Ex Parte KocherDownload PDFPatent Trial and Appeal BoardAug 9, 201711977392 (P.T.A.B. Aug. 9, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/977,392 10/24/2007 Paul C. Kocher 10314.0052-02000 2478 15695 7590 Rambus/Finnegan 901 New York Ave., NW Washington, DC 20001 EXAMINER MANDEL, MONICA A ART UNIT PAPER NUMBER 3621 NOTIFICATION DATE DELIVERY MODE 08/11/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): regional-desk @ finnegan. com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte PAUL C. KOCHER Appeal 2015-0068781 Application 11/977,3922 Technology Center 3600 Before ANTON W. FETTING, PHILIP J. HOFFMANN, and TARA L. HUTCHINGS, Administrative Patent Judges. HUTCHINGS, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellant appeals under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1—22. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 Our Decision references Appellant’s Appeal Brief (“App. Br.,” filed Dec. 1, 2014) and Reply Brief (“Reply Br.,” filed July 15, 2015), and the Examiner’s Answer (“Ans.,” mailed June 1, 2015) and Final Office Action (“Final Act.,” mailed Dec. 4, 2013). 2 Appellant identifies Cryptography Research, Inc. as the real party in interest. App. Br. 1. Appeal 2015-006878 Application 11/977,392 CLAIMED INVENTION Appellant’s claimed invention relates to “methods and apparatuses for securing payment cards against external monitoring attacks.” Spec. 1, 11. 16-17. Claims 1 and 12 are the independent claims on appeal. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A cryptographic device comprising: (a) at least one memory containing a value of a secret parameter; and (b) a processor configured to perform a plurality of cryptographic transactions, each said transaction involving a cryptographically processed datum, where: (i) each of said cryptographic transactions is secured using a secret parameter; (ii) said processor configured to reduce the usefulness of information gathered through external monitoring of said cryptographic device related to said secret parameter by performing a plurality of cryptographic update operations to derive an updated value of said secret parameter at a different level within a hierarchy of secret parameters, wherein deriving an updated value of said secret parameter comprises applying at least one invertible function to the value of said secret parameter before said plurality of cryptographic operations; and (iii) said processor configured to store the updated value of said secret parameter in said at least one memory for use in at least one subsequent transaction; and (c) an interface configured to output said datum to a cryptographic processing device. REJECTIONS Claims 1—22 are rejected under 35 U.S.C. § 101 as directed to non- statutory subject matter. 2 Appeal 2015-006878 Application 11/977,392 Claims 1—22 are rejected under 35 U.S.C. § 112, second paragraph, as indefinite for failing to particularly point out and distinctly claim the subject matter that Appellant regards as the invention. Claims 1—7, 12—18, and 21 are rejected under 35 U.S.C. § 103(a) as unpatentable over Schwenk (US 6,222,923 Bl, iss. Apr. 24, 2001) and Morgan (US 6,185,685 Bl, iss. Feb. 6, 2001). Claims 8—11, 19, 20, and 22 are rejected under 35 U.S.C. § 103(a) as unpatentable over Schwenk, Morgan, and Hohle (US 6,101,477, iss Aug. 8, 2000). Claims 1—11 are rejected under 35 U.S.C. § 102(b) as anticipated by Bjerrum (US 5,311,595, iss. May 10, 1994). ANALYSIS Non-Statutory Subject Matter Claims 1—11 In rejecting claims 1—11 under 35 U.S.C. § 101, the Examiner finds that the claims are directed to ‘“a plurality of cryptographic update operations to derive an updated value of said secret parameter[,]’ which is a mathematical procedure for changing a value, thus an abstract idea.” Ans. 2. Appellant argues that claims 1—11 are “not directed to generically changing a value,” but rather to an improved “device for protecting cryptographic keys[,] and a specific, novel, and nonobvious apparatus for securing cryptographic transactions.” Reply Br. 5. When considering whether the claims are directed to a patent ineligible concept, such as an abstract idea, the inquiry is not whether the invention involves an abstract idea. Enfish, LLC v. Microsoft Corp., 822 3 Appeal 2015-006878 Application 11/977,392 F.3d 1327, 1335 (Fed. Cir. 2016) (citing Mayo Collaborative Services v. Prometheus Labs., Inc., 566 U.S. 66, 70-71 (2012)). Rather, the claims are considered in their entirety, in light of the Specification, to ascertain whether their character as a whole is directed to excluded subject matter. Id. (citing Internet Patents Corp. v. Active Network, Inc., 790 F.3d 1343, 1346 (Fed. Cir. 2015)). We disagree with the Examiner’s conclusion that the claims are directed to a mathematical procedure for changing a value. Instead, we conclude that the character of the claims as a whole is directed to an improved cryptographic device, such as a smartcard; namely, a cryptographic device that protects cryptographic keys from attackers gathering information by external monitoring. Our conclusion is supported by the Specification’s description of the invention as directed to “securing payment cards against external monitoring attacks” (Spec. 1,11. 