09562333 (B.P.A.I. May. 2, 2007)

Ex Parte Fernandez

Board of Patent Appeals and InterferencesMay 2, 2007

09562333 (B.P.A.I. May. 2, 2007)

The opinion in support of the decision being entered today was not written for publication and is not binding precedent of the Board. UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte ALBERTO FERNANDEZ ____________ Appeal 2006-1980 Application 09/562,333 Technology Center 2100 ____________ Decided: May 2, 2007 ____________ Before KENNETH W. HAIRSTON, LANCE LEONARD BARRY, and HOWARD B. BLANKENSHIP, Administrative Patent Judges. BARRY, Administrative Patent Judge. I. STATEMENT OF THE CASE A Patent Examiner rejects claims 1-5. (Answer 3-5.) The Appellant appeals therefrom under 35 U.S.C. Â§ 134(a). We have jurisdiction under 35 U.S.C. Â§ 6(b). Appeal 2006-1980 Application 09/562,333 2 A. INVENTION The invention at issue on appeal relates to data security. Although encryption is often used to protect data, it does not necessarily provide authentication. Even where a financial entity servicing an account authenticates itself via a certificate, the customer owning the account is typically authenticated via a username and a password. The Appellant asserts, "It is often possible for a skilled attacker to gain access to a user's private passwords and other authentication information." (Specification p. 1, ll. 24-25.) A typical computer possesses many unique features. Even computers from the same manufacturer and of the same model possess differing features, such as surface characteristics of hard disks. Once computers are placed into service, their characteristics continue to diverge based on differing amounts of wear, different data written to and erased from their memories and hard disks, differing frequencies of defragmentation, and errors in the storage of data. (Id. p. 2, ll. 7-13.) The Appellant's invention extracts identifying data based on at least one of these unique features and uses these data to identify or authenticate the particular computer to a remote server. More specifically, the invention uses these data as a seed to generate a "cryptoprocessing" key, which is used to process data for transmission to the remote server. (Br. 3.) Appeal 2006-1980 Application 09/562,333 3 Claim 1, which further illustrates the invention, follows. 1. A method of authentication of a data processing and storage system, comprising the steps of: creating a cryptoprocessing key based on unique features of data present in the data processing and storage system, the unique features of the data depending on conditions existing prior to creation of the cryptoprocessing key and independently of creation of the cryptoprocessing key, the unique features including content of data stored in selected locations in the system; and using the cryptoprocessing key to process data for transmission to a remote server in order to identify the processed data as originating from the data processing and storage system. B. REJECTIONS Claims 1 and 2 stand rejected under 35 U.S.C. Â§ 103(a) as obvious over UK Patent Application GB 2,264,373 ("Nolan") and U.S. Patent No. 6,571,339 ("Danneels"). Claims 3-5 stand rejected under Â§ 103(a) as obvious over Nolan; Danneels; and U.S. Patent No. 5,412,718 ("Narasimhalu"). II. ISSUE Rather than reiterate the positions of parties in toto, we focus on the issue therebetween. The Examiner finds "that Nolan teaches encrypting data stored on a storage medium, wherein different blocks of data are encrypted using encryption keys wherein the keys are derived based on storage Appeal 2006-1980 Application 09/562,333 4 locations of the data [see page 3, lines 1-6]." (Answer 7.) The Appellant makes the following argument. Nolan and Danneels, taken separately or in combination, do not teach and do not suggest basing the cryptoprocessing key on the "content of data stored in selected locations of the system" as claimed in claim 1. Nolan's approach simply utilizes a single location of the tape together with a common key to generate a key to decode data starting at the single location and Danneels merely presumes a unique identifier of a processor. (Br. 11.) Therefore, the issue is whether Nolan would have suggested creating a key based on the content of data stored in selected locations of a data processing and storage system, wherein the content of the data differs