Ex Parte Kelly et alDownload PDFPatent Trial and Appeal BoardFeb 3, 201612584861 (P.T.A.B. Feb. 3, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/584,861 09/14/2009 123521 7590 02/05/2016 Wells Fargo Bank, N.A. c/o Nelson Mullins Riley & Scarborough, LLP IP Department 100 North Tryon Street 42nd Floor Charlotte, NC 28202 FIRST NAMED INVENTOR Edward R. Kelly UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 2827491.00057 4790 EXAMINER LANIER, BENJAMINE ART UNIT PAPER NUMBER 2437 NOTIFICATION DATE DELIVERY MODE 02/05/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): ip@nelsonmullins.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte EDWARD R. KELLY, CHRISTOPHER WAYNE HOWSER, JONATHAN FRANCIS SAVAGE, and YULIANG ZHENG Appeal2014-001445 Application 12/584,861 Technology Center 2400 Before THU A. DANG, CARL L. SILVERMAN, and NORMAN H. BEAMER, Administrative Patent Judges. DANG, Administrative Patent Judge. DECISION ON APPEAL I. STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from the Final Rejection of claims 1-12. Claims 13-22 have been withdrawn. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Appeal2014-001445 Application 12/584,861 A. INVENTION According to Appellants, the claimed invention "relates to a system and a method for protecting applications within a networked computer system" (Spec. i-f 2). B. ILLUSTRATIVE CLAIM Claim 1 is exemplary: 1. A method of authenticating a user within a networked computer system, the method comprising: providing an authentication server for authenticating a user; providing a gatekeeper server; creating an authentication token comprising a user ID of the user by the authentication server upon user authentication to uniquely identify the user, the authentication token being independent of the user credentials presented by the user and verifiable without a need for the user to re-present the user credentials; providing an application server; providing a first encryption key, said first encryption key being shared by the authentication server and the application server but not with the gatekeeper server; encrypting the authentication token with the first encryption key, wherein the gatekeeper server is unable to access the encrypted authentication token created by the authentication server; and using the encrypted authentication token by the application server to verify that the user is a subscriber to the application server. C. REJECTIONS The prior art relied upon by the Examiner as evidence in rejecting the claims on appeal is: Yuval US 2002/016404 7 A 1 Nov. 7, 2002 2 Appeal2014-001445 Application 12/584,861 Grantges Childs Meier US 6,510,464 Bl US 7,234,157 B2 US 7,373,508 Bl Jan. 21, 2003 June 19, 2007 May 13, 2008 Claims 1, 2, and 7-9 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Childs and Meier. Claims 3-5, 10, and 11 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Childs, Meier, and Grantges. Claims 6, and 12 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Childs, Meier, and Yuval. II. ISSUES The principal issues before us are whether the Examiner erred in finding Childs, in combination with Meier, teaches or would have suggested "creating an authentication token comprising a user ID" that is "independent of the user credentials presented by the user and verifiable without a need for the user to re-present the user credentials," as recited in claim 1. III. FINDINGS OF FACT The following Findings of Fact (FF) are shown by a preponderance of the evidence. Childs 1. Childs discloses providing an authenticated credential upon successful user authentication, wherein the authenticated credential is stored using a Public Key Infrastructure (Abstr.). In particular, when a user attempts to access a secure resource, the user is asked to enter identifying information such as user ID and/or password, and if the authentication server recognizes the identifying information as associated with an authorized user, the 3 Appeal2014-001445 Application 12/584,861 authenticated credential would be provided to the user's system (col. 1, 11. 20-28). 2. Figure 2 is reproduced below: r~~~~=~;=~~r)OO ~-I 13.5 [~~ credential to acce$$ secure re500:rce _____ ._._ ---- .FfG. 2 Figure 2, reproduced above, discloses a method of attempting to access a secure resource, wherein if the authentication is successful, an authenticated credential is returned to the client that is unique to the authenticated user and allows the client to access the requested secure resource (col. 3, 11. 60-67). The credential is stored in a protected manner using a Public Key Infrastructure (PKI), which provides the credential with a digital signature to detect whether the contents have been altered (col. 4, 11. 4 Appeal2014-001445 Application 12/584,861 4--14). If a user authentication request fails, the client determines whether connectivity is available, wherein if such connectivity is not available, the client checks for an authenticated credential matching the user whose authentication request failed by decrypting the authenticated credential, verifying that the credential has not been tampered with, and then accessing the requested resource using the stored credential if a valid match is found (col. 4, 11. 