Ex Parte Juels et alDownload PDFBoard of Patent Appeals and InterferencesAug 31, 200910216030 (B.P.A.I. Aug. 31, 2009) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte ARI JUELS and BURTON S. KALISKI, JR. ____________ Appeal 2008-003366 Application 10/216,030 Technology Center 2400 ____________ Decided: August 31, 2009 ____________ Before JOSEPH L. DIXON, ST. JOHN COURTENAY III, and CAROLYN D. THOMAS, Administrative Patent Judges. DIXON, Administrative Patent Judge. DECISION ON APPEAL I. STATEMENT OF THE CASE A Patent Examiner rejected claims 1-47. The Appellants appeal therefrom under 35 U.S.C. § 134(a). We have jurisdiction under 35 U.S.C. § 6(b). At the outset we note that the Examiner has withdrawn the rejection to claims 2, 3, 6, 9-12, 15-26, 27-31, and 37-39 in the answer at page 3. Appeal 2008-003366 Application 10/216,030 2 Therefore, claims 1, 4, 5, 7, 8, 13, 14, 32-36, and 40-47 remain on appeal. We affirm-in-part. A. INVENTION The invention at issue on appeal provides methods and apparatus implementing secure authentication protocols that are particularly well- suited for use in mobile communications devices having limited computational resources. (Spec. 4.) B. ILLUSTRATIVE CLAIM Claim 1, which further illustrates the invention, follows. 1. A method for authenticating information in a system comprising a plurality of processing devices each adaptable for communication with one or more of the other devices, the method comprising the steps of: generating at least first and second shares of a first password associated with a first device of the plurality of devices; storing the first and second shares in respective second and third devices of the plurality of devices; and upon submission of additional information associated with the first device to at least one of the second and third devices, each of the first and second shares having the property that it is infeasible to determine solely therefrom correspondence of the additional information with the first password, the second and third devices utilizing the respective first and second shares to collectively determine said Appeal 2008-003366 Application 10/216,030 3 correspondence of the additional information with the first password. C. REFERENCES The Examiner relies on the following references as evidence: Swander US 6,904,529 B1 Jun. 07, 2005 (filed Apr. 28, 2000) Brickell US 6,959,394 B1 Oct. 25, 2005 (filed Sep. 29, 2000) Cheston US 6,978,385 B1 Dec. 20, 2005 (filed Mar. 01, 2000) D. REJECTIONS The Examiner makes the following rejections. Claims 1, 4, 5, 7, 8, 13, 14, 33, 41-44, 46, and 47 stand rejected under 35 U.S.C. § 102(e) as being anticipated by Brickell Claims 34-36 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Brickell as applied to claim 1 above, and further in view of Cheston. Claim 40 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Brickell as applied to claim 1 above, and further in view of Swander. II. ISSUE Have Appellants shown error in the Examiner’s initial showing of anticipation and specifically, does Brickell teach “each of the first and second shares having the property that it is infeasible to determine solely Appeal 2008-003366 Application 10/216,030 4 therefrom correspondence of the additional information with the first password?” Have Appellants shown the Examiner erred in the rejection of independent claim 43? Specifically, does Brickell teach the recited pseudonym for a submitter of the additional information wherein the pseudonym being provided by one of the devices to another of the devices. III. PRINCIPLES OF LAW 35 U.S.C. § 102 "[A]nticipation of a claim under § 102 can be found only if the prior art reference discloses every element of the claim . . . ." In re King, 801 F.2d 1324, 1326 (Fed. Cir. 1986) (citing Lindemann Maschinenfabrik GMBH v. American Hoist & Derrick Co., 730 F.2d 1452, 1457 (Fed. Cir. 1984)). "[A]bsence from the reference of any claimed element negates anticipation." Kloster Speedsteel AB v. Crucible, Inc., 793 F.2d 1565, 1571 (Fed. Cir. 1986). In rejecting claims under 35 U.S.C. § 102, “[a] single prior art reference that discloses, either expressly or inherently, each limitation of a claim invalidates that claim by anticipation.” Perricone v. Medicis Pharm. Corp., 432 F.3d 1368, 1375-76 (Fed. Cir. 2005) (citation omitted). 35 U.S.C. § 103(a) Appellants have the burden on appeal to the Board to demonstrate error in the Examiner’s position. See In re Kahn, 441 F.3d 977, 985-86 (Fed. Cir. 2006) (“On appeal to the Board, an applicant can overcome a rejection [under § 103] by showing insufficient evidence of prima facie Appeal 2008-003366 Application 10/216,030 5 obviousness or by rebutting the prima facie case with evidence of secondary indicia of nonobviousness.”) (quoting In re Rouffet, 149 F.3d 1350, 1355 (Fed. Cir. 1998)). Our reviewing court states in In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 1989), that “claims must be interpreted as broadly as their terms reasonably allow.” IV. ANALYSIS With respect to independent claim 1, Appellants argue that the Examiner’s position as set forth in the rejection is in error and the Examiner’s statement that "the first and second shares of the password cannot be determined from the use or