Ex Parte RoweDownload PDFBoard of Patent Appeals and InterferencesAug 2, 200709794486 (B.P.A.I. Aug. 2, 2007) Copy Citation The opinion in support of the decision being entered today is not binding precedent of the Board. UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte RICK ROWE ____________ Appeal 2007-1241 Application 09/794,486 Technology Center 2100 ____________ Decided: August 2, 2007 ____________ Before JAMES D. THOMAS, LEE E. BARRETT, and JAY P. LUCAS, Administrative Patent Judges. THOMAS, Administrative Patent Judge. DECISION ON APPEAL This appeal involves claims 1-13 and 15-23. We have jurisdiction under 35 U.S.C. §§ 6(b) and 134(a). We affirm. Appeal 2007-1241 Application 09/794,486 2 Representative independent claim 1 is reproduced below as best representative of the disclosed and claimed invention: 1. A method of a securely storing data at a remote location comprising: establishing a communication link between a user computing device and a server located remotely from said user computing device; transmitting information from said user computing device to said server which identifies a user of the user computing device; transmitting user data which the user wishes to be remotely stored from the user computing device to the server via the communication link; associating identifying information regarding the user with the transmitted data once the transmitted user data has been received by said server; obtaining encryption key information from said user for use in encrypting said user data; encrypting the transmitted user data at said server with a key based upon said encryption key information obtained from said user; identifying said keys as said user’s key and storing said key at a data storage device of said server for later use in decrypting said user data; and storing the encrypted transmitted user data and associated identifying information at said data storage device, whereby said identifying information can be utilized to identify said user data at a later time. The following references are relied on by the Examiner: Ballantyne US 5,867,821 Feb. 2, 1999 Chapman US 6,173,402 B1 Jan. 9, 2001 (filed Mar. 4, 1998) Appeal 2007-1241 Application 09/794,486 3 Serbinis US 6,584,466 B1 Jun. 24, 2003 (filed Apr. 7, 1999) Bacha US 6,839,843 B1 Jan. 4, 2005 (filed Dec. 10, 1999) Claims 1-4, 6 and 8 stand rejected under 35 U.S.C. § 102(e) as being anticipated by Bacha. Claims 5, 7, 9-13 and 15-23 stand rejected under 35 U.S.C. § 103(a). As evidence of obviousness, the Examiner relies upon Bacha alone for claim 5. Bacha is combined with Ballantyne for claims 7 and 9. Bacha is combined with Chapman and Ballantyne for claims 10-13 and 15. Bacha is combined with Chapman for claims 16-20, and is combined with Serbinis and Ballantyne for claims 21-23. Rather than repeat the positions of the Appellant and the Examiner, reference is made to the Brief and Reply Brief for the Appellant’s positions, and to the Answer for the Examiner’s positions. OPINION Regarding the rejection of independent claim 1 under 35 U.S.C. § 102(e) as being anticipated by Bacha, Appellant argues that Bacha discloses “a system and method where the user must have a vault application which serves to encrypt data before it is transmitted for storage” (Br. 14) and that claim 1 recites a method where “encryption of the data occurs at the remote server” (Br. 14). The Examiner points to column 6, lines 29-30 as anticipating “encrypting the transmitted user data at said server” (Answer 4). Both Appellant and the Examiner appear to agree that the document encryption occurs in the user’s vault (Br. 15; Answer 22). Appeal 2007-1241 Application 09/794,486 4 Therefore, the disagreement between Appellant and the Examiner is essentially regarding the location of the user’s vault application. Appellant argues that a “user who wishes to store [a] document must have a ‘vault application’ at their own computer which allows them to encrypt and package the data before it is sent for storage” (Br. 13) and equates the application server vault to “the remote server” (Br. 15). The Examiner asserts that the vault controller and the application server, as parts of the document repository system, “may be on the same machine” and equates the document repository system to “the server/remote server" (Answer 22). We disagree that the portion of Bacha cited by the Examiner (col. 5, ll. 47-57), which merely states that the application server may be on the same machine as the database it administers, adequately supports the assertion that the user’s vault is located at the server. However, we find that Bacha does, in fact, teach that