Ex Parte Low et alDownload PDFPatent Trial and Appeal BoardJan 26, 201813665110 (P.T.A.B. Jan. 26, 2018) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/665,110 10/31/2012 Chee M. Low TW920120002U S1 3536 63400 7590 IBM CORP. (DHJ) c/o DAVID H. JUDSON 15950 DALLAS PARKWAY SUITE 225 DALLAS, TX 75248 EXAMINER CHOUDHURY, AZIZUL Q ART UNIT PAPER NUMBER 2456 NOTIFICATION DATE DELIVERY MODE 01/30/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): mail@davidjudson.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte CHEE M. LOW and SRIRAM SAROOP Appeal 2017-007811 Application 13/665,110 Technology Center 2400 Before MICHAEL J. STRAUSS, JEREMY J. CURCURI, and KARA L. SZPONDOWSKI, Administrative Patent Judges. SZPONDOWSKI, Administrative Patent Judge. DECISION ON APPEAL Appellants1 appeal under 35 U.S.C. § 134(a) from the Examiner’ Final Rejection of claims 1—24. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 The Applicant and real party in interest in this appeal is International Business Machines Corporation, the assignee of record. App. Br. 1. Appeal 2017-007811 Application 13/665,110 STATEMENT OF THE CASE Appellants’ invention is directed to extending authentication and authorization capabilities of an application without code changes. Claim 1, reproduced below with the disputed limitations in italics, is illustrative of the claimed subject matter: 1. A method of extending an authentication or authorization capability of an application comprising a client component and a server component, the client component and the server component supporting a challenge-response protocol, comprising: associating an authentication agent with the client component by hooking into an interface of the client component, the authentication agent having a counterpart authentication server; in response to receipt at the interface of a challenge that encodes a command issued to the authentication agent by the authentication server, generating a response to the challenge that encodes authentication data that has been collected by the authentication agent, wherein the challenge is retrieved from, and the response is entered into, the interface of the client component by the authentication agent automatically and without requiring user input to thereby extend the authentication or authorization capability of the application; delivering the response through the server component and to the authentication server for an authentication or authorization action. REJECTION2 Claims 1—24 stand rejected under pre-AIA 35 U.S.C. § 103(a) as being unpatentable over the combination of Pei et al. (US 8,584,224 Bl; 2 The Examiner withdrew 35 U.S.C. § 101 rejections of claims 1—24. Ans. 13. 2 Appeal 2017-007811 Application 13/665,110 issued Nov. 12, 2013) (“Pei”) and Short et al. (US 8,266,269 B2; issued Sept. 11,2012) (“Short”). ANALYSIS Dispositive Issue: Did the Examiner err in finding the combination of Pei and Short teaches or suggests “in response to receipt at the interface of a challenge that encodes a command issued to the authentication agent by the authentication server,” as recited in independent claim 1 and commensurately recited in independent claims 8, 15, and 22? The Examiner finds Pei’s plug-in corresponds to the claimed authentication agent, Pei’s browser and website correspond to the claimed interface, and Pei’s authentication service corresponds to the claimed authentication server. Final Act. 4, 5, 9. The Examiner finds the plug-in receives the challenge and responds to the challenge by signing it. Final Act. 9, citing Pei col. 4,11. 17—19, col. 1,11. 36—38, Abstract. In the Answer, the Examiner finds “it is explained [in Pei] how the plug-in (interface) receives a challenge C from the web application.” Ans. 3. Appellants argue Pei’s plug-in “is a piece of code that operates in the web browser in the client machine and for a distinct purpose/function (interacting with a remote authentication service) in a different manner than what the claim actually recites.” App. Br. 16. According to Appellants, Pei’s plug-in “simply receives a request from the client browser — which is running locally on the client-/side — but this browser request is not a ‘challenge’ that is issued . . . by the authentication server.” App. Br 16. Appellants argue “neither Pei’s browser nor Pei’s plug-in is described explicitly as receiving as any sort of ‘challenge’ from the authentication service in the first instance.” App. Br. 17, emphasis omitted. 3 Appeal 2017-007811 Application 13/665,110 We are persuaded by Appellants’ arguments. The claim language requires that the encoded command is issued to the authentication agent by the authentication server. Pei describes the “web application sends a random challenge C (such as a nonce) to the plug-in.” Pei col. 4,11. 18—19; see Fig. 2. Therefore, although Pei’s plug-in receives a challenge, it is not the challenge as recited in the claim because it is issued from the web application, not the authentication service. Accordingly, we are persuaded the Examiner erred. Because we find the Examiner erred in the dispositive issue, we need not reach Appellants’ remaining arguments. Therefore, we do not sustain the Examiner’s rejection of independent claims 1, 8, 15, and 22. For the same reasons, we do not sustain the Examiner’s rejection of dependent claims 2—7, 9-14, 16—21, 23, and 24. DECISION For the above reasons, the Examiner’s rejection of claims 1—24 is reversed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). REVERSED 4 Copy with citationCopy as parenthetical citation