Ex Parte KrishnaDownload PDFPatent Trial and Appeal BoardMay 27, 201411102363 (P.T.A.B. May. 27, 2014) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte RAVI KRISHNA1 ____________________ Appeal 2011-009061 Application 11/102,363 Technology Center 2400 ____________________ Before ST. JOHN COURTENAY III, THU A. DANG, and LARRY J. HUME, Administrative Patent Judges. HUME, Administrative Patent Judge. DECISION ON APPEAL This is a decision on appeal under 35 U.S.C. § 134(a) of the Final Rejection of claims 1-4 and 7-27. Appellant has previously canceled claims 5 and 6. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE the rejection of claims 1-4 and 7-27, and enter a new ground of rejection of claims 22-24 pursuant to our authority under 37 C.F.R. § 41.50(b). 1 The Real Party in Interest is NetApp, Inc. App. Br. 1. Appeal 2011-009061 Application 11/102,363 2 STATEMENT OF THE CASE2 The Invention Appellant’s invention relates to network authentication, and more particularly to authentication of a client with a proxy server, for example, a cookie-based acceleration of an authentication protocol. Spec. ¶ [0001], and Title. A cache server may receive a request from a client for network services and authenticate the client with an authentication protocol that does not support caching. The cache server may then set a cookie for the authenticated client and authenticate the client for additional requests for network services on the basis of the cookie, and not through the standard authentication procedure of the authentication protocol. Spec. ¶ [0008] (“SUMMARY”). Exemplary Claims Claims 1 and 22, reproduced below, are representative of the subject matter on appeal (emphasis added to contested limitations): 1. A method for authentication comprising; receiving a request from a client for a network service at a cache server; authenticating the client at the cache server for the request according to a non-cacheable authentication protocol, the non-cacheable authentication protocol specifying that the client be authenticated for each separate request with client credentials and additional, non-cacheable information that is 2 Our decision relies upon Appellant’s Appeal Brief (“App. Br.,” filed Oct. 12, 2010); Reply Brief (“Reply Br.,” filed Mar. 14, 2011); Examiner’s Answer (“Ans.,” mailed Jan. 12, 2011); Final Office Action (“FOA,” mailed June 3, 2010); and the original Specification (“Spec.,” filed Apr. 8, 2005). Appeal 2011-009061 Application 11/102,363 3 invalid for authentication after use, which prevents caching the information necessary to authenticate the client for subsequent requests, the authenticating including passing client credentials to a client database manager; setting a cookie at the cache server for the authenticated client to access a domain of the network service; receiving a subsequent request from the client for an additional network service of the domain at the cache server, the request including the cookie; and authenticating the client at the cache server for the subsequent request with the cookie by bypassing the non- cacheable authentication protocol, and without passing client credentials to the client database manager. 22. An article of manufacture comprising a computer readable storage medium having content stored thereon, which when accessed, provides instructions to receive a client request for an access to content within a part of a network domain; authenticate the client for the client request for the entire network domain with a non-cacheable, challenge-based authentication protocol at a proxy server, the non-cacheable authentication protocol specifying that the client be authenticated for each separate client request with client credentials and additional, non-cacheable information that is invalid for authentication after use, which prevents caching the information necessary to authenticate the client for subsequent access to the domain, the authenticating including the proxy server accessing a domain controller; issue a cookie for the entire network domain from the proxy server to the authenticated client; and authenticate the client at the proxy server with the cookie for subsequent access to the domain by bypassing the non- Appeal 2011-009061 Application 11/102,363 4 cacheable authentication protocol and not sending client credentials to the domain controller. Prior Art The Examiner relies upon the following prior art as evidence in rejecting the claims on appeal: Grantges, Jr. 6,324,648 B1 Nov. 27, 2001 Chan US 2004/0123144 A1 June 24, 2004 Sandhu US 2008/0052775 A1 Feb. 28, 2008 (filed Sep. 28, 2007) Lownsbrough US 7,343,398 B1 Mar. 11, 2008 (filed Sep. 4, 2002) Ramachandran US 7,370,351 B1 May 06, 2008 (filed Mar. 22, 2001) Rejections on Appeal 1. Claims 1-4, 7, 11, 15-16, 22, 25 and 26 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Chan, Ramachandran, and Grantges, Jr. Ans. 3-4. 