Ex Parte Zhang et alDownload PDFPatent Trial and Appeal BoardJun 13, 201310987762 (P.T.A.B. Jun. 13, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte PENG ZHANG and ZHENG YAN ____________ Appeal 2011-000177 Application 10/987,762 Technology Center 2400 ____________ Before JOHN A. JEFFERY, MARC S. HOFF, and BARBARA A. PARVIS, Administrative Patent Judges. PARVIS, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1-6 and 15-29. 1 We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 Claims 7-14 have been cancelled. Appeal 2011-000177 Application 10/987,762 2 STATEMENT OF THE CASE Appellants’ invention relates to computer networks and, more specifically, to a virtual private network system based on root-trust module computing platforms. Spec. 1, ll. 8-9. The system manages root-trust based platforms in the network, and enables verification among the platforms. Abstract. Independent claim 1 is illustrative: 1. An apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to: implement a root-trust layer; implement trust verification of an operating system to establish root-trust between the operating system and the root-trust layer; implement trust verification of one or more applications to establish root-trust between the one or more applications and the operating system; request root-trust information associated with a device from a management server via a virtual private networking (VPN) network to verify that the device is a trusted entity, the root- trust information indicating that the device has established a root-trust chain involving a root-trust layer of the device, an operating system of the device, and an application of the device; open a VPN connection with the device upon verification that the device is a trusted entity; and allow the one or more applications to communicate with the device via the VPN connection. Appeal 2011-000177 Application 10/987,762 3 THE REJECTIONS The Examiner rejected claims 1, 2, 2 5, 15, 17, 18, 21-25, 27, and 28 under 35 U.S.C. § 103(a) as unpatentable over Hino (US 2003/0221114 A1; published Nov. 27, 2003; filed Mar. 3, 2003) and Giniger (US 6,751,729 B1; issued June 15, 2004; filed July 22, 1999). Ans. 2, 5-9. The Examiner rejected claims 3, 4, 16, 19, and 20 under 35 U.S.C. § 103(a) as unpatentable over Hino, Giniger, and Proudler (US 2004/0151319 A1; published Aug. 5, 2004; filed Oct. 16, 2003). Ans. 2, 9- 10. The Examiner rejected claim 6 under 35 U.S.C. § 103(a) as unpatentable over Hino, Giniger, and Gordon (US 6,671,729 B1; issued Dec. 30, 2003; filed June 15, 2000). Ans. 2, 10. The Examiner rejected claim 26 under 35 U.S.C. § 103(a) as unpatentable over Hino, Giniger, and Weeks (US 2002/0087859 A1; published July 4, 2002). Ans. 3, 10-11. The Examiner rejected claim 29 under 35 U.S.C. § 103(a) as unpatentable over Hino, Giniger, and Aljadeff (US 2003/0232598 A1; published Dec. 18, 2003; filed June 13, 2002). Ans. 3, 11. THE OBVIOUSNESS REJECTION OVER HINO AND GINIGER The Examiner finds that Hino discloses all but one of the limitations of claim 1. Ans. 5-6, 12-15. Although the Examiner acknowledges that 2 Since claim 3 depends from claim 16 which was rejected over Hino, Giniger, and Proudler as noted below, we presume that the Examiner intended to so reject claim 3 and present the correct claim listing here for clarity. Accordingly, we treat any error associated with this inconsistency as harmless. Appeal 2011-000177 Application 10/987,762 4 Hino does not explicitly teach an external authentication, by a third party, using root-trust information (Ans. 5-6, 15), the Examiner finds that Giniger teaches this feature by disclosing edge devices authenticating themselves with a management server. Ans. 5-6, 15. Appellants argue that Giniger fails to teach or suggest that the root- trust information indicates that the target device has also established a root- trust chain involving the target device’s root-trust layer, operating system, and application, as recited in claim 1. Br. 5. Appellants further argue that Hino does not cure this defect because, although Hino describes root-trust at the operating system level, Hino does not state that an aggregate of information regarding root-trust indicates that a root-trust chain has been established where the chain includes a root-trust layer of the device, an operating system of the device, and an application of the device. Br. 6. Appellants also argue that none of the reporting disclosed by Hino is described as being external to the device, so Hino fails to disclose the claimed external interactions regarding trust. Br. 7. ISSUE Under § 103(a), has the Examiner erred in rejecting claim 1 by finding that Hino and Giniger collectively would have taught or suggested the root- trust information indicating that the device has established