Amazon Technologies, Inc.Download PDFPatent Trials and Appeals BoardFeb 17, 20212019003960 (P.T.A.B. Feb. 17, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/146,836 05/04/2016 Gregory Branchek Roth 0097749-013US1 5943 113507 7590 02/17/2021 Davis Wright Tremaine LLP - ATI IP Docketing Dept. 920 Fifth Ave., Suite 3300 Seattle, WA 98104-1610 EXAMINER LIPMAN, JACOB ART UNIT PAPER NUMBER 2434 NOTIFICATION DATE DELIVERY MODE 02/17/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): amznpatents@dwt.com patentdocket@dwt.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ________________ Ex parte GREGORY BRANCHEK ROTH and GRAEME DAVID BAER1 ________________ Appeal 2019-003960 Application 15/146,836 Technology Center 2400 ________________ Before BRADLEY W. BAUMEISTER, MICHAEL J. STRAUSS, and JEREMY J. CURCURI, Administrative Patent Judges. BAUMEISTER, Administrative Patent Judge. DECISION ON APPEAL Appellant appeals under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1–20, which constitute all of the pending claims. Appeal Br. 1. We have jurisdiction under 35 U.S.C. § 6(b). We affirm in part. Due to the different thrust of our rationale for affirming the rejection of the claims, we designate this decision as including new grounds of rejection under 37 C.F.R. § 41.50(b). 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies Amazon Technologies, Inc. as the real party in interest. Appeal Brief filed January 22, 2019 (“Appeal Br.”), 3. Appeal 2019-003960 Application 15/146,836 2 STANDARD OF REVIEW The Board conducts a limited de novo review of the appealed rejections for error based upon the issues identified by Appellant, and in light of the arguments and evidence produced thereon. Ex parte Frye, 94 USPQ2d 1072, 1075 (BPAI 2010) (precedential). CLAIMED SUBJECT MATTER Appellant’s invention relates to a secure communication method for using one organization’s computers to communicate with computing resources of other organizations in order to access and provide data while using the other organization’s services. Spec. ¶ 2. Independent claim 1, reproduced below, illustrates the subject matter of the appealed claims: 1. An authentication system, comprising: one or more machine-readable mediums having stored thereon a set of instructions, which if performed by one or more processors, cause the system to at least: receive an authentication request to verify authentication information submitted to a first system in connection with a first request submitted by a client device to the first system over a network; generate a response to the authentication request that includes information usable by a second system to make, without communicating with the authentication system, based at least in part on the information and one or more cryptographic processes, a determination whether fulfillment of a second request from the first system on behalf of the client device is allowable under authority of the authentication system, the determination being based at least in part on policy information included in the information that specifies one or more policies applicable to an identity that is associated with the first request; and provide the response to the first system. Appeal 2019-003960 Application 15/146,836 3 DETERMINATIONS AND CONTENTIONS Claims 1–20 stand rejected under 35 U.S.C. § 103 as being unpatentable over Dalia (US 7,337,448 B1; issued Feb. 26, 2008), Crawford (US 5,771,354; issued June 23, 1998), and Fernandes (US 2005/0283414 A1; published Dec. 22, 2005). Final Action mailed Mar. 22, 2018 (“Final Act.”), 2–4. The Examiner finds that Dalia discloses most of the limitations of independent claim 1. Final Act. 2–3. For example, the Examiner finds that Dalia’s server 115 and associated authentication request 310 correspond to the claimed authentication system that receives authentication requests. Id. at 2 (citing Dalia, col. 6, ll. 14–16; Fig. 3). The Examiner finds that Dahlia discloses generating a response to the authentication request 320 that includes an authentication cookie that is sent to client device 110, and that this response 320 satisfies the “response to the authentication request,” including the specific information that is recited by claim 1. Id. (citing Dalia, col. 6, ll. 17–33). The Examiner finds that Dalia does not disclose that the authentication information is received over a network, as claimed, but relies on Crawford for teaching this limitation and for providing motivation to combine the references’ teachings. Final Act. 3 (citing Crawford, col. 2, ll. 36–60). The Examiner interprets Dalia’s client device 110, which sends authentication request 310 to the authentication server, as corresponding to the claimed “first system.” Final Act. 2. But under this interpretation, Dalia does not teach an additional “client device,” as claimed, that initially submits the first request to the first system. Id. at 3. The Examiner cites to Appeal 2019-003960 Application 15/146,836 4 Fernandes to teach “the well-known idea of having a client