11899159 (P.T.A.B. May. 20, 2014)

Ex Parte Stukanov

Patent Trial and Appeal BoardMay 20, 2014

11899159 (P.T.A.B. May. 20, 2014)

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte IGOR IGOREVICH STUKANOV ___________ Appeal 2011-012006 Application 11/899,159 Technology Center 2400 ____________ Before ELENI MANTIS MERCADER, MICHAEL J. STRAUSS, and DANIEL N. FISHMAN, Administrative Patent Judges. FISHMAN, Administrative Patent Judge. DECISION ON APPEAL1 This is an appeal under 35 U.S.C. § 134(a) of finally rejected claims 1-4. We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. 1 Throughout this Decision, we refer to Appellant’s Appeal Brief (“App. Br.” filed April 11, 2011), Appellant’s Reply Brief (“Reply Br.” filed July 7, 2011), the original Specification (“Spec.” filed September 5, 2007), and the Examiner’s Answer (“Ans.” mailed June 23, 2011) for the respective positions of Appellant and the Examiner. Appeal 2011-012006 Application 11/899,159 2 STATEMENT OF THE CASE THE INVENTION Appellant’s invention relates to a method and system, which allows significantly reducing efficiency of phishing attacks by fraudsters. Spec., 1:12-13. Claims 1 and 3, reproduced below are illustrative: 1. A low-cost, highly efficient, convenient for users method for reducing the impact of phishing attacks on online users consisting of the following steps: 1) a user selects a number of additional login pages called ‘safety gates’, which are placed before a user login page into a real online account; 2) for each ‘safety gate’ the user creates a username and a password to use during a login process; 3) the user enters, creates and uploads digital content consisting from text, pictures, video, audio for each ‘safety gate’, which will be displayed on a content page after successful login into the ‘safety gate’; 4) these files of uploaded digital content are stored securely on one or several geographically distributed servers; 5) the user selects what type of historical activity information should be displayed on the content pages; 6) this information of historical activity is stored securely on one or several geographically distributed servers; 7) after login into the ‘safety gate’ the page with the digital content and historical activity information is displayed, which allows the user to determine if the site is legitimate; 8) if the user recognizes all digital content and historical activity information she/he may safely login into the next ‘safety gate’; Appeal 2011-012006 Application 11/899,159 3 9) if the user does not recognize something on at least one of the content pages she/he must leave the site; 10) after successfully passing all ‘safety gates’ the user may safely login into the online account. 3. A method as in claim 1, where instead of ordinary passwords the ‘dynamic’ passwords are used as described in the patent application N 11/716,733. THE REJECTIONS Claims 3 and 4 are rejected under 35 U.S.C. § 112, second paragraph as indefinite. Claims 1-4 are rejected under 35 U.S.C. § 103(a) as unpatentable over Agarwal et al., “Phishing Forbidden,” ACM Queue (2007) and Singh (US 2007/0094727 A1). Only those arguments actually made by Appellant have been considered in this decision. Arguments that Appellant did not make in the Briefs are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(vii). SECTION 112 REJECTION The Examiner finds, “Claims 3 and 4 are indefinite because they incorporate an entire co-pending application as a limitation. It is pointed out that a patent application is not a claim limitation and it is unclear how the application is to be combined with the current claims.” Ans. 6. The Examiner further concludes the additional recitation of claims 3 and 4 is given no patentable weight. Id. Appellant argues the claim makes clear what portion of the identified co-pending application is to be relied on— Appeal 2011-012006 Application 11/899,159 4 namely, some unidentified portions that relate to “dynamic passwords.” App. Br. 5. We are not persuaded that the Examiner has erred. The Examiner correctly explains “it is not possible to ascertain the metes and bounds of the limitations by simply referencing the entire US Patent Application 11/716,733.” Ans. 13. We agree. Material external to the Specification may be “incorporated by reference.” 37 C.F.R. § 1.57. However, 37 C.F.R. § 1.57(b) requires the incorporation by reference “express a clear intent to incorporate by reference by using the root words ‘incorporat(e)’ and ‘reference’ (e.g., ‘incorporate by reference’).” We find no such express intent in Appellant’s Specification. Thus, the essential material (see 37 C.F.R. § 1.57(c)) required to understand claims 3 and 4 is not properly incorporated in the Appellant’s Specification. Furthermore, even if the external material were incorporated into the Specification, “[i]ncorporation into the claims by express reference to the specification and/or drawings is not permitted except in very limited circumstances.” Ex Parte Fressola, 27 USPQ2d 1608, 1609 (Bd. Pat. App. & Inter. 