordinarily skilled artisan would have recognized that Iverson’s discussion of a university delivering transcripts electronically to a recipient (see id.) includes a computer or server to store and deliver content (e.g., a content distribution site). Iverson further uses encryption and a digital signature to ensure the information’s source, accuracy, and integrity can be trusted by verifying a document’s authenticity. FF 5. Thus, when Iverson uses the digital signature to verify the authenticity of the document (e.g., an electronic transcript) by matching the hash obtained from the decrypted digital signature against the original document’s hash (see FF 4), Iverson also teaches obtaining assurances or detecting that the electronic document was actually transmitted from the information’s source, which is the university’s content distribution site. See id. Moreover, given that Appellants map detecting content distribution site spoofing to computing and comparing hashes (see FF 1), Iverson’s technique of determining whether the hashes match or not (see FF 4) further teaches detecting content distribution site spoofing when there is no match. That is, when taking into account the inferences and creative steps an ordinarily skilled artisan would have employed, Iverson’s verifying technique to determine whether a document is authentic or not (see FF 4-5) further suggests detecting not only whether the Appeal 2009-010096 Application 10/923,964 7 university’s content source (e.g., a content distribution site) is authentic but also whether its content distribution site is authorized (see FF 4-5). See KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 418 (2007). Additionally, Iverson further teaches preventing inauthentic information sent from the content distribution site (e.g., a university’s computer or server) from being viewed or generates a warning message if the information is inauthentic. See FF 3, 6. Similarly, Appellants generate invalid messages when the hashes do not match. See FF 2. Thus, Iverson teaches yet another process step (see FF 3, 6) that detects an information’s authenticity and thus suggests to an ordinarily skilled artisan detecting content distribution site spoofing when information that is transmitted from a university’s computer is considered inauthentic by preventing viewing or generating a warning. See KSR, 550 U.S. at 418. We therefore find that Iverson, despite Appellants’ assertions (App. Br. 8), teaches and suggests detecting content distribution site spoofing if the dynamically computed hash value does not match the hash value encrypted with in the digital signature as claim 1 requires. Also, the Examiner has formulated this rejection under § 103 and relies on what Iverson teaches in concluding that the “detecting content distribution site spoofing” step in claim 1 is obvious. See Ans. 3-5. Thus, contrary to Appellants’ assertion (Reply Br. 3-4), the Examiner is not relying on inherent characteristic in Iverson to teach the recited spoofing step. Also, as KSR explains, an obviousness analysis need not seek out precise teachings directed to the claimed subject matter and can take into account the creative steps and inferences an ordinarily skilled artisan would have employed. See KSR, 550 U.S. at 418. Appeal 2009-010096 Application 10/923,964 8 For the foregoing reasons, Appellants have not persuaded us of error in the obviousness rejection of: independent claim 1 and claims 2, 10, 12, and 13 not separately argued with particularity (App. Br. 7-8). Claims 3, 5, 14, and 16 Claim 3 depends from claim 1 and further recites the ensuring step comprises comparing a domain for a digital signature to a domain5 embedded in the document’s field. The Examiner relies on Iverson’s discussion of using the digital signature to assure the document came from the university to teach this limitation and maps Iverson’s university to the recited domain. See Ans. 4, 9. Appellants argue that Iverson does not compare the recited domains and that the elected domain (i.e., the university) is not embedded in the document’s field as required. App. Br. 8-9; Reply Br. 4-5. The issue before us, then, is as follows: ISSUE Under § 103, has the Examiner erred in rejecting claim 3 by finding that Iverson and Satake collectively would have taught or suggested comparing a domain for a digital signature to a domain embedded in the document’s field? 