a root-trust chain involving a root-trust layer of the device, an operating system of the device, and an application of the device? Appeal 2011-000177 Application 10/987,762 5 ANALYSIS Claims 1, 2, 5, 15, 17, 18, 21-25, 27, and 28 We begin by noting that Appellants do not dispute the Examiner’s findings, except for one limitation of independent claim 1, “the root-trust information indicating that the device has established a root-trust chain involving a root-trust layer of the device, an operating system of the device, and an application of the device.” Br. 5-7. Appellants’ arguments regarding the disputed limitation are for the most part directed to individual shortcomings of the cited references. Br. 5-7. However, Appellants do not contend that the references have been improperly combined. On this record, we find no error in the Examiner’s obviousness rejection of independent claim 1. The Examiner finds that Hino and Giniger collectively teach or suggest the disputed limitation. Ans. 5-6, 12-15. First, the Examiner finds that Hino teaches or suggests the claimed root-trust chain, which involves “a root-trust layer of the device, an operating system of the device, and an application of the device.” Ans. 5, 13-14. The Examiner maps: (1) Hino’s Bios Boot Block and the BIOS to the claimed root trust layer of the device, (2) Hino’s OS 14 to the claimed operating system of the device, and (3) Hino’s OS Loader 13 or, alternatively, application network 23 to the claimed application of the device, thereby correlating each element of the claimed root-trust chain with a feature disclosed in Hino. Ans. 13-14. We find no error in the Examiner’s mapping of Hino’s Bios Boot Block and the BIOS to the claimed root trust layer of the device, particularly because Hino describes the BIOS boot block as “essentially authenticated code and a basic element of TCPA, and serves as the Core Root of Trust for Appeal 2011-000177 Application 10/987,762 6 Measurement.” Hino ¶ 47. We also find no error in the Examiner’s mapping of Hino’s OS 14 to the claimed operating system of the device, since as Appellants acknowledge, Hino states, “[t]he chain of reading and executing the BIOS boot block 11, the BIOS 12, the OS loader 13, and the OS 14 is also the chain of authentication.” Br. 6 (citing Hino ¶ 47). Additionally, we find no error in the Examiner’s mapping of Hino’s OS Loader 13 and application network 23 to the claimed application of the device because, contrary to Appellants’ contention (Br. 6), Hino discloses that “[t]he BIOS 12 is responsible for authentication of the OS loader 13” and “[t]he OS 14 authenticates an application 23.” Hino ¶ 47. We are also not persuaded of error in the Examiner’s finding that the combination of Hino and Giniger correlates to the claimed indication that trust has been established (Ans. 5-6). As the Examiner correctly finds, Hino discloses authentication reporting including, for example, reporting denoted by reference character C. Ans. 5 (citing Hino ¶ 47; Fig. 1). Appellants argue that Hino fails to disclose the claimed external interactions regarding trust. Br. 7. However, the Examiner cites Giniger to show external authentication by a management server. Ans. 5-6, 15. We are not persuaded of error particularly because Giniger discloses authentication by a management server before an edge device is allowed to enter a virtual private network. Giniger col. 14, l1. 63–67. Appellants’ arguments (Br. 5-7) regarding the individual shortcomings of Hino and Giniger do not persuasively rebut the Examiner’s reliance on their collective teachings, which disclose the recited root-trust chain, as well as the claimed indication that trust has been established with a management server. See In re Keller, 642 F.2d 413, 426 (CCPA 1981) (noting that nonobviousness cannot be shown by attacking Appeal 2011-000177 Application 10/987,762 7 references individually where the obviousness rejection is based on the combination of references). We are therefore not persuaded that the Examiner erred in rejecting independent claim 1, and claims 2, 5, 15, 17, 18, 21-25, 27, and 28, not separately argued with particularity (Br. 7). THE OTHER OBVIOUSNESS REJECTIONS We also sustain the Examiner’s obviousness rejections of claims 3, 4, 6, 16, 19, 20, 26, and 29. Ans. 2-3, 9-11. Despite nominally arguing these claims separately, Appellants do not argue these claims apart from their dependency from independent claims 1, 17, or 25 (Br. 7-8), which we find unpersuasive for the reasons previously discussed. CONCLUSION The Examiner did not err in rejecting claims 1-6 and 15-29 under § 103. DECISION The Examiner’s decision rejecting claims 1-6 and 15-29 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED ELD Copy with citationCopy as parenthetical citation