15—17) and “mak[ing] smartcards (and other cryptographic client devices secure even if attackers are able to use external monitoring (or other) attacks to gather information correlated to the client device’s internal operations” (id. at 3, 11. 3—5), as well as the description of inadequacies of securing information in smartcards and other cryptographic devices (id. at 1,1. 22—2,1. 32). Because we find that the claims are not directed to ineligible subject matter, we do not reach step two of the test set forth in Alice Corp. Pty. Ltd. v. CLSBankInt 7, 134 S. Ct. 2347, 2354 (2014). Enfish, 822 F.3d at 1339. Therefore, we do not sustain the Examiner’s rejection of claims 1—11 under 35U.S.C. § 101. 4 Appeal 2015-006878 Application 11/977,392 Claims 12—22 In rejecting claims 12—22 under 35U.S.C. § 101, the Examiner finds that the claims are directed to ‘“a cryptographic update operation ... by applying an invertible functionf,]’ which is a mathematical procedure for changing a value, thus an abstract idea.” Ans. 3. Appellant argues that the claims are not directed to an abstract idea, but rather an improved “method of encrypting information to better protect it from external monitoring attacks.” App. Br. 10; see also id. at 9, 11 (claims “recite a particular solution to a problem to be solved, such as a threat from external monitoring attacks[,]” are directed to an “improvement in the field of encryption[,]” and “improve [] the functioning of the cryptographic operation”). For reasons similar to those described above with respect to claims 1— 11, we find that the character of claims 12—22, when considered in their entirety, in light of the Specification, is directed to a method for improving an existing technology, encryption. See McRO, Inc. v. Bandai Namco Games Am., Inc., 837 F.3d 1299, 1314 (Fed. Cir. 2016) (patent eligible method claims directed to an improvement in computer animation, not an abstract idea that merely invokes generic processes and machinery). In the Answer, the Examiner disputes that the claim is directed to an improvement in the field of encryption because the claimed steps are “well understood, routine, conventional activities previously known in the field of cryptography.” Ans. 5. And the Examiner asserts that “there is no evidence to support” Appellant’s argument that the invention is directed to an improvement in cryptography. Id. But the Examiner’s findings are not adequately supported in light of Appellant’s Specification, which describes how the claimed invention makes the cryptographic transactions less 5 Appeal 2015-006878 Application 11/977,392 vulnerable to attackers gathering information by external monitoring. See Reply Br. 9. Because we find that the claims are not directed to ineligible subject matter, we do not reach step two of the test set forth in Alice, 134 S. Ct. at 2354. Enfish, 822 F. 3d at 1339. Therefore, we do not sustain the Examiner’s rejection of claims 12—22 under 35 U.S.C. § 101. Indefiniteness In rejecting independent claim 1 under 35 U.S.C. § 112, second paragraph, the Examiner takes the position that the phrase “usefulness of information” is indefinite because it requires an exercise of subjective judgement. Final Act. 3^4. Appellant argues that the Specification provides objective measures of useful information. App. Br. 12—13 (citing Spec. 3,11. 7-10; 10,11. 19-21; 11,11. 10-22; 14,11. 22-29); see also Reply Br. 10. We find that a person of ordinary skill in the art would understand what is claimed when claim 1 is read in light of the Specification. For example, the Specification describes that Appellant’s invention updates the secret key value of a cryptographic client device, such as a smartcard, sufficiently frequently, such as before each transaction. Spec. 3,11. 5—8. In this way, any information leaked by the cryptographic transaction and gathered by an attacker through external monitoring “no longer (or less) usefully describe^] the new updated secret value [of the secret key].” Id. at 3,11. 8—10. The Specification describes “information” as “useful” when it “can help or enable an attacker to implement an actual attack.” Id. at 3, 11. 10-11. Unlike traditional cryptographic systems, which repeatedly use the same secret value, the claimed invention’s process for frequently 6 Appeal 2015-006878 Application 11/977,392 updating the secret key value causes any collected information to quickly become obsolete. Id. at 3,11. 