computer act as the user in a remote control capacity.” Id. (citing Fernandes ¶¶ 3–5). That is, the Examiner reasons that when a user accesses Dalia’s client device 110 remotely from another computer, as taught by Fernandes, Dalia’s client device 110 corresponds to the claimed “first system” and the remote PC or desktop software used to access Dalia’s client device 110 corresponds to the claimed “client device.” Examiner’s Answer mailed Feb. 21, 2019 (“Ans.”), 6. The Examiner finds that it would have been obvious to use Fernandes’s remote control system in a system according to Dalia and Crawford to allow users better access to their system. Id. APPELLANT’S CONTENTIONS AND ANALYSIS I. Appellant first asserts, “the cited portions of Dalia in view of Crawford and Fernandes do not teach that the ‘first system’ providing ‘the second request on behalf of the client device’ is the very same system that receives submission of ‘authentication information in connection with a first request submitted by a client device.’” Appeal Br. 10. According to Appellant, the remote computer disclosed by Dalia and Fernandes does not teach performing both functions of: (1) receiving submission of “authentication information . . . in connection with a first request submitted by a client device”; and (2) providing, to the authentication system, “a second request on behalf of the client device.” Indeed, the cited portions of Dalia, Crawford, and Fernandes, individually or in combination, do not teach the remote computer receiving submission of authentication Appeal 2019-003960 Application 15/146,836 5 information from the client device then providing another request to the authentication system on behalf of the client device. Id. Appellant’s two arguments are unpersuasive for two reasons. First, the combination does teach the first disputed limitation of “receiv[ing] an authentication request to verify authentication information submitted to a first system in connection with a first request submitted by a client device to the first system over a network.” As explained above, the Examiner interprets Dalia’s client device 110, when modified so as to be remotely controlled by Fernandes’s remote PC, to correspond to the “first system,” as claimed. Final Act. 2–3. And the Examiner maps Dalia’s authentication server 115 to the claimed authentication system. Id. Dalia discloses that the authentication server 115 receives an authentication request 310 from the client device 110—i.e., from the “first system,” as claimed. Dalia, Fig. 3. We now turn to Appellant’s second argument—that the cited art fails to teach “providing, to the authentication system, ‘a second request on behalf of the client device.’” Appeal Br. 10. This argument is unpersuasive because the argued features are not commensurate in scope with the language of claim 1. Claim 1 does not recite an affirmative step of providing a second request to the authentication system. Rather, claim 1 merely recites three steps that occur prior to any second request taking place: (1) receive an authentication request that was submitted to a first system; (2) generate a response that includes specified information; and (3) provide the response to the first system. Appeal 2019-003960 Application 15/146,836 6 To be sure, claim 1 recites that the purpose of generating the response is to include information usable by a second system to make further determinations: generate a response to the authentication request that includes information usable by a second system to make, without communicating with the authentication system, based at least in part on the information and one or more cryptographic processes, a determination whether fulfillment of a second request from the first system on behalf of the client device is allowable under authority of the authentication system, the determination being based at least in part on policy information included in the information that specifies one or more policies applicable to an identity that is associated with the first request; and provide the response to the first system. Appeal Br. 17 (emphasis added). But this response-generation limitation does not recite performing any tangible acts with this generated response, interacting with or controlling any system component, or changing the state of any system component. The limitation merely recites generating a response along with an explanation of what the intended use of the response is, and the final limitation merely recites forwarding the response to the first system. That is, claim 1 does not recite any functional relationship between the information conveyed by the generated response and any system components. As such, the italicized language of claim 1 merely constitutes non-functional descriptive material that does not patentably distinguish the recited steps of claim 1 from any process that (1) receives an authentication request to verify authentication information submitted to a first system; (2) generates a response to the Appeal 2019-003960 