Ex Parte WrayDownload PDFBoard of Patent Appeals and InterferencesAug 11, 200810202050 (B.P.A.I. Aug. 11, 2008) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte MICHAEL WRAY ____________ Appeal 2008-2326 Application 10/202,050 Technology Center 2100 ____________ Decided: August 11, 2008 ____________ Before KENNETH W. HAIRSTON, JOHN A. JEFFERY, and MARC S. HOFF, Administrative Patent Judges. JEFFERY, Administrative Patent Judge. DECISION ON APPEAL Appellant appeals under 35 U.S.C. § 134 from the Examiner’s rejection of claims 1-20. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. Appeal 2008-2326 Application 10/202,050 STATEMENT OF THE CASE Appellant invented a method for authenticating a user on a computer network. Specifically, the user is authenticated to a computer on the network using a password that is unknown to the computer and via a hybrid protocol over a standard network connection. If the authentication is accepted, then the computer sends a digital certificate to the user for subsequent authentication purposes by the user.1 Claim 1 is illustrative: 1. A method for a user to authenticate to a first computer on a computer network comprises: a) a user authenticating himself to the first computer with a secret password unknown to the first computer and by means of a hybrid protocol over a standard network connection; and b) if the authentication is accepted, the first computer then sends a digital certificate to the user, for subsequent use by the user to authenticate himself by means of the digital certificate to the first computer or other computers over a standard network connection. The Examiner relies on the following prior art references to show unpatentability: Birrell US 5,805,803 Sep. 8, 1998 Sean Deuby, Windows 2000 Server: Planning and Migration, 1st ed., pp. 82-90, 1999 (“Deuby”). Jalal Feghhi et al., Digital Certificates: Applied Internet Security, pp. 61-69, 166, 1999 (“Feghhi”). T. Wu, The SRP Authentication and Key Exchange System (RFC2945), The Internet Society, Sep. 1, 2000 (“Wu”). 1 See generally Spec. 2:6-5:26. 2 Appeal 2008-2326 Application 10/202,050 Toni Nykänen, Attribute Certificates in X.509, Tik-110.501 Seminar on Network Security, HUT TML 2000, 2000 (“Nykänen”). 1. Claims 1 and 16 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Wu and Deuby. 2. Claims 1-20 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Wu, Birrell, and Feghhi. 3. Claim 11 stands rejected under 35 U.S.C. § 103(a) as unpatentable over Wu, Birrell, Feghhi, and Nykänen. Rather than repeat the arguments of Appellant or the Examiner, we refer to the Briefs and the Answer for their respective details. In this decision, we have considered only those arguments actually made by Appellant. Arguments which Appellant could have made but did not make in the Briefs have not been considered and are deemed to be waived. See 37 C.F.R. § 41.37(c)(1)(vii). The Obviousness Rejection Over Wu and Deuby We first consider the Examiner’s obviousness rejection of claims 1 and 16 over Wu and Deuby (Ans. 3-4). Regarding independent claim 1, Appellant argues that the prior art does not teach or suggest the first computer sending a digital certificate to the user for subsequent use by the user for authentication over a standard network connection if authentication is accepted. Additionally, Appellant argues even if the session ticket of Deuby is analogous with a digital certificate, it is not sent after the Key Distribution Center (KDC) accepts user authentication. Rather, Appellant argues, the KDC sends the session keys to the user responsive to a request, 3 Appeal 2008-2326 Application 10/202,050 and authentication is accepted once the session keys are decrypted by the client and server and confirmation of such is received. Appellant adds that the cited prior art fails to disclose user authentication with a secret password unknown to the first computer as claimed since, among other things, the KDC in Deuby knows the keys of the client and server (i.e., the first computer) (App. Br. 6-8). Appellant asserts essentially the same arguments with respect to independent claim 16 (App. Br. 9-12). The Examiner indicates that Deuby’s “ticket-granting ticket” (TGT) corresponds to the recited digital certificate. According to the Examiner, since the TGT is later sent to the KDC for obtaining a session ticket, it fully meets the “subsequent use” limitation in step (b) of claim 1 (Ans. 10-12). The Examiner adds that Wu fully meets the secret password limitation of step (a) since the first computer in that reference (i.e., the host) knows only the password verifier (v)—not the password (p). In any event, the Examiner contends, Deuby also meets this limitation since the KDC knows only the hash of the user’s password—not the password itself (Ans. 12-13). Also, the Examiner notes that the client/server connections in the cited prior art fully meet a “standard network connection” as claimed (Ans. 14). ISSUE The issue before us, then, is whether Appellant has shown that the Examiner erred in finding that the collective teachings of Wu and Deuby teach or suggest the limitations of independent claims 1 and 16. The issue turns on whether (1) Deuby’s TGT reasonably corresponds to the recited digital certificate, and (2) the “first computer” in Wu or Deuby does not 4 Appeal 2008-2326 Application 10/202,050 know the user’s authenticating password. For the following reasons, we find that no such error has been shown. FINDINGS OF FACT 1. Wu discloses a network authentication mechanism (Secure Remote Password (SRP)) that enables negotiating secure connections using a user- supplied password and secure key exchange (Wu, Abstract). To this end, the SRP protocol employs a hash function to generate session keys and authentication proofs. In Wu, the host stores user passwords as triplets that include (1) the username; (2) the password verifier; and (3) the “salt.”2 (Wu 3:14-25). 