the user’s vault is located remotely from the user, at the server, as discussed below. We note that Bacha discloses a similar prior art system, shown in Figure 1, which is described as a system where “[a] document originator 100 can deposit documents via its connection 102 with a remote document repository service 104, such as a database, administered by a third party” (emphasis added)(col. 3, ll. 58-60). Later, Bacha describes his invention, shown in Figure 2, by stating “[a]s in the system of FIG. 1, in the [preferred embodiment], a document originator 200 can deposit documents via its connection 202 with a document repository service 204” (emphasis added)(col. 5, ll. 36-38). Bacha additionally teaches that “[e]ach vault on a server has a unique encryption key”(emphasis added)(col. 4, ll. 52-53). Appeal 2007-1241 Application 09/794,486 5 Furthermore, Bacha teaches an alternative embodiment in which “the document originator may sign and/or encrypt the document … before submitting it to his vault for storage. However, the document … will be re- signed and re-encrypted by the user’s vault, as any other document would be handled” (emphasis added)(col. 7, ll. 43-49). These sections of Bacha unambiguously show that the vaults shown in Figure 2 are located remote from the clients, at the document repository system, described by Bacha as a server (col. 4, ll. 33-50), and that the encryption occurs in the vault at the server side. After carefully reviewing the entirety of Bacha, we find no disclosure teaching or suggesting that the user vaults either are or could be located at the user’s own computers, as asserted by Appellant (Br. 13). Therefore, since the user vault is located at the document repository system, which is a server remote from the client, we find that Bacha anticipates the claimed limitation “encrypting the transmitted user data at said server”. Regarding Appellant’s note that “[c]laim 1 requires a method where the user provides data used to encrypt the data, and where the user’s encryption key is stored at the server” (Br. 14), we note that Appellant has not provided any substantive arguments directed to this assertion, merely noting that this feature allows the user to forget the key. The Examiner pointed to column 6, lines 52-54 in support of this limitation (Answer 5). We agree with the Examiner that Bacha teaches the user providing data used to encrypt the data and storing, at the server, the encryption key used to encrypt the data (col. 6, ll. 51-54; Fig.3, 304). Appeal 2007-1241 Application 09/794,486 6 Regarding the rejection of dependent claim 2, Appellant apparently argues that the transmitted user data in Bacha is not in the form of a “data file” (Br. 15). The Examiner points to column 4, lines 44-45 of Bacha (Answer 6), which states “[t]his system relies on ... modern transmission technology … that electronic transmission of documents and other data will arrive intact and error free” (emphasis added) (col. 4, ll. 42-45). We find that the language used by Bacha “documents and other data” makes it clear that the documents disclosed throughout Bacha are, in fact, data files. Additionally, we note that Bacha teaches implementing the invention on a “general purpose computer system” such as a computer running “Microsoft Windows 98 operating system” (col. 12, ll. 23-39). It is notoriously well known in the art that computers running Microsoft Windows operating systems send, receive, use and store data in the form of data files. Regarding the rejection of dependent claim 3, Appellant argues that the transmitted user data in Bacha does not contain “title information” (Br. 16). The Examiner points to column 3, lines 23-25 (Answer 6), which teaches providing a search authority that allows users to search for documents based on, among other things, “document identity”. We disagree with Appellant and find that Bacha does teach information pertaining to identification of remotely stored data. In order for the search authority to locate documents based on a “document identity”, the documents must be identifiable with that identity. We find that “document identity” falls well within the broadest reasonable interpretation of the term “title information”. Additionally, Bacha teaches implementing the invention on a “general purpose computer system” such as a computer running “Microsoft Windows Appeal 2007-1241 Application 09/794,486 7 98 operating system” (col. 12, ll. 23-39). It is well known in the art that computers operating Microsoft Windows send, receive, use and store data identified using filenames. Therefore, the documents disclosed by Bacha must include “title