Ex Parte Sanso et alDownload PDFPatent Trial and Appeal BoardJan 26, 201813718369 (P.T.A.B. Jan. 26, 2018) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/718,369 12/18/2012 Antonio Sanso 58083/847120 (2510US01) 6677 72058 7590 01/30/2018 Kilpatrick Townsend & Stockton LLP Adobe Systems, Inc. 58083 Mailstop: IP Docketing - 22 1100 Peachtree Street, Suite 2800 Atlanta, GA 30309-4530 EXAMINER LYNCH, SHARON S ART UNIT PAPER NUMBER 2438 NOTIFICATION DATE DELIVERY MODE 01/30/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipefiling@kilpatricktownsend.com KT S Docketing2 @ kilpatrick. foundationip .com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ANTONIO SANSO and FELIX MESCHBERGER Appeal 2017-007238 Application 13/718,3 691 Technology Center 2400 Before ALLEN R. MacDONALD, BRADLEY W. BAUMEISTER, and NABEEL U. KHAN, Administrative Patent Judges. KHAN, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the final rejection of claims 1—5, 9, 13, 14, 28, 30-35. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 Appellants identify Adobe Systems Incorporated as the real party in interest. App. Br. 1. Appeal 2017-007238 Application 13/718,369 STATEMENT OF THE CASE The Invention Appellants’ invention relates to assigning privileges to users according to the open standard for authorization (“OAuth”) for access to private resources, such as photos, videos, documents, found on a networked hierarchical repository, such as a social networking platform, data sharing website, or networked data store. See Spec. Tflf 2—3. Exemplary independent claim 1 is reproduced below with the disputed limitation emphasized. 1. A computer-implemented method comprising: receiving, at a server device, one or more selections via a graphical user interface, the one or more selections for assigning an open standard for authentication privilege for a private resource owned by a first user to a second user from a set of user or user groups, wherein the private resource comprises a software file in a networked hierarchical repository, and wherein the one or more selections specify: a selected path of the networked hierarchical repository identifying the private resource from a plurality of paths for a plurality of private resources, a first option specifying the open standard for authentication privilege from a set of privileges defining access for the private resource, and a second option specifying the second user from the set of user or user groups; modifying, at the server device, metadata of the private resource identified by the selected paths so that the metadata specifies that the open standard for authentication privilege for the private resource is assigned to the second user, wherein the metadata of the private resource is modified by automatically inserting corresponding code at the server device to provide the open standard authentication privilege for the private resource, wherein the open standard for authentication privilege: allows the first user to share the private resource with the second user; and 2 Appeal 2017-007238 Application 13/718,369 allows the second user, with whom the private resource has been shared, to access the private resource without prompting the second user for credentials. References and Rejections2 1. Claims 1, 2, 5, 9, 28, 30, 31, 34, and 35 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Beauregard (US 2011/0030045 Al, pub. Feb. 3, 2011), Vangpat (US 2012/0144501 Al, pub. June 7, 2012) and Hunnicutt (US 2003/0191846 Al, pub. Oct. 9, 2003). Final Act. 14—37. 2. Claims 3,13, and 32 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Beauregard, Vangpat, Hunnicutt, and Nickolov (US 2012/0254957 Al, pub. Feb. 6, 2014). Final Act. 37-38. 3. Claims 4, 14, and 33 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Beauregard, Vangpat, Hunnicutt, and Haustein (US 2009/0077099 Al, pub. Mar. 19, 2009). Final Act. 38-A0. ANALYSIS The Examiner finds the combination of Beauregard, Vangpat, and Hunnicutt teaches or suggests the limitations of claim 1. In particular, the Examiner finds Beauregard teaches or suggests the majority of the claim limitations, including receiving selections of privilege assignments for a private resource via a graphical user interface and modifying metadata of a private resource. Final Act. 15—17. The Examiner relies on Vangpat as teaching the assignment of the OAuth privilege for private resources and for modifying metadata of a private resource, amongst other limitations. Final 2 The Examiner has withdrawn the rejection of claims 1—5, 9, 13, 14, 28, 30— 35 under 35 U.S.C. §§ 101 and 112(b). Ans. 2-3. 