37--47). IV. ANALYSIS As for claim 1, Appellants contend "Childs teaches away from the present invention in that credentials such as a usemame and password are required every time to get the token for successful authentication" (App. Br. 6). That is, Appellants contend the combination of references "would not have taught or suggested the lack of a need for the user to re-present the user credentials for pu1poses of authentication" (id.). Although Appellants do not contest that Childs discloses an "authentication token," Appellants contend, "Childs clearly indicates that the authentication token must be decrypted in or to match the user ID" wherein "the authentication token is not 'independent of the user credentials presented by the user'" (App. Br. 8). We consider all of Appellants' arguments and evidence presented, and disagree with Appellants' contentions regarding the Examiner's rejections of the claims. We adopt as our own: ( 1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken, and (2) the reasons set forth by the Examiner in the Answer in response to arguments made in Appellants' Appeal Brief. We highlight and address specific findings and arguments below: 5 Appeal2014-001445 Application 12/584,861 Childs discloses a user entering identifying information such as user ID and/or password, and the user system receiving and storing the authenticated credential if the authentication server recognizes the entered identifying information as associated with an authorized user, wherein the authenticated credential is stored using a public key (FF 1 ). If a user authentication request fails and if connectivity is not available, the client checks for an authenticated credential matching the user whose authentication request failed and then accessing the requested resource using the stored credential if a valid match is found (FF 2). We find no error with the Examiner's finding "Childs discloses that the authentication credential is separate data from the user id/password used to authenticate users" wherein "the authentication credential can be verified without the need for the user to re-present the user credentials because the authentication credential can be verified using only the public key that corresponds to the digital signature" (Ans. 2). In particular, we agree with the Examiner's finding "the user credentials in Childs are the user ID and password combination" wherein the "authentication credential generated in Childs does not include the user ID and password combination" and thus "the authentication credential of Childs and the user ID and password combination are independent pieces of data" (Ans. 4--5). Accordingly, we find no error with the Examiner's reliance on Childs for teaching or at least suggesting "creating an authentication token comprising a user ID" that is "independent of the user credentials presented by the user and verifiable without a need for the user to re-present the user credentials," as recited in claim 1. 6 Appeal2014-001445 Application 12/584,861 We find Appellants' contention, "Childs teaches away from the present invention in that credentials such as a usemame and password are required every time to get the token for successful authentication" (App. Br. 6), unpersuasive. In Childs, contrary to Appellants' contention, usemame and password are not required for authentication every time (FF 2), but rather, as the Examiner finds, "the authentication credential can be verified using only the public key that corresponds to the digital signature" (Ans. 2). Thus, we find Childs does not criticize, discredit, or otherwise discourage the single use of the user ID and password for authentication. In re Fulton, 391 F.3d 1195, 1201 (Fed. Cir. 2004). Instead, we agree with the Examiner's finding that the combination of both of Child's user ID and password are used only once for authentication (Ans. 6). Thus, we are unpersuaded of error with the Examiner's finding that, in Childs, "the credential can be verified without using the user ID and password" (id.). Based on this record, we find no error in the Examiner's rejection of independent claim 1, nor of claims 2 and 7-9, which are not argued separately with particularity (App. Br. 6), over Childs in view of Meier. Appellants do not provide substantive arguments for claims 3---6, and 10---12 separate from claim 1 (App. Br. 9). Accordingly, we also affirm the rejections of claims 3-5, 10, and 11 over Childs and Meier, in further view of Grantges; and claims 6 and 12 over Childs and Meier, in further view of Yuval. V. CONCLUSION AND DECISION The Examiner's rejections of claims 1-12 under 35 U.S.C. § 103(a) are affirmed. 7 Appeal2014-001445 Application 12/584,861 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED hh 8 Copy with citationCopy as parenthetical citation
