Ex Parte Ali et al

Patent Trial and Appeal Board

Aug 11, 2016

10780398 (P.T.A.B. Aug. 11, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE
APPLICATION NO. FILING DATE
10/780,398 02/17/2004
22879 7590 08/15/2016
HP Inc,
3390 E. Harmony Road
Mail Stop 35
FORT COLLINS, CO 80528-9544
FIRST NAMED INVENTOR
Valiuddin Ali
UNITED STATES DEPARTMENT OF COMMERCE
United States Patent and Trademark Office
Address: COMMISSIONER FOR PATENTS
P.O. Box 1450
Alexandria, Virginia 22313-1450
www .uspto.gov
ATTORNEY DOCKET NO. CONFIRMATION NO.
82181201 1614
EXAMINER
WILLIAMS, JEFFERY L
ART UNIT PAPER NUMBER
2495
NOTIFICATION DATE DELIVERY MODE
08/15/2016 ELECTRONIC
Please find below and/or attached an Office communication concerning this application or proceeding.
The time period for reply, if any, is set in the attached communication.
Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the
following e-mail address( es):
ipa.mail@hp.com
barbl@hp.com
yvonne.bailey@hp.com
PTOL-90A (Rev. 04/07)
UNITED STATES PATENT AND TRADEMARK OFFICE
BEFORE THE PATENT TRIAL AND APPEAL BOARD
Ex parte V ALIUDDIN ALI, MANUEL NOVOA,
and MATTHEW J. WAGNER
Appeal2014-007380
Application 10/780,398
Technology Center 2400
Before DAVID M. KOHUT, BRYAN F. MOORE, and
RAMA G. ELLURU, Administrative Patent Judges.
KOHUT, Administrative Patent Judge.
DECISION ON APPEAL
This is a decision on appeal under 35 U.S.C. § 134(a) of the Final
Rejection of claims 1-13, 19-21, 23-28, 30-36, 38--43, 45, and 46. Claims
14--18, 22, 29, 37, and 44 have been canceled. We have jurisdiction under
35 U.S.C. § 6(b).
We AFFIRM-IN-PART.
INVENTION
The invention is directed to recovering a security credential based
upon a response to a query. Spec. i-fi-1 3--4. Claim 1 is representative of the
invention and is reproduced below.
Appeal2014-007380
Application 10/780,398
1. A computer security system, compnsmg:
a processor; and
Ryu
a memory comprising instructions executable by the processor
to:
control access to a secure computer resource by a user via a
client based on a password associated with the user;
present query data on the client, wherein the client comprises
the query data and an associated response;
determine whether a response to the query data is the associated
response; and
retrieve the password from the client if the response to the
query data is the associated response.
REFERENCES
us 6,067,625 May 23, 2000
Thompson EP 1 111 495 Al November 17, 2000
REJECTIONS AT ISSUE
Claims 12, 30, 38, and 43 stand rejected under 35 U.S.C. § 112, first
paragraph, as failing to comply with the written description requirement; and
the specification is objected to, per 37 C.F.R. § 1.75(d), for failing to provide
proper antecedent basis for claims 12, 30, 38, and 43; and. Final Act. 2-3.
Claims 1-13, 19-21, 23-28, 30-36, 38--43, 45, and 46 stand rejected
under 35 U.S.C. § 112, second paragraph, as being indefinite for failing to
particularly point out and distinctly claim the subject matter which the
inventor regards as the invention. Final Act. 3-5.
Claims 1-13, 19-21, 23-26, 30-36, 38, and 39 stand rejected under
35 U.S.C. § 102(b) as anticipated by Ryu. Final Act. 6-9.
2
Appeal2014-007380
Application 10/780,398
Claims 27 and 28 stand rejected under 35 U.S.C. § 103(a) as
unpatentable over the combination of Ryu and Thompson. Final Act. 9-10.
Claims 40-43, 45, and 46 stand rejected under 35 U.S.C. § 103(a) as
unpatentable over Ryu. Final Act. 10-11.
ISSUES
(A) Did the Examiner err in finding that retrieving a new password,
as required by claims 12, 30, 38, and 43, fails to comply with the written
description requirement? 1
(B) Did the Examiner err in finding that the term "secure," as
recited in independent claims 1, 19, 31, and 40 renders the claims indefinite?
(C) Did the Examiner err in finding Ryu discloses retrieving the
password from the client, as required by independent claims 1, 19, and 31?
(D) Did the Examiner err in finding Ryu discloses presenting query
data, as required by independent claims 1, 19, and 3 1?