5 Appellants describe comparing domain names at step 340 and not domains. See Spec. ¶ 0029; Fig. 3. Appeal 2009-010096 Application 10/923,964 9 FINDINGS OF FACT (FF) 7. Satake teaches embedding a seal image or digital signature into the document at area 63 of the document at step S17. Satake, col. 6, ll. 20- 36; Figs. 5, 6A. 8. Satake’s CPU 11 generates an MD (message digest) file (or digest information) to ensure the contents of the document by clicking “STAMP” on execution window 61. A CPU 11 regenerates the MD file (regenerated digest information) of the document and compares decrypted digest information with the regenerated digest information at step 46. Satake, col. 6, ll. 2-7; col. 7, ll. 10-16; Figs. 2, 6A, 7. ANALYSIS Based on the record, we find error in the Examiner’s rejection of claim 3 which includes comparing a domain for a digital signature to a domain embedded in the document’s field. As elected (Ans. 4, 9), the domain is the university disclosed in Iverson. Iverson teaches the document (e.g., the electronic transcript) can be digitally signed by encrypting a “hash” of the document with the university’s private key. See FF3. Thus, Iverson teaches some part of the university’s identity (e.g., a university’s private key) is embedded in the document (e.g., transcript). However, the ordinary and customary meaning of “domain” in the Internet and network context6 is information that identifies the entity’s type owning the network address. See Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir. 2005) (en banc) 6 Microsoft® Computer Dictionary 172 (5th ed. 2002) defines “domain” as “the highest subdivision of a domain name in a network address, which identifies the type of entity owning the address (for example, .com for commercial users or .edu for educational institutions) . . . .” Appeal 2009-010096 Application 10/923,964 10 (internal citations omitted). Iverson fails to discuss that such information (e.g., “.edu” for the university) is embedded within the document’s field as claim 3 requires. See FF 3-4. Additionally, Iverson teaches the decrypted digital signature’s hash and a hash of the original document (e.g., the transcript) are compared. See FF 4. That is, one hash – not a domain for the digital signature – is compared with another hash – not a domain embedded in the document. Satake does not cure this deficiency. See FF 7-8. Satake embeds a seal, rather than domain, into the document (see FF 7) and compares digest information, which has not been disclosed to include any domain information (see FF 8). We therefore find neither Iverson nor Satake alone or in combination teach comparing a domain for a digital signature to a domain embedded in the document’s field as claim 3 recites. For the foregoing reasons, Appellants have persuaded us of error in the obviousness rejection of: (1) claim 3; (2) claim 14 which recites commensurate limitations; and (3) dependent claims 5 and 16 for similar reasons. Claims 4 and 15 Claim 4 depends from claim 1 and further recites ensuring the markup language document originates from a host server at the pre-defined source. The Examiner finds that Iverson’s discussion of employing the digital signature to assure the document actually came from the university teaches this limitation. See Ans. 4. Appellants assert that Iverson fails to disclose or teach the recited host server. App. Br. 9; Reply Br. 6. Appeal 2009-010096 Application 10/923,964 11 The issue before us, then, is as follows: ISSUE Under § 103, has the Examiner erred in rejecting claim 4 by finding that Iverson and Satake collectively would have taught or suggested ensuring the markup language document originates from a host server at the pre-defined source? ANALYSIS Based on the record, we find no error in the Examiner’s rejection of claim 4 which includes ensuring the markup language document originates from a host server at the pre-defined source. As stated above, when addressing claim 1, Iverson teaches that the digital signature assures that the document actually comes from the university. See FF 4. Iverson therefore teaches ensuring the document originates from a pre-defined source (e.g., the university). See id. Additionally, while we agree that Iverson does not expressly state that the document originates from a server (App. Br. 9), the document or transcript is electronic. Thus, Iverson teaches and suggests the university’s transcript delivery service involves some electronic device to store and deliver the students’ transcripts, such as a computer or server. See FF 3-4. Also, when taking into account the inferences and creative steps that an ordinarily skilled artisan would have employed given such a teaching (see id.), an ordinarily skilled artisan would have recognized that a computer or server are used to store and deliver information, including storing and delivering transcripts (see id.). See KSR, 550 U.S. at 418. That is, an Appeal 2009-010096 Application 10/923,964 12 ordinarily skilled artisan would have recognized that some type of device must be used, including a server that stores the electronic transcripts and delivers or serves the transcripts to another. We therefore find that Iverson’s encryption and digital signature techniques teach and suggest ensuring documents (e.g., electronic transcripts) originate not only from the pre- defined source (e.g., the university) but also from a host server at the pre- defined source (e.g., the university’s host server). See FF 3-5. For the foregoing reasons, Appellants have not persuaded us of error in the obviousness rejection of: independent claim 