2. To authenticate, the client in Wu first sends the username to the host. In response, the host sends the client the salt stored on the host under the client’s username. Then, after the client generates a random number that is used to obtain a result from a particular expression (“A”), the client sends this result to the host. Upon receipt, the host performs the same process, but adds the public verifier (v), and then sends this result (from expression “B”) to the client. Both the client and the host then construct the shared session key based on their respective formulas (Wu 3:32-4:19). 3. In Wu, constructing the shared session key by both the client and the host involve each entity determining the result of a particular expression (“S”)—results that are based in part on the password and password verifier, respectively. On the client side, “S” is determined based on, among other things, the values of expression “B” (i.e., received from the host) and value of expression “x” which is expressed in terms of, among other things, the 2 Wu indicates that the “salt” is expressed as “ = random ( ).” (Wu 3). 5 Appeal 2008-2326 Application 10/202,050 raw password (p) (Wu, 4:8-10 (listing expressions for “x” and “S”)). On the host side, however, “S” is determined based on a formula which includes the value of expression “A” (i.e., received from the client). Significantly, unlike the client, the formula for “S” on the host does not depend on the value of “x” (which is expressed in terms of the raw password (p)), but rather is based in part on the password verifier (v). See Wu 4:10 (listing expressions for “S” for the client and host, respectively). 4. Deuby discloses an authentication protocol, known as “Kerberos,” that operates with Windows 2000 servers and clients (Deuby 82:10-21, 83:19-22). In a typical implementation, the user at a workstation is authenticated via a Key Distribution Center (KDC)—a server that essentially functions as an authentication service for clients using the system (Deuby 84:19-21). 5. One key function of Deuby’s KDC is that it grants “tickets” to users not only for identification, but also to indicate the permissible range of activities allowed by the KDC. The KDC can issue various types of tickets, including session tickets, server tickets, and ticket-granting tickets (TGTs) (Deuby 84:7-18). 6. A typical example of Deuby’s authentication system is shown in Figures 3.13 through 3.16. In this example, the user ultimately wants to access resources on an Exchange server (i.e., the “Brahma” server shown in Figure 3.14). To this end, the user first must acquire a TGT from the KDC. Therefore, the user sends an “authentication service request” (i.e., the user’s hashed password bundled with security information) to the KDC. Upon receipt, the KDC verifies the user by comparing the password hash to what it develops from its own copy of the user’s key. If successful, then the KDC 6 Appeal 2008-2326 Application 10/202,050 sends the user a TGT—a ticket that is used to get other tickets (Deuby 84:27-85:8; Fig. 3.13). 7. Once the user in Deuby obtains the TGT, the user can then initiate the process of accessing the Exchange server. To do this, the user first sends the TGT and a “ticket-granting service” (TGS) request to the KDC. Upon receipt, the KDC uses the information in the TGT to construct a “session ticket” which is sent back to the user. The user then sends the session ticket to the Exchange server to request access to the requested service. Upon receipt, the Exchange server opens the session ticket and sets up the session with the user (Deuby 85:11-88:2; Figs. 3.14-3.16). 8. Birrell discloses a client computer connected to public network (e.g., the internet). A firewall 130 and a “tunnel” 140 is provided between a client 110 computer and an intranet 150 with private resources 160 to be accessed (Birrell, col. 3, ll. 14-20; Fig. 1). The tunnel comprises (1) checker 141; (2) redirector 142; and (3) proxy server 143 that ultimately establish the requisite connection between the user and the intranet to enable the user to access the intranet’s private resources. 