(E) Did the Examiner err in finding Ryu discloses "wherein the
password retrieved from the client comprises a new password," as recited in
dependent claims 12, 30, and 38?
1 The Examiner objects to Appellants' Specification because Appellants'
Specification fails to provide proper antecedent basis for "retrieving" a new
password as required by claims 12, 30, 38, and 43. Final Act. 2. Appellants
request that we hold the objection in abeyance pending the outcome of our
Decision. As such, the objection remains and we leave it to the Examiner to
readdress the objection upon receipt of this Decision.
3
Appeal2014-007380
Application 10/780,398
(F) Did the Examiner err in finding Ryu teaches "verifying the
decrypted password without accessing a resource external to the computer
device," as recited in independent claim 40?
ANALYSIS
A
Did the Examiner err in finding that retrieving the new password, as
required by claims 12, 3 0, 3 8, and 43, fails to comply with the written
description requirement?
Each of dependent claims 12, 30, 38, and 43 requires retrieving the
new password. The Examiner rejects these claims for failing to comply with
the written description requirement under 35 U.S.C. § 112, first paragraph.
Final Act. 2-3. The Examiner finds that, according to Appellants'
Specification, the terms "retrieve" and "retrieving" are not applicable to the
term "new passwords." See Final Act. 2-3; see also Ans. 3-5; see also
Specification i-fi-f 15, 28. As indicated by the Examiner, Appellants'
Specification lists retrieving a password, i.e., current password, as an
alternative to resetting a password or providing a new password, and, thus,
there is no written description supporting retrieving a new password. See
Ans. 3-5.
Appellants argue that their Specification supports interpreting
retrieving a password as retrieving an existing password or retrieving a new
password. See App. Br. 7-9. Appellants further argue that although their
Specification lists the retrieval of a security credential (e.g., password) and
the generation of a new security credential as options, this does not render
4
Appeal2014-007380
Application 10/780,398
these actions mutually exclusive. Reply Br. 2. We find Appellants'
arguments persuasive.
The claimed subject matter need not be described "in haec verba" in
the original specification in order to satisfy the written description
requirement. In re Wright, 866 F.2d 422, 425 (Fed. Cir. 1989). "Adequate
written description means that the applicant, in the specification, must
'convey with reasonable clarity to those skilled in the art that, as of the filing
date sought, he or she was in possession of the [claimed] invention."'
Agilent Techs., Inc. v. Ajjj;metrix, Inc., 567 F.3d 1366, 1379 (Fed. Cir. 2009)
(citation omitted) (brackets in original), reh 'g en bane denied Sept. 18, 2009.
The skilled artisan reading Appellants' Specification would recognize
that the terms "retrieve" and "retrieving" are applicable to new passwords,
as well as current passwords. Accordingly, we do not sustain the rejection
of claims 12, 30, 38, and 43 under 35 U.S.C. § 112, first paragraph.
B
Did the Examiner err in finding the term "secure, " as recited in
independent claims 1, 19, 31, and 40, renders the claims indefinite?
Each of independent claims 1, 19, 31, and 40 recites "a secure
computer resource." Appellants argue the term "secure resource," as used in
Appellants' Specification, describes an object that requires a password or
other type of security credential in order to be accessed, booted, or powered-
on. App. Br. 11. Appellants further argue that Appellants' application
"clearly regards the access or unlocking of a computer resource that refer to
'secured' resources to indicate that a security credential is required to access
or unlock that particular resource." Reply Br. 3.
5
Appeal2014-007380
Application 10/780,398
The Examiner finds that the scope of the term "secure" is not
specifically defined in Appellants' Specification, and, thus, renders claims 1,
19, 31, and 40 indefinite. Final Act. 4; Ans. 9-10. As stated by the
Examiner, Appellants' "usage of the term 'secure' within the claims, without
disclosing within the [] specification a clear and reasonable basis for
determining scope of this relative and subjective term, renders the claims
indefinite." Ans. 10. We disagree.
When a subjective term is used in a claim, the Examiner should
determine whether the Specification supplies some standard for measuring
the scope of the term. See in re J\1usgrave, 431F.2d882) 893 (CCPA 1970);
see also Datami::e, LLC v. Phantree Software, Inc., 417 F,3d 1342, 1350
(Fed. Cir. 2005)); see also Interval Licensing LLC v. AOL, Inc., 766 F.3d
1364, 1373 (Fed. Ck 2014). Furthermore, during patent examination, the
pending claims must be "given their broadest reasonable interpretation
consistent with the specification_'~ Phillips v. /1 FVll Cmp., 415 F.3d 1303,
1 "16- 'f' i c· }o·os· 1j ! ec ..ff .. ~_,).
