11155765 (P.T.A.B. Feb. 26, 2013)

Ex Parte Aittola et al

Patent Trial and Appeal BoardFeb 26, 2013

11155765 (P.T.A.B. Feb. 26, 2013)

UNITED STATES PATENT AND TRADEMARKOFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/155,765 06/20/2005 Mikko Aittola 088245-1102 4393 23524 7590 02/27/2013 FOLEY & LARDNER LLP 3000 K STREET N.W. SUITE 600 WASHINGTON, DC 20007-5109 EXAMINER SCHMIDT, KARI L ART UNIT PAPER NUMBER 2439 MAIL DATE DELIVERY MODE 02/27/2013 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte MIKKO AITTOLA, LAURI LAHTINEN, and KALLE TAMMI ____________ Appeal 2010-010540 Application 11/155,7651 Technology Center 2400 ____________ Before JOSIAH C. COCKS, THOMAS L. GIANNETTI, and JAMES B. ARPIN, Administrative Patent Judges. ARPIN, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 56-58, 60, 61, 64-70, 74, 75, 77, 79-83, 85, 86, 89-95, 98, 99, 101, 103-107, and 109-112. Claims 1-55, 59, 62, 63, 71-73, 76, 78, 84, 1 Although Appellants identify Spyder Navigations L.L.C. as the real party in interest in the Appeal Brief, we note that Spyder Navigations L.L.C. has assigned this application to Intellectual Ventures I L.L.C. Appeal 2010-010540 Application 11/155,765 2 87, 88, 96, 97, 100, 102, and 108 are cancelled. App. Br. 2.2 We have jurisdiction under 35 U.S.C. § 6(b). We reverse. Pursuant to our authority under 37 C.F.R. § 41.50(b), however, we enter a new ground of rejection. We reject claim 56 under 35 U.S.C. § 101. INVENTION Appellants’ invention relates to methods, communication devices, intermediary communication devices, communication systems, and computer storage media for providing security of operations in a communication between two peer entities. See generally Spec., ¶ [0001]. Claim 56 is illustrative and is reproduced below with the disputed element emphasized: 56. A method for providing security in a communication system, the method comprising: receiving a request for an operation from a first peer entity at a second peer entity, wherein the request includes an identity of the first peer entity; validating the identity of the first peer entity at the second peer entity by comparing the identity to a test identity associated with a transport address from which the request was received; and comparing the request to a permission list at the second peer entity, wherein the permission list comprises allowable operations of the first peer entity. The Examiner relies on the following as evidence of unpatentability: Giaretta US 2007/0230453 A1 Oct. 4, 2007 (filed Feb. 6, 2004) 2 Throughout this opinion, we refer to (1) the Appeal Brief (App. Br.) filed March 18, 2010; (2) the Examiner’s Answer (Ans.) mailed May 17, 2010; and (3) the Reply Brief (Reply Br.) filed July 16, 2010. Appeal 2010-010540 Application 11/155,765 3 ROY, MARK’ DIAMETER EXTENDS REMOTE AUTHENTICATION, NETWORKWORLD 1-3 (JAN. 1, 2000). MICROSOFT COMPUTER DICTIONARY 42 (ALEX BLANTON ED., MICROSOFT PRESS 2002). CALHOUN, P. ET AL., RFC 3588: DIAMETER BASE PROTOCOL, 1-138 (SEPT. 2003) (hereinafter “RFC 3588”). THE REJECTION The Examiner rejected claims 56-58, 60, 61, 64-70, 74, 75, 77, 79-83, 85, 86, 89-95, 98, 99, 101, 103-107, and 109-112 under 35 U.S.C. § 102(e) as anticipated by Giaretta. Ans. 3-9. ANTICIPATION REJECTION BY GIARETTA Regarding illustrative claim 56, the Examiner finds that Giaretta discloses each and every element of the claimed invention. Id. at 3-4. In particular, the Examiner finds that Giaretta discloses a procedure for authenticating a mobile node (Giaretta, ¶¶ [0081], [0095]-[0098]) and a procedure for authorizing access to a service using attribute value pairs (AVPs), which includes the storage of identifiers, such as a user name and a Network Access Identifier (NAI), or a user name and a Home Address (HoA) (Id. at [0120]-[0132]). Ans. 4. The Examiner concludes that these disclosures would “suggest” to a person of ordinary skill in the art to perform authentication based on a comparison of a user identity and a test identity associated with a transport address. Ans. 11. Appellants argue that Giaretta fails to disclose validating the identity of a first peer entity by comparing the identity of the first peer entity to a test identity associated with a transport address from which the first peer entity’s request was received. App. Br. 8-12. Further, Appellants argue that the Appeal 2010-010540 Application 11/155,765 4 Examiner misinterprets the authentication and authorization steps of Giaretta. Id. at 12-15. Finally, Appellants argue that the