3 Appeal 2017-007238 Application 13/718,369 Act. 18—19. Finally, the Examiner relies on Hunnicutt as teaching modifying metadata of a private resource by automatically inserting code at the server device. Final Act. 20—21. A. Appellants argue neither Beauregard nor Vangpat teach “metadata of the private resource,” as recited in claim 1. App. Br. 19, 20; Reply Br. 3. With respect to Beauregard, Appellants argue “the access methods disclosed by Beauregard involve modifying a ‘process token, ’ which specifies the associated process’s privileges for accessing certain securable resources. This process token is not metadata of a securable resource; at best it can be characterized as metadata of a process.” App. Br. 19. Appellants further argue “it is clear that the claimed ‘metadata of the private resource’ is not the token that would be presented by the recited second user and, therefore, unlike Beauregard, the claimed invention is not concerned with modifying any token.” App. Br. 19; see also Reply Br. 3. Regarding Vangpat, Appellants argue “Vangpat. . . discloses a method for replacing a ‘restricted capabilities’ access token with an ‘expanded capabilities’ access token.” App. Br. 20. According to Appellants, [t]he access tokens contemplated by Vangpat are not the metadata of the private resource recited in Appellant’s claims. Appellant’s claims require modifying the metadata of the private resource to assign OAuth privileges for a second user. After this modification is performed, the second user may present a token, which is checked against the metadata of the private resource, to thereby gain access to the private resource without being prompted for credentials. App. Br. 20 (emphasis omitted). 4 Appeal 2017-007238 Application 13/718,369 Appellants’ arguments are unpersuasive. Beauregard describes that a token may be modified by “adding a group, removing a group, adding a privilege, and removing a privilege” to allow a process to access a securable resource. Beauregard 125. Access to a securable resource is determined, at least in part, by these modifications. Although Beauregard describes the token as a “token of a process” or a “process token,” it is clear that the data contained in the token relates not only to a process but also to the securable resources to which the process has access. We therefore agree with the Examiner that Beauregard’s token data, which identifies and determines privileges allowing access to securable resources, falls within the scope of the claimed “metadata of the private resource” under a broad but reasonable interpretation of the claim. Appellants have not persuasively shown that the phrase “metadata of a private resource” precludes the metadata from also being associated with a process accessing the private resource, or from being part of a token. We are also unpersuaded by Appellants’ argument regarding Vangpat. First, Appellants’ argument does not address the Examiner’s finding that Beauregard teaches metadata of the private resource (and modification of such metadata). See Final Act. 16—17. Second, as explained above, under a broad but reasonable interpretation, data that pertains to a private resource teaches or suggests “metadata of a private resource” even if that data is part of a token. Appellants’ arguments that “[ajfter this modification is performed, the second user may present a token, which is checked against the metadata of the private resource, to thereby gain access to the private resource,” (App. Br. 20 (emphasis omitted)) is incommensurate with the scope of the claim, which does not require a second user to present a token. 5 Appeal 2017-007238 Application 13/718,369 B. Appellants make several additional arguments that fail to persuade us generally because they attack the references individually and fail to address the Examiner’s findings as a whole. In re Keller, 642 F.2d 413, 426 (CCPA 1981) (“one cannot show non-obviousness by attacking references individually where, as here, the rejections are based on combinations of references”). For example, Appellants argue: Beauregard[’s] . . . token-based access scheme . . . simply has nothing to do with the OAuth token-based protocol . . . which . . . : allows [a] first user to share the private resource with the second user; and allows the second user, with whom the private resource has been shared, to access the private resource without prompting the second user for credentials. App. Br. 18. This argument fails because the Examiner relies on Vangpat, not Beauregard, as teaching the use of the OAuth protocol and for allowing the second user to access the private resource without prompting the second user for credentials. Final Act. 18—19. Appellants also contend: Vangpat clearly describes that the ‘restricted access token’ and the ‘expanded capabilities token’ are provided and exchanged by server(s) that are different from the server that hosts the protected data resource. Therefore, Vangpat does not disclose ‘automatically inserting corresponding code at the server device to provide the open standard authentication privilege for the private resource,’ as recited in Appellant’s claims. App. Br. 21. The Examiner, however, relies upon Hunnicutt, not Vangpat, for teaching or this limitation. Final Act. 20—21. 