10483282 (P.T.A.B. Feb. 11, 2016)

Ex Parte Little et al

Patent Trial and Appeal BoardFeb 11, 2016

10483282 (P.T.A.B. Feb. 11, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 10/483,282 01/08/2004 Herbert A Little 52169 7590 02/16/2016 INTEGRAL INTELLECTUAL PROPERTY INCJBlackBerry 4400 Bathurst Street, Suite 10 TORONTO, ON M3H 3R8 CANADA UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. BB/l 0369-US-PCT3 2480 EXAMINER DEBNATH, SUMAN ART UNIT PAPER NUMBER 2495 NOTIFICATION DATE DELIVERY MODE 02/16/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): USPTO@INTEGRALIP.COM MIRIAM@INTEGRALIP.COM PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte HERBERT A. LITTLE and MICHAEL G. KIRKUP Appeal2013-009323 Application 10/483,282 Technology Center 2400 Before JOHN A. JEFFERY, ERIC B. CHEN, and ANDREW J. DILLON, Administrative Patent Judges. JEFFERY, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. Â§ 134(a) from the Examiner's decision to reject claims 1--44 and 46-49. Claim 45 was cancelled. We have jurisdiction under 35 U.S.C. Â§ 6(b). We affirm. STATEMENT OF THE CASE Appellants' invention processes encrypted messages at a mobile device. After the device receives an encrypted message comprising encrypted content and encryption information for accessing the encrypted content, the accessing information is stored to memory and retrieved to decrypt the encrypted content when the encrypted message is later accessed. See generally Abstract. Claim 1 is illustrative: Appeal2013-009323 Application 10/483,282 1. A method for processing encrypted messages at a communication device, the method comprising: receiving at the communication device an encrypted message comprising at least one encrypted session key and encrypted content, the at least one encrypted session key comprising an individual encrypted session key associated with the communication device, the individual encrypted session key encrypted with a public key and usable, when decrypted using a private key associated with the public key, to decrypt the encrypted content of the encrypted message; accessing the encrypted message; identifying the individual encrypted session key associated with the communication device; decrypting the individual encrypted session key to obtain a decrypted session key that is unique to the encrypted message; and storing the decrypted session key to memory; wherein, when the encrypted content of the encrypted message is accessed multiple times, the stored decrypted session key is used each of the multiple times to decrypt the encrypted content of the encrypted message. THE REJECTIONS The Examiner rejected claims 1--4, 6, 10, 11, 14--26, 38--44, and 46- 49 under 35 U.S.C. Â§ 103(a) as unpatentable over Hanna (US 2002/0136410 Al, published Sept. 26, 2002) and Morley et al. (US 2003/0206635 Al, published Nov. 6, 2003). Final Act. 2-12. 1 The Examiner rejected claim 5 under 35 U.S.C. Â§ 103(a) as unpatentable over Hanna, Morley, and Heinonen (US 6,925,568 B 1, issued Aug 2, 2005). Final Act. 12-13. 1 Throughout this opinion, we refer to (1) the Final Rejection mailed October 25, 2012 ("Final Act."); (2) the Appeal Brief filed January 22, 2013 ("App. Br."); (3) the Examiner's Answer mailed May 23, 2013 ("Ans."); and (4) the Reply Brief filed July 23, 2013 ("Reply Br."). 2 Appeal2013-009323 Application 10/483,282 The Examiner rejected claims 7-9 under 35 U.S.C. Â§ 103(a) as unpatentable over Hanna, Morley, and Finkelstein (US 5,410,602, issued Apr. 25, 1995). Final Act. 13-14. The Examiner rejected claims 12 and 13 under 35 U.S.C. Â§ 103(a) as unpatentable over Hanna, Morley, and Schmeling (US 7,299,502 B2, issued Nov. 20, 2007). Final Act. 14--15. The Examiner rejected claims 27-37 under 35 U.S.C. Â§ 103(a) as unpatentable over Hanna, Morley, and Perlman (US 2002/0116705 Al,published Aug. 22, 2002). Final Act. 15-18. THE OBVIOUSNESS REJECTION OVER HANNA AND MORLEY Regarding claim 1, the Examiner finds that Hanna (1) receives and accesses an encrypted message with at least one encrypted session key, namely a symmetric key, and (2) identifies and decrypts the session key. Final Act. 2-3. Although the Examiner acknowledges that Hanna does not store the decrypted session key to memory to decrypt the message's encrypted content when the encrypted content is accessed repeatedly, the Examiner cites Morley for teaching (1) storing a program key, which is also said to be a session key, and (2) loading that key each time an associated encrypted program is to be played back. Final Act. 3--4; Ans. 3-10. In light of these teachings, the Examiner concludes that it would have been obvious to store Hanna's decrypted session key to decrypt content on multiple accesses to save processing time and power by only having to decrypt the session key once. Final Act. 3--4. Appellants argue that the cited prior art does not teach or suggest storing a decrypted session key to memory to decrypt encrypted content each 3 Appeal2013-009323 Application 10/483,282 of multiple times that the encrypted message is accessed, as claimed. App. Br. 10-13; Reply