information” in the form of a filename in order to be usable by the Microsoft Windows computer systems. Regarding the rejection of dependent claim 6, Appellant argues that “the Examiner’s rejection of Claim 6 based on col. 3, lines 64-67 of Bacha et al. fails to adequately anticipate” since it doesn’t specify when the “read” privilege is applied (Br. 17). Claim 6 recites “identifying said stored user data as read-only after said data has been encrypted”. As noted by Appellant, the Examiner relies upon column 3, lines 64-67 of Bacha (Answer 6), which describes a prior art system similar to Bacha’s preferred embodiment, and states that “[a]s the owner of the deposited documents … the document originator may assign a business partner 106 to have a ‘read’ privilege” (emphasis added)(col. 3, ll. 60-64). Bacha discloses that the preferred embodiment also allows the user to assign levels of access to documents (col. 5, ll. 39-40). The above cited sections make it clear that the documents have already been deposited by the time the read-only access is designated. Since the documents are encrypted prior to being deposited (col. 6, ll. 55-57), the “read” privilege is assigned after encryption. Furthermore, we note that Bacha teaches modifying the access control list of a document already stored in the repository (col. 10, ll. 46-50). Regarding the rejection of dependent claim 8, Appellant argues that the communication between the user computing device and the server does not “using the Internet” and that Bacha “specifically teaches a method of Appeal 2007-1241 Application 09/794,486 8 data storage performed over a ‘closed network’ which is contrary to using the Internet” (Br. 17-18). The Examiner relies on column 1, lines 30-31 (Answer 7), a portion of the background essentially noting that the Internet is a known open network. The Examiner supplements this with a citation to column 4, lines 40-45 (Answer 26). Initially, we disagree with Appellant that Bacha’s disclosure of a closed network is “contrary to using the Internet”. The portion of Bacha relied upon by Appellant (col. 5, ll. 49-52) merely states that the application server and the database repository may be connected via a closed network. The relevant communication link is the one between the user and the document repository system, not the link between the application server and the database repository, which are both components of the document repository system (col. 5, ll. 47-49). We agree with the Examiner, since Bacha’s teaching that the document repository system “provides an enhanced web server environment” (col 4., ll. 39-41) that “relies on the modern transmission technology described in the Background of the Invention” (col 4, ll. 42-45) as “the Internet and other open networks” (col 1., ll. 29-30) may be accessed “though the client’s web browser” (col. 4, ll. 48-50), adequately teaches that the communication link between the client and the document repository system includes the Internet. Appellant has not presented any substantive arguments directed separately to the patentability of dependent claim 4, rejected under 35 U.S.C. § 102(e) as being anticipated by Bacha, or dependent claim 5, rejected under 35 U.S.C. § 103(a) as being unpatentable over Bacha alone. In the absence of separate arguments with respect to these dependent claims, these claims stand or fall with their representative independent claim. See In re Young, Appeal 2007-1241 Application 09/794,486 9 927 F.2d 588, 590, 18 USPQ2d 1089, 1091 (Fed. Cir. 1991). See also 37 C.F.R. § 41.37(c)(1)(vii). Therefore, we will sustain the Examiner’s rejection of these claims for the same reasons discussed supra with respect to claim 1. In rejecting claims under 35 U.S.C. § 103, it is incumbent upon the Examiner to establish a factual basis to support the legal conclusion of obviousness. See In re Fine, 837 F.2d 1071, 1073, 5 USPQ2d 1596, 1598 (Fed. Cir. 1988). In so doing, the Examiner must make the factual determinations set forth in Graham v. John Deere Co., 383 U.S. 1, 17, 148 USPQ 459, 467 (1966). Furthermore, “‘there must be some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness’ . . . . [H]owever, the analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” KSR Int’l Co. v. Teleflex Inc., 127 S. Ct. 1727, 1741, 82 USPQ2d 1385, 1396 (2007)(quoting In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006)). In this appeal, we are satisfied the examiner has met the requirements of the recent precedent, as embellished upon here. Appellant presents a general argument directed toward all pending rejections under 35 U.S.C. § 103(a) (Br. 18-19). We note that