Ex Parte PatelDownload PDFBoard of Patent Appeals and InterferencesSep 16, 200409127767 (B.P.A.I. Sep. 16, 2004) Copy Citation The opinion in support of the decision being entered today was not written for publication and is not binding precedent of the Board. Paper No.20 UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte SARVAR PATEL ____________ Appeal No. 2003-0446 Application No. 09/127,767 ____________ ON BRIEF ____________ Before HAIRSTON, GROSS, and BLANKENSHIP, Administrative Patent Judges. GROSS, Administrative Patent Judge. DECISION ON APPEAL This is a decision on appeal from the examiner's final rejection of claims 1 through 22, which are all of the claims pending in this application. Appellant's invention relates to a method of authenticating parties communicating with one another to provide a security measure to their communication. Claim 12 is illustrative of the claimed invention, and it reads as follows: 12. A method for authenticating a first party at a second party, comprising: (a) outputting a random number as a first challenge; (b) receiving a second challenge and a first challenge response from said first party, said second challenge being a Appeal No.2003-0446 Application No.09/127767 1 Note that claim 12 and all claims dependent from claim 12 do not include steps (c) and (d) but jump directly from step (b) to step (e). 2 count value, and said first challenge response being a result of performing a keyed cryptographic function (KCF) on said first challenge and said count value using a first key; and (e) verifying said first party based on said first challenge, said second challenge, and said first challenge response.1 The prior art reference of record relied upon by the examiner in rejecting the appealed claims is: Alfred Menezes et al., "Handbook of Applied Cryptography", CRC Press 1997, pp.397-404. (Menezes) Claims 1-22 stand rejected under 35 U.S.C. § 103 as being unpatentable over Menezes. Reference is made to the Examiner's Answer (Paper No. 12, mailed May 22, 2002) for the examiner's complete reasoning in support of the rejections, and to appellant's Brief (Paper No. 11 filed March 04, 2002) and Reply Brief (Paper No. 13, filed July 22, 2002) for the appellant's arguments thereagainst. OPINION As a preliminary matter, we note that appellant indicates on page 13 of the Brief that the claims are to be grouped together in eight groups. However, the appellant presented the same argument for claims 4, 9, 10, and 17 as for claims 13 and 16, Appeal No.2003-0446 Application No.09/127767 3 and, therefore, we regrouped the claims accordingly. The following groups remain: GROUP I: Claims 12, 14, 15 and 18-20. GROUP II: Claims 4, 9, 10, 13, 16 and 17. GROUP III: Claims 1-3, 5, 6 and 11. GROUP IV: Claims 7, 8, 21 and 22. We have carefully considered the claims, the applied prior art reference, and the respective positions articulated by appellant and the examiner. As a consequence of our review, we will affirm the obviousness rejection of claims 1-6 and 9-20 and reverse the obviousness rejection of claims 7, 8, 21 and 22. Group I: Claims 12, 14, 15 and 18-20. Independent claim 12 recites in step (b) of the authenticating process that the second challenge received by the second party is a count value. The reference Menezes uses a random number as the second challenge instead of a count value (Menezes, page 402). The Examiner in rejecting the claim asserted that "pages 397-400 of Menezes et al. disclose interchangeability in authentication protocols of random numbers, such as rA, with sequence numbers, such as the count value" (Final Rejection, page 7) and that "one of ordinary skill in the art would have known replay attacks were used to subvert Appeal No.2003-0446 Application No.09/127767 4 challenge-response authentication protocols, and therefore would have been familiar with choosing one of the three above options" (Answer, page 3) where by options he means one of random number, count value (otherwise known as sequence) and timestamp. In his Brief (page 15), the Appellant challenges the assertion that Menezes discloses such interchangeability and further submits that there is no requisite teaching or motivation presented for such a modification, since Examiner merely concluded that one could do so and not why one would do so. Thus, the focus is on the inadequacy of motivation presented as to why one would interchange the random number with a count value. A careful look at Menezes discloses the following: time- variant parameters such as random numbers, sequences (i.e., count value) and timestamps are used in identification protocols to counteract replay and interleaving attacks. These protocols are in fact schemes put into place to reduce the vulnerability of the system so that when the communication line between two parties is monitored the response from one would not provide an adversary with useful information for subsequent identification (Menezes, page 397, paragraph 10.3.1). The time-variant parameters provide different securities, have strengths and weaknesses (random numbers are better at providing timeliness whereas count values are better at providing uniqueness), can be used in conjunction Appeal No.2003-0446 Application No.09/127767 5 as well as in combination with