10843492 (P.T.A.B. Sep. 18, 2014)

Ex Parte Ritt et al

Patent Trial and Appeal BoardSep 18, 2014

10843492 (P.T.A.B. Sep. 18, 2014)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/843,492 05/10/2004 Markus Ritt 6631P016 4691 45062 7590 09/18/2014 SAP/BSTZ BLAKELY SOKOLOFF TAYLOR & ZAFMAN 1279 Oakmead Parkway Sunnyvale, CA 94085-4040 EXAMINER MCNALLY, MICHAEL S ART UNIT PAPER NUMBER 2436 MAIL DATE DELIVERY MODE 09/18/2014 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte MARKUS RITT and WOLFGANG GERTEIS ____________ Appeal 2012-005736 Application 10/843,492 Technology Center 2400 ____________ Before JOHN A. EVANS, DANIEL N. FISHMAN, and LINZY T. McCARTNEY, Administrative Patent Judges. EVANS, Administrative Patent Judge. DECISION ON APPEAL Appellants 1 seek our review under 35 U.S.C. § 134(a) of the Examiner’s rejection of Claims 1–22 2 as anticipated and as reciting non- statutory subject matter. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM IN PART. 3 1 The Real Party in Interest is SAP AG Corporation. 2 App. Br. 2. 3 Our Decision refers to Appellants’ Appeal Brief filed July 14, 2011 (“App. Br.”); Reply Brief filed November 1, 2011 (“Reply Br.”); Examiner’s Appeal 2012-005736 Application 10/843,492 2 STATEMENT OF THE CASE The claims relate to a method of generating a role-based user interface. See Abstract. Claims 1, 11, 21, and 22 are independent. The claims have not been argued separately and, therefore, stand or fall together. 37 C.F.R. § 41.37(c)(1)(iv). An understanding of the invention can be derived from a reading of exemplary Claim 1, which is reproduced below with disputed limitations italicized: 1. A method comprising: authenticating a user; in response to authenticating the user, accessing a user interface (UI) code, the UI code to generate a UI page, the UI page including instructions to generate a graphical user interface (GUI) for the user, the UI code including a security relevant portion of the UI code to generate a security relevant UI page element, the security relevant UI page element including instructions to generate a security relevant GUI element related to an application; and in response to accessing the UI code, executing the UI code to generate the UI page, the executing the UI code including executing a first portion of the UI code to include a UI page element in the UI page, wherein the executing the first portion of the UI code is independent of whether or not the user has an authorization to access the application, the executing the UI code further including determining whether the user has the authorization to access the application, the determining based Answer mailed September 13, 2011 (“Ans.”); and the Non-Final Office Action mailed July 12, 2010. Appeal 2012-005736 Application 10/843,492 3 on a security policy and user role information, the executing the UI code further including performing one of with a processor of a computing device, executing the security relevant portion of the UI code to include the security relevant UI page element in the UI page, the executing the security relevant portion of the UI code in response to determining that the user has the authorization to access the application, and preventing executing the security relevant portion of the UI code to prevent an including of the security relevant UI page element in the UI page, the preventing executing the security relevant portion of the UI code in response to determining that the user does not have the authorization to access the application. References and Rejections: 4 Claims 11–20 stand rejected under 35 U.S.C. § 101 as directed to non- statutory subject matter. Ans. 4, 8. Claims 1–22 stand rejected under 35 U.S.C. § 102(e) as anticipated by Uchil (US 7,409,710 B1; issued Aug. 5, 2008; filed Oct. 14, 2003). Ans. 5– 8. 4 Based on Appellants’ arguments in the Appeal Brief, we will decide the appeal on the basis of claims as set forth below. See 37 C.F.R. § 41.37(c)(1)(vii). Appeal 2012-005736 Application 10/843,492 4 ANALYSIS 35 U.S.C. § 101 We summarily sustain the rejection of Claims 11–20 under 35 U.S.C. § 101 in view of Appellants statement that the present rejection is not a subject of this Appeal. App. Br. 7. See Ex parte Frye, Appeal 2009- 006013, 2010 WL 889747, at *4 (BPAI 2010) (precedential) (“If an appellant fails to present arguments on a particular issue—or, more broadly, on a particular rejection—the Board will not, as a general matter, unilaterally review those uncontested aspects of the rejection”). 