6 Appeal 2017-007238 Application 13/718,369 Turning to Hunnicutt, Appellants argue: The user-tokens disclosed by Hunnicutt have nothing to do with, and are in no way relevant to, the open standard for authentication (OAuth) that allows a second user, with whom a private resource has been shared, to access the private resource without prompting the second user for credentials, as recited in Appellant's claims. The access-cache disclosed by Hunnicutt maintains a current record of access privileges and user-tokens, as determined by the operating system. This simply has nothing to do with assigning an OAuth privilege to the metadata of a private resource, as is also required by Appellant’s claims. As a consequence, contrary to the Examiner's assertion, Hunnicutt does not disclose, teach or suggest “modifying, at the server device, metadata of [a] private resource ... by automatically inserting corresponding code at the server device to provide the open standard authentication privilege for the private resource,” as required by Appellant’s claims. App. Br. 22—23. Appellants’ proffered reason that Hunnicutt is not related to the use of the OAuth protocol fails to address the Examiner’s findings that Vangpat, not Hunnicutt, teaches the use of the OAuth protocol (Final Act. 18-19). In the Reply Brief, Appellants argue “Beauregard nowhere discloses that the process token associated with a first user may be shared with a second user” and therefore does not teach or suggest the claimed limitations of “allowing] the first user to share the private resource with the second user; and allowing] the second user, with whom the private resource has been shared, to access the private resource without prompting the second user for credentials.” Reply Br. 4. Appellants similarly argue “Hunnicutt nowhere discloses that the access-permission of a first user may be shared with a second user. Therefore, Hunnicutt does not contemplate modifying metadata of a private resource to specify that access privileges for a second 7 Appeal 2017-007238 Application 13/718,369 user.'” Reply Br. 6. The Examiner, however, relies upon Vangpat, not Beauregard or Hunnicutt, to teach or suggest the limitations of “allowing] the first user to share the private resource with the second user; and allowing] the second user, with whom the private resource has been shared, to access the private resource without prompting the second user for credentials.” Final Act. 19—20. C. Appellants dispute “that the three cited references [Beauregard, Vangpat, and Hunnicutt] are properly combinable in the first place.” App. Br. 23. Specifically, Appellants argue that Beauregard is not properly combined with Vangpat because “the Beauregard system is in no way relevant to the OAuth protocol and, therefore, combining Vangpat’s ‘token exchange’ for modifying the OAuth protocol with Beauregard’s system for modifying ‘process tokens’ managed by a local operating system is clearly nonsensical.” App. Br. 24. Appellants also argue “[t]he Hunnicutt system is not configured for and does not contemplate use of the OAuth protocol. Therefore, Hunnicutt’s disclosure regarding updating a cache is not compatible with Vangpat and there is no motivation or suggestion to combine at least those references.” App. Br. 24. We are unpersuaded that Beauregard and Hunnicutt are not properly combinable with Vangpat. “The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference. . . . Rather, the test is what the combined teachings of those references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425 (CCPA 1981). The fact that Beauregard and Hunnicutt do not use the OAuth protocol does not mean that 8 Appeal 2017-007238 Application 13/718,369 their teachings could not be combined with Vangpat so that the combination teaches or suggests the claimed limitations. In particular, Appellants have not persuaded us that the use of a graphical user interface to modify privileges of a private resource, as taught by Beauregard, could not be combined with the Vangpat’s OAuth protocol. Similarly, Appellants have not persuaded us that Hunnicutt’s teaching of automatically inserting code at a server device is inconsistent with or could not be combined with Vangpat’s use of the OAuth protocol, simply because Hunnicutt’s access cache system does not involve the OAuth protocol. D. Accordingly, we sustain the Examiner’s rejection of claim 1, and for the same reasons we also sustain the Examiner’s rejection of claims 2, 5, 9, 28, 30, 31, 34, and 35, which Appellants argue together as a group along with claim 1. See App. Br. 24—25. We also sustain the Examiner’s rejections of claims 3, 4, 13, 14, 32, and 33, for which Appellants’ do not present arguments for separate patentability. See App. Br. 25. DECISION The Examiner’s rejection of claims 1—5, 9, 13, 14, 28, and 30-35 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 41.50(f). AFFIRMED 9 Copy with citationCopy as parenthetical citation