Ex Parte Nystrom et alDownload PDFPatent Trial and Appeal BoardFeb 26, 201511769855 (P.T.A.B. Feb. 26, 2015) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/769,855 06/28/2007 Magnus Nystrom EMC-07-117 5509 80167 7590 02/27/2015 Ryan, Mason & Lewis, LLP 48 South Service Road Suite 100 Melville, NY 11747 EXAMINER ANDERSON, MICHAEL D ART UNIT PAPER NUMBER 2433 MAIL DATE DELIVERY MODE 02/27/2015 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte MAGNUS NYSTROM, WILLIAM M. DUANE, and JAMES TOWNSEND ____________________ Appeal 2013-000160 Application 11/769,855 Technology Center 2400 ____________________ Before CARLA M. KRIVAK, CATHERINE SHIANG, and LINZY T. McCARTNEY, Administrative Patent Judges. McCARTNEY, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from a rejection of claims 1–14 and 19–23. 1 We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM-IN-PART. 1 The Examiner has objected to claims 15–18 as dependent on a rejected base claim but has indicated these claims would be allowable if rewritten in independent form. (See Final Rej. 4.) Appeal 2013-000160 Application 11/769,855 2 STATEMENT OF THE CASE Appellants’ “invention relates generally to cryptographic techniques for authentication over a network or in other types of communication systems.” (Spec. 1:14–15.) Claim 1 illustrates the claimed subject matter: 1. A method of performing at least one operation in a cryptographic device in a system comprising an authentication server, the method comprising the steps of: receiving in the cryptographic device a code generated by the authentication server; authenticating the code in the cryptographic device; and responsive to authentication of the code, performing said at least one operation in the cryptographic device; wherein the code is received in the cryptographic device in association with a request by the authentication server for the cryptographic device to perform said at least one operation. REJECTION Claims 1–14 and 19–23 stand rejected under 35 U.S.C. § 102(b) as anticipated by Buck (US 7,865,738 B2; published Nov. 13, 2003). ISSUES (1) Does Buck disclose the “method of performing at least one operation in a cryptographic device” recited in claim 1? (2) Does Buck disclose “wherein the code is determined as a function of at least an identifier of the operation” as recited in claim 4? (3) Does Buck disclose “wherein the code is determined as a function of at least a one-time password generated by the authentication server” as recited in claim 5? Appeal 2013-000160 Application 11/769,855 3 (4) Does Buck disclose “wherein the operation to be performed by the cryptographic device comprises resetting a time value or event counter value on the cryptographic device” as recited in claim 11? (5) Does Buck disclose “wherein the operation to be performed by the cryptographic device comprises updating a shared secret in the cryptographic device” as recited in claim 13? ANALYSIS Claim 1 Appellants contend Buck does not disclose “any code generated by the server and authenticated by the card, much less a code received by the card in association with a request by the server for the card to perform at least one operation” as required by claim 1. 2 Appellants also argue Buck does not disclose—and in fact teaches away from—the “responsive to authentication of the code” limitation recited in claim 1. 3 According to Appellants, Buck discloses a conventional arrangement in which a smart card “must authenticate a code supplied by the [c]ard before the [c]ard performs a requested operation.” 4 We disagree and adopt as our own (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken, (Final Rej. 4–5), and (2) the reasons set forth by the Examiner in the Examiner’s Answer in response to Appellants’ Appeal Brief, (Ans. 16–19). Appellants’ contentions regarding the “responsive” limitation are unpersuasive because claim 1 does not require performing the claimed operation immediately or directly responsive to authenticating the recited code. Claim 1 simply 2 (App. Br. 6.) 3 (See Reply Br. 2–4.) 4 (Id. at 4 (emphasis omitted).) Appeal 2013-000160 Application 11/769,855 4 requires performing the claimed operation responsive to—that is, in response to—authenticating the code. As illustrated in the figures cited by the Examiner, Buck discloses that the smart card performs the requested initializing operation in response to authenticating the received codes. 5 We therefore sustain the Examiner’s rejection of claim 1. Because Appellants have not presented separate substantive patentability arguments for claims 2, 3, 8–10, 12, 14, and 19–23, we also sustain the Examiner’s rejection of these claims. Claims 4–7 Claim 4 recites “wherein the code is determined as a function of at least an identifier of the operation,” and claim 5 recites “wherein the code is determined as a function of at least a one-time password generated by the authentication server.” Claims 6 and 7 depend on claim 5. Appellants argue the cited portions of Buck do not disclose code determined as a function of an operation identifier or as a function of at least a one-time password. 6 We have reviewed the cited portions of Buck and agree they fail to disclose these limitations. We therefore do not sustain the rejection of claims 4 and 5. We also do not sustain the rejection of claims 6 and 7, as both claims depend on claim 5. Claim 11 Claim 11 recites “wherein the operation to be performed by the cryptographic device comprises resetting a time value or event counter value on the cryptographic device.” Appellants argue the cited portion of Buck “merely discloses that a challenge is generated based on a combination of 5 (See Ans. 17–18 (citing Buck Fig. 2).) 6 (App. Br. 7–8.) Appeal 2013-000160 Application 11/769,855 5 static, deterministically varying, and dynamic data,” not resetting a time value or event counter value on a cryptographic device. 7 We agree with Appellants that the cited portion of Buck does not disclose this limitation. Accordingly, we do not sustain the rejection of claim 11. Claim 13 Claim 13 recites “wherein the operation to be performed by the cryptographic device comprises updating a shared secret in the cryptographic device.” Appellants argue Buck “discloses that the smart card contains secret data used to generate passwords and colour coded unique customer code” but does not disclose updating or modifying the secret data. 8 We disagree. The cited portions of Buck explicitly disclose changing the values of the secret key and key generation seed from null to an initial value. 9 We therefore sustain the Examiner’s rejection of claim 13. DECISION For the above reasons, we affirm the rejection of claims 1–3, 8–10, 12–14, and 19–23. We reverse the rejection of claims 4–7 and 11. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART msc 7 (App. Br. 8–9.) 8 (Id. at 9.) 9 (See Buck Fig 2; col. 7, ll. 21–29.) Copy with citationCopy as parenthetical citation