Ex Parte OngDownload PDFBoard of Patent Appeals and InterferencesFeb 19, 201010383419 (B.P.A.I. Feb. 19, 2010) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ________________ Ex parte PENG T. ONG ________________ Appeal 2009-004188 Application 10/383,419 Technology Center 2100 ________________ Decided: February 19, 2010 ________________ Before JAMES D. THOMAS, LEE E. BARRETT, and THU A. DANG, Administrative Patent Judges. THOMAS, Administrative Patent Judge. DECISION ON APPEAL Appeal 2009-004188 Application 10/383,419 2 I. STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1, 4, 7-20, 29, 32-37, and 44-48. Appellant has cancelled claims 2, 3, 5, 6, 21-28, 30, 31, and 38-43. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. II. INVENTION A method and apparatus for automatic user authentication are described. Authentication credentials are collected by monitoring authentication procedure of a plurality of applications accessed by a user. The collected authentication credentials are replaced with stronger forms of credentials. The stronger forms of credentials are automatically utilized to provide the user with access to the plurality of applications. (Spec. [0050], Abst.). III. ILLUSTRATIVE CLAIM 1. A computer implemented method for automatic and transparent identity management and fortification of authentication, the method comprising: executing a background process at a client machine operated by a user, the background process operable to transparently identify user authentication procedures including login, logout, and change of authentication credential activities by the user, and to record the user authentication procedures; the background process automatically collecting authentication credentials and changes in authentication credentials by continuously monitoring native authentication procedures of a plurality of applications accessed by the user, the automatically collecting authentication credentials Appeal 2009-004188 Application 10/383,419 3 performed while the user accesses the plurality of applications such that the collection is transparent to the user; replacing the collected authentication credentials with stronger forms of credentials; and automatically and transparently utilizing the stronger forms of credentials to provide the user with access to the plurality of applications. IV. PRIOR ART AND EXAMINER’S REJECTIONS The Examiner relies on the following references as evidence of unpatentability: Delany 2002/0138763 A1 Sep. 26, 2002 Mercredi 2004/0059590 A1 Mar. 25, 2004 (filed Sep. 13, 2002) Audebert 2006/0037066 A1 Feb. 16, 2006 (effectively filed Nov. 28, 2000) All claims on appeal stand rejected under 35 U.S.C. § 103. In a first stated rejection, the Examiner relies upon Mercredi in view of Audebert as to claims 1, 4, 7-20, 29, and 32-35. To this combination of references the Examiner adds Delany in a second stated rejection as to claims 36, 37, and 44-48. V. CLAIM GROUPINGS Based on Appellant’s arguments in the Brief, within the first stated rejection under 35 U.S.C. § 103, only independent claims 1, 14, and 29 are argued separately and no dependent claim is argued. The same may be said as to the second stated rejection where arguments are presented only as to independent claims 36 and 48 and no dependent claim is argued. Appeal 2009-004188 Application 10/383,419 4 VI. ISSUE With respect to each independent claim separately argued within both rejections under 35 U.S.C. § 103, has Appellant shown that the Examiner erred in finding that the combination of the respective references would have rendered obvious to one of ordinary skill in the art the subject matter of these respective claims? VII. FINDING OF FACT Audebert teaches: Once the server-end application has been opened, the part CMPC of the client-end application ACCM generates a random password, presents a change of password request to the server- end software CMPS, to which it transmits the new password, and then loads the static credentials, comprising the password generated in this way and possibly the login name, into the device PSD. The new static password generated is then stored in the file F and in the memory M but is not known to the user. This mechanism enables the use of strong passwords, i.e. complex passwords (words not found in a dictionary, difficult to remember and therefore to guess, etc.) comprising a large number of characters, which offer a much greater resistance to hacking than short passwords which are used in practice when they must be remembered or entered at the keyboard by a user. The next time the user accesses the application, the user has only to enter their personal identification number PIN via the terminal, the authentication process then proceeding automatically by reading the credentials in the device PSD and transmitting them via the program CMPC to the server-end program CMPS. During this authentication process, the credentials are never displayed on the screen of the terminal T and therefore remain unknown to the user, which strengthens the security of the system. The static password can then be updated or changed each time the application concerned is accessed, as shown in FIG. 3, Appeal 2009-004188 Application 10/383,419 5 or periodically, for example daily, as shown in FIG. 4, or at the specific request of the system administrator. ([0062]-[0064].) Additionally, box 13 in FIG. 3 teaches the generation of new credentials for a given application and boxes 14 and 15 further require the storing of new credentials for that application. VIII. PRINCIPLES OF LAW Obviousness "[T]he PTO gives claims their 'broadest reasonable interpretation.'" In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 211 F.3d 1367, 1372 (Fed. Cir. 2000)). One cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). Section 103 forbids issuance of a patent when “the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.” KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398, 406 (2007). The Supreme Court emphasized “the need for caution in granting a patent based on the combination of elements found in the prior art,” and discussed circumstances in which a patent might be determined to be obvious. KSR, 550 U.S. at 415 (citing Graham v. John Deere Co., 383 U.S. 1, 12 (1966)). The Court reaffirmed principles based on its precedent that “[t]he combination of familiar elements according to known methods is Appeal 2009-004188 Application 10/383,419 6 likely to be obvious when it does no more than yield predictable results.” Id. The operative question in this “functional approach” is thus “whether the improvement is more than the predictable use of prior art elements according to their established functions.” Id. at 417. We must determine whether or not the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. See KSR, 550 U.S. at 406. Obviousness determination is not the result of a rigid formula, and we will consider the facts of a case and the common sense of those skilled in the art. Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1161 (Fed. Cir. 2007). That is, the test for obviousness is rather what the combined teachings of the references would have suggested to those of ordinary skill in the art. In re Keller, 642 F.2d 413, 425 (CCPA 1981); In re Young, 927 F.2d 588, 591 (Fed. Cir. 1991). IX. ANALYSIS We refer to, rely on, and adopt the Examiner’s findings and conclusions set forth in detail in the Answer as to both stated rejections of the claims on appeal before us. No Reply Brief has been filed contesting the Examiner’s Responsive arguments in the Answer. Our discussion will be limited to the following points of emphasis. With respect to the arguments presented at pages 13-17 of the Brief directed to the rejection of independent claims 1, 19, and 29 within the first stated rejection under 35 U.S.C. § 103, Appellant’s arguments focus upon the automatic and transparent features of these claims. More specifically, Appeal 2009-004188 Application 10/383,419 7 the allegation is made that Mercredi and Audebert as combined do not teach automatically and transparently utilizing stronger forms of credentials to provide user access to a priority of applications. On the other hand, the Examiner persuasively presents responsive arguments at pages 12-16 of the Answer as to each of these independent claims with the focus upon the view that paragraphs [0062]-[0064] teach the features argued not to be present among the combination. We have reproduced these paragraphs in our Finding of Fact with the additional observation that Figure 3 of that reference discloses the software-based requirement of automatically generating new credentials for an application to store them for future use. Within the second stated rejection the Examiner correspondingly treats the argument at pages 19 and 20 of the Brief that appear to focus upon the view at page 20 that the combination of Mercredi and Audebert do not teach automatically replacing collected authentication credentials with stronger forms in independent claim 48. No remarks are made as to the additional teachings relied upon by the Examiner as to Delany in this second stated rejection under 35 U.S.C. § 103. The Examiner has correspondingly met head on the arguments made and the teachings we reproduced in our Finding of Fact support the Examiner’s conclusion as well as to this claim. It is noted that independent claim 36 does not require the automatic feature that is common among each of the other independent claims. Appellant’s arguments at pages 18 and 19 of the Brief take the position that the combination of the three references relied upon by the Examiner in the second stated rejection does not teach organizing the contents of the authentication credentials of users into a consolidated user directory. On the Appeal 2009-004188 Application 10/383,419 8 other hand, the Examiner persuasively argues at page 17 of the Answer that each of the three references contains specific teachings relating to administrative control over the credentials of user of systems. The Examiner also emphasizes, appropriately, that Delany discloses that the administrator has the capability of taking individual users and creating a group or, as claimed, a consolidated user directory. Appellant has presented identical arguments at pages 17, 18, 20, and 21 of the Brief that the Examiner has not presented a rational underpinning for combining the teachings of the respective references. We strongly disagree with this view based upon the legal precedent we cited earlier in this opinion. The Examiner’s rationales of combinability of Mercredi and Audebert within the first stated rejection under 35 U.S.C. § 103, and the additional rationales of combinability of Delany as to the second stated rejection under 35 U.S.C. § 103, comply with and are consistent with the legal requirements from this noted legal precedent. The Examiner’s reasoning’s of combinability in part rely upon actual teachings of the respective references, which we consider a persuasive approach in concluding the proper combinability of the teachings of the relied upon references within 35 U.S.C. § 103. X. CONCLUSION AND DECISION With respect to the argued subject matter pertaining to independent claims 1, 14, 29, 36, and 48 on appeal, Appellant has not shown that the Examiner erred in finding that the respective teachings of the relied upon prior art would have rendered obvious to one of ordinary skill in the art the subject matter argued not to be present among them. Therefore, the Appeal 2009-004188 Application 10/383,419 9 Examiner’s rejections of all claims on appeal, claims 1, 4, 7-20, 29, 32-37, and 44-48, are affirmed. All claims on appeal are unpatentable. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv) (2009). AFFIRMED nhl IBM CORP. (WIP) c/o WALDER INTELLECTUAL PROPERTY LAW, P.C. 17330 PRESTON ROAD SUITE 100B DALLAS, TX 75252 Copy with citationCopy as parenthetical citation