12975738 (P.T.A.B. Feb. 11, 2016)

Ex Parte Wang et al

Patent Trial and Appeal BoardFeb 11, 2016

12975738 (P.T.A.B. Feb. 11, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 12/975,738 12/22/2010 50400 7590 02/16/2016 SCHWEGMAN LUNDBERG & WOESSNER/SAP P.O. BOX 2938 MINNEAPOLIS, MN 55402 Hualin Wang UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 2058.579US 1 6084 EXAMINER WOLDEMARIAM, NEGA ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 02/16/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): uspto@slwip.com SLW@blackhillsip.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte HUALIN WANG and YANG-CHENG FAN Appeal2014-003117 Application 12/975,738 Technology Center 2400 Before ST. JOHN COURTENAY III, THU A. DANG, and LARRY J. HUME, Administrative Patent Judges. DANG, Administrative Patent Judge. DECISION ON APPEAL Appeal2014-003117 Application 12/975,738 l. STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. Â§ 134(a) of the final rejection of claims 1-20. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We affirm. A. INVENTION According to Appellants, the invention relates to providing "session secure web content delivery." (Abstract). B. ILLUSTRATIVE CLAIM Claim 1 is exemplary: 1. A method comprising: initiating a session on a web server in response to a resource request received from a requestor; generating a session key that is in scope with regard to and during the session; retrieving the requested resource; identifying Uniform Resource Identifiers (URI's) included within data of the requested resource; generating cipher text for at least a portion of each of the identified URI's according to an encryption algorithm utilizing the session key as an encryption key; replacing at least the portion of the identified URI's within the retrieved requested resource with respective cipher text; and sending the requested resource including the cipher text to the requestor. (disputed limitations lettered and emphasized) C. REJECTION The prior art relied upon by the Examiner as evidence in rejecting the claims on appeal is: 2 Appeal2014-003117 Application 12/975,738 Beck US 2007 /0239998 Al (hereinafter "Beck") Giblin et al. US 2008/0313469 Al (hereinafter "Giblin") Oct. 11, 2007 Dec. 18, 2008 Claims 1-20 stand rejected underÂ§ 103(a) as being unpatentable over Beck and Giblin. II. ISSUE The principal issue before us is whether the Examiner erred in finding the combination of Beck and Giblin teaches or would have suggested "generating cipher text for at least a portion of each of the identified URI's according to an encryption algorithm utilizing the session key as an encryption key" where the "session key" is generated "during the session" (claim 1 ). III. FD'.JDINGS OF FACT The following Findings of Fact (FF) are shown by a preponderance of the evidence. Beck 1. Beck discloses a system for dynamic binding of access and usage rights to computer-based resources. (Title). 2. Beck teaches that, to send the requested content to the client, the server may secure the content in accordance with a session key negotiated with the client. (i-f 59). 3 Appeal2014-003117 Application 12/975,738 Giblin 1. Giblin discloses a resource provider server's use of symmetric or asymmetric encryption keys in order to hide resources or other information in the URI. (i-fi-f 26, 41, 47). IV ANALYSIS Appellants contend: Giblin generally discloses 'stateless methods for resource hiding and access control support' using 'URI encryption,' Giblin at Title. However, Giblin explicitly relies on the use of a predetermined key for encryption and decryption .... The use of a predetermined key allows Giblin to encrypt/ decrypt in a stateless manner (i.e., not unique to a particular session of interaction between a client and a web server.) In contrast, Appellants' claimed embodiments use a dynamically created session key, unique to a particular session of interaction between a client and a web server, to encrypt/decrypt a URI (or portions of a URI) .... Therefore, Appellants' embodiments are stateful, rather than stateless as in Giblin. (App. Br. 11-12). Appellants further explain: The stateful nature of Appellants' embodiments obviates the need for a client and the web server to agree upon a predetermined key for encryption and decryption ofURis between the client and the web server. Furthermore, because Appellants' embodiments encrypt URis using the session key, which is unique to each session of interaction between a client and a web server, the URis returned to the client will be unresolvable by other users; this serves to prevent unauthorized users from accessing resources secured by Appellants' embodiments despite URI sharing between authorized and unauthorized users. (App. Br. 12). 