1993). In view of the above discussion, we will sustain the rejection of claims 3 and 4 under § 112, second paragraph. SECTION 103 REJECTION The Examiner finds Agarwal teaches all elements of claim 1 except “does not expressly mention the use of historical activity information in the safety gates.” Ans. 7-8. The Examiner further finds Singh teaches this feature and articulates a reason for combining Agarwal and Singh. Ans. 8-9. Appeal 2011-012006 Application 11/899,159 5 Appellant argues, inter alia, the combined references teach the sign-in seal is combined with the login screen such that there is only a single login screen. App. Br. 4. Appellant contrasts this with the express language of the claims requiring a plurality of additional login pages (referred to as “safety gates”) presented to a user before the ultimate logic page. App. Br. 4-5. The Examiner contends a single login screen: makes for an improvement over the claim limitations as the user does not need to process several logins, remember possibly multiple usernames and passwords and associate each username and password with the selected content to gain access to an account. The user only has to look at the personalized sign-in seal to determine if the login page is legitimate or not. The claimed limitations are merely a different, more complicated formulation of the cited prior art. Ans. 12-13. In other words, the Examiner concedes the prior art does not teach multiple safety gates preceding the ultimate login page, but instead reasons that a single login screen is preferred (“makes for an improvement”) over multiple safety gates (additional login pages) which lead to a final login page. Appellant argues, “[i]n contrast to this invention the proposed by the Applicant[’s] invention guaranty that the online accounts of the users will be safe even in the cases when a one or several safety gates will be compromised.” App. Br. 5. To paraphrase Appellant’s position, multiple security features are better than a single security feature. Appellant reiterates the assertion that the combination does not disclose a number (a plurality) of safety gates that precede the ultimate login page. Reply Br. 2. On the record before us, we are constrained to agree with Appellant because the Examiner has failed to show that the prior art combination teaches or reasonably suggests multiple safety gates presented to a user prior Appeal 2011-012006 Application 11/899,159 6 to presentation of the ultimate login page. Rather, the Examiner speculates that a single login page is an improvement over the claimed invention. NEW GROUNDS OF REJECTION We note that an artisan is presumed to possess both skill and common sense. See KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 421 (2007) (“A person of ordinary skill is also a person of ordinary creativity, not an automaton.”). The Court stated “[t]he combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results.” Id. at 416. First New Ground of Rejection Appellant argues that, in the combination proposed by the Examiner, a plurality of additional login pages (referred to as “safety gates”) is not presented to a user before the ultimate logic page. App. Br. 4-5. Thus, what is missing from the art of record is the teaching of additional login pages. Stoll teaches multiple login pages as part of the authentication process as an alternative to a single login page (see ¶ [0020], US Patent Application 2004/0139030 A1, effective filling date of July 19, 2002). Given the finite or limited number of predictable solutions of either using a single login page or multiple login pages, ordinary skilled artisans would have had good reasons to pursue all of these options within their technical grasp. Thus, we enter new grounds for rejection of claim 1 as unpatentable under 35 U.S.C. § 103(a) as unpatentable based on Agarwal and Singh (as presented by the Examiner) further in view of Stoll. Appeal 2011-012006 Application 11/899,159 7 Second New Ground of Rejection Furthermore, we note that claim 1 recites the mere duplication of elements (e.g., multiple login pages) without providing a new and unexpected result. See, e.g., MPEP § 2144.04(VI)(B) (citing In Re Harza, 274 F.2d 669 (CCPA 1960)). Here, we discern no new or unexpected result from the use of multiple login screens as compared with use of a single login screen. Therefore, we additionally reject claim 1 under 35 U.S.C. § 103(a) as unpatentable over Agarwal and Singh (as presented by the Examiner) because it would have been obvious to an ordinarily skilled artisan to modify the combined teachings to present additional login screens to a user for the predictable result of enhanced security attained by added layers of security. In view of the above discussion we reverse the Examiner’s rejection under § 103 of claim 1 and claims 2-4 dependent therefrom and we designate new grounds of rejection with respect to claim 1. Although we decline to reject every claim under our discretionary authority under 37 C.F.R. § 41.50(b), we emphasize that our decision does not mean the remaining claims (2-4) are patentable. Rather, we leave the patentability determination of the remaining claims to the Examiner. See MPEP § 1213.02. Appeal 2011-012006 Application 11/899,159 8 DECISION For the above reasons, the Examiner’s decision to reject claims 3 and 4 under § 112 is affirmed. For the above reasons, the Examiner’s decision to reject claims 1-4 under § 103(a) is reversed. We have entered new grounds of rejection against claim 1 under § 103 pursuant to our authority under 37 C.F.R. § 41.50(b). 2 37 C.F.R. § 41.50(b) provides that, “[a] new ground of rejection pursuant to this paragraph shall not be considered final for judicial review.” 37 C.F.R. § 41.50(b) also provides that the Appellant, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new grounds of rejection to avoid termination of proceedings as to the rejected claims: (1) Submit an appropriate amendment of the claims so rejected or new evidence relating to the claims so rejected, or both, and have the matter reconsidered by the Examiner, in which event the proceeding will be remanded to the Examiner … (2) Request that the proceeding be reheard under 37 C.F.R. § 41.52 by the Board upon the same record … No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART 37 C.F.R. § 41.50(b) 2 The Examiner has indicated that the indefinite recitations for claims 3 and 4 deserve no patentable weight. In this light, should prosecution continue, we suggest the Examiner consider whether claims 3 and 4 should also be rejected pursuant to 35 U.S.C. §112, fourth paragraph as not further limiting the claim from which they depend. Appeal 2011-012006 Application 11/899,159 9 tj