11—20. Claim 1 recites that the process is configured to reduce the “usefulness of information gathered through external monitoring ... by performing a plurality of cryptographic update operations to derive an updated value of said secret parameter.” We find that a person of ordinary skill in the art would understand that the reduced “usefulness of information” refers to a reduced correlation between information gathered by external monitoring and the secret parameter value due to the claimed update operations. Claims 2—11 recite “[t]he device of claim . . .” in the preamble. The Examiner takes the position that it is unclear whether the claims refer to the cryptographic device or the cryptographic processing device. Final Act. 4. However, we find that a person of ordinary skill in the art would understand what is claimed when claims 2—11 are read in light of the Specification, namely, than the claimed “device” refers to the cryptographic device recited in the preamble of claim 1. See App. Br. 14; see also Reply Br. 10-11. Claim 8 recites “where said device is a smartcard.” The Examiner finds that the claim is indefinite because it is unclear whether the cryptographic device or the cryptographic processing device is the smartcard. Final Act. 4. However, we agree with Appellant that a person of ordinary skill in the art would understand that “said device” recited in the preamble of claim 8 refers to the cryptographic device recited in the preamble of claim 1. See App. Br. 14; see also Reply Br. 11—12. With respect to claim 9, the Examiner maintains that it is unclear what constitutes “said cryptographic processing,” because there are “various 7 Appeal 2015-006878 Application 11/977,392 cryptographic processes taking place in the claim.” Final Act. 4. Appellant asserts that “cryptographic processing” is a typographical error for “cryptographic processing device.” App. Br. 14; see also Reply Br. 12. In our view, a person of ordinary skill in the art would understand what is claimed when claim 9 is read in light of the Specification; namely, that “cryptographic processing” is a typographical error and refers to the cryptographic processing device recited in claim 1. See, e.g., Spec. 19, claims 8—9. With respect to claim 12, the Examiner finds that the language “within a hierarchy” is recited twice in the same claim and it is “unclear if the second recitation of a hierarchy is the same hierarchy as the first recitation of a hierarchy.” Final Act. 4. We agree with Appellant that one of ordinary skill would understand from the language of the claim that the second recitation of “within a hierarchy” refers to the same hierarchy. See App. Br. 15; see also Reply Br. 13. In view of the foregoing, we do not sustain the Examiner’s rejection of claims 1—22 under 35 U.S.C. § 112, second paragraph. Obviousness Independent Claim 1, and Dependent Claims 2—7 We are persuaded by Appellant’s argument that the Examiner erred in rejecting independent claim 1 under 35 U.S.C. § 103(a) because Schwenk does not disclose or suggest a processor configured to perform a plurality of cryptographic transaction, where “said processor [is] configured to reduce the usefulness of information gathered through external monitoring of said cryptographic update operations to derive an updated value of said secret parameter at a different level within a hierarchy of secret parameters,” as 8 Appeal 2015-006878 Application 11/977,392 recited in claim 1, limitation (b)(ii). App. Br. 17—19. The Examiner relies on Schwenk as disclosing the argued limitations. Final Act. 5 (citing Schwenk col. 3,11. 11—15, 31—62). We have reviewed the cited portions of Schwenk. Yet, we find nothing that discloses or suggests the argued limitation. Schwenk is directed to a method of securing a system protected by a predefined hierarchy of cryptographic keys for a pay TV system against unauthorized users. Schwenk col. 1,11.5—8. Schwenk describes a tree-type key hierarchy for a pay TV system having five customers, each customer receiving one of five individual cryptographic keys PKi—PK5, and being situated on the lowest hierarchical level from the pay TV program provider. Id. at col. 3,11. 24—29. In an example described with reference to Figure 1 of Schwenk, customers 1^4 are authorized to receive a pay TV program, but customer 5 is not. Id. at col. 3,11. 35—37. To achieve this distribution of authorizations, customers 1—4 are grouped in the next higher hierarchical level, having two subsets, each subset comprising two customers and receiving an encrypted group key GKi and GK2 that is uniquely associated with the subset. Id. at col. 3,11. 37-42, Fig. 1. Customers 1 and 2 calculate encrypted group key GKi using their respective individual cryptographic keys PKi, PK2; likewise, customers 3 and 4 calculate group key GK2 using their respective individual keys PK3 and PK4. Id. at col. 3,11. 48—51. Customer 5, on the other hand, cannot decode either group key GKi or GK2. Id. at col. 3,11. 51—52. At the next highest hierarchical level is a common key SK, which contains both subsets of customers. Id. at col. 3,11. 53—55; Fig. 1. The encrypted common key SK is transmitted to the customers, and customers 1—4 decode the common key using their respective group key 9 Appeal 2015-006878 Application 11/977,392 GKi or GK2. See id. at col. 2,11. 55—57. The pay TV program broadcast by the provider is encoded with common key SK, which customers 1—4 can decode and receive, but customer 5 cannot. Id. at col. 3,11. 