Ex Parte McGeehan et alDownload PDFPatent Trial and Appeal BoardMay 27, 201612646800 (P.T.A.B. May. 27, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/646,800 12/23/2009 87851 7590 Facebook/Fenwick Silicon Valley Center 801 California Street Mountain View, CA 94041 06/01/2016 FIRST NAMED INVENTOR Ryan McGeehan UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 26295-16301 1775 EXAMINER WOLDEMARIAM, NEGA ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 06/01/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): ptoc@fenwick.com fwfacebookpatents@fenwick.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte RYAN MCGEEHAN, LEV TIMOUROVICH POPOV, CHRISTOPHER WILLIAM PALOW, ROBERT J. READ, and PEDRAM KEY ANI Appeal2014-006184 Application 12/646,800 Technology Center 2400 Before MAHSHID D. SAADAT, CHARLES J. BOUDREAU, and NORMAN H. BEAMER, Administrative Patent Judges. BOUDREAU, Administrative Patent Judge. DECISION ON APPEAL 1 Appellants2 appeal under 35 U.S.C. § 134(a) from the Final Rejection of claims 1-22, which are all the claims pending in this application. We have jurisdiction under 35 U.S.C. § 6(b ). We AFFIRM. 1 An oral hearing was held in this appeal on April 6, 2016. A transcript from the oral hearing was entered into the file on May 5, 2016. 2 Appellants identify Facebook, Inc. as the real party in interest. App. Br. 3. Appeal2014-006148 Application 12/646,800 STATEMENT OF THE CASE Appellants' disclosure is directed to "preventing illegitimate use of compromised accounts, such as [an] account for which the credentials have been stolen by phishing sites." Spec. if 1. Claims 1 and 16 are independent. Claim 1 is illustrative of the claimed subject matter and reads as follows: 1. A computer implemented method comprising: storing one or more safe locations for a user account, each stored safe location having a location type; receiving a request to create a session associated with the user account; identifying a plurality of locations of different location types associated with a source of the request; determining that the request is authorized if at least one of the identified plurality of locations associated with the source of the request matches a stored safe location; and responsive to determmmg that the request is authorized adding at least one of the identified plurality of locations associated with the source of the request to the stored one or more safe locations for the user account, wherein the added one or more locations are of a different location type than the identified location that matches a stored safe location. REJECTIONS ON APPEAL Claims 1--4, 7-9, 11-19, 21, and 22 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Camaisa (US 2006/0069921 Al; published Mar. 30, 2006) and Varghese (US 2009/0089869 Al; published Apr. 2, 2009 (filed Oct. 29, 2008)). See Final Act. 3-9. 2 Appeal2014-006148 Application 12/646,800 Claims 5, 6, 10, and 20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Camaisa, Varghese, and Martino (US 7 ,818,392 B 1; issued Oct. 19, 2010 (filed Apr. 7, 2005)). See Ans. 9-13. ANALYSIS We have reviewed the Examiner's rejections in light of Appellants' arguments that the Examiner has erred. We disagree with Appellants' conclusions, adopt as our own the findings and reasons set forth in the Final Office Action and the Examiner's Answer, and concur with the Examiner's conclusions. We highlight and address specific findings and arguments for emphasis as follows. The Examiner finds Camaisa discloses the "storing," "receiving," "identifying," and "determining" elements of independent claims 1 and 16. Final Act. 3--4, 8. The Examiner additionally finds Camaisa teaches the addition of a new computer to be identified by a server (Camaisa [i-f 28]) and that the geographic location may be checked at any convenient point in the logic (Camaisa [i-f 43]), in other words, checking the geographic location as part of the login process and then adding the new computer, which is suggestive but fails to explicitly disclose the following limitations that Varghese teaches: "and responsive to determining that the request is authorized adding at least one of the identified plurality of locations associated with the source of the request to the stored one or more safe locations for the user account, wherein the added one or more locations are of a different location type than the identified location that matches a stored safe location.["] Id. at 4 (citing Varghese i-fi-f 115-116, 120) (boldface omitted). The Examiner concludes that a person having ordinary skill in the art at the time 3 Appeal2014-006148 Application 12/646,800 of the invention would have found it obvious to combine "the multifactor authentication system of Camaisa" with "the login history tracking of Varghese that save[s] a record of the devices and locations that correspond to successful login attempts," "in order to allow users to log on from new locations and new devices, thereby not tethering users to a single place and machine." Id. 4--5. In the Appeal Brief, Appellants contend: The proposed combination of Camaisa in view of Varghese fails to disclose or suggest "adding at least one of the identified plurality of locations associated with the source of the request to the stored one or more safe locations for the user account, wherein the added one or more locations are of a different location type than the identified location that matches a stored safe location," as claimed. App. Br. 4 (underlining omitted). According to Appellants, "[t]he [E]xaminer agreed during an examiner interview ... that Camaisa does not disclose adding a safe location to the stored locations that is of [a] type different from the type of location used to authorize the request," and, although "Varghese describes how a device may be identified ... using a variety of information about the device, including IP address," "Varghese makes clear that this 'device identifying information' is used only to determine whether the system