Examiner applies the incorrect standard for demonstrating anticipation. Reply Br. 6-7. ISSUE Under 35 U.S.C. § 102, has the Examiner erred in rejecting claim 56 by finding that Giaretta discloses “validating the identity of the first peer entity at the second peer entity by comparing the identity to a test identity associated with a transport address from which the request was received”?3 ANALYSIS Based on the record before us, we find error in the Examiner’s anticipation rejection of representative claim 56 which calls for, in pertinent part, “validating the identity of the first peer entity at the second peer entity by comparing the identity to a test identity associated with a transport address from which the request was received.” App. Br. 20. “A claim is anticipated only if each and every element as set forth in the claim is found, either expressly or inherently described, in a single prior art reference.” Verdegaal Bros., Inc. v. Union Oil Co. of Cal., 814 F.2d 628, 631 (Fed. Cir. 1987) (emphasis added). 1. Failure to Disclosure of Every Element. The Examiner acknowledges that the dispositive issue in this appeal is “whether [in addition to the user identity,] Giaretta performs the authentication based on an associated transport address as well.” Ans. 10. 3 Appellants raise a second issue regarding whether the Examiner erred in finding that Giaretta discloses the additional element of dependent claim 64 or the corresponding elements of claims 74, 89, and 103. Because the reversal of the rejection of independent claims 56, 74, 81, and 98 is dispositive, we do not reach this second issue. Appeal 2010-010540 Application 11/155,765 5 As noted above, Appellants’ claim 56 recites a step of “validating” the identity of a first peer entity at a second peer entity by performing the sub- step of “comparing” the identity of the first peer entity to a test identity. Moreover, the test identity is associated with a transport address, e.g., an Internet Protocol (IP) address (Spec., ¶ [0042]), of the first peer entity. App. Br. 8-9, 14; Reply Br. 5. Referring to Figure 2, Appellants describe the “validating” step of claim 56 as a step for determining whether the identity of the first peer entity (e.g., AS1) is valid by comparing the identity and its IP address to a test identity included on a preconfigured “security config table.” Spec., ¶¶ [0044]-[0045], [0049]. Once the identity of the first peer entity has been validated by this comparison, the request is compared to the permissions list to determine whether the first peer entity has permission to use (is granted access to) the requested operation. Id. at [0046], [0050]. The Examiner relies upon RFC 3588’s definition of the terms “authentication” and “authorization.” Ans. 4; Final Rej. 6. Specifically, authentication is “[t]he act of verifying the identity of an entity (subject),” and authorization is “[t]he act of determining whether a requesting entity (subject) will be allowed access to a resource (object).” RFC 3588, 13.4 We agree. In view of these definitions and the Specification (¶¶ [0003]-[0005], [0063]), we construe the “validating” step of Appellants’ claim 56, including the sub-step of “comparing the identity to a test identity associated with a 4 The Examiner cites to another definition of “authentication” in the Microsoft Computer Dictionary. Ans. 10. We find this definition consistent with RFC 3588’s definitions, in that it defines authentication as the process of validating a user’s identity, e.g., logon information, and describes a subsequent grant of access, i.e., authorization, based on a permission list. Id. Appeal 2010-010540 Application 11/155,765 6 transport address from which the request was received,” to describe an authentication procedure. The Examiner finds that Giaretta describes an authentication procedure by which the identity of a first peer entity (e.g., a mobile node MN) is validated at a second peer entity (e.g., the AAA server). Ans. 4 (citing Giaretta, ¶¶ [0081], [0095]-[0098]). We agree. The Examiner further finds that Giaretta describes an authorization procedure by which a user’s authorization level is determined from stored identifiers, e.g., attribute value pairs (AVPs). Id. (citing Giaretta, ¶¶ [0120]-[0132]). Again, we agree. Although Giaretta describes both an authentication procedure and an authorization procedure, and despite the different definitions for each term in the relevant art, the Examiner contends that the terms are used interchangeably in the art. Id. at 13. We