4 and claim 15 not separately argued with particularity (App. Br. 9). Claims 7, 8, 117, 18, and 19 Claim 7 depends from claim 1 and further recites retrieving an embedded slogan from a digital certificate associated with the markup language document and modifying the document to render the embedded slogan near a portion of the document referencing a pre-defined slogan. The Examiner finds that Iverson’s discussion of a digital signature and its assurances teach these limitations. Ans. 5. Appellants argue that the passages cited by the Examiner fail to mention the recited limitations. See App. Br. 10; Reply Br. 6-8. The issue before us, then, is as follows: 7 Claim 11 depends from claim 1. See App. Br. 16. However, claim 11 recites “said client-side page security logic,” which is found in claim 10 not claim 1. We therefore presume that this is a typographical error and that claim 11 properly depends from claim 10. Appeal 2009-010096 Application 10/923,964 13 ISSUE Under § 103, has the Examiner erred in rejecting claim 7 by finding that Iverson and Satake collectively would have taught or suggested retrieving an embedded slogan from a digital certificate associated with the markup language document and modifying the document to render the embedded slogan near a portion of the document referencing a pre-defined slogan? ANALYSIS Based on the record, we find error in the Examiner’s rejection of claim 7 which includes retrieving an embedded slogan from a digital certificate associated with the markup language document and modifying the document to render the embedded slogan near a portion of the document referencing a pre-defined slogan. The Examiner finds “information regarding the digital signature” can be the recited embedded slogan. See Ans. 10. We do not find this position unreasonable to extent that Appellants have not defined a slogan. See generally Specification. Iverson teaches that information or a document is digitally signed and the document contains the digital signature. See FF 3. Iverson, however, does not discuss a digital certificate or any explanation of how a slogan (e.g., information) is retrieved from a digital certificate. See id. Additionally, while Iverson teaches modifying the document to include or embed information (e.g., a digital signature) into the document (see id.), there is no discussion of embedding a slogan near a portion of a document referencing a pre-defined slogan (see id.) as required by claim 7. Appeal 2009-010096 Application 10/923,964 14 For the foregoing reasons, Appellants have persuaded us of error in the obviousness rejection of: (1) claim 7; (2) claims 11 and 18 which recite commensurate limitations; and (3) dependent claims 8 and 198 for similar reasons. THE REMAINING OBVIOUSNESS REJECTIONS Claims 6 and 17 are rejected under 35 U.S.C. § 103 over Iverson, Satake, and Kenmochi (Ans. 5-6), and claims 9 and 20 are rejected under 35 U.S.C. § 103 over Iverson, Satake, and Douglas (Ans. 6-7). Regarding these rejections, Appellants incorporate the arguments made for claims 1 and 12. See App. Br. 11-12. For the reasons stated above in connection with claims 1 and 12, Appellants have not persuaded us of error in these obviousness rejections for claims 6, 9, 17, and 20. CONCLUSION The Examiner did not err in rejecting claims 1, 2, 4, 6, 9, 10, 12, 13, 15, 17, and 20, but erred in rejecting claims 3, 5, 7, 8, 11, 14, 16, 18, and 19 under § 103. ORDER The Examiner’s decision rejecting claims 1-20 is affirmed-in-part. 8 Claim 8 depends from claim 1, and claim 19 depends from claim 12. See App. Br. 15, 19. However, these claims recite “said embedded slogan,” which is found in claims 7 and 18, not claims 1 and 12. We therefore presume that these are typographical errors and that claims 8 and 19 properly depend from claims 7 and 18 respectively. Appeal 2009-010096 Application 10/923,964 15 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART pgc Appeal 2009-010096 Application 10/923,964 16 EVIDENCE APPENDIX Microsoft® Computer Dictionary 172, 494 (5th ed. 2002). Notice of References Cited Application/Control No. 10/923,964 Applicant(s)/Patent Under Reexamination Examiner Roderick Tolentino Art Unit 2400 Page 1 of 1 U.S. PATENT DOCUMENTS * Document Number Country Code-Number-Kind Code Date MM-YYYY Name Classification A US- B US- C US- D US- E US- F US- G US- H US- I US- J US- K US- L US- M US- FOREIGN PATENT DOCUMENTS * Document Number Country Code-Number-Kind Code Date MM-YYYY Country Name Classification N O P Q R S T NON-PATENT DOCUMENTS * Include as applicable: Author, Title Date, Publisher, Edition or Volume, Pertinent Pages) X U Microsoft® Computer Dictionary 494 (5th ed. 2002). V W X *A copy of this reference is not being furnished with this Office action. (See MPEP § 707.05(a).) Dates in MM-YYYY format are publication dates. Classifications may be US or foreign. U.S. Patent and Trademark Office PTO-892 (Rev. 01-2001) Notice of References Cited Part of Paper No. Delete Last PageAdd A PageAuto-Fill