Ex Parte MacKenzieDownload PDFPatent Trial and Appeal BoardDec 26, 201210600687 (P.T.A.B. Dec. 26, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/600,687 06/20/2003 Philip D. MacKenzie 15 6727 7590 12/26/2012 Ryan, Mason, & Lewis, LLP 90 Forest Avenue Locust Valley, NY 11560 EXAMINER TO, BAOTRAN N ART UNIT PAPER NUMBER 2435 MAIL DATE DELIVERY MODE 12/26/2012 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte PHILIP D. MacKENZIE ____________ Appeal 2010-008458 Application 10/600,687 Technology Center 2400 ____________ Before MICHAEL W. KIM, BARBARA A. BENOIT, and LYNNE E. PETTIGREW, Administrative Patent Judges. BENOIT, Administrative Patent Judge. DECISION ON APPEAL This is an appeal under 35 U.S.C. § 134(a) from the final rejection of claims 1-16. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Appeal 2010-008458 Application 10/600,687 2 STATEMENT OF THE CASE Appellant’s invention relates to a public key cryptosystem by which two parties, each holding a share of a key, can jointly decrypt a ciphertext, but neither party can decrypt the ciphertext alone. See generally Abstract. Claim 1 is illustrative and reads as follows, with key disputed limitations emphasized: 1. A method for use in a device associated with a first party for decrypting a ciphertext according to a Cramer-Shoup based encryption scheme, the method comprising the steps of: obtaining the ciphertext in the first party device sent from a device associated with a second party; and generating in the first party device a plaintext corresponding to the ciphertext based on assistance from the second party device, wherein the assistance comprises an exchange of information between the first party device and the second party device separate from the sending of the ciphertext from the second party device to the first party device, the plaintext representing a result of the decryption according to the Cramer- Shoup based encryption scheme, such that the first party device and the second party device jointly perform a decryption operation of the ciphertext by each respectively performing one or more subcomputations of the joint decryption operation based at least in part on respective partial shares of a key that each party holds, but such that neither can decrypt the ciphertext alone. The Examiner relies on the following as evidence of unpatentability: Faucher US 5,515,411 May 7, 1996 Cramer-Shoup US 6,697,488 B1 Feb. 24, 2004 (filed Feb. 16, 1999) Ronald Cramer et al., Multiparty Computation from Threshold Homomorphic Encryption (2000) (hereinafter “Ronald Cramer article”). Appeal 2010-008458 Application 10/600,687 3 The Rejections 1. The Examiner rejected claims 1, 2, 4-6, 8-10, 12-14, and 161 under 35 U.S.C. § 103(a) as unpatentable over Cramer-Shoup and Faucher. Ans. 3-9.2 2. The Examiner rejected claims 3, 7, 11, and 15 under 35 U.S.C. § 103(a) as unpatentable over Cramer-Shoup, Faucher, and the Ronald Cramer article. Ans. 9-10. ANALYSIS We have reviewed the Examiner's rejections in light of Appellant's arguments that the Examiner has erred. On the record before us, we are not persuaded by Appellant's arguments, and we concur with the conclusions reached by the Examiner. Claims 1, 8, 9, and 16 Contrary to the Examiner’s findings (Ans. 4-5), Appellant contends (App. Br. 7-9; Reply Br. 2-3) that Faucher does not teach the joint decryption operation recited in claim 1, because Faucher discloses a key exchange rather than a decryption operation of a ciphertext, and does not disclose a singular joint decryption operation based at least in part on respective partial shares of a key that each party holds. App. Br. 7-8; Reply 1 Although the Examiner’s statement of this rejection includes a non-existent claim 18 and omits claim 16, the Examiner nonetheless addresses claim 16 in the rejection. Compare Ans. 3 with Ans. 6-7 and 11. Accordingly, we present the correct claim listing here for clarity. Accord App. Br. 7 (indicating claims 1, 2, 4-6, 8-10, 12-14, and 16 stand rejected under Cramer-Shoup and Faucher and arguing same); Ans. 2 (confirming this status as correct). 