do not agree with this contention. Giaretta further describes that the AVPs, including a “User Name AVP with the user’s [Network Access Identifier (NAI)],” are sent by the AAA Server to a Home Agent and that the Home Agent stores these AVPs in a Service Authorization Cache. Giaretta, ¶¶ [0121], [0125], [0126]. Consequently, the Examiner concludes that, because the Home Agent stores particular information, including the NAI and Home Address (HoA) of the mobile node for authorization purposes, the storage of this information would suggest to a person of ordinary skill to compare this transport address-type information to authenticate the user’s identity. Ans. 11. We do not agree with this conclusion. As Appellants note, Giaretta merely discloses the storage of this information, and the Examiner fails to demonstrate that Giaretta’s AVPs are compared for the purpose of authenticating (validating) the identity of the Appeal 2010-010540 Application 11/155,765 7 mobile node MN. App. Br. 11-12. Moreover, Appellants argue that the Examiner has misinterpreted Giaretta’s description of the storage of AVPs, including information corresponding to transport addresses (see Ans. 10), as related to an authentication procedure. App. Br. 12-14. Instead, Appellants argue that the various AVPs stored in Giaretta’s Service Authorization Cache are used in an authorization procedure, rather than an authentication procedure. Id. at 13. We agree with the Appellants’ analysis of this aspect of Giaretta as directed to authorization, not authentication. We find that the Examiner fails to demonstrate that Giaretta discloses the comparison of two identities, together with associated transport address-type information, to authenticate the user’s identity. 2. Improper Anticipation Standard. We also find that the Examiner applies an incorrect standard for demonstrating anticipation. See Reply Br. 6-7. In particular, the Examiner finds that “the authentication in Giaretta takes place using attribute value pairs (AVP), which could include a user identity and some-type of network address.” Ans. 10 (emphasis added). Further the Examiner finds that “one of ordinary skill in the art could reasonably construe the disclosure of Giaretta as validating the identity of the first peer identity at the second peer entity by [the comparing sub-step of the disputed limitation].” Id. at 12 (emphasis added). Similarly, regarding the storage of AVPs on Giaretta’s Service Authorization Cache, the Examiner contends that “one of ordinary skill in the art could reasonably conclude that the authentication data is stored on the home agent as a comparison point for when mobile nodes attempt to authenticate for the Mobile IP service.” Id. (emphasis added). Reliance upon what a reference “could” disclose, however, is not the Appeal 2010-010540 Application 11/155,765 8 standard for demonstrating anticipation.5 Thus, we find that the Examiner fails to demonstrate that Giaretta discloses, expressly or inherently, the validation of the identity “by comparing the identity to a test identity associated with a transport address from which the request was received.” 3. Improper Reliance on Roy. The Examiner finds that, even if Giaretta fails to describe the recited “validating” step of claim 56, Roy discloses this missing element of the claim. Ans. 11. Nevertheless, the Examiner may not rely on multiple references to supply missing elements in an anticipation rejection. See MPEP § 2131.01. The Examiner’s reliance on Roy to supply an element of Appellants’ claim 56 that is missing from Giaretta is not permissible in an anticipation rejection. Thus, we agree with Appellants that the Examiner’s reliance on Roy here is not proper. App. Br. 15-16; Reply Br. 12. In addition, we find that the Examiner has failed to clearly state the basis for the reliance on Roy. In re Hoch, 428 F.2d 1341, 1342 n. 3 (CCPA 1970) (“Where a reference is relied on to support a rejection, whether or not in a ‘minor capacity,’ there would appear to be no excuse for not positively including that reference in the statement of the rejection.”). Therefore, we find that the Examiner’s reliance upon Roy is improper. Nevertheless, to the extent that Roy is before us, we find the Examiner’s findings regarding Roy’s disclosure unpersuasive. The Examiner relies on step 2 of Roy’s figure to supply the missing elements of Giaretta. Ans. 11. In step 1, Roy describes that “[t]he user requests services from the 5 The Examiner’s reliance on Merck & Co. v. Biocraft Laboratories, 874 F.2d 804 (Fed. Cir. 1989), is unavailing. Ans. 12-13. In Merck, the Court considered whether a reference could be applied for what it suggested, as well as for what it taught, in an obviousness rejection. 