Application 15/146,836 7 authentication request; and (3) provides the response to the first system, as otherwise claimed. Our reviewing court recently has explained that in determining whether printed matter or other descriptive material should be afforded patentable weight, we must analyze the claim language to determine whether any functional relationship exists between the descriptive material and the underlying substrate or physical claim elements: This court and its predecessor have long recognized that certain “printed matter” falls outside the scope of patentable subject matter under U.S. patent law. See AstraZeneca LP v. Apotex, Inc., 633 F.3d 1042, 1064 (Fed. Cir. 2010) (“This court has generally found printed matter to fall outside the scope of § 101.”); In re Chatfield, 545 F.2d 152, 157 (CCPA 1976) (“Some inventions, however meritorious, do not constitute patentable subject matter, e.g., printed matter.”). While historically “printed matter” referred to claim elements that literally encompassed “printed” material, the doctrine has evolved over time to guard against attempts to monopolize the conveyance of information using any medium. See Praxair Distrib., Inc. v. Mallinckrodt Hosp. Prods. IP Ltd., 890 F.3d 1024, 1032 (Fed. Cir. 2018); In re Distefano, 808 F.3d 845, 849 (Fed. Cir. 2015). Today, printed matter encompasses any information claimed for its communicative content, and the doctrine prohibits patenting such printed matter unless it is “functionally related” to its “substrate,” which encompasses the structural elements of the claimed invention. Praxair, 890 F.3d at 1032; DiStefano, 808 F.3d at 848–49. In evaluating the existence of a functional relationship, we have considered whether the printed matter merely informs people of the claimed information, or whether it instead interacts with the other elements of the claim to create a new functionality in a claimed device or to cause a specific action in a claimed process. Thus, we held in In re Marco Guldenaar Holding B.V., that the markings on dice had no functional relationship to the dice themselves because the markings did not cause the dice to become a “manufacture with new functionality.” 911 F.3d 1157, 1161 (Fed. Cir. 2018). We distinguished the dice markings from Appeal 2019-003960 Application 15/146,836 8 the digits printed on a circular band in Gulack[, 703 F.2d 1381 (Fed. Cir. 1983)]— where the digits exploited the band’s endless nature and made it useful for performing mathematical operations— and from the volumetric indicia on the side of a measuring cup in Miller[, 418 F.2d 1392 (CCPA 1969)] —where the indicia made the cup useful for measuring partial recipes. Id. Based on analogous reasoning, we held in Praxair that there was a functional relationship between a step of recommending discontinuation of treatment and a step of actually discontinuing treatment because the claim required that the second step be “based on” the first. 890 F.3d at 1035. In contrast, where the discontinuation step was absent from other claims of the same patent, which merely required physicians to “evaluate” the information, we found no functional relationship between the information in the recommendation and the other steps of the claim. Id. at 1033–35. C R Bard Inc. v. Angiodynamics, Inc., 979 F.3d 1372, 1381 (Fed. Cir. 2020). II. Appellant next argues that the Examiner’s modification of the references to arrive at the subject matter recited by claim 1 constitutes an exercise of impermissible hindsight. Appeal Br. 11. More specifically, Appellant argues, “it is not reasonably clear why a system that ‘us[es] one or more remotely located computing systems’ and a system that allows purchasing ‘additional processing and storage resources’ should be combined into a system that ‘access[es] and manag[es] an integrated online address book clearinghouse.’” Id. According to Appellant, the Examiner’s proffered motive to combine—to allow users better access to their system— is ambiguous and insufficient. Id. at 11–12. This argument is unpersuasive because we find the Examiner’s proffered motivation to be sufficient to sustain the rejection. The Examiner reasons that modifying Dalia and Crawford with Fernandes would enable “the well-known idea of having a client computer act as the user in a remote Appeal 2019-003960 Application 15/146,836 9 control capacity.” Final Act. 3 (citing Fernandes ¶¶ 3–5). Fernandes discloses that using remote-control software, a remote computer can return keyboard and mouse signals through a remote-access device to the host computer to control the host computer as though the remote keyboard and mouse were directly connected to the host computer. Fernandes ¶ 4. As such, we understand the proposed modification to entail merely combining conventional computer components to perform their intended functions in a customary manner. That is, the Examiner’s reasoning is supported by evidence drawn from the record (see Fernandes ¶ 4), and the Examiner’s proposed modification merely entails combining prior art elements according to known methods to yield predictable results. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 416 (2007). For the reasons noted, Appellant does not persuade us of reversible error in the Examiner’s decision to reject claim 1 as obvious. Accordingly, we affirm the obviousness rejection of independent claim 1 and also of independent claims 10 and 15, which Appellant does not argue separately. Appeal Br. 9–12. III. Appellant next argues that the Examiner failed to consider the additional limitations of dependent claims 2–9, 11–14, and 16–20. Appeal Br. 12. According to Appellant, the Examiner merely attempts to reject these 17 dependent claims in a single-page rejection by summarily stating, inter alia, that “it would have been obvious . . . , if not inherent, that the signed and encrypted cookie of Dalia could only be read by a second computer with a shared key.” Id. at 12–13 (quoting Final Act. 4). Appeal 2019-003960 Application 15/146,836 10 Although the final rejection does separately address some of the dependent claims—dependent claims 2–4 and 19 (Final Act. 3–4), overall Appellant’s argument is still well taken. The Final Rejection does not address any of claims 5–9, 11–14, 16–18, and 20. Id. Nonetheless, it appears that some of the dependent claims do not further patentably distinguish Appellant’s invention over the cited prior art. We, therefore, address the most obvious examples below. But because the Board is a body primarily of appellate review, no conclusions regarding patentability should be drawn from our decision not to address the remainder of the dependent claims. CLAIM 2: Claim 2 reads as follows: 2. The authentication system of claim 1, wherein making the determination includes cryptographically verifying the information using, in the one or more cryptographic processes, secret information shared by the second system and the authentication system but lacked by the first system. The Examiner states that claim 2 is rejected over the prior art cited in relation to claim 1 and further in view of Official Notice of that which is well known. Final Act. 4. Appellant does not seasonably challenge the accuracy of the noticed facts, but, instead, merely argues that claim 2 recites additional language beyond claim 1 that the Examiner does not address. Appeal Br. 12–13. As such, Appellant’s arguments generally do not respond to the basis of the rejection of claim 2. But Appellant does argue in relation to claim 2 that “the Office failed to consider . . . ‘secret information . . . lacked by the first system.’” Appeal Br. 13. The Examiner’s Official Notice fails to specifically address whether Appeal 2019-003960 Application 15/146,836 11 the first system would or would not share the secret information along with the second system, as claimed. Regardless though, the further language of claim 2 only describes in more detail the information that is generated in the response. But neither claim 2, nor independent claim 1 from which claim 2 depends, sets forth an affirmative step of the authentication server actually making a determination of whether fulfillment of a second request from the first system is allowable. For the reasons explained in relation to independent claim 1’s second step of generating a response to the authentication request, then, the language of claim 2 merely is directed to non-functional descriptive material. As such, claim 2 does not further patentably distinguish over the cited prior art. Accordingly, we affirm the obviousness rejection of claim 2. CLAIMS 3 AND 19: Claims 3 and 19 read as follows: 3. The authentication system of claim l, wherein evaluation of the information causes the second system to make a negative determination whether to fulfill the second request from the first system unless the information is provided to the second system in accordance with one or more key use elements used to generate the information. 19. The non-transitory computer-readable storage medium of claim 15, wherein: the information includes metadata comprising identity information and policy information and an electronic signature of the metadata; and the determination whether fulfilment of the second request can be made by the second system authenticating the metadata and determining whether the second request is compliant with the identity information and the policy information. Appeal 2019-003960 Application 15/146,836 12 The Examiner finds, “Dalia further discloses the other devices would require the cookie to allow access to the address book.” Final Act. 4 (citing Dalia, col. 6, ll. 17–33). Appellant argues in relation to claim 3 that the Examiner failed to consider the claim language “the information [being] provided . . . in accordance with one or more key use elements used to generate the information.” Appeal Br. 13. Appellant argues in relation to claim 19 that the Examiner failed to consider the claim language “the information includ[ing] metadata comprising identity information and policy