58—61. Schwenk addresses a problem in which a dishonest customer (here, customer 4) copies and distributes his assigned group key GK2 to a third party without authorization, and the system operator, upon receiving copied group key GK2, cannot identify which of the customers assigned to group key GK2 (here, customers 3 and 4) is the pirate. Id. at col. 3,1. 63—col. 4,1. 8, Fig. 1. In this situation, Schwenk describes storing the suspect subset of customers (here, customers 3 and 4), and splitting the suspect subset into new subsets, such as subset 1 assigned to new group key GKi ’ having customers 1 and 3, and subset 2 assigned new group key GK2’ having customers 2 and 4. Id. at Fig. 2, col. 4,11. 11—17, Fig. 2. The newly generated group keys GKi’ and GK2’ are sent to the individual customers, and customer 4, the dishonest pirate, copies and distributes new group key GK2’ to the third party. Id. at col. 4,11. 20—24. When the system operator receives copied group key GK2’ the system operator determines the intersection of the stored, suspect subset assigned to group key GK2 and the subset assigned to the group key GK2’ to identify the dishonest customer as customer 4. Id. at col. 4,11. 24—33. The Examiner finds that Schwenk’s individual cryptographic key, e.g., PKi, discloses the claimed “secret parameter.” Final Act. 5 (citing Schwenk col. 3,11. 28, 31). And the Examiner takes the position that transmitting a group key to a subset of customers, as disclosed by Schwenk, discloses the claimed plurality of cryptographic update operations that “derive an updated value of said secret parameter at a different level within a 10 Appeal 2015-006878 Application 11/977,392 hierarchy of secret parameters,” as recited in claim 1. See Ans. 10—11 (citing Schwenk col. 3,11. 10—23); see also Final Act. 5 (citing Schwenk col. 3,11. 11—15, 31—62). The difficulty with the Examiner’s analysis is that neither the group keys GKi, GK2 nor the common key SK constitute an “updated value” of any the individual cryptographic keys PKi—PK5. Rather, they are different keys. Indeed, Schwenk describes that upon identifying customer 4 as the pirate, customer 4’s individual cryptographic key PK4, which was never “updated” during Schwenk’s process for identifying the dishonest customer, can be blocked from using the system. See Schwenk col. 4,11. 33-36. For at least this reason, we do not sustain the Examiner’s rejection of independent claims 1 and dependent claims 2—7 under 35 U.S.C. § 103(a). Independent Claim 12, and Dependent Claims 13—18 and 21 Independent claim 12 includes language substantially similar to the language of claim 1, and stands rejected based on the same rationale applied with respect to claim 1. Final Act. 9—10. Therefore, we do not sustain the Examiner’s rejection under 35 U.S.C. § 103(a) of independent claim 12 and dependent claims 13—18 and 21 for the same reasons set forth above with respect to claim 1. Dependent Claims 8—11, 19, 20, and 22 Claims 8—11, 19, 20, and 22 each depend from one of claims 1 and 12, respectively. The Examiner’s rejection of claims 8—11, 19, 20, and 22 does not cure the deficiencies in the rejection of independent claims 1 and 12. Therefore, we do not sustain the Examiner’s rejection under 35 U.S.C. § 103(a) of dependent claims 8—11, 19, 20, and 22 for the same reasons discussed above with respect to the independent claims. 11 Appeal 2015-006878 Application 11/977,392 Anticipation The Examiner rejects claims 1—11 under 35 U.S.C. § 102(b) as anticipated by Bjerrum, finding that Bjerrum describes a cryptographic device (i.e., a Smart Card) that includes at least one memory containing a value of a secret parameter, a processor (i.e., a central data processing unit) having a hardware configuration, and an interface (i.e., an input/ouput gate for communication) having a hardware configuration. See Final Act. 14. In the Answer, the Examiner explains that “the configuration of the processor and interface are interpreted as hardware configurations” and “the cryptographic device of Bjerrum possesses the necessary structure to perform the functions” recited in claims 1—11. Ans. 13—14. But the Examiner does not identify, and we do not find, a description in Bjerrum of any programming rendering Bjerrum’s processor and interface capable of performing the functions recited in claims 1—11. See Typhoon Touch Techs., Inc. v. Dell, Inc., 659 F.3d 1376, 1380-81 (Fed. Cir. 2011) (the apparatus as provided must be programmed so that it is “capable” of performing the recited function) (citing Microprocessor Enhancement Corp. v. Texas Instr., Inc., 520 F.3d 1367, 1375 (Fed. Cir. 2008). On this record, the Examiner’s findings fail to adequately support a rejection of claims 1—11 under 35 U.S.C. § 102(b). Accordingly, we do not sustain the rejection of claims 1— 11 under 35 U.S.C. § 102(b). DECISION The Examiner’s rejection of claims 1—22 under 35 U.S.C. § 101 is reversed. 12 Appeal 2015-006878 Application 11/977,392 The Examiner’s rejection of claims 1—22 under 35 U.S.C. § 112, second paragraph, is reversed. The Examiner’s rejections of claims 1—22 under 35 U.S.C. § 103(a) are reversed. The Examiner’s rejection of claims 1—11 under 35 U.S.C. § 102(b) is reversed. REVERSED 13 Copy with citationCopy as parenthetical citation