2 Throughout this opinion, we refer to the Appeal Brief filed October 14, 2009 (App. Br.), the Examiner’s Answer mailed January 21, 2010 (Ans.), and the Reply Brief filed March 22, 2010 (Reply Br.). Appeal 2010-008458 Application 10/600,687 4 Br. 3-4. Appellant, however, does not dispute the Examiner’s other findings, including that Cramer-Shoup teaches generating in the first party device a plaintext corresponding to the ciphertext based on assistance from the second party device, where the plaintext represents a result of the decryption according to the Cramer-Shoup based encryption scheme (Ans. 4). See generally App. Br. 7-8; Reply Br. 3-4. As Appellant acknowledges (App. Br. 8), Faucher teaches two terminals (referred to as terminal A and terminal B) jointly obtaining a session key, which includes each terminal decrypting a certificate received from the other terminal. Col. 8, ll. 8-55; see also Ans. 5, 11-12. As explained by the Examiner, Faucher’s disclosure of obtaining the session key reads on the recited jointly performed decryption operation in that (1) terminal A generates a secret random component, calculates the corresponding public component, encrypts the corresponding public component using the public encryption key extracted from terminal B’s certificate which was previously received from terminal B, and transmits the encrypted public component corresponding to terminal A’s secret random component in a message to terminal B and (2) terminal B decrypts the message received from terminal A, obtains terminal A’s public random component, and exponentiates terminal A’s public random component using terminal B’s own secret random component to obtain the session key. Ans. 13-14 (citing col. 8, ll. 30-34, 43-47). Based on this disclosure, we are not persuaded of error in the Examiner’s finding that Faucher teaches or suggests the recited joint decryption operation including subcomputations based at least in part on respective partial shares of a key that each party holds. Even assuming, Appeal 2010-008458 Application 10/600,687 5 without deciding, that the recited jointly performed decryption operation is a singular decryption operation as Appellant maintains (App. Br. 7; Reply Br. 2), we are not persuaded that the decryption by Faucher’s terminal B of the message received from terminal A does not read on the recited jointly performed decryption operation of the ciphertext, considering the various activities performed by terminal A and terminal B, the information exchanged between the two terminals, and the operation’s use of a public encryption key which has a corresponding private key. To be sure, Faucher’s disclosure is different from Appellant’s embodiment of a two-party decryption protocol presented in the Specification (see Spec. 13-18; Fig. 1), which includes many steps not recited in claim 1 (see generally App. Br. 7-8; Reply Br. 3-4). Claim 1, which is strikingly broad, recites “the first party device and the second party device jointly perform a decryption operation of the ciphertext by each respectively performing one or more subcomputations of the joint decryption operation based at least in part on respective partial shares of a key that each party holds” (emphasis added). Notably, none of the recited decryption operation, subcomputations, or key is limited to a Cramer-Shoup decryption operation, Cramer-Shoup subcomputations, or a Cramer-Shoup key. See generally Appellant’s Abstract. Moreover, we are not persuaded by Appellant’s arguments, which unduly focus on the individual steps in Faucher’s joint process to obtain a session key and ignore the capabilities of the skilled artisan. The test for obviousness is “what the combined teachings of the references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425 (CCPA 1981). One cannot show nonobviousness by attacking Appeal 2010-008458 Application 10/600,687 6 references individually where the rejections are based on combinations of references. See id. at 426; In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). As noted by the Court in KSR, “[a] person of ordinary skill is also a person of ordinary creativity, not an automaton.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 421 (2007). We therefore are not persuaded that Faucher’s disclosure of a joint process to obtain a session key, even where each terminal decrypts the other terminal’s certificate, does not at least suggest the jointly performed decryption operation recited in claim 1. Appellant also argues that the Examiner improperly combined Cramer-Shoup and Faucher. App. Br. 9; Reply Br. 3-4. In concluding claim 1 would have been obvious, the Examiner indicates it would have been obvious for a skilled artisan to incorporate Faucher’s joint process to obtain a session key with Cramer-Shoup’s decryption scheme to secure communications conducted over insecure channels using public key techniques. Ans. 5. Appellant does not sufficiently challenge the Examiner’s conclusion. Instead, Appellant states that the Examiner has failed to identify a cogent motivation for combining Cramer-Shoup and Faucher in the manner proposed (App. Br. 9, Reply Br. 3-4). Appellant does not explain why the Examiner’s conclusions are mere improper conclusory statements. Appellant fails to acknowledge – let alone persuasively rebut – the Examiner’s statement regarding