2. Claims 8-10, 13, 14, 18-21, 24, and 27 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Chan, Ramachandran, Grantges, Jr., and Sandhu. Ans. 19. 3. Claims 12, 17, and 23 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Chan, Ramachandran, Grantges, Jr., and Lownsbrough. Ans. 26. Appeal 2011-009061 Application 11/102,363 5 ISSUE Appellant argues (App. Br. 7-10; Reply Br. 4-9) the Examiner’s rejection of claim 1 under 35 U.S.C. § 103(a) as being unpatentable over the combination of the cited prior art is in error. These contentions present us with the following issue: Did the Examiner err in finding the cited prior art combination teaches or suggests a “non-cacheable authentication protocol specifying that the client be authenticated for each separate request with client credentials and additional, non-cacheable information that is invalid for authentication after use, which prevents caching the information necessary to authenticate the client for subsequent requests,” as recited in claim 1? ANALYSIS We only consider those arguments actually made by Appellant in reaching this decision, and we do not consider arguments which Appellant could have made but chose not to make in the Briefs so that any such arguments are deemed to be waived. 37 C.F.R. § 41.37(c)(1)(vii). We agree with Appellant’s arguments with respect to claim 1, and we disagree with (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken and (2) the reasons and rebuttals set forth by the Examiner in the Examiner’s Answer in response to Appellant’s Arguments. We highlight and address specific findings and arguments regarding claim 1 for emphasis as follows. Appellant contends claim 1 requires bypassing the non-cacheable authentication protocol, and not passing authentication credentials for any subsequent authentication. App. Br. 8. Appellant further contends, “[e]ven Appeal 2011-009061 Application 11/102,363 6 assuming a non-cacheable authentication protocol and a cookie set by a cache server are shown in the cited references, there is no disclosure or suggestion of bypassing a non-cacheable authentication protocol at a cache server with a cookie.” Id. Appellant also contends, “use of a cookie in Chan does not eliminate the need to pass client credentials.” Id. In the Reply, Appellant contends, Chan discloses a non-cacheable authentication protocol. As recited in Appellant’s claims, a non-cacheable authentication protocol requires the use of “client credentials and additional, non-cacheable information that is invalid for authentication after use, which prevents caching the information necessary to authenticate the client for subsequent requests.” However, in contrast to what is asserted by the Office, Chan actually teaches caching and reusing information for subsequent access requests. Reply Br. 4; and see Chan ¶¶ [0037]-[0039]. The Examiner finds Chan teaches or suggests a non-cacheable authentication protocol for authenticating a client by its disclosure of a challenge-response type of authentication process using a physical hardware token. Ans. 30 (citing Chan ¶ [0045], lines 1-23). We disagree with the Examiner’s finding cited above that Chan teaches or suggests the claimed non-cacheable authentication protocol, particularly a non-cacheable authentication protocol which “specif[ies] that the client be authenticated for each separate request with client credentials and additional, non-cacheable information that is invalid for authentication after use, which prevents caching the information necessary to authenticate the client for subsequent requests,” as recited in claim 1. We disagree with the Examiner because Chan discloses, inter alia, Appeal 2011-009061 Application 11/102,363 7 Using the information that is extracted from the form, the proxy server is able to retrieve the authentication information that is appropriate for the authentication form. For example, the proxy server is able to determine if a username/password combination is required by the authentication form. If so, then given the fact that the proxy server has already authenticated the user and has verified identity information for the user, the proxy server can retrieve the user’s username/password information from an authentication database. In a similar manner, other types of information may be retrieved as required by the requested fields in the authentication form in accordance with the user’s known identity. However, it should be noted that the forms-based single-sign-on operation could be configured to supply a standard, hardcoded