name" is in error. (App. Br. 8). Appellants contend that Brickell stores its corresponding password piece in “direct association” with the user name and their user name is the additional information according to the Examiner. (App. Br. 8; Reply Br. 2). We note that Brickell does not recite a "direct association" of the user name with the password pieces. Brickell merely states at column 4, lines 44-48, that "[a]fter securely transmitting the password pieces to the respective servers 114-116, the servers store the received password pieces for later authentication, along with information identifying the user, such as the user’s login name. (Act 204)." Appellants contend that the servers which are the second and third devices can readily determine the corresponding password piece from the user name. We disagree with Appellants' contention and note that the language of independent claim 1 states that "each of the first and second shares having the property that it is infeasible to determine solely therefrom correspondence of the additional information Appeal 2008-003366 Application 10/216,030 6 with the first password." Appellants appear to argue the converse of the claim limitation rather than the limitation. Additionally, it is the correspondence of the additional information with the first password, rather than the password pieces that is set forth in independent claim 1. Moreover, the Examiner has identified a different portion of Brickell in the rejection. Brickell states: an alternative implementation is to take N different hashes of the password, each with a different Salt value, to obtain N different hash values. From each of the N different hashes, a predetermined number of bits is taken for each password piece, where the predetermined number is equal to the expected entropy of the password (expressed as an integer number of bits) divide by N. (Col. 4, ll. 54-60). We agree with the Examiner that Brickell teaches the use of portions of the password at plural devices. Appellants further contend that independent claim 1 recites that the second and third devices utilize respective first and second shares of the password to collectively determine the correspondence of the additional information with the password. We find the teachings of Brickell at columns 4 and 5 to disclose use of the authentication of a user’s password with the respective portions stored at servers 114-116 and that for each servers 114-116, after receiving its encrypted password piece, decrypts the password piece and compares the encrypted piece to the value pre-stored for that user. Since each of the password pieces and the user ID are used in the process at the respective servers, we find that Brickell teaches collectively determining the correspondence of the user ID to the password from which the password pieces were originally formed. Therefore, we find Appellants' Appeal 2008-003366 Application 10/216,030 7 argument to be unpersuasive of error in the Examiner's initial showing of anticipation of independent claim 1. Therefore, we sustain the rejection of independent claim 1 and dependent claims 4, 5, 7, 8, 13, and 14 grouped therewith by Appellants. With respect to dependent claim 32, the Examiner cites to column 4, lines 49-51, with respect to this claim limitation wherein Brickell deletes the password when the password pieces are transmitted to the servers. We agree with Appellants that this portion of Brickell does not support the Examiner's position. But, we note that the Examiner identifies column 4, lines 52-60 (Ans. 4), with respect to independent claim 1, which uses a predetermined number of bits taken from each password piece which is generated from N different hashes. We find that this use of the bits from each password piece teaches the claim limitations of dependent claim 32. Therefore, we find Appellants' argument to be unpersuasive of error in the Examiner's reliance upon Brickell to teach dependent claim 32. With respect to independent claim 43, Appellants argue that independent claim 43 recites a pseudonym for a submitter of the additional information in the pseudonym being provided by one of the devices to another of the devices. Appellants contend that the hashing function as relied upon and disclosed at column 4, lines 52-60 (App. Br. 15), of Brickell fails to meet the pseudonym limitation of independent claim 43. The Examiner maintains that the user login names are a form of pseudonyms. (Ans. 17). We disagree with the Examiner and furthermore the user login names are not taught to be provided from one device to another device as claimed. Therefore, we find the Examiner has not set forth a sufficient Appeal 2008-003366 Application 10/216,030 8 initial showing of anticipation of the invention as recited in independent claim 43, and we reverse the rejection thereof. With respect to independent claim 44, we similarly find the Examiner's proffered initial showing of anticipation to be in error as discussed with independent claim 43. With respect to independent claim 46, Appellants contend that Brickell does not teach a post-authentication action and that the data relied upon in column 5, lines 1-25, does not support the Examiner’s position. We disagree with Appellants' position, and we