Appellant has presented no evidence or even a rationale in support of Appellant’s broad assertions that “the Examiner has crossed the line into the realm of using impermissible hindsight” (Br. 18) and “the Examiner has reached the result of combining the references using subjective reasoning rather than objective Appeal 2007-1241 Application 09/794,486 10 facts.” (Br. 19). We further note that the Examiner presented numerous rejections under 35 U.S.C. § 103(a), combining various references with Bacha, and Appellant has failed to make any substantive arguments relating to the content of the various references or the combinability of the references with each other. Regarding the rejection of dependent claims 7 and 9 under 35 U.S.C. § 103(a) as being obvious over Bacha in view of Ballantyne, claim 7 merely recites “said transmitted user data comprises at least one graphic image file”, Appellant argues that Bacha and Ballantyne are non-analogous art. Appellant specifically argues that “the teaching of Ballantyne et al. is incongruous with Bacha et al.” (Br. 19). The Examiner argues that Bacha relates to the field of electronic data storage and provides a repository for any type of data (Answer 26). The Examiner also argues that Ballantyne teaches the “master library”, which is disclosed as a “data depository for … text, graphics, still images, full motion video, and sound/audio information” (col. 4, ll. 4-6). We find that Bacha relates to a generic data storage system, and refers generally to storage of “documents” (col. 5, ll. 36-37). One of ordinary skill in the art would have realized that images would be an acceptable type of document or, alternatively, be included in documents. Ballantyne also relates to data storage, and teaches storage of a specific type of data, including images, such as those recited in claim 7, in a “data depository”. Additionally, we note that both Bacha (col. 6, ll. 55-57) and Ballantyne (col. 16, ll. 16-18) relate to encryption of stored personal data. Therefore, we agree with the Examiner that Bacha and Ballantyne are analogous art, since Appeal 2007-1241 Application 09/794,486 11 they are both directed to systems for encrypted storage of user data. Furthermore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to use a specific data type, such as graphic image files taught by Ballantyne, inclusive of the generically disclosed “documents” taught by Bacha. Regarding the rejection of dependent claim 9, which merely recites “at least a portion of said communications link includes a wireless communication channel”, the Examiner acknowledges that Bacha fails to specifically disclose use of a wireless network (Answer 9). The Examiner relies upon Ballantyne and points to column 16, lines 44-47 (Answer 9), which discloses distribution of various data types via several network types, including wireless networks. Appellant argues that “[t]he Examiner’s assertion misses the mark” because “the cited language is directed toward wireless means for distributing compressed video … and not for … secure document storage” (Br. 21). Ballantyne explicitly discloses using wireless networks as an alternative to other network types for transmitting data (col. 16, ll. 44-49). It would have been obvious to one of ordinary skill in the art at the time the invention was made that wireless networks, or any of the other networks taught by Ballantyne would have been usable to transmit any kind of data, and more specifically, to submit documents to the document repository system of Bacha via the alternative communication medium. Regarding the rejection of independent claim 10 and claims 11-13 and 15 under 35 U.S.C. § 103(a) as being unpatentable over Bacha in view of Chapman and further in view of Ballantyne, Appellant argues as to claim 10 that “decryption takes place at the document originator’s vault and not the Appeal 2007-1241 Application 09/794,486 12 remote second computer” (Br. 22). We disagree for the reasons discussed supra with respect to claim 1, primarily because the document originator’s vault, where encryption/decryption of the deposited documents takes place, is located at the second computer. Appellant also argues that “there is no suggestion to combine the teachings of Ballantyne et al. and Bacha et al.” and that “Ballantyne et al.’s principal of permitting a document to be printed freely by a requestor completely circumvents and undermines the security techniques which form the foundation of Bacha et al.’s system and method.” (Br. 22). The Examiner states that a user would be motivated to combine Bacha and Ballantyne “to print out the user data, which is forwarded