Br. 2--4. According to Appellants, not only is Morley inapplicable to email messages, but rather decrypts video content, but Morley's program key is transmitted independently of the digital stream, unlike Hanna which transmits a key with the message. App. Br. 10-11; Reply Br. 4--5. These distinctions are said to bring into question whether skilled artisans would reasonably modify Hanna in view of Morley as the Examiner proposes. Id. Appellants reason that because Hanna transmits a session key as part of an encrypted message, the Examiner's proposed combination requires storing at least part of that message in decrypted form, thus defeating Hanna's access control scheme and rendering Hanna unsuitable for its intended purpose, namely preventing decryption using an ephemeral key after it expires. App. Br. 13-14. Appellants add that the Examiner's motivation to combine the references, namely to reduce processor load and time delays, is found only in Appellants' disclosure and, therefore, is the result of impermissible hindsight. App. Br. 14--16. ISSUES (1) UnderÂ§ 103, has the Examiner erred in rejecting claim 1 by finding that Hanna and Morley collectively would have taught or suggested storing a decrypted session key to memory to decrypt a received message's encrypted content when the encrypted content is accessed repeatedly? (2) Is the Examiner's combining the teachings of Hanna and Morley supported by articulated reasoning with some rational underpinning to 4 Appeal2013-009323 Application 10/483,282 justify the Examiner's obviousness conclusion? This issue turns on whether the Examiner's proposed combination renders Hanna unsuitable for its intended purpose, and whether the Examiner's articulated reason to combine the references resulted from impermissible hindsight. ANALYSIS We begin by construing the key disputed limitation of claim 1 which recites, in pertinent part, a "session key." Appellants' Specification does not define the term "session key," but does refer to a session key as a key used to decrypt the content of many types of encrypted messages, such as Secure Multipurpose Internet Email Extensions (S/MIME) or Pretty Good Privacyâ„¢ (PGP) email messages,for example. Spec. 2:6-10. Our emphasis on this description's exemplary language underscores that these encrypted email messages are but two examples of many types of encrypted messages that are decrypted with session keys and, therefore, are not limited to email messages, let alone those two particular types of email messages. That Appellants' claim 1 does not specify that the encrypted message is an email message, unlike dependent claim 26, only bolsters this conclusion. Under claim differentiation principles, then, the encrypted message in claim 1 must encompass something other than email; otherwise, claim 26 would be superfluous. See Free Motion Fitness, Inc. v. Cybex Int'!, Inc., 423 F.3d 1343, 1351 (Fed. Cir. 2005). Therefore, Appellants' proposed construction of "session key" in the context of secure email (Reply Br. 2-3) is inapposite, for leaving aside Appellants' reliance on Wikipedia-a non-peer-reviewed Internet source of 5 Appeal2013-009323 Application 10/483,282 dubious reliability2---claim 1 is not so limited. In fact, the term "session" is defined quite broadly by a recognized networking dictionary as a "[r]elated set of communications transactions between two or more network devices." Cisco Systems, Inc., DICTIONARY OF INTERNETWORKING TERMS AND ACRONYMS 320 (2001). Accordingly, under its broadest reasonable interpretation, a "session key" is a key associated with a related set of communications transactions between two or more network devices. Based on this interpretation, we see no error in the Examiner's position that Hanna's symmetric key and Morley's program key both constitute "session keys" (Final Act. 2-3) at least to the extent that they are associated with communications transactions between network devices. And as the Examiner indicates, Morley's theater subsystem decrypts a received encrypted program key, and stores this decrypted "session key" in memory to decrypt programs upon playback. Ans. 3--4 (citing Morley i-fi-1 7 6-77). This technique at least suggests that this stored key is used each time the particular program is played back which could be multiple times-an obvious variation. See Morley i1 77. We see no reason why this technique could not be applied to Hanna's messaging system to preclude the need for the recipient to decrypt the symmetric or "session" key with the ephemeral key every time the message 2 See Bing Shun Liv. Holder, 400 F. App'x 854, 857 (5th Cir. 2010) (unpublished) (noting Wikipedia's unreliability and citing Badasa v. Mukasey, 540 F.3d 909, 910-11 (8th Cir. 2008)); see also Ex parte Three- Dimensional Media Group, Ltd., No. 2009-004087, 2010 WL 3017280 (BP AI 2010) (non-precedential), at * 17 ("Wikipedia is generally not considered to be as trustworthy as traditional sources for several reasons, for example, because (1) it is not peer reviewed; (2) the authors are unknown; and (3) apparently anyone can contribute to the source definition"). 