Ex Parte LyonsDownload PDFBoard of Patent Appeals and InterferencesMay 24, 201111477203 (B.P.A.I. May. 24, 2011) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/477,203 06/27/2006 Jarlath Lyons 35048.001 2807 34395 7590 05/25/2011 OLYMPIC PATENT WORKS PLLC P.O. BOX 4277 SEATTLE, WA 98104 EXAMINER ZELASKIEWICZ, CHRYSTINA E ART UNIT PAPER NUMBER 3621 MAIL DATE DELIVERY MODE 05/25/2011 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte JARLATH LYONS ____________ Appeal 2010-004009 Application 11/477,203 Technology Center 3600 ____________ Before: MURRIEL E. CRAWFORD, ANTON W. FETTING, and MICHAEL W. KIM, Administrative Patent Judges. KIM, Administrative Patent Judge. DECISION ON APPEAL Appeal 2010-004009 Application 11/477,203 2 STATEMENT OF THE CASE This is an appeal from the final rejection of claims 1-18. We have jurisdiction to review the case under 35 U.S.C. §§ 134 and 6. The claimed invention is generally directed to user authentication services and, in particular, to a strong authentication service provided to, and controlled by, users authenticated by authentication-service clients, including various commercial clients, web sites, and other parties to electronic transactions and dialogues with users (Spec. 1:5-8). Claim 1, reproduced below, is further illustrative of the claimed subject matter. 1. A user-authentication service implemented as routines that execute one or more computer systems interconnected by two or more communications media with both an authentication-service client and a user, the user-authentication service comprising: the one or more computer systems; stored user-authentication policies specified by the user; stored user information; account interface routines that implement an account interface by which the user specifies, modifies, adds, and deletes user-authentication policies; and authentication-interface routines that implement an authentication interface by which, following initiation of a transaction by the user with the authentication-service client, the authentication-service client submits an authentication request, through the first communications medium or through a second communications medium, to authenticate the user, the authentication-interface routines employing a variable-factor authentication, when specified to do so by stored user- authentication policies, to authenticate the user on behalf of the authentication-service client during which the user communicates with the user-authentication service through a Appeal 2010-004009 Application 11/477,203 3 third communications medium different from the first and second communications media and a user device different from that employed by the user to initiate the transaction with the authentication-service client. Claims 1-12 stand rejected under 35 U.S.C. § 101 for failing to recite statutory subject matter; claims 1-12 stand rejected under 35 U.S.C. § 112, second paragraph, for indefiniteness; and claims 1-18 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Steele (US Pub. 2006/0179003 A1, pub. Aug. 10, 2006) in view of Fisher (US Pat. 6,957,199 B1, iss. Oct. 18, 2005). We AFFIRM-IN-PART. ISSUES Did the Examiner err in asserting that the user-authentication service recited in claims 1-12 do not constitute statutory subject matter? Did the Examiner err in asserting that “variable-factor authentication,” as recited in independent claim 1, is indefinite? Did the Examiner err in asserting that “sufficient electronically- encoded information,” as recited in dependent claim 3, is indefinite? Did the Examiner err in asserting that a combination of Steele and Fisher renders obvious “variable-factor authentication[s],” as recited in independent claim 1? Did the Examiner err in asserting that a combination of Steele and Fisher renders obvious “an authentication- service client that communicates with the user of the authentication service through a first communications medium” and “sending information to the user of the authentication service Appeal 2010-004009 Application 11/477,203 4 through a communications medium different from the first communications medium,” as recited in independent claim 13? FINDINGS OF FACT We adopt the Examiner’s findings of fact concerning Steele and Fisher, as set forth on pages 4-14 of the Examiner’s Answer. Specification The Specification discloses that the policies specified by a user may include specification of variable-factor authentication, in which the user, during the course of an authentication, provides both secret information as well as evidence of control of a tangible object (2:22-25). The ASP client and user carry out the initial part of the electronic transaction to the point that the ASP client has acquired sufficient information from the user to attempt to authenticate the user (5:11-13). As shown in Figure 5, the user information may include user identification information 504, such as a user's name, a user's address, user- specified passwords, and other such information (6:5-7). The Specification discloses that it should be noted that this authentication process