Here, as argued by Appellants, the Specification provides several
examples of a secured resource referring to a resource that requires a
security credential to access or unlock the resource. App. Br. 9-12; Reply
Br. 3. We find these examples and associated descriptions provide some
standard for measuring the scope of the term "secured resource." And,
under the broadest reasonable interpretation consistent with Appellants'
Specification, we find that the term "secured resource" would be interpreted
in accordance with the scope set out by Appellants. Accordingly, we do not
sustain the 35 U.S.C. § 112, second paragraph rejection of claims 1, 19, 31,
and 40 or claims 2-13, 20, 21, 23-28, 30, 32-36, 38, 39, 41--43, 45, and 46
6
Appeal2014-007380
Application 10/780,398
that are dependent upon one of the independent claims and are not argued
separately with particularity.
c
Did the Examiner err in finding Ryu discloses retrieving the password
from the client, as required by independent claims 1, 19, and 31?
Each of independent claims 1, 19, and 31 requires retrieving the
password from the client. The Examiner finds that Ryu discloses the
limitation. Ans. 12. Specifically, the Examiner finds that Ryu discloses
retrieving an encrypted password from the client and providing the
encrypted password to a user. Ans. 12; see Ryu, col. 2, 11. 38--42.
Appellants argue that Ryu's password is decoded at a manufacturer's
service center prior to being returned to the user. App. Br. 15-16.
Therefore, Appellants contend that Ryu does not teach retrieving a password
from the client, but rather retrieving the password from the manufacturer's
service center. App. Br. 15-16. We disagree with Appellants.
As indicated by the Examiner (Ans. 12), the claims do not specifically
require that the password retrieved from the client must be decrypted. As a
result, we find that as long as a password is retrieved from the client it does
not matter whether the password is encrypted or not.
Because there is no dispute that Ryu discloses retrieving an encrypted
password from the client, we are not persuaded that the Examiner erred in
finding that Ryu discloses the disputed limitation.
7
Appeal2014-007380
Application 10/780,398
D
Did the Examiner err in finding Ryu discloses presenting "query
data, " as recited in independent claims 1, 19, and 31?
Each of independent claims 1, 19, and 31 requires presenting query
data, and retrieving a password if a response to the query data is associated
with the query data. Appellants contend that because the claimed query
data, as described in the Specification, is based on a user's previous
selection from one of several questions, the query data can be varied based
on user selection. App. Br. 16; see also Spec. p. 6, 11. 3-5. Based on this
contention, Appellants argue Ryu does not disclose query data because Ryu
asks users to provide an identification number which is limited to a numeric
response and does not provide the option for the user to vary the query data.
App. Br. 17. We disagree with Appellants as Appellants' argument is not
commensurate with the scope of the claims.
The Examiner finds, and we agree, none of claims 1, 19, or 31 recites
or requires options for a user to vary the query data. Ans. 15-16. Instead,
the claims merely require query data to be presented. As a result, the
Examiner's finding that presenting data to a user in the form of a prompt,
question, or inquiry so as to elicit a response from the user, as disclosed in
Ryu, discloses presenting query data as claimed. Id. Accordingly, we are
not persuaded of Examiner error.
For all of the reasons indicated above in headings C and D, we sustain
the Examiner's 35 U.S.C. § 102(b) rejection of independent claims 1, 19,
and 31 as anticipated by Ryu. Additionally, we sustain the Examiner's 35
U.S.C. § 102(b) rejection of claims 2-11, 13, 20, 21, 23-26, 32-36, and 39
8
Appeal2014-007380
Application 10/780,398
as anticipated by Ryu because the claims depend from one of the
independent claims and are not argued separately with particularity.
Appellants also argue that the Examiner's rejection of claims 27 and
28 over the combination of Ryu and Thompson is in error. App. Br. 18-19.
Specifically, Appellants contend that Thompson does not make up for the
deficiencies argued in reference to Ryu, above. App. Br. 18-19. As
indicated above, we have not been persuaded that the Examiner erred in
finding that any of the disputed limitations were disclosed by Ryu. Thus, we
sustain the Examiner's rejection of claims 27 and 28 under 35 U.S.C. §
103(a) as obvious over the combination of Ryu and Thompson for the same
reasons indicated above with respect to claims 1, 19, and 31.
E
Did the Examiner err in finding Ryu discloses "wherein the password
retrieved from the client comprises a new password, " as recited in
dependent claims 12, 30, and 38?
Appellants argue that Ryu does not teach retrieving a new password
from the client. App. Br. 17. Instead, Appellants contend that Ryu only
allows the user to set or change the password. App. Br. 17. Thus,
Appellants contend that the new password is not retrieved from the client.