username and password for all users, including users who have not been authenticated. Chan ¶ [0054] (emphasis added). We find this disclosure of Chan to run counter the requirements of claim 1, i.e., which prohibits “additional, non- cacheable information that is invalid for authentication after use, which prevents caching the information necessary to authenticate the client for subsequent requests.” Therefore, based upon the findings above, on this record, we are persuaded of error in the Examiner’s reliance on the combined teachings and suggestions of the cited prior art combination to teach or suggest the disputed limitation of claim 1. We therefore find error in the Examiner’s resulting legal conclusion of obviousness. Accordingly, Appellant has provided sufficient evidence or argument to persuade us of reversible error in the Examiner’s reading of the contested limitations on the cited prior art. Therefore, we reverse the Examiner’s obviousness rejection of independent claim 1. Appeal 2011-009061 Application 11/102,363 8 For essentially the same reasons argued by Appellant as cited above, we reverse the Examiner's rejection of independent claims 11, 16, 22, and 25, which recite the disputed limitation in commensurate form. For the same reasons, we also reverse the rejections of all claims 2-4 and 7-27 that depend therefrom. NEW GROUND OF REJECTION We enter a new ground of rejection of article of manufacture claims 22-24 under 35 U.S.C. § 101 as being directed to non-statutory subject matter. Claim 22 recites, in pertinent part, “[a]n article of manufacture comprising a computer readable storage medium having content stored thereon.” Appellant’s Specification states: An article of manufacture may include a machine accessible/readable medium having content to provide instructions, data, etc. The content may result in an electronic device, for example, cache server 200, performing various operations or executions described herein. A machine accessible medium includes any mechanism that provides (i.e., stores and/or transmits) information/content in a form accessible by a machine (e.g., computing device, electronic device, electronic system/subsystem, etc.). For example, a machine accessible medium includes recordable/non-recordable media (e.g., read only memory (ROM), random access memory (RAM), magnetic disk storage media, optical storage media, flash memory devices, etc.), as well as electrical, optical, acoustical or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.), etc. Spec. ¶ [0035] (emphases added). Appeal 2011-009061 Application 11/102,363 9 Under a recent precedential opinion, the scope of the recited “computer readable storage medium” (claim 22) encompasses transitory media such as signals or carrier waves, where, as here, the Specification does not limit the computer readable storage to non-transitory forms. Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential) (holding recited machine-readable storage medium ineligible under § 101 since it encompasses transitory media). Here, the recited “computer readable storage medium” is not claimed as non-transitory, and the disclosure does not expressly and unambiguously limit that medium to solely non-transitory forms via a definition or similar limiting language. In fact, Appellant’s disclosure specifically indicates the recited medium encompasses propagating signals. Therefore, the medium encompasses transitory forms and is ineligible under § 101. Claims 23-24 inherit the same defect as independent claim 22 from which these claims depend. CONCLUSIONS AND DECISION (1) The Examiner erred with respect to the rejections of claims 1-4 and 7-27 under 35 U.S.C. § 103(a) over the cited combinations of the prior art of record, and we reverse the rejections. (2) We impose a new ground of rejection of claims 22-24 under 35 U.S.C. § 101. This decision contains a new ground of rejection pursuant to 37 C.F.R. § 41.50(b). 37 C.F.R. § 41.50(b) provides that “[a] new ground of rejection . . . shall not be considered final for judicial review.” 37 C.F.R. § 41.50(b) also provides that the Appellants, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise Appeal 2011-009061 Application 11/102,363 10 one of the following two options with respect to the new ground of rejection to avoid termination of the appeal as to the rejected claims: (1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the proceeding will be remanded to the examiner. . . . (2) Request rehearing. Request that the proceeding be reheard under § 41.52 by the Board upon the same record. . . . No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). REVERSED 37 C.F.R. § 41.50(b) tj Copy with citationCopy as parenthetical citation