9. As shown in Figure 3 of Birrell, the client exchanges various messages between the components of the tunnel to ultimately establish this connection to the private resources (Birrell, col. 4, ll. 1-64; Figs. 2-3). As part of this procedure, the checker supplies the client a validation token 299—a token that can be in the form of an X.500 certificate (Birrell, col. 4, ll. 37-40; Fig. 3 (Step 360)). Upon receipt, the client then sends this token along with the request for the resource to the proxy server where the token is validated. If the token is valid, then the proxy server forwards the 7 Appeal 2008-2326 Application 10/202,050 authenticated request to the specified resource inside the firewall (Birrell, col. 4, ll. 47-54; Fig. 3). 10. Feghhi teaches providing public key information as part of a digital certificate (Feghhi 68:10-12). PRINCIPLES OF LAW In rejecting claims under 35 U.S.C. § 103, it is incumbent upon the Examiner to establish a factual basis to support the legal conclusion of obviousness. See In re Fine, 837 F.2d 1071, 1073 (Fed. Cir. 1988). In so doing, the Examiner must make the factual determinations set forth in Graham v. John Deere Co., 383 U.S. 1, 17 (1966). Discussing the question of obviousness of a patent that claims a combination of known elements, KSR Int’l v. Teleflex, Inc., 127 S. Ct. 1727 (2007), explains: When a work is available in one field of endeavor, design incentives and other market forces can prompt variations of it, either in the same field or a different one. If a person of ordinary skill can implement a predictable variation, § 103 likely bars its patentability. For the same reason, if a technique has been used to improve one device, and a person of ordinary skill in the art would recognize that it would improve similar devices in the same way, using the technique is obvious unless its actual application is beyond his or her skill. Sakraida [v. AG Pro, Inc., 425 U.S. 273 (1976)] and Anderson's-Black Rock[, Inc. v. Pavement Salvage Co., 396 U.S. 57 (1969)] are illustrative—a court must ask whether the improvement is more than the predictable use of prior art elements according to their established functions. KSR, 127 S. Ct. at 1740. If the claimed subject matter cannot be fairly characterized as involving the simple substitution of one known element for another or the mere application of a known technique to a piece of prior art 8 Appeal 2008-2326 Application 10/202,050 ready for the improvement, a holding of obviousness can be based on a showing that “there was an apparent reason to combine the known elements in the fashion claimed.” Id. at 1740-41. Such a showing requires “some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness. . . . [H]owever, the analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” Id. at 1741 (quoting In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006)). If the Examiner’s burden is met, the burden then shifts to the Appellant to overcome the prima facie case with argument and/or evidence. Obviousness is then determined on the basis of the evidence as a whole and the relative persuasiveness of the arguments. See In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992). ANALYSIS Based on the functionality of Wu noted in the Findings of Fact section above, we agree with the Examiner that the host (i.e., the “first computer”) in Wu’s authentication procedure does not know the user’s password. As the Examiner indicates (Ans. 13), the host in Wu knows only the password verifier (v)—not the password (p) itself. This fact is readily apparent from Page 4 of Wu which shows the stored password verifier (v) at the host and the raw password (p) at the client. Furthermore, constructing the shared session key by both the client and the host in Wu involves each entity determining the result of a particular expression (“S”)—results that are based in part on the password and 9 Appeal 2008-2326 Application 10/202,050 password verifier, respectively (Findings of Fact (FF) 1-3). Based on this functionality, we find no error in the Examiner’s position that the host would not know the user’s password. As indicated above, it is the password verifier that the host uses in this authentication procedure—not the password itself. We also find no error in the Examiner’s reliance on Deuby as teaching the digital certificate limitation of claims 1 and 16. Based on the function of the TGT in Deuby’s authentication procedure (FF 4-7), we agree with the Examiner that the TGT reasonably constitutes a digital certificate that the user subsequently uses for authentication over a standard network connection, as claimed. First, the TGT is a digital form of information that is used not only for identification, but also to indicate the permissible range of activities allowed by the KDC (FF 5). In this sense, the TGT is said to be “like a driver’s license” (Deuby 84:7-8) and, as a digital form of information that is transferred between the KDC and the user, fully meets a “digital certificate.” Furthermore, the user subsequently uses the TGT for authentication at least with respect to the KDC (i.e., the “first computer”) in conjunction with a TGS request as shown in Figure 3.15 (Step 2). The TGT also effectively authenticates the user with respect to the Exchange server as well since the user could not access the requested services on the Exchange server but for the issuance of the TGT. The fact that two authentication procedures are used in Deuby as Appellant argues (Reply Br. 3) does not detract from the fact that the TGT is subsequently used