information and an electronic signature of the metadata” and “the determination whether fulfilment of the second request can be made by the second system authenticating the metadata and determining whether the second request is compliant with the identity information and the policy information.” Id. at 15. Irrespective of any potential merits in Appellant’s arguments, claims 3 and 19, similar to claims 1 and 2, additionally recite mere non-functional descriptive material pertaining to an evaluation of the generated information (claim 3) and the details of the information and subsequent determination (claim 19). Accordingly, we affirm the obviousness rejection of claims 3 and 19. CLAIM 4: Dependent claim 4 reads as follows: 4. The authentication system of claim 1, wherein: the authentication request includes an electronic signature to be verified by the authentication system, the electronic signature being from an entity different from the first system; and Appeal 2019-003960 Application 15/146,836 13 the second request from the first system is for access to one or more computing resources managed by the second system on behalf of the entity. The Examiner finds that Dalia does not explicitly state that the request to the servicer includes a signature. Final Act. 4. The Examiner finds, though, that Dalia does disclose using conventional authentication techniques, and the Examiner takes Official Notice that using a signature is a known technique. Id. Appellant argues, “the Office failed to consider ‘an electronic signature . . . being from an entity different from the first system.’” Appeal Br. 13. Appellant’s arguments are persuasive of reversible error. As explained above in relation to claim 1, we understand the Examiner to be mapping Dalia’s client device 110 to the claimed first system, and Fernandes’s remote PC to the claimed client device. Accepting this to be so that Fernandes’s remote PC is only used to remotely access Dalia’s client device 110, then the Examiner would need to set forth a teaching or noticed fact for more than merely the proposition that authentication requests received by Dalia’s authentication server could include keys that are signed for added security. The Examiner additionally needs to set forth a teaching that it was known to have the electronic signature from an entity different from Dalia’s client device—the claimed “first system.” The Examiner does not set forth any such teaching. Final Act. 4. Accordingly, we reverse the obviousness rejection of claim 4. Appeal 2019-003960 Application 15/146,836 14 CLAIM 5: 5. The authentication system of claim 1, wherein: a service provider operates a set of systems that includes the second system; the instructions further cause the authentication system to select a proper subset of the set; and the information is usable by the second system to make the determination as a result of the second system being in the proper subset. The first limitation recites the entity (a service provider) that operates the set of systems including the second system. As an initial matter, we note that the second system is not affirmatively recited in claim 1. But regardless and more importantly, the question of what entity operates a recited set of systems concerns only an intangible property of the set of systems. Appellant does not provide sufficient evidence that the particular entity that operates the system will dictate a structural or functional difference to the claimed set of systems. The second and third limitations of claim 5 merely set forth further specifics of the non-functional descriptive material noted in claim 1. As such, Appellant does not provide persuasive evidence or argument that claim 5 further patentably distinguishes over the prior art. We, therefore, affirm the obviousness rejection of claim 5. CLAIM 11: Claims 11 and independent claim 10, from which claim 11 depends, read as follows: Appeal 2019-003960 Application 15/146,836 15 10. A computer-implemented method, comprising: receiving an authentication request to verify authentication information submitted by a client device to a first service in connection with a first request submitted to the first service over a network; generating a response to the authentication request that includes information usable by a second service to make, without communication with an authentication service, based at least in part on the information and one or more cryptographic processes, a determination whether fulfillment of a second request from the first service on behalf of the client device is allowable under authority of the authentication service, the determination based at least in part on policy information included in the information that specifies one or more policies applicable to an identity that is associated with the first request; and providing the response to the first service. 