the motivation of a skilled artisan to combine the references to secure communications conducted over insecure channels using public key techniques (Ans. 5). Appeal 2010-008458 Application 10/600,687 7 The Examiner’s proposed combination of Cramer-Shoup and Faucher predictably uses prior art elements according to their established functions— an obvious improvement. See KSR, 550 U.S. at 417. Accordingly, we find the Examiner’s reason to combine the teachings of the cited references supported by articulated reasoning with some rational underpinning to justify the Examiner’s obviousness conclusion. We therefore sustain the obviousness rejection of independent claim 1 and independent claims 8, 9, and 16, which recite similar limitations, not separately argued with particularity. Claims 2 and 10 Claims 2 depends from independent claim 1 and further recites that the generating step includes “an exchange of information between the first party device and the second party device whereby at least a portion of the information is encrypted using an encryption technique such that one party encrypts information using its own public key and another party can not [sic] read the information but can use the information to perform an operation.” Appellant contends that the cited portions by the Examiner in Faucher (col. 8, ll. 8-55) fail to teach this feature, particularly one party encrypting information using its own public key and another party cannot read the information but can use the information to perform an operation. Reply Br. 4. Appellant also repeats that Faucher does not teach the recited joint decryption operation. App. Br. 9. First, regarding Faucher failing to teach or suggest the recited joint decryption operation, we refer to our previous discussion of claim 1. Second, to the extent that Appellant maintains that Cramer-Shoup does not disclose the features recited by claim 2 (App. Br. 9-10), we are not Appeal 2010-008458 Application 10/600,687 8 persuaded because the Examiner relied on Faucher (Ans. 7-8), not Cramer- Shoup, as teaching or suggesting these features. Third, we are not persuaded of error in the Examiner’s finding that Faucher teaches or suggests one party encrypting information using its own public key and another party cannot read the information but can use the information to perform an operation. Ans. 7-8. Although we agree with Appellant that the cited portion of Faucher discloses each terminal using the public key of the other terminal to encrypt its public random component (Reply Br. 4-5), Faucher also discloses, in the cited portion, each certificate is decrypted and validated using the Key Certifying Authority (KCA) public decryption key (col. 8, ll. 15-16). This at least suggests a party (i.e., the Key Certifying Authority) using its own public key to encrypt information (i.e., the certificate), which cannot be read by another party (i.e., the terminal receiving the certificate cannot read the encrypted certificate) but can be used by the terminal, after the terminal decrypts the certificate using the KCA’s public decryption key, in an operation (i.e., the joint process to obtain a session key that involves using the decrypted certificate). Accordingly, Appellant has not persuaded us of error in the rejection of claim 2 or claim 10, which recites similar limitations and depends from independent claim 9. Claims 4 and 12 Claim 4 depends from claim 1 and recites “generating a share of a random secret; generating information representing encryptions of a form of the random secret, a share of a private key, and the ciphertext; transmitting at least the encrypted information to the second party device; and computing the plaintext based at least on the share of the random secret, the share of the Appeal 2010-008458 Application 10/600,687 9 private key, the ciphertext, and the data received from the second party device.” Appellant repeats that Faucher fails to teach or suggest the recited joint decryption operation. We are not persuaded for the reasons discussed previously with regard to claim 1. Appellant also asserts that the relied on portion of Cramer-Shoup (col. 7, ll. 11-19) teaches a private-key choosing step, which does not teach or suggest generating a share of a random secret. App. Br. 10; Reply Br. 5. Cramer-Shoup discloses selecting, from a set of elements, five numbers chosen at random to make up the private key. We see no reason why each of the five selected numbers is not a share of the private key, and the Appellant has not provided a persuasive reason. Apart from merely summarily asserting that the relied on portion of Cramer-Shoup (col. 7, ll. 10-27) does not teach or suggest generating information a form of the random secret, a