35 U.S.C. § 102 Claims 1–10 and 21 We have reviewed the Examiner’s rejections in light of Appellants’ arguments that the Examiner has erred. We agree with Appellants’ conclusions. Appellants contend that Uchil fails to disclose “authenticating a user” and “in response to authenticating the user, accessing a user interface (UI) code . . . ,” as recited in independent Claim 1. App. Br. 7. Appellants contend that Uchil is directed to techniques for providing an authentication user interface that is to be used for authenticating a user. In Uchil’s method, a user employs a browser to send an HTTP request for authentication that comprises the user’s credential information. Based on the credentials, a first plug-in module is invoked that provides configuration properties that are Appeal 2012-005736 Application 10/843,492 5 used to define a user authentication user interface. The authentication user interface is dynamically generated based on an HTTP request. The authentication user interface then is used for gathering further user credential information for authentication of the user. App. Br. 7–8. However, Appellants contend that Uchil fails to teach any operation that is implemented in response to the user having been authenticated. App. Br. 9. Appellants further note the Examiner’s current findings regarding Uchil contradict the Examiner’s earlier findings concerning the reference. In an earlier non-final rejection, the Examiner found Uchil was “mute in teaching authenticating a user prior to generating a user interface for the user.” App. Br. 12 (quoting Non-Final Office Action mailed July 12, 2010, 4). 5 Without acknowledging the apparent inconsistency, the Examiner now finds that Uchil’s HTTP authentication request, which comprises the user’s credential information, is an authentication and that a user interface is generated in response to this authentication. Ans. 10. We disagree. With respect to Claims 1, 11, 21, and 22, the Examiner finds that Uchil “teaches authenticating the user before dynamically 5 In the Non-Final Office Action mailed July 12, 2010, independent Claims 1, 11, 21, and 22 were rejected under 35 U.S.C. § 103 as obvious over Uchil and Tangellapally, US 7,426,475 B1, referred to by the Examiner as “Tang.” Appellants assert the present claims have the identical form to those rejected in the July 12, 2010 Non-Final Office Action. See App. Br. 12. Appeal 2012-005736 Application 10/843,492 6 generating user interface to the authenticated user via HTTP request.” Ans. 5 (citing Uchil, col. 10, l. 7–col. 11, l. 40; Figure 5, elements 510 and 520). We find that Uchil discloses: [t]he present embodiment begins by reading an HTTP request for authentication from a browser associated with a user, at 510. The HTTP request comprises credential information associated with the user. As described previously, the credential information comprises identifying information that is helpful in determining which authentication service, and its corresponding plug-in module, is selected to provide authentication services through the pluggable architecture to the user. For example, the credential information identifies the organization that the user is associated with. Each organization is associated with a particular authentication service that authenticates its users. Uchil, col. 10, ll. 15–27. Thus far, Uchil has not authenticated the user. Rather, “the query information comprises the credential information that is used for determining the required authentication services used in a selected plug-in module to authenticate the user.” Uchil, col. 10, ll. 38–41. Appellants contend that if Uchil’s user was authenticated merely by the selecting of the plug-in module, then there would be no need to subsequently generate, based on the selected plug-in module, an authentication user interface for use in a (redundant) authentication of the user. Reply Br. 6. This contention is consistent with the reference disclosure that “[b]ased on the various credential information, a first plug-in module is invoked from a plurality of plug-in modules. In the present embodiment, the first plug-in module is used for authenticating the user. Appeal 2012-005736 Application 10/843,492 7 Uchil, col. 2, ll. 35–38. Because we do not find that Uchil discloses the contested limitation, we decline to sustain the rejection of Claims 1–10 and 21. Claims 11–20 and 22 The Examiner makes substantially the same finding and Appellants advance substantially the same arguments as discussed above. Because we do not find that Uchil discloses the contested limitation, we decline to sustain the rejection of Claims 11–20 and 22. DECISION The rejection of claims 11–20 under 35 U.S.C. § 101 is summarily AFFIRMED. The rejection of Claims 1–22 under 35 U.S.C. § 102 is REVERSED. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED IN PART kis