11. The computer-implemented method of claim 10, wherein the determination: includes checking a cache for information usable to determine whether to fulfill the second request; and depends at least in part on whether the cache lacks the information usable to determine whether to fulfill the request. For the reasons set forth in relation to claim 1, claim 11 merely sets forth more details for the non-functional descriptive material that is recited in claim 10. Accordingly, we affirm the obviousness rejection of dependent claim 11 as well as of claim 10. CLAIM 13: Claim 13 reads as follows: 13. The computer-implemented method of claim 10, wherein: the information includes information derived based at least in part on one or more first parameters each corresponding to an Appeal 2019-003960 Application 15/146,836 16 element on use of a signing key; and the determination whether fulfillment of the second request from the first service is allowable is made by: performing an algorithm to generate reference information based at least in part on the signing key and one or more second parameters; and determining that the reference information generated matches the authentication information on a condition that the one or more first parameters match the one or more second parameters. Claim 13 merely sets forth more details for the non-functional descriptive material that is recited in claim 10. Accordingly, we affirm the obviousness rejection of dependent claim 13. CLAIM 14: Claim 14 reads as follows: 14. The computer-implemented method of claim 10, wherein the method further comprises selecting the information from a plurality of instances of information each corresponding to a different service of a service provider. Claim 14 merely sets forth more details for the non-functional descriptive material that is recited in claim 10. Accordingly, we affirm the obviousness rejection of dependent claim 14. CLAIM 16: Claims 15 and 16 read as follows: 15. A non-transitory computer-readable storage medium having stored thereon instructions which, if executed by one or more processors of a computer system of an authentication service, cause the computer system to: receive an authentication request to verify authentication information submitted to a first system by a client device in Appeal 2019-003960 Application 15/146,836 17 connection with a first request submitted to the first system over a network; generate a response to the authentication request that includes information usable by a second system to make, without communication with the authentication service, based at least in part on the information and one or more cryptographic processes, a determination whether fulfillment of a second request from the first system on behalf of the client device is allowable under authority of the authentication service, the determination based at least in part on policy information included in the information that specifies one or more policies applicable to an identity that is associated with the first request; and provide the response to the first system. 16. The non-transitory computer-readable storage medium of claim l5, wherein the computer system and the first system are subsystems of a service provider. Claim 16 merely recites the characterization of the owner of the computer system and first system. The recitation of such an intangible property does not further patentably distinguish the system over the system as recited in independent claim 15. Accordingly, we affirm the rejection of dependent claim 16 as well as independent claim 15. CLAIM 17: 17. The non-transitory computer-readable storage medium of claim 15, wherein: the information comprises a signing key in encrypted form; and the response includes an electronic signature that is generated based at least in part on the signing key. Appeal 2019-003960 Application 15/146,836 18 Claim 17 merely sets forth more details for the non-functional descriptive material that is recited in claim 15. Accordingly, we affirm the obviousness rejection of dependent claim 17. DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § References/ Basis Affirmed Reversed New Ground 1–20 103 Dalia, Crawford, Fernandes 1–3, 5, 10, 11, 13–17, 19 4, 6–9, 12, 18, 20 1–3, 5, 10, 11, 13–17, 19 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(1)(iv). FINALITY AND RESPONSE This decision contains a new ground of rejection pursuant to 37 C.F.R. § 41.50(b). Rule 37 C.F.R. § 41.50(b) provides “[a] new ground of rejection pursuant to this paragraph shall not be considered final for judicial review.” Rule 37 C.F.R. § 41.50(b) also provides that the Appellant, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new ground of rejection to avoid termination of the appeal as to the rejected claims: Appeal 2019-003960 Application 15/146,836 19 (1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new Evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the prosecution will be remanded to the examiner. . . . (2) Request rehearing. Request that the proceeding be reheard under § 41.52 by the Board upon the same record. . . . AFFIRMED IN PART 37 C.F.R. § 41.50(b) Copy with citationCopy as parenthetical citation