Ex Parte Ong

Board of Patent Appeals and Interferences

Feb 19, 2010

10383419 (B.P.A.I. Feb. 19, 2010)

UNITED STATES PATENT AND TRADEMARK OFFICE
________________

BEFORE THE BOARD OF PATENT APPEALS
AND INTERFERENCES
________________

Ex parte PENG T. ONG
________________

Appeal 2009-004188
Application 10/383,419
Technology Center 2100
________________

Decided: February 19, 2010
________________

Before JAMES D. THOMAS, LEE E. BARRETT, and THU A. DANG,
Administrative Patent Judges.

THOMAS, Administrative Patent Judge.

DECISION ON APPEAL
Appeal 2009-004188
Application 10/383,419

2
I. STATEMENT OF THE CASE
This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final
rejection of claims 1, 4, 7-20, 29, 32-37, and 44-48. Appellant has cancelled
claims 2, 3, 5, 6, 21-28, 30, 31, and 38-43. We have jurisdiction under 35
U.S.C. § 6(b).
We affirm.

II. INVENTION
A method and apparatus for automatic user
authentication are described. Authentication credentials are
collected by monitoring authentication procedure of a plurality
of applications accessed by a user. The collected authentication
credentials are replaced with stronger forms of credentials. The
stronger forms of credentials are automatically utilized to
provide the user with access to the plurality of applications.

(Spec. [0050], Abst.).

III. ILLUSTRATIVE CLAIM
1. A computer implemented method for automatic and
transparent identity management and fortification of
authentication, the method comprising:
executing a background process at a client machine
operated by a user, the background process operable to
transparently identify user authentication procedures including
login, logout, and change of authentication credential activities
by the user, and to record the user authentication procedures;
the background process automatically collecting
authentication credentials and changes in authentication
credentials by continuously monitoring native authentication
procedures of a plurality of applications accessed by the user,
the automatically collecting authentication credentials
Appeal 2009-004188
Application 10/383,419

3
performed while the user accesses the plurality of applications
such that the collection is transparent to the user;
replacing the collected authentication credentials with
stronger forms of credentials; and
automatically and transparently utilizing the stronger
forms of credentials to provide the user with access to the
plurality of applications.

IV. PRIOR ART AND EXAMINER’S REJECTIONS
The Examiner relies on the following references as evidence of
unpatentability:
Delany 2002/0138763 A1 Sep. 26, 2002
Mercredi 2004/0059590 A1 Mar. 25, 2004
(filed Sep. 13, 2002)
Audebert 2006/0037066 A1 Feb. 16, 2006
(effectively filed Nov. 28, 2000)

All claims on appeal stand rejected under 35 U.S.C. § 103. In a first
stated rejection, the Examiner relies upon Mercredi in view of Audebert as
to claims 1, 4, 7-20, 29, and 32-35. To this combination of references the
Examiner adds Delany in a second stated rejection as to claims 36, 37, and
44-48.

V. CLAIM GROUPINGS
Based on Appellant’s arguments in the Brief, within the first stated
rejection under 35 U.S.C. § 103, only independent claims 1, 14, and 29 are
argued separately and no dependent claim is argued. The same may be said
as to the second stated rejection where arguments are presented only as to
independent claims 36 and 48 and no dependent claim is argued.

Appeal 2009-004188
Application 10/383,419

4
VI. ISSUE
With respect to each independent claim separately argued within both
rejections under 35 U.S.C. § 103, has Appellant shown that the Examiner
erred in finding that the combination of the respective references would have
rendered obvious to one of ordinary skill in the art the subject matter of
these respective claims?

VII. FINDING OF FACT
Audebert teaches:
Once the server-end application has been opened, the part
CMPC of the client-end application ACCM generates a random
password, presents a change of password request to the server-
end software CMPS, to which it transmits the new password,
and then loads the static credentials, comprising the password
generated in this way and possibly the login name, into the
device PSD. The new static password generated is then stored
in the file F and in the memory M but is not known to the user.
This mechanism enables the use of strong passwords, i.e.
complex passwords (words not found in a dictionary, difficult
to remember and therefore to guess, etc.) comprising a large
number of characters, which offer a much greater resistance to
hacking than short passwords which are used in practice when
they must be remembered or entered at the keyboard by a user.
The next time the user accesses the application, the user
has only to enter their personal identification number PIN via
the terminal, the authentication process then proceeding
automatically by reading the credentials in the device PSD and
transmitting them via the program CMPC to the server-end
program CMPS. During this authentication process, the
credentials are never displayed on the screen of the terminal T
and therefore remain unknown to the user, which strengthens
the security of the system.
The static password can then be updated or changed each
time the application concerned is accessed, as shown in FIG. 3,
Appeal 2009-004188
Application 10/383,419

5
or periodically, for example daily, as shown in FIG. 4, or at the
specific request of the system administrator.

([0062]-[0064].) Additionally, box 13 in FIG. 3 teaches the generation of
new credentials for a given application and boxes 14 and 15 further require
the storing of new credentials for that application.

VIII. PRINCIPLES OF LAW
Obviousness
"[T]he PTO gives claims their 'broadest reasonable interpretation.'"
In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 211
F.3d 1367, 1372 (Fed. Cir. 2000)). One cannot show nonobviousness by
attacking references individually where the rejections are based on
combinations of references. In re Merck & Co., Inc., 800 F.2d 1091, 1097
(Fed. Cir. 1986).
Section 103 forbids issuance of a patent when “the differences
between the subject matter sought to be patented and the prior art are
such that the subject matter as a whole would have been obvious at
the time the invention was made to a person having ordinary skill in
the art to which said subject matter pertains.”

KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007).

The Supreme Court emphasized “the need for caution in granting a
patent based on the combination of elements found in the prior art,” and
discussed circumstances in which a patent might be determined to be
obvious. KSR, 550 U.S. at 415 (citing Graham v. John Deere Co., 383 U.S.
1, 12 (1966)). The Court reaffirmed principles based on its precedent that
“[t]he combination of familiar elements according to known methods is
Appeal 2009-004188
Application 10/383,419

6
likely to be obvious when it does no more than yield predictable results.” Id.
The operative question in this “functional approach” is thus “whether the
improvement is more than the predictable use of prior art elements according
to their established functions.” Id. at 417.
We must determine whether or not the differences between the subject
matter sought to be patented and the prior art are such that the subject matter
as a whole would have been obvious at the time the invention was made to a
person having ordinary skill in the art to which said subject matter pertains.
See KSR, 550 U.S. at 406. Obviousness determination is not the result of a
rigid formula, and we will consider the facts of a case and the common sense
of those skilled in the art. Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485
F.3d 1157, 1161 (Fed. Cir. 2007). That is, the test for obviousness is rather
what the combined teachings of the references would have suggested to
those of ordinary skill in the art. In re Keller, 642 F.2d 413, 425 (CCPA
1981); In re Young, 927 F.2d 588, 591 (Fed. Cir. 1991).

IX. ANALYSIS
We refer to, rely on, and adopt the Examiner’s findings and
conclusions set forth in detail in the Answer as to both stated rejections of
the claims on appeal before us. No Reply Brief has been filed contesting the
Examiner’s Responsive arguments in the Answer. Our discussion will be
limited to the following points of emphasis.
With respect to the arguments presented at pages 13-17 of the Brief
directed to the rejection of independent claims 1, 19, and 29 within the first
stated rejection under 35 U.S.C. § 103, Appellant’s arguments focus upon
the automatic and transparent features of these claims. More specifically,
Appeal 2009-004188
Application 10/383,419

7
the allegation is made that Mercredi and Audebert as combined do not teach
automatically and transparently utilizing stronger forms of credentials to
provide user access to a priority of applications.
On the other hand, the Examiner persuasively presents responsive
arguments at pages 12-16 of the Answer as to each of these independent
claims with the focus upon the view that paragraphs [0062]-[0064] teach the
features argued not to be present among the combination. We have
reproduced these paragraphs in our Finding of Fact with the additional
observation that Figure 3 of that reference discloses the software-based
requirement of automatically generating new credentials for an application
to store them for future use.
Within the second stated rejection the Examiner correspondingly
treats the argument at pages 19 and 20 of the Brief that appear to focus upon
the view at page 20 that the combination of Mercredi and Audebert do not
teach automatically replacing collected authentication credentials with
stronger forms in independent claim 48. No remarks are made as to the
additional teachings relied upon by the Examiner as to Delany in this second
stated rejection under 35 U.S.C. § 103. The Examiner has correspondingly
met head on the arguments made and the teachings we reproduced in our
Finding of Fact support the Examiner’s conclusion as well as to this claim.
It is noted that independent claim 36 does not require the automatic
feature that is common among each of the other independent claims.
Appellant’s arguments at pages 18 and 19 of the Brief take the position that
the combination of the three references relied upon by the Examiner in the
second stated rejection does not teach organizing the contents of the
authentication credentials of users into a consolidated user directory. On the
Appeal 2009-004188
Application 10/383,419

8
other hand, the Examiner persuasively argues at page 17 of the Answer that
each of the three references contains specific teachings relating to
administrative control over the credentials of user of systems. The Examiner
also emphasizes, appropriately, that Delany discloses that the administrator
has the capability of taking individual users and creating a group or, as
claimed, a consolidated user directory.
Appellant has presented identical arguments at pages 17, 18, 20, and
21 of the Brief that the Examiner has not presented a rational underpinning
for combining the teachings of the respective references. We strongly
disagree with this view based upon the legal precedent we cited earlier in
this opinion. The Examiner’s rationales of combinability of Mercredi and
Audebert within the first stated rejection under 35 U.S.C. § 103, and the
additional rationales of combinability of Delany as to the second stated
rejection under 35 U.S.C. § 103, comply with and are consistent with the
legal requirements from this noted legal precedent. The Examiner’s
reasoning’s of combinability in part rely upon actual teachings of the
respective references, which we consider a persuasive approach in
concluding the proper combinability of the teachings of the relied upon
references within 35 U.S.C. § 103.

X. CONCLUSION AND DECISION
With respect to the argued subject matter pertaining to independent
claims 1, 14, 29, 36, and 48 on appeal, Appellant has not shown that the
Examiner erred in finding that the respective teachings of the relied upon
prior art would have rendered obvious to one of ordinary skill in the art the
subject matter argued not to be present among them. Therefore, the
Appeal 2009-004188
Application 10/383,419

9
Examiner’s rejections of all claims on appeal, claims 1, 4, 7-20, 29, 32-37,
and 44-48, are affirmed. All claims on appeal are unpatentable.

No time period for taking any subsequent action in connection with
this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv) (2009).

AFFIRMED

nhl

IBM CORP. (WIP)
c/o WALDER INTELLECTUAL PROPERTY LAW, P.C.
17330 PRESTON ROAD
SUITE 100B
DALLAS, TX 75252