Ex Parte de JongDownload PDFBoard of Patent Appeals and InterferencesFeb 24, 201210672184 (B.P.A.I. Feb. 24, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________________ Ex parte EDUARD K. DE JONG ____________________ Appeal 2009-010895 Application 10/672,184 Technology Center 2400 ____________________ Before JEAN R. HOMERE, THU A. DANG, and JAMES R. HUGHES, Administrative Patent Judges. DANG, Administrative Patent Judge. DECISION ON APPEAL Appeal 2009-010895 Application 10/672,184 2 STATEMENT OF THE CASE Appellant appeals under 35 U.S.C. § 134(a) from a Final Rejection of claims 1-4, 6-9, 11-14, and 16-19. Claims 5, 10, 15, and 20 have been canceled. We have jurisdiction under 35 U.S.C. § 6(b). We reverse. A. INVENTION According to Appellant, the invention relates to rendering and encryption engine for application program obfuscation (Spec. 3, ¶ [0006]). B. ILLUSTRATIVE CLAIMS Claim 1 is exemplary: 1. A method for application program obfuscation, comprising: receiving, on an application program provider, a reference to a decryption algorithm and a first cryptographic key; creating, on said application program provider, a key decryption program comprising an instruction stream, said key decryption program configured to perform said decryption algorithm for said first cryptographic key; applying, on said application program provider, a cryptographic process to a second cryptographic key to create an encrypted second cryptographic key wherein said cryptographic process receives said first and second cryptographic keys as inputs; scrambling, on said application program provider, said encrypted second cryptographic key into said instruction stream using a code obfuscation method Appeal 2009-010895 Application 10/672,184 3 indicated by an obfuscation descriptor, said scrambling creating an obfuscated key decryption program, said obfuscation descriptor based at least in part on a target ID wherein said target ID specifies a user device for executing an obfuscated application program; and sending, from said application program provider, said obfuscated key decryption program. C. REJECTION The prior art relied upon by the Examiner in rejecting the claims on appeal is: LeVine US 2002/0120854 A1 Aug. 29, 2002 Okada US 6,789,177 B2 Sep. 07, 2004 (filed Mar. 13, 2002) Kessler US 7,170,999 B1 Jan. 30, 2007 (filed Aug. 28, 2002) Orr WO 02, 079955 A2 Oct. 10, 2002 Claims 1-4, 6-9, 11-14, and 16-19 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Kessler, Okada, Orr, and LeVine. II. ISSUE The dispositive issue before us is whether the Examiner has erred in determining that the combination of Kessler, Okada, Orr, and LeVine teaches or would have suggested receiving “on an application program provider, … a first cryptographic key,” “creating, on said application program provider, a key decryption program … for said first cryptographic key” and applying “on said application program provider, a cryptographic process to a second cryptographic key to create an encrypted second cryptographic key” wherein the cryptographic process receives “said first Appeal 2009-010895 Application 10/672,184 4 and second cryptographic keys as inputs” (claim 1 (emphasis added)). In particular, the issue turns on whether Kessler in view of Orr would have suggested receiving a first cryptographic key and applying a cryptographic process to create an encrypted second cryptographic key on the same application program provider, wherein a key decryption program for the first cryptographic key is created on the application program provider. III. FINDINGS OF FACT The following Findings of Fact (FF) are shown by a preponderance of the evidence. Kessler 1. Kessler discloses establishing peer-to-peer connection wherein the sending computer encrypts a file using a track key, encrypts the track key using a public key associated with the receiving computer received from an application server, and sends the encrypted track key and the encrypted file to the receiving computer (Abstract). 2. Each client computer receives proprietary client software that includes a public key, a secret key, necessary encryption and decryption algorithms, and obfuscation and de-obfuscation algorithms (col. 8, ll. 50-56). 3. Kessler’s Figure 6 is reproduced below: App App Kess the a and m 4. appr to U (col. 5. the f 27-3 6. TK i TK, eal 2009-0 lication 10 ler’s Figur pplication akes a tr The app oval to the ser 2, and 9, ll. 20-2 User 1 o ile transfer 4). User 2 w s encrypte the User 2 10895 /672,184 e 6 disclo server 200 ansfer requ lication ser applicatio User 2 the 7). bfuscates , and TK i ill need tr d by User public key ses peer-to and finds est to the ver 200 n n server 2 n initiates musicfile.m s to be use ack key, T 1 before b PK2 is se 5 -peer file a file, mu application otifies Use 00 which t a peer-to-p p3 and g d by User K, to decr eing sent t nt by the sharing in sicfile.mp server 20 r 1, User 1 ransfers th eer conne enerates a 1 to encry ypt the enc o User 2; application which Use 3, located 0 (col. 9, transmits e transfer ction with track key, pt the file rypted fil wherein to server 20 r 2 access on User 1 ll. 16-20). a transfer approval User 1 TK, for (col. 9, ll. e, wherein encrypt 0 to User , Appeal 2009-010895 Application 10/672,184 6 1 who encrypts TK using PK2; and User 1 then encrypts the file using TK. (col. 9, ll. 35-45). Orr 7. Orr discloses providing security through a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content (Abstract). IV. ANALYSIS Appellant contends that “in Claim 1, both the first and second cryptographic keys are on the application program provider, while the rejection relies on elements on two different entities [of Kessler]” (App. Br. 15). In particular, Appellant