share of a private key, and the ciphertext, Appellant does not persuasively show error in the Examiner’s position in this regard (App. Br. 10; Reply Br. 5). Accord In re Lovin, 652 F.3d 1349, 1357 (Fed. Cir. 2011) (“[T]he Board reasonably interpreted Rule 41.37 to require more substantive arguments in an appeal brief than a mere recitation of the claim elements and a naked assertion that the corresponding elements were not found in the prior art.”). Similarly, Appellant merely summarily asserts that the cited portion of Cramer-Shoup (col. 9, ll. 25-50), although disclosing recovering plaintext m, does not teach or suggest computing the plaintext based at least on the share of the random secret, the share of the private key, the ciphertext, and the data received from the second party device. App. Br. 10; Reply Br. 5. This is not persuasive for Appellant has not explained why the Cramer-Shoup Appeal 2010-008458 Application 10/600,687 10 disclosure (col. 9, ll. 26-37) of recovering the plaintext using z which is part of the private key, the encryption cipher-number e, second universal cipher- number u, as well as other disclosed features, does not read on the recited claim elements. Accord Lovin, 652 F.3d at 1357. Accordingly, Appellant has not persuaded us of error in the rejection of claim 4 or claim 12, which recites similar limitations and depends from independent claim 9. Claims 5 and 13 Claim 5 depends from claim 1 and recites “the first party device and the second party device additively share components of a private key.” For the reasons discussed above with regard to claim 1, we are not persuaded by Appellant’s repeated argument that Faucher fails to teach or suggest the recited joint decryption operation. Nor are we persuaded by Appellant’s bare assertions that Cramer’s private-key choosing step (col. 7, ll. 10-15) and decryption of a message (col. 9, ll. 35-40) do not teach or suggest “the first party device and the second party device additively share components of a private key.” App. Br. 10; Reply Br. 5-6. Appellant has failed to explain why the private-key choosing step and the decryption of the message do not teach or suggest the recited limitation. Accordingly, Appellant has not persuaded us of error in the rejection of claim 5 or claim 13, which recites similar limitations and depends from independent claim 9. Claims 6 and 14 Claim 6 depends from claim 1 and recites “generation and exchange of proofs between the first party device and the second party device that serve to verify operations performed by each party.” The Examiner finds Appeal 2010-008458 Application 10/600,687 11 that Cramer-Shoup’s verification of the ciphertext, which occurs before the decryption of the ciphertext begins, discloses this additional feature. Ans. 9 (citing col. 8, l. 38-col. 9, l. 23). Appellant merely asserts, without explanation, that Cramer-Shoup’s verification of the ciphertext does not teach or suggest the recited proofs. We are not persuaded that the disclosed verification step does not read on the recited proofs, as the Examiner finds. App. Br. 11; Reply Br. 6. Although Appellant underlines “proofs” and “operations,” Appellant does not provide any evidence – much less persuasively rebut – why Cramer- Shoup’s verification step, which verifies the ciphertext before starting the decryption, does not read on the recited proofs and operations. Mere speculation unsupported by factual evidence is entitled to little probative value. Cf. In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997). Nor are we persuaded, for the reasons discussed above with regard to claim 1, by Appellant’s repeated argument that Faucher fails to teach or suggest the recited joint decryption operation. Accordingly, Appellant has not persuaded us of error in the rejection of claim 6 or claim 14, which recites similar limitations and depends from independent claim 9. Claims 3, 7, 11, and 15 In challenging the obviousness rejection of claims 3, 7, 11, and 15 as unpatentable over Cramer-Shoup, Faucher, and the Ronald Cramer article, Appellant refers to previous arguments discussed above with respect to Cramer-Shoup and Faucher and asserts the Ronald Cramer article fails to remedy the alleged deficiencies. App. Br. 11; Reply Br. 6. We are not Appeal 2010-008458 Application 10/600,687 12 persuaded for the reasons discussed above with respect to claims 1, 6, 9, and 14. Accordingly, we likewise sustain the rejection of dependent claims 3, 7, 11, and 15. CONCLUSION The Examiner did not err in rejecting claims 1-16 under § 103. ORDER The Examiner’s decision rejecting claims 1-16 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED rwk Copy with citationCopy as parenthetical citation