6 Appeal2013-009323 Application 10/483,282 is accessed, as would be the case with the functionality in Morley's paragraph 29. Under the Examiner's proposed enhancement to Hanna, after the recipient uses the ephemeral key to decrypt the symmetric keys that are then used to decrypt the message, the symmetric keys could then be stored at least temporarily and retrieved when the recipient needs to decrypt the message again-a scenario at least suggested by Morley's using stored decrypted keys for later decryptions as noted previously. Such an enhancement would not render Hanna unsuitable for its intended purpose of preventing decryption using an ephemeral key after it expires as Appellants contend (Br. 13-14), as that requirement would still be met under the Examiner's position. Because subsequent decryptions are possible using the stored decrypted symmetric keys under the Examiner's proposed enhancement to Hanna, the ephemeral key is not needed in those situations. Nevertheless, decryption using an ephemeral key would still be prevented after expiration and, therefore, comport with Hanna's intended purpose at least in that respect. That Appellants admit that Hanna does not explicitly prohibit storing a decrypted session key (App. Br. 13) only further bolsters the Examiner's position in this regard. Nevertheless, even assuming, without deciding, that enabling subsequent decryptions using stored decrypted symmetric keys entails some risk to data security, such a risk may very well be offset by the advantages of storing the decrypted symmetric keys, namely by needing to decrypt those keys only once, thus conserving processing power and time that would otherwise be used each time those keys were decrypted with the ephemeral key. See Ans. 10. Such considerations amount to an engineering trade-off well within the level of ordinarily skilled artisans. 7 Appeal2013-009323 Application 10/483,282 That Morley's program key is transmitted independently of the digital stream, unlike Hanna which transmits a key with the message as Appellants indicate (App. Br. 10-11; Reply Br. 4--5) is of no consequence here. As the Examiner explains, Morley was not cited to show how the keys were transmitted, but rather merely to show that it was known in the art to store decrypted keys for later decryptions, and that it would have been obvious to so enhance Morley. See Ans. 5---6. That Morley does not state explicitly that its teachings apply to email messages as Appellants contend (App. Br. 11; Reply Br. 4) is likewise of no consequence here. Not only is claim 1 not limited to email messages as noted previously, but it is well settled that "[t]he motivation [to combine references] need not be found in the references sought to be combined, but may be found in any number of sources, including common knowledge, the prior art as a whole, or the nature of the problem itself." DyStar Textilfarben GmbH & Co. Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1361 (Fed. Cir. 2006) (citation omitted). We see no error, then, in the Examiner's articulated reason to combine the references, namely to save processing time and power by decrypting the session key only once, for that rationale is reasonably based at least implicitly on the prior art considered as a whole. Ans. 6-7. Appellants' contention that the Examiner's articulated reason to combine the references is allegedly gleaned only from Appellants' disclosure and based on impermissible hindsight (App. Br. 14--16) is unavailing given the implicit teachings from the prior art considered as a whole in light of the knowledge of ordinarily skilled artisans. In short, enhancing Hanna by storing decrypted keys for later decryptions in light of 8 Appeal2013-009323 Application 10/483,282 Morley as the Examiner proposes merely applies "a known technique to a piece of prior art ready for the improvement" to yield a predictable result. See KSR Int 'l Co. v. Teleflex, Inc., 550 U.S. 398, 417 (2007). Accordingly, the Examiner's combining the teachings of Hanna and Morley is supported by articulated reasoning with some rational underpinning to justify the Examiner's obviousness conclusion. Therefore, we are not persuaded that the Examiner erred in rejecting claim 1, and claims 2--4, 6, 10, 11, 14--26, 38--44, and 46--49 not argued separately with particularity. THE OTHER OBVIOUSNESS REJECTIONS We also sustain the Examiner's obviousness rejections of claims 5, 7- 9, 12, 13, and 27-37. Final Act. 12-18. Despite nominally arguing these claims separately, Appellants reiterate similar arguments made in connection with claim 1, and allege that the additional cited references fail to cure those purported deficiencies. App. Br. 16-18; Reply Br. 5. We are not persuaded by these arguments for the reasons previously discussed. CONCLUSION The Examiner did not err in rejecting claims 1--44 and 46--49 under Â§ 103. DECISION The Examiner's decision rejecting claims 1--44 and 46--49 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). 9 Appeal2013-009323 Application 10/483,282 AFFIRMED 10