argues that, “[a]ccording to the rejection, ‘User 1’ [of Kessler] is equivalent to the application program provider,” but “[s]ince key SK2 is not available to ‘User 1,’ the rejection requires a modification to Kessler to make key SK2 available to ‘User 1’” which “requires a change in the principles of operation of Kessler” (App. Br. 15- 16). Appellant then contends that “Kessler taught that each client computer received (not created) the same proprietary client software,” and thus “[n]o teaching or suggestion has been cited that any decryption program was created on the client computer, and in fact, Kessler taught that it was created elsewhere and supplied to the client computer as part of a registration process with a server” (App. Br. 18). In response, the Examiner explains that “the rejection never stated or implied that the client computer of User 1 was equivalent to the claimed application program” (Ans. 12) and that “the existence of the proprietary software implied the existence of some application provider or application Appeal 2009-010895 Application 10/672,184 7 builder used to create the proprietary software” (Ans. 13). Though the Examiner agrees with Appellant that “the examiner relied on SK2 as the claimed first cryptographic key” (Ans. 18), the Examiner finds that, though “Kessler does not explicitly state that the receiving, creating, applying, scrambling, and sending steps were done on a single application program provider/program builder,” Orr shows that “it would have been obvious to do all these stated steps to create a program on a single application builder/application program provider” (Ans. 13). However, upon review of the record, we agree with Appellant. In particular, we do not find any teaching or even suggestion in the sections of the cited references relied upon by the Examiner of receiving a first cryptographic key and applying a cryptographic process to create an encrypted second cryptographic key on an application program provider, wherein a key decryption program for the first cryptographic key is created on the application program provider. Kessler discloses establishing peer-to-peer connection wherein the sending computer encrypts a file using a track key, encrypts the track key using the public key associated with the receiving computer received from the application server, and sends the encrypted track key and the encrypted file to the receiving computer (FF 1-6). In particular, the sending user at the sending computer obfuscates a file and generates a track key to encrypt the file (FF 5), and the receiving user at the receiving computer will use the track key to decrypt the encrypted file, wherein the track key is encrypted by the sending user using a public key specific to the receiving user before being sent to the receiving user (FF 6). However, in Kessler, the proprietary Appeal 2009-010895 Application 10/672,184 8 client software at the client computers already includes decryption algorithms (FF 3). We agree with the Examiner that the claimed “application program” cannot be limited to just User 1 of Kessler (Ans. 12). Kessler discloses receiving SK2 and applying a cryptographic process to create an encrypted TK. Thus, we find no error in the Examiner’s finding that Kessler at the least would have suggested receiving, on an application program provider, a first cryptographic key and applying, on the application program provider, a cryptographic process to create an encrypted second cryptographic key. However, we do not find any teachings in Kessler of creating on an application program provider a key decryption program for the first cryptographic key, as required by claim 1, contrary to the Examiner’s finding. Instead, in Kessler, there is no need to create since the decryption program already exists (FF 7). That is, we agree with Appellant that Kessler teaches “received (not created) … proprietary client software” and thus “[n]o teaching or suggestion has been cited that any decryption program was created …, and in fact, Kessler taught that it was created elsewhere and supplied to … as part of a registration process with a server” (App. Br. 18). Though the Examiner finds that “it would have been obvious to do all these stated steps to create a program on a single application builder/application program provider” (Ans. 13), the sections of Orr cited by the Examiner merely disclose providing security through a general mechanism, (FF 7). There is no suggestion in Orr of modifying the teachings of Kessler to create the decryption program on the same application program provider that receives a first cryptographic key and creates an encrypted second cryptographic key. Appeal 2009-010895 Application 10/672,184 9 Since the Examiner has not made a clear distinction as to what teachings of Kessler and Orr comprise or would have suggested creating the decryption program on the same application program provider that receives a first cryptographic key and creates an encrypted second cryptographic key, the Examiner has failed to meet the initial burden of proof required for the rejection pursuant to 35 U.S.C. § 103 (a). Accordingly, we are constrained to reverse the Examiner’s rejection of representative claim 1 over Kessler in view of Okada, Orr and LeVine. Independent claims 6, 11, and 16 recite similar features to those of claim 1, and thus claims 6, 11, and 16 and claims 2-4, 7-9, 12-14, and 17-19, depending respectively from claims 1, 6, 11, and 16, fall with claim 1 over Kessler in view of Okada, Orr and LeVine. V. CONCLUSION AND DECISION The Examiner’s rejection of claims 1-4, 6-9, 11-14, and 16-19 under 35 U.S.C. § 103(a) is reversed. REVERSED peb Copy with citationCopy as parenthetical citation