has seen the device before." Id. at 5---6. Appellants contend, The main idea in Varghese is to recognize a computer that has previously been used to log in to the network. This is different from the claimed invention, which adds a first location of a first location type (e.g., a user's friend's computer) to a white list because it was associated with the same log-in as a second location of a second type (e.g., a geographical location near a user's home), where that second location has already been white- 4 Appeal2014-006148 Application 12/646,800 listed (i.e., it is already a stored safe location). By allowing this, the claimed invention essentially allows the white list for a given user account to grow in a multi-dimensional way, where each dimension is represented by a location type. In contrast, Varghese does not store safe locations for a user account. Indeed, Varghese does not keep track of a user account that can have locations of different types associated with the user account, as Varghese is simply concerned with whether a computer has been previously seen on the network. Furthermore, Varghese does not enable the multi-dimensional growth of a white list, where a location of one type is added because it was correlated with a location of another type, since Varghese tracks a single location type (e.g., the identity of the computer used to log in). Id. at 6. In the Answer, the Examiner responds that paragraph 162 of Varghese "teaches comparing an application fingerprint with one or more historical application fingerprints identifying data that w[ ere] submitted in the context of user Ul," \~1hich, the Examiner points out, "is representative of a user account." Ans. 11. The Examiner also points to paragraph 166 of Varghese, which associates the application fingerprints with the contexts in which the data was submitted and serve to correlate an application fingerprint with other, previously submitted application fingerprints: "The one or more first contexts may include, for example, a user context identifying a user that submitted the first data, a device context identifying a device used to submit the first data, [or] a location context identifying a location from which the first data was submitted." The Examiner additionally cites step 412 ("Add ID to device history") and item 610 ("Accumulate profile history") in Figures 4A and 6 of Varghese, respectively, as teaching accumulation of profile history. Ans. 11-12. The Examiner finds that information about the 5 Appeal2014-006148 Application 12/646,800 device, including microprocessor serial number and location information such as IP address and time zone, is added to the device history /list of safe locations, thereby teaching the recited claim limitation "wherein the added one or more locations are of a different location type than the identified location that matches a stored safe location." Id. at 12. Moreover, "[s]ince multiple elements are added, this corresponds to the multi-dimensional growth of a white list for a user," and "Varghese uses this history to determine how to best carry out authentication." Id. "Thus in combination with Camaisa, Varghese teaches the accumulation of locations that can be used for the authentication used in Camaisa," which "already uses cookies and geographic location to authenticate a request." Id. (citing Camaisa i-fi-123, 43). We agree with the Examiner that these findings support the proffered rejection. In the Reply Brief, Appellants contend that "the main idea in Varghese is to recognize a computer that has previously been used to log in to the network" and that "[t]his is different from the claimed invention, which adds a first location of a first location type to a white list because it was associated with the same log-in as a second location of a second type, where that second location has already been white-listed. Reply Br. 2. Appellants further contend that the portions of Varghese cited in the Answer concern identifying devices and storing device history, but do not disclose storing safe locations for a user account. Id. at 3-5. Appellants' contentions are not persuasive. First, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986); In re Keller, 642 F.2d 413, 426 (CCPA 1981). 6 Appeal2014-006148 Application 12/646,800 Here, as found by the Examiner, Camaisa teaches nearly all elements of claims 1 and 16, including the storage of safe locations for a user account- particularly, the same types of locations specifically disclosed in Appellants' Specification (i.e., geographic locations, network locations, machine cookies; compare Spec. 18 with Camaisa i-fi-123, 42}-and adding locations associated with the source of a request to the safe locations for the user account. See Final Act. 3--4; Ans. 12. Because the Examiner relies on Camaisa as teaching those elements, Appellants' contentions regarding Varghese' s alleged failure to disclose storing safe locations for a user account are unpersuasive. Further, we discern no error, on this record, in the Examiner's findings either with respect to Camaisa's teachings or regarding Varghese' s association of application fingerprints with user profiles and accumulation of profile history, or in the Examiner's ultimate conclusion of obviousness of the claimed subject matter over the combination of Camaisa and Varghese. Accordingly, we affirm the Examiner's rejection of independent claims 1 and 16 under 35 U.S.C. § 103(a) over Camaisa and Varghese. We also affirm the rejections of dependent claims 2--4, 7-9, 11-15, 17-19, 21, and 22, for which Appellants do not present any separate substantive arguments, as well as dependent claims 5, 6, 10, and 20, for which Appellants rely only on their arguments with respect to independent claims 1 and 16. See App. Br. 8. 7 Appeal2014-006148 Application 12/646,800 DECISION The decision of the Examiner rejecting claims 1-22 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 8 Copy with citationCopy as parenthetical citation