Ex Parte Ali et alDownload PDFBoard of Patent Appeals and InterferencesJun 25, 201211036288 (B.P.A.I. Jun. 25, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________________ Ex parte VALIUDDIN ALI and MANUEL NOVOA ____________________ Appeal 2010-003164 Application 11/036,288 Technology Center 2400 ____________________ Before MAHSHID D. SAADAT, KRISTEN L. DROESCH, and TREVOR M. JEFFERSON, Administrative Patent Judges. JEFFERSON, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants appeal from a final rejection of claims 1-10, 12, 13, 15-18, and 23-28 under authority of 35 U.S.C. § 134(a). Claims 11, 14, 19-22, and 29-34 have been cancelled. The Board of Patent Appeals and Interferences (BPAI) has jurisdiction under 35 U.S.C. § 6(b). We affirm. Appeal 2010-003164 Application 11/036,288 2 INVENTION Appellants’ invention relates to an authentication system and method, using an authentication enforcement engine to implement and modify a dynamic authentication policy. See Spec ¶ [0006]. Claim 1 is representative of the invention and is reproduced below: 1. An authentication system, comprising: an authentication enforcement engine to interface with an authentication provider for performing an authentication process for a user requesting access to a computer resource; a dynamic enforcer engine to interface with the authentication enforcement engine to determine applicability of a dynamic authentication policy for the authentication process based on at least conditions associated with the requested access; where the dynamic authentication policy modifies the authentication process and the authentication provider authenticates the user requesting access using the modified authentication process; and a processor to execute instructions from the authentication enforcement engine and the dynamic enforcer engine. REJECTIONS AT ISSUE The Examiner rejected claims 1-8, 10, 12-13, 15, 17-18, 23-24, 26 and 28 as unpatentable under 35 U.S.C. § 102(e) as anticipated by Wood (US 2004/0210771 A1). Ans. 2.1 The Examiner also rejected claims 9, 16 and 25 under 35 U.S.C. § 103(a) as being unpatentable over Wood, as applied to claims 8, 15 and 24 above, and further in view of what is known in the art. Ans. 6. Finally, the Examiner rejected claim 27 under 35 U.S.C. § 103(a) as 1 We refer throughout this opinion to the Examiner’s Answer (Ans.) mailed on September 25, 2009, Appellants’ Brief (App. Br.) filed on July 15, 2009 and Appellants’ Reply Brief (Reply) filed on November 25, 2009. Appeal 2010-003164 Application 11/036,288 3 being unpatentable over Wood, as applied to claim 23, and further in view of Linehan (US 5,495,533). Ans. 7. APPELLANTS’ CONTENTIONS Appellants contend that “Wood does not teach a system that modifies an authentication process and then uses the modified authentication process to authenticate a user as claimed,” as recited in claim 1. App. Br. 11. With respect to independent claim 10, Appellants contend that Wood does not identify a static or dynamic authentication policy, modify the static policy with the dynamic policy and apply the modified policy to authenticate the user. App. Br. 13. Appellants assert that Wood’s teachings are deficient because “neither the initial login process nor the subsequent login process is modified.” App. Br. 14. With respect to claim 27 that depends from independent claim 23, Appellants rely on the arguments for claim 1 and further contend that Linehan only discloses not decrypting the resource and not disabling the decryption capabilities because the “user client still maintains its decryption capabilities.” App. Br. 16. Appellants argue claims 1-10, 12, 13, 15-18, 23-26, and 28 as a group relying on independent claims 1 and 10. App. Br. 10-14. Appellants make no separate arguments for dependent claims 9, 16, and 25, but argue separately for claim 27. App. Br. 15. We decide the appeal for claims 1-10, 12, 13, 15-18, 23-26, and 28 based on independent claims 1 and 10, and address claim 27 separately. Only those arguments actually made by Appellants in the Appeal Brief and Reply Brief have been considered. See 37 C.F.R. § 41.37(c)(1)(vii). Appeal 2010-003164 Application 11/036,288 4 ISSUES 1. Did the Examiner err in finding that Wood discloses a system that modifies an authentication process, where the dynamic authentication policy modifies the static authentication policy, and applies the modified policy to the user as required in claims 1 and 10? 