find that Brickell’s disclosure of sending the authentication accept messages to a remote computer of 121 anticipates the aforementioned limitation. We find the transmission of this message is a post-authentication action. Therefore, Appellants' argument is unpersuasive of error in the Examiner’s initial showing of anticipation. With respect to independent claim 47, Appellants argue that independent claim 47 includes a limitation relating operation as a mix network, which is not believed to be shown by Brickell. (App. Br. 16). Appellants contend that skilled artisans would recognize that a mix network is not any system that uses public key and symmetric key cryptography as alleged by the Examiner and that Appellants have described mix networks in their Specification at page 39. From our review of the teachings at page 39 of Appellants' Specification, we are unconvinced that Appellants' Specification recites a specific definition of a “mix network.” Therefore, Appellants' argument does not show error in the Examiner’s initial showing of anticipation. Appellants further identify an article discussing "mix networks,” dated December 2006, which is four years after Appellants' original filing date. We find this proffered evidence to be irrelevant to the Appeal 2008-003366 Application 10/216,030 9 interpretation of "mix network" in August 2002, at the time of Appellants' invention. Since Appellants have not shown error in the Examiner's initial showing of anticipation, we will sustain the rejection of independent claim 47. With respect to dependent claims 34 and 35, Appellants rely upon the arguments advanced with respect to dependent claim 32 and contend that the Cheston reference fails to supplement the fundamental deficiencies of Brickell as applied to claim 32. Since we found no fundamental deficiencies in the rejection of dependent claim 32, we find Appellants' argument to be unpersuasive of error with respect to dependent claims 34 and 35. Therefore, we will sustain the obviousness rejection of claims 34 and 35. With respect to dependent claim 36, Appellants contend that although Cheston deals with life questions, the combination of Cheston and with Brickell fails to teach or suggest an arrangement in which first and second servers use their respective shares to collectively verify that additional information comprises answers to a set of life questions. (App. Br. 18). We disagree with Appellants and find that the alternative embodiment of Brickell when used in combination with the life questions as taught by Cheston (col. 4 and 6-8) would have taught and fairly suggested the limitation of collectively verifying the answers to a set of life questions. Therefore, we find Appellants' argument unpersuasive error in the Examiner’s initial showing of obviousness. With respect to independent claim 45, Appellants argue that the claim recites that "no particular one of the devices storing the respective shares can determine correspondence between the additional information in the password" and relies upon the arguments set forth with respect to Appeal 2008-003366 Application 10/216,030 10 independent claim 1 in that Cheston fails to supplement the noted deficiencies of Brickell. (App. Br. 18). As discussed above with respect to independent claim 1 in dependent claim 36, we find no deficiency in the combination of Brickell and Cheston and that the combination would have set forth the use of a set of answers to life questions as the password and that portions are distributed to plural servers so that no particular one of the devices storing the respective shares can determine correspondence between the additional information in the password since each only has a portion of the password. Therefore, we find Appellants' argument to be unpersuasive of error in the Examiner's initial showing of obviousness of independent claim 45, and we will sustain the rejection thereof. With respect to dependent claim 40, Appellants argue that the claim is allowable by virtue of its dependence upon independent claim 1, and the Swander reference does not remedy the deficiency in the rejection of independent claim 1. (App. Br. 19). As discussed above with respect to independent claim 1, we find no deficiency in the rejection of independent claim 1. Therefore, we find Appellants' argument to be unpersuasive of error in the Examiner's initial showing of obviousness of dependent claim 40, and we will sustain the rejection thereof. V. CONCLUSION For the aforementioned reasons, we find that Appellants have shown that the Examiner erred in the initial showing of anticipation of independent claims 43 and 44, but the Appellants have not shown that the Examiner erred in the initial showing of anticipation and obviousness of the remainder of the claims on appeal. Appeal 2008-003366 Application 10/216,030 11 VI. ORDER We affirm the anticipation rejection of claims 1, 4, 5, 7, 8, 13, 14, 32- 36, 40, 41, 42, 46, and 47; we reverse the anticipation rejection of claims 43 and 44; and we affirm the obviousness rejections of claims 34-36, 40, and 45. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART rwk Ryan, Mason & Lewis, LLP 90 Forest Avenue Locust Valley, NY 11560 Copy with citationCopy as parenthetical citation
