12109644 (P.T.A.B. Sep. 30, 2016)

Ex Parte Karjala et al

Patent Trial and Appeal BoardSep 30, 2016

12109644 (P.T.A.B. Sep. 30, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/109,644 04/25/2008 10949 7590 10/04/2016 Nokia Corporation and Alston & Bird LLP c/o Alston & Bird LLP Bank of America Plaza, 101 South Tryon Street Suite 4000 Charlotte, NC 28280-4000 FIRST NAMED INVENTOR J ari Karjala UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 042933/342632 3901 EXAMINER AMBA YE, SAMUEL ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 10/04/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): usptomail@alston.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JARI KARJALA, ARI VEPSALAINEN, and JUSSI MAKI 1 Appeal2015-006596 Application 12/109,644 Technology Center 2400 Before JEAN R. HOMERE, CARLA M. KRIVAK, and JASON V. MORGAN, Administrative Patent Judges. MORGAN, Administrative Patent Judge. DECISION ON APPEAL Introduction This is an appeal under 35 U.S.C. Â§ 134(a) from the Examiner's Final Rejection of claims 1-28. App. Br. 12, 16. We have jurisdiction under 35 U.S.C. Â§ 6(b). We AFFIRM. Invention Appellants' invention is directed to an apparatus with "a processor configured to receive a request for an access token from a remote entity, wherein the request includes an indication of a requested service." Abstract. 1 Appellants identify Nokia Corporation as the real party in interest. App. Br. 2. Appeal2015-006596 Application 12/109,644 Exemplary Claim Claim 1, reproduced below with key limitations emphasized, is representative: 1. A method comprising: receiving a request for an access token from a remote entity, wherein the request includes an indication of a requested service; determining, using a processor, a request type of the received request, wherein the determined request type is one of a user identification and password combination, a request token exchange, or an access token exchange; extracting one or more parameters included in the request based at least in part upon the determined request type; performing one or more security checks based at least in part upon the one or more extracted parameters; creating an access token based at least in part upon results of the one or more security checks, the access token associated with at least the requested service and the remote entity; and causing the access token to be provided to the remote entity. Rejection The Examiner rejects claims 1-28 under 35 U.S.C. Â§ 103(a) as being unpatentable over John Hughes et al., Security Assertion Markup Language (SAML) V2.0 Technical Overview, Working Draft 08, (Sept. 12, 2005) ("Hughes") and Chia et al. (US 2008/0072301 Al; published Mar. 20, 2008). Final Act. 4--10. ISSUE Did the Examiner err in finding the combination of Hughes and Chia teaches or suggests "extracting one or more parameters included in the 2 Appeal2015-006596 Application 12/109,644 request based at least in part upon the determined request type," as recited in claim 1? ANALYSIS In rejecting claim 1, the Examiner finds that Hughes, by disclosing an HTTP POST containing a Security Assertion Markup Language (SAML) defining a user for which authentication and authorization information is required, and by disclosing extraction of a SourceID from a SAML artifact, teaches or suggests determining a request type of the received request (Final Act. 5 (citing Hughes 21 )) and extracting one or more parameters included in the request (Final Act. 6 (citing Hughes 24)). The Examiner relies on Chia's disclosure of an Authentication Controller that repackages an original login request message (including encrypted user credentials) as an "authentication assertion query" to teach or suggest extracting based at least in part upon the determined request type. Final Act. 7 (citing Chia i-fi-170-71). Appellants contend the Examiner erred because "Chia fails to teach or suggest that any parameters are extracted based upon the determined request type." App. Br. 13; see also Reply Br. 2. However, the Examiner relies on Hughes, not Chia, to teach or suggest the extraction of parameters. Final Act. 6. Furthermore, the Examiner correctly finds that Chia teaches or suggests a service type (e.g., an "authentication assertion query" message id) that determines information to extract. Final Act. 7 (citing Chia i-fi-170-71). In particular, Chia's Authentication, Authorization, and Accounting (AAA) Server parses a message and decrypts user credentials when the message received is of the "authentication assertion query" type. See Chia i1 71, Fig. 10. The type of data extracted by the AAA Server upon receiving an 3 Appeal2015-006596 Application 12/109,644 "authentication assertion query" message differs from the type of data the AAA Server extracts upon receiving, for example, an "authorization assertion query" message. See Chia i-fi-191-92, Fig. 12. Because Hughes teaches or suggests both extracting parameters (i.e., data) and a determined request type, while Chia teaches or suggests the extraction of certain data based on a request type (e.g., "an authentication assertion query" message), we agree with the Examiner the combination of Hughes and Chia teaches or suggests "extracting one or more parameters included in the request based at least in part upon the determined request type," as recited in claim 1. Appellants also argue that the recitation of "performing one or more security checks based at least in part upon the one or more extracted parameters" is not taught or suggested by Hughes and Chia. App. Br. 14. However, Appellants' argument is premised on the alleged deficiency of Hughes and Chia, discussed above, which we find unpersuasive because, contrary to Appellants arguments, the security checks are based on parameters extracted based at least in part upon the determined request type. Id. Therefore, because the combination of Hughes and Chia is not deficient as alleged, Appellants' arguments regarding the performing one or more security checks recitations is also unpersuasive. Appellants further contend the Examiner has failed to articulate a reason with a rational underpinning showing that it would have been obvious to an artisan of ordinary skill in the art to combine the teachings and suggestions of Hughes and Chia in the claimed manner. App. Br. 15. However, the proposed combination merely represents the use of prior art elements (i.e., using a determined request type to affect how to process a request and extract parameters) combined using known methods to yield 4 Appeal2015-006596 Application 12/109,644 predictable results (i.e., extracting parameters in a request based on the determined request type). KSR Int'! Co. v. Teleflex Inc., 550 U.S. 398, 416 (2007). As such, we disagree with Appellants that the Examiner erred in relying on the combined teachings and suggestions of Hughes and Chia. Accordingly, we sustain the Examiner's 35 U.S.C. Â§ 103(a) rejection of claim 1, and claims 2-28, which Appellants do not argue separately with persuasive specificity. App. Br. 16. DECISION We affirm the Examiner's decision rejecting claims 1-28. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a). See 37 C.F.R. Â§ 41.50(Â±). AFFIRMED 5