4 Appeal2014-003117 Application 12/975,738 Appellants, in conclusion, contend "in view of the admitted deficiency of Beck and the failure of Giblin to provide a teaching or suggestion of a stateful encryption key ... the asserted combination of Beck and Giblin fails to support a prima facie showing of obviousness with regard to independent claims 1, 8, and 15." (App. Br. 12) We consider all of Appellants' arguments and evidence presented, and disagree with Appellants' contentions regarding the Examiner's rejections of the claims. We adopt as our own: ( 1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken, and (2) the reasons set forth by the Examiner in the Answer in response to arguments made in Appellants' Appeal Brief. We highlight and address specific findings and arguments below: We note, at the outset, that Appellants' contentions on argued words "stateful," and "dynamically created" are not commensurate in scope with the recited language of claim 1. (App. Br. 11-12). In particular, claim 1 does not require encryption in a "stateful" manner, nor does it require "dynamically" created session keys. Instead, claim 1 merely requires "an encryption algorithm utilizing the session key as an encryption key" where the "session key" is generated "during the session." Regarding Appellants' argument that the embodiments disclosed in the Specification are "stateful," rather than "stateless as in Giblin" (App. Br. 11-12), absent a clear limiting definition, we do not read limitations from the Specification into the claims. Our analysis follows our reviewing court's guidance: Though understanding the claim language may be aided by the explanations contained in the written description, it is important not to import into a claim limitations that are not a part of the 5 Appeal2014-003117 Application 12/975,738 claim. For example, a particular embodiment appearing in the written description may not be read into a claim when the claim language is broader than the embodiment. SuperGuide Corp. v. DirecTV Enters, Inc., 358 F.3d 870, 875 (Fed. Cir. 2004) (citing Electro Med. Sys. S.A. v. Cooper Life Sci., Inc., 34 F.3d 1048, 1054 (Fed. Cir. 1994). "[A]lthough the specification often describes very specific embodiments of the invention," Phillips v. AWH Corp., 415 F.3d 1303, 1323 (Fed. Cir. 2005), the U.S. Court of Appeals for the Federal Circuit "ha[ s] repeatedly warned against confining the claims to those embodiments. [C]laims may embrace 'different subject matter than is illustrated in the specific embodiments in the specification."' (Id). We note because "applicants may amend claims to narrow their scope, a broad construction during prosecution creates no unfairness to the applicant or patentee." In re ICON Health and Fitness, Inc., 496 F.3d 1374, 1379 (Fed. Cir. 2007) (citation omitted). Here; we are not persuaded by Appellants' arguments and conclude the plain language of method claim 1 does not expressly limit the creation or operating environment of encryption keys. Furthermore, we are also not persuaded the Examiner erred in rejecting claim 1 based on the combination of the cited Beck and Giblin references. Beck's session key, which is negotiated with the client, teaches or suggests using a "session key" generated "during the session," as recited in claim 1. (FF 1, 2). We find no error with the Examiner's reliance on Beck for teaching or suggesting the contested claim limitation "generating a session key ... during the session." (Final Act. 4--5 and Ans. 13-14, citing Beck i-f 59). That is, we are persuaded by the Examiner's finding Beck's 6 Appeal2014-003117 Application 12/975,738 session key created as a result of negotiating with the client during the session teaches or suggests "generating a session key ... during the session" as recited in claim 1. Further, we note Appellants are arguing the references separately as Appellants do not address the Examiner's findings in the Final Rejection regarding the Beck reference. Since the Examiner rejects the independent claims 1, 8, and 15 as obvious over the combined teachings of Beck Giblin, the test for obviousness is not what the references show individually but what the combined teachings would have suggested to one of ordinary skill in the art. See In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). The Supreme Court has determined the conclusion of obviousness can be based on the interrelated teachings of multiple patents, the effects of demands known to the design community or present in the marketplace, and the background knowledge possessed by a person having ordinary skill in the art. KSR Int'! Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). The skilled artisan "is also a person of ordinary creativity, not an automaton." Id. at 420-421. On this record, we are not persuaded that generating a session key as an encryption key to protect the URI, as taught or suggested by Giblin, and where the session key is generated during the session, as disclosed by Beck, would have been "uniquely challenging or difficult for one of ordinary skill in the art." Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR, 550 U.S. at 418). In fact, Giblin suggests a person of skill in the art will recognize the use of any one of many industry standard or non-standard encryption algorithms may be used in encrypting 7 Appeal2014-003117 Application 12/975,738 URls requested by a user. (Final Act. 5, citing Giblin par. 26). Therefore, we find the Examiner's proffered combination of familiar prior art elements according to their established functions would have conveyed a reasonable expectation of success to a person of ordinary skill having common sense at the time of the invention. Accordingly, we find Appellants have not shown the Examiner erred in rejecting independent claim 1 and independent claims 8 and 15 falling therewith (App. Br. 11), and claims 2-7, 9-14, and 16-20, depending respectively therefrom, but not separately argued over Beck and Giblin. CONCLUSION AND DECISION We affirm the Examiner's rejection of claims 1-20 under 35 U.S.C. Â§ 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l)(iv) (2011). AFFIRMED 8