App. Br. 17. We agree.
Initially, the Examiner notes that Appellants' arguments are
unpersuasive because the Examiner rejected the claims under 35 U.S.C. §
112, first paragraph. Ans. 17. However, as indicated above, we have
reversed that rejection over these claims.
Next, the Examiner finds that Appellants' arguments are not
commensurate with the scope of the claim because the claims do not require
9
Appeal2014-007380
Application 10/780,398
that the new passwords are generated for the user. Ans. l 7. While we agree
with the Examiner as to the scope of the claims, we do not agree that there is
anything in Ryu's abstract that specifically teaches retrieving the newly
established or changed password from the client, as required by the claims.
Lastly, we also disagree with the Examiner's interpretation (Ans. 17)
that if a password was recently reset and forgotten, that Ryu discloses the
retrieval of that "new" password. Interpreting the claim in this fashion
would essentially make the term "new" superfluous. See Mangosoft, Inc. v.
Oracle Corp., 525 F.3d 1327, 1330-31 (Fed. Cir. 2008) (rejecting claim
construction that would render a claim term superfluous); See also Stumbo v.
Eastman Outdoors, Inc., 508 F.3d 1358, 1362 (Fed. Cir. 2007) (denouncing
claim constructions that render phrases in claims superfluous).
For the reasons indicated above, we do not sustain the rejection of
claims 12, 30, and 38, under 35 U.S.C. § 102(b).
F
Did the Examiner err in finding Ryu teaches "verifYing the decrypted
password without accessing a resource external to the computer device, " as
recited in independent claim 40?
Independent claim 40 recites "enable the user to retrieve the password
from the computing device upon verifying the decrypted password without
accessing a resource external to the computer device." Claims 41-43, 45,
and 46 are dependent upon claim 40.
Appellants argue Ryu does not teach the disputed limitation because
the only teaching in Ryu of verifying a decrypted password is via a
manufacturer's service center (external resource). See App. Br. 20; see Ryu
col. 2, 11. 38--42; col. 4, 11. 63---65. We agree with Appellants.
10
Appeal2014-007380
Application 10/780,398
The Examiner finds Ryu teaches verifying a decrypted (previously
encrypted) password from an external resource. See Final Action 10-11; see
also Ans. 20. The Examiner further finds, relying upon Ryu column 5, lines
10-21, that this teaching can be modified to remove the step of encrypting
and verify an unencrypted password without accessing an external resource.
See Ans. 20. Although the Examiner finds Ryu teaches verifying an
unencrypted password without accessing an external resource, the Examiner
has not shown, nor do we find, a teaching or suggestion in Ryu of verifying
a decrypted password without accessing an external resource.
Accordingly, we do not sustain the rejection of claim 40 under
35 U.S.C. § 103.
CONCLUSION
(A) The Examiner erred in finding that retrieving a new password,
as required by claims 12, 30, 38, and 43, fails to comply with the written
description requirement.
(B) The Examiner erred in finding that the term "secure," as recited
in independent claims 1, 19, 31, and 40, renders the claims indefinite.
(C) The Examiner did not err in finding Ryu discloses retrieving the
password from the client, as required by independent claims 1, 19, and 31.
(D) The Examiner did not err in finding Ryu discloses presenting
query data, as required by independent claims 1, 19, and 31.
(E) The Examiner erred in finding Ryu discloses "wherein the
password retrieved from the client comprises a new password," as recited in
dependent claims 12, 30, and 38.
11
Appeal2014-007380
Application 10/780,398
(F) The Examiner erred in finding Ryu teaches "verifying the
decrypted password without accessing a resource external to the computer
device," as recited in independent claim 40.
SUMMARY
The Examiner's decision to reject claims 12, 30, 38, and 43 under
35 U.S.C. § 112, first paragraph, is reversed.
The Examiner's decision to reject claims 1-13, 19-21, 23-28, 30-36,
38--43, 45, and 46 under 35 U.S.C. § 112, second paragraph, is reversed.
The Examiner's decision to reject claims 1-11, 13, 19-21, 23-26,
31-36, and 39 under 35 U.S.C. § 102(b) is affirmed.
The Examiner's decision to reject claims 12, 30, and 38 under
35 U.S.C. § 102(b) is reversed.
The Examiner's decision to reject claims 27 and 28 under
35 U.S.C. § 103(a) is affirmed.
The Examiner's decision to reject claims 40-43, 45, and 46 under
35 U.S.C. § 103(a) is reversed.
No time period for taking any subsequent action in connection with
this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv).
AFFIRMED-IN-PART
12