by the user for authentication purposes. Not only do we find that this functionality in Deuby fully meets the digital certificate limitation of claims 1 and 16, but we also note that 10 Appeal 2008-2326 Application 10/202,050 Appellant has not persuasively rebutted the Examiner’s position (Ans. 12- 13) regarding the KDC’s functionality with respect to the user’s password. As we noted previously, the user in Deuby sends an “authentication service request” in the form of the user’s hashed password bundled with security information to the KDC which is verified by comparing the password hash to what the KDC develops from its own copy of the user’s key (FF 6). In this procedure, the KDC does not use the password itself, but rather the hash of the password. As such, we find no error in the Examiner’s position that the KDC does not know the user’s password, but rather the hash of the password. Lastly, we find that the network connections used in both Wu and Deuby fully meet a “standard network connection” in view of the scope and breadth of the limitation. We therefore find all limitations of claims 1 and 16 fully met by the collective teachings of Wu and Deuby and the references are reasonably combinable. We see no reason why Deuby’s teaching of issuing digital certificates could not be applied upon acceptance of authentication in a system such as that disclosed by Wu which likewise employs a secure authentication system. Such a modification, in our view, is tantamount to the predictable use of prior art elements according to their established functions -- an obvious improvement. See KSR, 127 S. Ct. at 1740. For the foregoing reasons, Appellant has not persuaded us of error in the Examiner’s rejection of independent claims 1 and 16. Therefore, we will sustain the Examiner’s obviousness rejection of those claims. 11 Appeal 2008-2326 Application 10/202,050 The Obviousness Rejection Over Wu, Birrell, and Feghhi Claim 1 We now consider the Examiner’s obviousness rejection of claims 1-20 over Wu, Birrell, and Feghhi (Ans. 4-7). Regarding independent claim 1, Appellant argues that the cited references considered individually and in combination fail to teach or suggest the limitations of the claim (App. Br. 13-15). The Examiner indicates that not only does Birrell use a standard network connection, but the reference also teaches issuing a digital certificate to a user (i.e., via the checker 141) to allow the user to supply authentication information. This teaching, the Examiner contends, would have been combinable with Wu’s authentication procedure in light of Feghhi—a reference that is said to provide the motivation to combine (Ans. 15-18). The issue before us, then, is whether Appellant has shown that the Examiner erred in concluding that the limitations of claim 1 would have been obvious to ordinarily skilled artisans over the collective teachings of Wu, Birrell, and Feghhi. For the following reasons, we find that no such error has been shown. At the outset, our previous discussion with respect to the disclosure of Wu applies equally here and we therefore incorporate that discussion by reference. We also find no error in the Examiner’s reliance on Birrell for teaching a digital certificate as claimed. In our view, Birrell’s validation token (FF 9) fully meets a digital certificate as claimed. Not only does Birrell expressly state that the token can be an X.500 certificate, it is also used by the user for authentication with respect to the proxy server. We see no reason why this teaching of issuing 12 Appeal 2008-2326 Application 10/202,050 digital certificates could not be applied upon acceptance of authentication in a system such as that disclosed by Wu which likewise employs a secure authentication system. Such a modification, in our view, is tantamount to the predictable use of prior art elements according to their established functions -- an obvious improvement. See KSR, 127 S. Ct. at 1740. Furthermore, we find that the connection in Birrell fully meets a “standard network connection” since both non-secure HTTP and secure HTTPS protocols are employed (Birrell, col. 3, ll. 5-13; Fig. 1). Since we find that all limitations of claim 1 are fully met by the collective teachings of Wu, Birrell, and Feghhi, we find no error in the Examiner’s obviousness rejection of that claim. Claims 2-11 and 13-15 Appellant argues claims 2-15, 17, and 18 as a group. Of these claims, Appellant does not separately argue with particularity the limitations of claims 2-11 and 13-15 apart from merely asserting that these claims recite further features and/or combinations of features that are patentably distinct from the cited prior art (App. Br. 15-16). Such conclusory assertions without supporting explanation or analysis particularly pointing out errors in the Examiner’s reasoning fall well short of persuasively rebutting the Examiner's prima facie case of obviousness. See In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992). We therefore sustain the Examiner’s rejection of claims 2-11 and 13-15 for the reasons indicated previously. 