from data relating to the locations in which the data are stored. In addressing the issue, the Board conducts a two-step analysis. First, we construe the independent claim at issue to determine its scope. Second, we determine whether the construed claim would have been obvious. III. CLAIM CONSTRUCTION Our analysis begins with construing the claim limitations at issue. In construing the limitations, "[c]laims must be read in view of the specification, of which they are a part." Markman v. Westview Instruments, Inc., 52 F.3d 967, 979, 34 USPQ2d 1321, 1329 (Fed. Cir. 1995) (en banc). Here, claim 1 recites in pertinent part the following limitations: "creating a cryptoprocessing key based on unique features of data present in the data processing and storage system, . . . the unique features including Appeal 2006-1980 Application 09/562,333 5 content of data stored in selected locations in the system." For its part, the Specification explains that "data relating to the installation of the software image is used to create an inventory of data unique to the user-operated computer for use in creating cryptoprocessing keys." (Specification p. 10, ll. 21-23.) "The data may suitably include data relating to locations in which selected elements of the software image are stored, and the contents of the locations." (Id. p. 10, l. 23 â€“ p. 11, l. 1.) Reading the independent claim in view of the Specification, the limitations require creating a key based on the content of data stored in selected locations of a data processing and storage system, wherein the content of the data differs from data relating to the locations in which the data are stored. IV. OBVIOUSNESS DETERMINATIONS "Having determined what subject matter is being claimed, the next inquiry is whether the subject matter would have been obvious." Ex Parte Massingill, No. 2003-0506, 2004 WL 1646421, at *3 (B.P.A.I 2004). "In rejecting claims under 35 U.S.C. Section 103, the examiner bears the initial burden of presenting a prima facie case of obviousness." In re Rijckaert, 9 F.3d 1531, 1532, 28 USPQ2d 1955, 1956 (Fed. Cir. 1993) (citing In re Oetiker, 977 F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992)). "'A prima facie case of obviousness is established when the teachings from the prior art itself would appear to have suggested the claimed subject matter to a person of ordinary skill in the art.'" In re Bell, 991 F.2d 781, 783, 26 USPQ2d 1529, 1531 (Fed. Cir. 1993) (quoting In re Rinehart, 531 F.2d 1048, 1051, 189 USPQ 143, 147 (CCPA 1976)). Appeal 2006-1980 Application 09/562,333 6 Here, Nolan describes "[a]n apparatus 10 for encrypting data to be stored on a tape 11 or other storage medium[, which] includes means 20 to encrypt different blocks of data using respective different keys which are derived from a common key. . . ." (Abs. ll. 1-3.) Although the apparatus derives these keys, we cannot find that the derivation is based on the content of data stored in selected locations of the tape or other storage medium. To the contrary, the passage cited by the Examiner discloses the derivation "as a function of the storage location of the data." (P. 3, ll. 5-6.) The Examiner's aforementioned finding admits as much. Nor does the Examiner allege, let alone show, that the addition of Danneels or Narasimhalu cures the aforementioned deficiency of Nolan. Absent a teaching or suggestion of creating a key based on the content of data stored in selected locations of a data processing and storage system, wherein the content of the data differs from data relating to the locations in which the data are stored, we are unpersuaded of a prima facie case of obviousness. V. CONCLUSION For the aforementioned reasons, we reverse the rejection of claim 1 and the rejections of claims 2-5, which depend therefrom. Besides asking us to reverse the rejections, the Appellant asks that "the application [be] promptly allowed." (Br. 21.) In an ex parte appeal, however, the Board "is basically a board of review - we review . . . rejections made by patent examiners." Ex parte Gambogi, 62 USPQ2d 1209, 1211 (B.P.A.I. 2001). We lack authority to allow claims. It is patent examiners who have the authority to allow claims. M.P.E.P. Â§Â§ 1005, 1302.13. Appeal 2006-1980 Application 09/562,333 7 REVERSED KIS PRIEST & GOLDSTEIN, PLLC 5015 SOUTHPARK DRIVE SUITE 230 DURHAM, NC 27713-7736