each other depending on the type of security sought (e.g., random numbers concatenated to timestamps or count values in a protocol guarantees that a pseudonumber will not be duplicated)(Menezes, pages 398-400). The protocol referred to in Menezes on page 402 follows the 9798- 2 mechanism disclosed on page 401 with some modifications as shown. The 9798-2 mechanism provides in pertinent part that "in these mechanisms, the timestamp may be replaced by a sequence number" and "to avoid reliance on timestamps, the timestamp may be replaced by a random number, at the cost of an additional message". Thus, Menezes clearly discloses that timestamps, random numbers and sequences (i.e., count values) are interchangeable. Thus, in the SKID3 protocol the random number can be interchanged with a count value since a random number can be interchanged with a timestamp to reduce the amount of message sent (Menezes, page 401), and the timestamp can be interchanged with a count value to increase the uniqueness and security of the protocol (count values do not need time synchronization like timestamps do) (Menezes, page 398, 401). The appellant also presented the argument (Brief, pages 16- 17) that even if the second challenge (random number) were modified to include a count number in the SKID3 protocol, the resulting algorithm would not be the same as the one claimed Appeal No.2003-0446 Application No.09/127767 6 because it would omit message (1), i.e., it would omit the first challenge sent and would omit performing a keyed cryptographic function on both the count value and the first challenge as required by claim 12. This argument, however, is not supported because Menezes clearly shows protocol SKID3 as used for a one- pass authentication where step (1) is required to complete the authentication process (Menezes, page 402). Further, even if using a count value instead of a random number eliminates one message, that message is connected to the random number that was interchanged with the count value, which in this case is the random number present in step (2) and not the one present in step (1). Menezes clearly discloses in step (2) on page 402 that the keyed cryptographic function uses the first challenge. Accordingly, we find appellant's arguments unpersuasive, and we will sustain the rejection of claims 12, 14, 15, and 18-20. Group II: Claims 4, 9, 10, 13, 16 and 17. Appellant's argument (Brief, pages 17-19) focuses on the fact that the Examiner failed to interpret the words "first key" and a "second key" according to their plain meaning, namely, that there are two separate keys. Also, Appellant asserts that the Examiner failed to interpret the meaning of the claim altogether. However, on page 401 Menezes clearly discloses that in Appeal No.2003-0446 Application No.09/127767 7 unidirectional communication, i.e., one-way protocols such as SKID3, distinct keys K(AB) and K(BA) may be used instead of the same key K. Thus, the key K used in step (2) can be different than the key K used in step (3). Therefore, we will sustain the rejection of claims 4, 9, 10, 13, 16, and 17. Group III: Claims 1-3, 5, 6 and 11. The representative claim in this group is claim 1 which has the same limitation as claim 12, namely, that the second challenge is a count value. As explained supra, this does not differ from Menezes because although his protocol uses a random number as the second challenge he discloses that count values can be substituted for random numbers. Since the same argument was presented (Brief, pages 21-22) for claim 12 as for claim 1, the same response is pertinent here. An additional argument was made (Brief, page 22) that Menezes does not provide a teaching or suggestion to increment a sequence number or count value in response to receiving the first challenge. However, this argument is not persuasive because Menezes clearly indicates that sequence numbers (count values), when utilized in authentication protocols, inherently do just that. Specifically, Menezes states that "the simplest policy is that a sequence number starts at zero, is incremented Appeal No.2003-0446 Application No.09/127767 8 sequentially, and each successive message has a number one greater than the previous one received" (Menezes, page 399). Therefore, we will sustain the rejection of claims 1-3, 5, 6, and 11. GROUP IV: Claims 7, 8, 21 and 22. The Examiner stated on pages 5 and 6 of the Examiner’s Answer that the rejection of these claims is overcome by appellant's arguments. Therefore, we reverse the rejection of claims 7, 8, 21 and 22. CONCLUSION The decision of the examiner rejecting claims 1-22 under 35 U.S.C. § 103 is affirmed as to claims 1-6 and 9-20 and reversed as to claims 7, 8, 21 and 22. Appeal No.2003-0446 Application No.09/127767 9 No time period for taking any subsequent action in connection with this appeal may be extended under 37 CFR § 1.136(a). AFFIRMED-IN-PART KENNETH W. HAIRSTON Administrative Patent Judge ) ) ) ) ) BOARD OF PATENT ANITA PELLMAN GROSS ) APPEALS Administrative Patent Judge ) AND ) INTERFERENCES ) ) ) HOWARD B. BLANKENSHIP ) Administrative Patent Judge ) AGP/RWK Appeal No.2003-0446 Application No.09/127767 10 HARNESS, DICKEY & PIERCE, P.L.C. P.O. BOX 8910 RESTON VA 20195 Copy with citationCopy as parenthetical citation