is carried out according to policies specified by the user during a user-initialization for a previous user-account session (8:12- 14). Appeal 2010-004009 Application 11/477,203 5 A variable-factor authentication, in which the ASP needs to communicate a password to a user through a cell phone during an electronic transaction over the Internet represents an active authentication policy (11:12-15). ANALYSIS Statutory Subject Matter We are persuaded the Examiner erred in asserting that the user- authentication service recited in claims 1-12 do not constitute statutory subject matter (App. Br. 7-8; Reply Br. 2-4). Independent claim 1 recites computer systems interconnected by communications media, an authentication-service client, and a user device. Accordingly, even if independent claim 1 recites a process, it also recites sufficient structure to constitute statutory subject matter under the machine-or-transformation test. See Bilski v. Kappos, 130 S. Ct. 3218, 3227 (2010) (“[t]his Court’s precedents establish that the machine-or-transformation test is a useful and important clue, an investigative tool, for determining whether some claimed inventions are processes under §101”). Indefiniteness We are persuaded the Examiner erred in asserting that “variable-factor authentication,” as recited in independent claim 1, is indefinite (App. Br. 10- 11; Reply Br. 4-6). Appellant does not specifically use the word “definition” in defining “variable-factor authentication.” However, given the references to “variable-factor authentication” on pages 2 and 8 of the Specification, one of ordinary skill would understand that Appellant has Appeal 2010-004009 Application 11/477,203 6 defined “variable-factor authentication” as a user providing an ASP with both secret information (e.g., a password) and evidence of control of a tangible object (e.g., a cell phone). See Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996) (the specification is always highly relevant to the claim construction analysis. Usually, it is dispositive; it is the single best guide to the meaning of a disputed term). We are not persuaded, however, the Examiner erred in asserting that “sufficient electronically encoded information,” as recited in dependent claim 3, is indefinite (App. Br. 11-12; Reply Br. 6-8). Appellant asserts that “[m]any of various types and amounts of electronically encoded information may be sufficient to identify a user,” and then goes on to list examples of such information (App. Br. 12; Reply Br. 6-7). We agree. We agree with the Examiner, however, that Appellant has not provided any guidance as to how much of this information is “sufficient” to identify a user (Exam’r’s Ans. 12-13). While Appellant asserts that “[t]he supplied information is sufficient when the types and amounts of information conform to either a user-defined policy or, when none is available, a default policy coded within ASP routines,” such an aspect is not set forth in either the Specification or the claims. See CollegeNet, Inc. v. ApplyYourself, Inc., 418 F.3d 1225, 1231 (Fed. Cir. 2005) (while the specification can be examined for proper context of a claim term, limitations from the specification will not be imported into the claims). Appeal 2010-004009 Application 11/477,203 7 Obviousness We are persuaded the Examiner erred in asserting that a combination of Steele and Fisher renders obvious “variable-factor authentication[s],” as recited in independent claim 1 (App. Br. 12-14; Reply Br. 8-9). The Examiner asserts that column 6, lines 19-67 of Fisher discloses variable- factor authentication (Exam’r’s Ans. 5, 14). However, the aforementioned of Fisher does not disclose a user providing an ASP with evidence of control of a tangible object. We are also persuaded that the Examiner erred in asserting that a combination of Steele and Fisher renders obvious “an authentication-service client that communicates with the user of the authentication services through a first communications medium” and “sending information to the user of the authentication service through a communications medium different from the first communications medium,” as recited in independent claim 13 (App. Br. 14). The Examiner cites Figures 1-2 and columns 10, 11, and 15 of Fisher as disclosing these aspects (Exam’r’s Ans. 5, 14). While the aforementioned portions of Fisher (and in particular, column 10, lines 29-37) disclose individual users accessing the network using various types of connections, the Examiner has not shown how the aforementioned portions of Fisher disclose the network communicating with the same user using several different communications mediums, as set forth in independent claim 13. All communications between the network and an individual user appear to be over the same connection. Appeal 2010-004009 Application 11/477,203 8 DECISION We AFFIRM the rejection of dependent claim 3 for indefiniteness. We REVERSE all other rejections of claims 1-18. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv) . AFFIRMED-IN-PART hh Copy with citationCopy as parenthetical citation