13 Appeal 2008-2326 Application 10/202,050 Claim 12 Appellant, however, does present specific arguments with respect to claim 12, namely that the prior art fails to teach or suggest that the user is (1) authenticated initially using a secret password and hybrid protocol, and then (2) authenticated in a subsequent session using a digital certificate and public key encryption (App. Br. 16). However, we agree with the Examiner (Ans. 20) that Wu’s mutual authentication procedure involves using a secret password and hybrid protocol, and that Birrell teaches the digital certificate limitation. As we noted above, we find ample reason to combine these teachings. Moreover, we note that Feghhi teaches providing public key information as part of a digital certificate (Feghhi 68:10-12). In light of these collective teachings, we find no error in the Examiner’s findings that ordinarily skilled artisans would have employed the recited authentication procedures including using digital certificates and public key encryption in the subsequent session as claimed. For the foregoing reasons, Appellant has not persuaded us of error in the Examiner’s rejection of claim 12. Therefore, we will sustain the Examiner’s rejection of that claim. Claims 17 and 18 Regarding claims 17 and 18, Appellant argues that since Birrell uses HTTPS communications protocol, it apparently needs an address for the checker or proxy server to establish the connection. As such, Appellant contends, the cited prior art fails to teach user authentication without knowledge of the first computer’s domain name as claimed (App. Br. 16; 14 Appeal 2008-2326 Application 10/202,050 Reply Br. 4). The Examiner, however, notes that nowhere in Wu is there any disclosure that the user knows the first computer’s domain name in the authentication process, and, in any event, such knowledge is not required when communicating with a computer (Ans. 20). Based on the record before us, we find that Appellant has simply not shown error in the Examiner’s position—a position that we find reasonable. First, despite the absence of the computer’s domain name in Wu as noted by the Examiner, Appellant has not shown that a domain name would nonetheless be known to the first computer in that system. Appellant has simply not rebutted the Examiner’s position in this regard. Nor has Appellant persuasively rebutted the Examiner’s position regarding domain names not being required for computer communication—a position that we likewise find reasonable. Appellant’s argument that domain names are apparently needed in view of the HTTPS protocol used in Birrell is unsupported by any evidence on this record proving such an assertion. While we can envision domain names being used in such communications (e.g., internet-based communications), Appellant has simply not shown why they would be needed in Birrell. That is, it is equally plausible on the record before us that such communications would not need domain names, but rather some alternative form of computer identification could be employed in lieu of domain names (e.g., numerical addresses or other identifiers). For the foregoing reasons, Appellant has not persuaded us of error in the Examiner’s rejection of claims 17 and 18. 15 Appeal 2008-2326 Application 10/202,050 Claim 16 Although Appellant presents separate arguments with respect to the Examiner's rejection of claim 16 (App. Br. 17-19), we are not persuaded by these arguments essentially for the reasons we indicated with respect to claim 1. The rejection of claim 16 over the collective teachings of Wu, Birrell, and Feghhi is therefore sustained. Claims 19 and 20 Likewise, since Appellant’s arguments with respect to claims 19 and 20 (App. Br. 19-20) essentially reiterate the same arguments we considered with respect to claims 17 and 18 above, we will sustain the Examiner’s rejection of claims 19 and 20 for similar reasons. The Obviousness Rejection Over Wu, Birrell, Feghhi, and Nykänen We will also sustain the Examiner's obviousness rejection of claim 11 over the collective teachings of Wu, Birrell, Feghhi, and Nykänen (Ans. 7- 8). Appellant did not present any arguments pertaining to this rejection, let alone particularly point out errors in the Examiner’s reasoning to persuasively rebut the Examiner’s prima facie case of obviousness. The rejection of claim 11 is therefore sustained. CONCLUSIONS OF LAW Appellant has not shown that the Examiner erred in finding that the collective teachings of Wu and Deuby teach or suggest the limitations of independent claims 1 and 16. Nor has Appellant shown that the Examiner erred in finding that the collective teachings of Wu, Birrell, and Feghhi teach 16 Appeal 2008-2326 Application 10/202,050 or suggest the limitations of claim 1-20. Also, Appellant has not shown error in the Examiner’s rejection claim 11 over the collective teachings of Wu, Birrell, Feghhi, and Nykänen. DECISION We have sustained the Examiner's rejections with respect to all claims on appeal. Therefore, the Examiner’s decision rejecting claims 1-20 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). 17 Appeal 2008-2326 Application 10/202,050 AFFIRMED eld HEWLETT PACKARD COMPANY P O BOX 272400, 3404 E. HARMONY ROAD INTELLECTUAL PROPERTY ADMINISTRATION FORT COLLINS CO 80527-2400 18 Copy with citationCopy as parenthetical citation