to the user for review” (Answer 12) and that printing data into user readable form and mailing the print-outs to the user is well-known in the art (Answer 23). Initially, we note that Appellant has presented no arguments directed to the teachings or combinability of the secondary reference Chapman with Bacha. Accordingly, Appellant has waived any such arguments, and the combinability and teachings of Chapman will not be addressed here. As discussed supra with respect to claim 7, we find that Bacha relates to a generic data storage system, and refers generally to storage of “documents” (col. 5, ll. 36-37). Ballantyne also relates to data storage, and teaches storage of a specific type of data, including images, in a “data depository”. Additionally, we note that both Bacha (col. 6, ll. 55-57) and Ballantyne (col. 16, ll. 16-18) relate to encryption of stored personal data. Ballantyne teaches user requested printing of user specific data and mailing the print-outs to a user. One of ordinary skill in the art, when made aware of Appeal 2007-1241 Application 09/794,486 13 the disclosures of Bacha and Ballantyne would have immediately recognized the advantages of and been motivated to allow users to print documents stored in the document repository. For example, and as noted by the Examiner (Answer 12), this would have allowed the users to review the printed documents without being connected to the document repository system, as well as provided the users with physical back-up copies of the documents. Regarding Appellant’s argument regarding motivation to combine, that permitting a document to be printed circumvents and undermines the security techniques taught by Bacha (Br. 22), we disagree. Both Bacha (col. 6, ll. 55-57) and Ballantyne (col. 16, ll. 16-18) encrypt the stored personal data. The data must be decrypted prior to printing, and it can only be decrypted by authorized parties in both Bacha (col. 8, ll. 13-17) and Ballantyne (col. 8, ll. 3-5). Therefore, permitting printing of documents as taught by Ballantyne will not circumvent or undermine the security techniques taught by Bacha, since the stored data will remain encrypted until a print-out is requested, and will not be decrypted until the requestor is authenticated and authorized. Appellant has not presented any substantive arguments directed separately to the patentability of dependent claims 11-13 and 15. In the absence of a separate argument with respect to the dependent claims, those claims stand or fall with the representative independent claim. See Young, 927 F.2d at 590, 18 USPQ2d at 1091. See also 37 C.F.R. § 41.37(c)(1)(vii). Therefore, we will sustain the Examiner’s rejection of these claims as being Appeal 2007-1241 Application 09/794,486 14 obvious over Bacha in view of Chapman and Ballantyne for the same reasons discussed supra with respect to claim 10. Turning to the rejection of independent claim 16 and claims 17-20 under 35 U.S.C. § 103(a) as being unpatentable over Bacha in view of Chapman, Appellant’s arguments as to claim 10 substantially mirror those presented with respect to claim 1. Appellant again argues that Bacha “teaches decryption at the document originator’s vault (after transmission of the encrypted document from the remote server)” (Br. 23). We disagree for the reasons discussed supra with respect to claim 1, primarily because the document originator’s vault, where encryption/decryption of the deposited documents takes place, is located at the second computer. Appellant also argues that claim 16 is additionally allowable “for the reason that it recites a specific technique of storing the encryption/decryption key at the remote server, where the key can be identified by a user password” (Br. 23). The Examiner relies upon Bacha for teaching the storage of an encryption/decryption key at the remote server and Chapman for teaching that the key is identifiable by receipt of a user- provided password (Answer 15). We also note that Appellant has presented no arguments directed to the teachings or combinability of the secondary reference Chapman with Bacha. Accordingly, Appellant has waived any such arguments, and the combinability and teachings of Chapman will not be addressed here. Appellant has also failed to present substantive arguments directed to storing the encryption/decryption key at the remote server, merely asserting this as a reason why claim 16 should be allowed (Br. 23). Nonetheless, Bacha teaches storing, at the server, the encryption Appeal 2007-1241 Application 09/794,486 15 key used to encrypt the data (col. 6, ll. 51-54; Fig.3, 304), as noted by the Examiner (Answer 15). Appellant