2. Did the Examiner further err in finding that Linehan teaches disabling the decryption capabilities found in claims 10 and 27? ANALYSIS With respect to Wood and Linehan, we have reviewed the Examiner’s rejection in light of Appellants’ arguments that the Examiner has erred. We agree with the Examiner. Claims 1 & 10 Appellants argue that “‘Wood does not teach a system that modifies an authentication process and then uses the modified authentication process to authenticate a user as claimed.’” App. Br. 11. The Examiner cites portions of Wood that disclose a starting trust level for an authenticated user that is modified or to authenticate a user prior to gaining access to a particular application or resource. Ans. 3, 4-5, 8-9. The Examiner found that Wood discloses a dynamic authentication process that was based on conditions associated with the request from the user. Ans. 8 (citing Wood ¶¶35-39). We agree with the Examiner. Wood discloses login components that authenticate a user based on the trust level required for the entity requesting access to a resource. Wood ¶35. Wood also discloses a single sign-on architecture utilizing an authentication process that is modified based on the access required for the selected resource. Wood ¶¶32, 35. In Wood, “login Appeal 2010-003164 Application 11/036,288 5 credentials obtained are selected from a set of credential types that, if authenticated, are sufficient to achieve the trust level requirement of an application or information resource to be accessed.” Wood ¶35. Contrary to Appellants’ argument that the authentication processes in Wood consist of distinct processes, an initial login process and a new login process (App. Br. 12), Wood teaches “that even with a static set of mapping rules, the set of credential types and authentication mechanisms suitable to support a given trust level may vary based on environment information.” Wood ¶37. Wood describes “dynamically varied” mapping rules between authentication mechanisms and trust levels that are used to authenticate users. Wood ¶¶37- 38. Appellants also assert that Wood does not meet the disputed feature because the authentications in Wood take place at two different points in time and cannot be claimed to be a single authentication process. Reply 2-3. We disagree. First, Appellants’ claims do not require a single process in time as Appellants assert. Appellants’ claims are directed to authentication and modification of the authentication by the dynamic authentication policy in claim 1 and by evaluating the dynamic conditions in claim 10. There are no limitations in claims 1 or 10 that require the modifications of the static authentication or authentication process take place at a particular time. Second, the disclosure in Wood is not limited to separate processes in time, because Wood teaches modification of a static authentication that is modified based on the circumstances of the user request to modify the single sign on process. See Wood ¶36-39. Because we find that Wood discloses a system that modifies an authentication process, where the dynamic authentication policy modifies Appeal 2010-003164 Application 11/036,288 6 the static authentication policy, and applies the modified policy to the user as required in claims 1 and 10, we sustain the rejection of claims 1 and 10. Claim 27 Appellants argue that Linehan does not teach disabling the user’s decryption capability, as required by claim 27. App. Br. 15. Specifically, Appellants contend that Linehan, which discloses that an encryption key is not supplied to a user if authentication fails, does not provide “disabling a decryption capability of a user client” because the decryption is denied but not permanently impaired or disabled. App. Br. 15; Reply 4 (noting that “the decryption capabilities in Linehan are still operable by the user and are capable of being performed”). As the Examiner correctly noted, Appellants’ argument interprets claim 27 as requiring the user’s software or hardware to be “disabled” and not simply being denied an access key for decryption. Ans. 10. We agree with the Examiner that the scope of decryption capability that is disabled in claim 27 is not limited to permanent disabling of the decryption. Claims are given their broadest reasonable construction in light of the disclosure. See In re Am. Acad. of Sci. Tech. Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). Appellants point to no portion of the specification or claims that would limit the disabling of the decryption capabilities in claim 27 to only those methods that render the decryption capabilities totally inoperable to decrypt all files. Claim 27 also requires no specific disabling method or mechanism, but only recites that “a decryption capability of a user client” is disabled. In Linehan, the user’s access is denied or disabled by denying a key to the decryption process. Appeal 2010-003164 Application 11/036,288 7 We agree with the Examiner’s reasonable interpretation of claim 27 as encompassing Linehan’s disclosed denial of a user client’s capability to decrypt a single file. Ans. 10. Accordingly, we sustain the rejection of claim 27. CONCLUSION OF LAW Based on the findings of facts and analysis above, we conclude that the Examiner did not err in rejecting claims 1 and 10 under 35 U.S.C. § 102(e), and claim 27 under 35 U.S.C. § 103(a). DECISION The Examiner’s decision rejecting claims 1-10, 12, 13, 15-18, and 23- 28 is affirmed. TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). AFFIRMED tsj Copy with citationCopy as parenthetical citation