874 F.2d at 807-08. Appeal 2010-010540 Application 11/155,765 9 remote ISP, which in turn requests the user’s credentials.” Roy, 3. In step 2, Roy describes that “[t]he user submits ID, password and the IP address of his home-agent ISP. The remote server performs mutual authentication with the home-agent ISP, and then forwards the user’s credentials.” Id. (emphasis added.) Thus, Roy fails to disclose the “validating” step, as recited in claim 56, which is missing from Giaretta. App. Br. 16. For the foregoing reasons, Appellants have persuaded us of error in the anticipation rejection of: (1) independent claim 56; (2) independent claims 74, 81, 98, 105, 110, and 112, which recite elements commensurate with the disputed element of claim 56; and (3) dependent claims 57, 58, 60, 61, 64-70, 75, 77, 79, 80, 82, 83, 85, 86, 89-95, 99, 101, 103, 104, 106, 107, 109, and 111. NEW GROUNDS OF REJECTION OF CLAIM DIRECTED TO UNPATENTABLE SUBJECT MATTER ANALYSIS In independent claim 56, Appellants recite three steps: “receiving” a request, “validating” the identity of the first peer entity that sent the request, and “comparing” the request to a permission list. Under the broadest reasonable interpretation, the three steps of claim 56 read on a process that could be performed in the human mind, or by a human using a pen and paper. See CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366, 1371, 1372 (Fed. Cir. 2011) (determining that a method for verifying the validity of a credit card transaction over the Internet is nonstatutory as an abstract idea capable of being performed in the human mind or by a human using a pen and paper). “[M]ental processes–or processes of human thinking–standing alone are not patentable even if they have practical Appeal 2010-010540 Application 11/155,765 10 application.” In re Comiskey, 554 F.3d 967, 979 (Fed. Cir. 2009); see also Gottschalk v. Benson, 409 U.S. 63, 67 (1972) (“Phenomena of nature . . . , mental processes, and abstract intellectual concepts are not patentable, as they are basic tools of scientific and technological work.” (emphasis added)). The U.S. Supreme Court acknowledges that the machine-or- transformation test is a “useful and important clue or investigative tool” for determining patent eligibility under § 101. Bilski v. Kappos, 130 S.Ct. 3218, 3221 (2010). In this regard, we note that none of the recited steps refers to a specific machine by reciting structural limitations of any apparatus or to any specific operations that would cause a machine to be the mechanism to perform these steps. App. Br. 20. In view of the Supreme Court’s guidance in Bilski, and that of the Federal Circuit in CyberSource, we conclude that independent claim 56 is directed to an unpatentable mental process. Although we decline to reject every claim, or even every independent claim, under our discretionary authority under 37 C.F.R. § 41.50(b), we emphasize that our decision does not mean that the remaining claims are patentable. Rather, we merely leave the patentability determination with respect to the remaining claims to the Examiner. See MPEP § 1213.02. CONCLUSION The Examiner erred in rejecting claims 56-58, 60, 61, 64-70, 74, 75, 77, 79-83, 85, 86, 89-95, 98, 99, 101, 103-107, and 109-112 under § 102(e). Pursuant to our authority under 37 C.F.R. § 41.50(b), we reject claim 56 under § 101, as directed to non-statutory subject matter. Appeal 2010-010540 Application 11/155,765 11 DECISION The Examiner’s decision rejecting claims 56-58, 60, 61, 64-70, 74, 75, 77, 79-83, 85, 86, 89-95, 98, 99, 101, 103-107, and 109-112 is reversed. We reject claim 56 under § 101, as directed to non-statutory subject matter. According to § 41.50(b), “[a] new ground of rejection pursuant to this paragraph shall not be considered final for judicial review.” Further, § 41.50(b) also provides that Appellants, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new grounds of rejection to avoid termination of the appeal as to the rejected claims: (1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the proceeding will be remanded to the examiner. . . . (2) Request rehearing. Request that the proceeding be reheard under § 41.52 by the Board upon the same record. . . . No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). REVERSED 37 C.F.R. § 41.50(b) rwk