has not presented any substantive arguments directed separately to the patentability of dependent claims 17-20. In the absence of a separate argument with respect to the dependent claims, those claims stand or fall with the representative independent claim. See Young, 927 F.2d at 590, 18 USPQ2d at 1091. See also 37 C.F.R. § 41.37(c)(1)(vii). Therefore, we will sustain the Examiner’s rejection of these claims as being obvious over Bacha and Chapman for the same reasons discussed supra with respect to claim 16. Lastly, regarding the rejection of independent claim 21 and its dependent claims 22 and 23 under 35 U.S.C. § 103(a) as being unpatentable over Bacha in view of Serbinis and further in view of Ballantyne, Appellant initially argues that claim 21 “is allowable for similar reasons to Claims 1, 10 and 16” (Br. 24). As discussed above, we see no deficiencies with respect to the rejections of those claims. Appellant additionally argues that “[t]he Examiner cites Bacha et al. for the alleged anticipation of requesting ‘print-out from the second storage computer.’” However, the Examiner need only rely on Bacha for the request, generally, since the Examiner relied upon Ballantyne for teaching requests specifically for printing documents (Answer 20). Therefore, to the extent this argument asserts that the combined references fail to teach requesting and generating a print-out of user data from the depository, we disagree. We find that Ballantyne clearly teaches a user requesting a print- out that is subsequently generated and delivered (col. 8, ll. 56-60). Appeal 2007-1241 Application 09/794,486 16 Appellant additionally argues that “Serbinis does not teach establishing an account [to pay for storage and access fees], or for charging a financial account for data access and storage” and that “Serbinis merely discloses keeping a table of information regarding pricing and billing information” (Br. 24-25). The Examiner points to column 6, lines 47-53 of Serbinis for teaching creating a financial account from which funds are withdrawn corresponding to a data storage fee (Answer 19). At column 6, lines 47-53, Serbinis teaches creating an account for storing information including billing information, “such as the user’s credit card number”, in a database located at a document management services provider. We note that this language indicates that a credit card number is merely exemplary of the types of financial accounts that would have been usable by Serbinis. One of ordinary skill in the art would have been aware of many alternative types of accounts for billing a user. Serbinis additionally teaches charging the account for data storage fees (col. 13, ll. 30-50). Therefore, we disagree with Appellant, and find that Serbinis does teach establishing a financial account for the purpose of charging a user for data storage. Appellant’s Reply Brief presents substantially identical arguments to those presented in the Appeal Brief. Appellant again argues that “the encryption/decryption takes place at the document originator’s vault environment and not at the server.” (Reply Br. 6). As discussed supra with respect to independent claims 1, 10, 16 and 21, the document originator’s vault is located at the server, as shown in Figures 1 and 2 and their accompanying discussion (col.3, ll. 55-67; col. 5, ll. 33-63). This relationship is clearly shown in Figure 2, which depicts the document Appeal 2007-1241 Application 09/794,486 17 originator’s vault 216 as being part of the document repository, which is separated from the document originator (client) 200 by a network connection 208. Figure 2 makes it clear that all elements of the document repository system are located remotely from the client, including the document originator’s vault 216, the application server vault 220, the application server 210 and the database 212 (see also col. 5, ll. 47-56). Appellant’s remaining arguments all rest on the premise that the document originator’s vault is located on the client side, and are not persuasive for the reasons discussed above. In summary, we sustain the Examiner’s rejections of claims 1-4, 6 and 8 under 35 U.S.C. § 102(e). We also sustain the Examiner’s separate rejections of claims 5, 7, 9-13 and 15-23 under 35 U.S.C. § 103(a). The rejections of these claims encompass all claims on appeal, and all rejections are affirmed. Therefore, the decision of the Examiner is affirmed. Appeal 2007-1241 Application 09/794,486 18 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED KIS WEIDE & MILLER, LTD. 7251 W. LAKE MEAD BLVD. SUITE 530 LAS VEGAS, NV 89128 Copy with citationCopy as parenthetical citation
