11234031 (P.T.A.B. Nov. 21, 2014)

Ex Parte Frank

Patent Trial and Appeal BoardNov 21, 2014

11234031 (P.T.A.B. Nov. 21, 2014)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/234,031 09/22/2005 Edward H. Frank 2875.0730001 2161 26111 7590 11/24/2014 STERNE, KESSLER, GOLDSTEIN & FOX P.L.L.C. 1100 NEW YORK AVENUE, N.W. WASHINGTON, DC 20005 EXAMINER VAUGHAN, MICHAEL R ART UNIT PAPER NUMBER 2431 MAIL DATE DELIVERY MODE 11/24/2014 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte EDWARD H. FRANK ____________________ Appeal 2012-001981 Application 11/234,031 Technology Center 2400 ____________________ Before LEE E. BARRETT, JEAN R. HOMERE, and DANIEL J. GALLIGAN, Administrative Patent Judges. GALLIGAN, Administrative Patent Judge. DECISION ON APPEAL Appellant1 seeks our review under 35 U.S.C. § 134(a) of the Examiner’s Final Rejection of claims 1–36, which are all the claims pending in this application. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE.2 1 The Appeal Brief identifies Broadcom Corp. as the real party in interest. App. Br. 3. 2 Our Decision refers to Appellant’s Appeal Brief filed on February 28, 2011 (“App. Br.”); Appellant’s Reply Brief filed July 11, 2011 (“Reply Br.”); Examiner’s Answer mailed May 11, 2011 (“Ans.”); and original Specification filed September 22, 2005 (“Spec.”). Appeal 2012-001981 Application 11/234,031 2 STATEMENT OF THE CASE Claims on Appeal Appellant’s application relates to policy-based authentication for data security and access to data and functions of a computing device. Spec. 1, 6. Claims 1, 12, 21, 28, 32, 33, and 34 are independent claims. Claim 1 is reproduced below. 1. A mobile device configured to perform a plurality of functions comprising: a memory for storing a plurality of different security policies, wherein each of the plurality of different security policies has a corresponding security requirement, wherein each of the plurality of functions has an associated security policy, wherein each security requirement requires either authentication or encryption of data associated with the function of the corresponding security policy; an input device for invoking a function from the plurality of functions by a user; a processor for implementing a first security policy from the stored plurality of different security policies associated with the invoked function; and a security module for requiring the user to satisfy a security requirement corresponding to the first security policy, before the invoked function is performed by the mobile device. Examiner’s Rejections Claims 1–9, 11–18, 20–22, 24, 25, 27–29, and 31–35 stand rejected under 35 U.S.C. § 102(e) as being unpatentable over Wright.3 Ans. 3–7. Claims 10, 19, 26, 30, and 36 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Wright and Rosenthal.4 Ans. 7–8. 3 Wright et al., U.S. Patent App. Publication No. 2004/0123153 A1, published June 24, 2004 (hereinafter “Wright”). Appeal 2012-001981 Application 11/234,031 3 ANALYSIS Appellant contends that Wright does not disclose the limitation of claim 1 reciting “a security module for requiring the user to satisfy a security requirement corresponding to the first security policy, before the invoked function is performed by the mobile device.” App. Br. 14–15, 18–19. In particular, Appellant argues that the user verification scheme of paragraph 52, on which the Examiner relied in the rejection, is not specific to a function of the mobile device but, rather, is used to retrieve the security policy at the mobile device. App. Br. 19. Therefore, Appellant argues: “Because the username and password verification scheme in paragraph 52 occurs before the security policy is even received by the mobile device, it cannot be a security requirement corresponding to the security policy as claimed.” App. Br. 19. We are persuaded by Appellant’s arguments. Wright discloses using authorization protocols, for “the exchange of security information or diagnostic information or both” between the server and the client mobile device. Wright ¶ 59. Wright discloses “the authorization module 232 authorizes a communication exchange between the client mobile device and the policy distribution or policy management modules.” Wright ¶ 52. Wright further discloses that the policy distribution module 234 distributes security information, such as security policies, to mobile devices. Wright ¶ 51. Therefore, with respect to security policy verification, Wright discloses user verification in the process of downloading a security policy to the mobile device, as Appellant argues, not user verification for performing 4 Rosenthal et al., U.S. Patent No. 7,162,428 B1, issued Jan. 9, 2007 (hereinafter “Rosenthal”). Appeal 2012-001981 Application 11/234,031 4 the user-invoked function pursuant to an existing security policy. Therefore, the disclosure relied upon by the Examiner is insufficient to support the Examiner’s findings with respect to this claim limitation. See Ans. 4 (citing Wright ¶¶ 52, 59). Based on the foregoing, we do not sustain the rejection of claim 1. The Examiner rejected claims 12 and 32 for the same reasons as claim 1. Ans. 3–4. As such, we do not sustain the rejection of claims 12 and 32. Claim 21 recites a similar limitation: “a security module for requiring the user to satisfy the implemented security requirement, before the invoked function is performed by the mobile device.” App. Br. 30. In the rejection of claims 21, 28, and 33, the Examiner also cited paragraph 52 of Wright and provided further explanation: From the numerous examples and embodiments, it’s clear that the mobile device of Wright dynamically changes the functions which a user can do based on the location of the device. And the user must at times input authorization information to further his/her access to data. The mobile device determines its location and adjusts the function that the user can do. And if needed, requests identifying information from said user in order to perform said function. Ans. 5. Based on our discussion of the disclosure of paragraph 52 of Wright above, we find that the evidence of record is not sufficient to support the Examiner’s findings. Therefore, we do not sustain the rejection of claims 21, 28, and 33. Claim 34 also recites a similar limitation: “a security module for authorizing the user to invoke the function only after satisfying a security requirement associated with the function by either authenticating the user or encrypting data associated with the function.” App. Br. 33. In the rejection, the Examiner cited paragraphs 52 and 58 of Wright without explanation. Appeal 2012-001981 Application 11/234,031 5 Ans. 7. For the reasons discussed above, the Examiner’s rejection of claim 34 also is not supported by the evidence. Based on the foregoing, the rejection of dependent claims 2–9, 11, 13–18, 20, 22, 24, 25, 27, 29, 31, and 35 under 35 U.S.C. § 102(e) also is not sustained. The Examiner rejected dependent claims 10, 19, 26, 30, and 36 under 35 U.S.C. § 103(a) as obvious over Wright and Rosenthal. Ans. 7–8. The Examiner has not relied on Rosenthal to address the deficiencies of Wright discussed above. As such, we do not sustain the rejection of these claims under 35 U.S.C. § 103(a). Accordingly, the Examiner’s rejections of claims 1–36 are not sustained.5 DECISION We reverse the Examiner’s rejections of claims 1–36. REVERSED kme 5 It appears Appellant inadvertently omitted from its arguments the rejection of claim 23, which depends from claim 22, which in turn depends from independent claim 21. The Answer also does not include the rejection of claim 23, although the Final Rejection addresses claim 23. See Final Rejection (mailed July 6, 2010) at 10. Because we do not sustain the rejection of claims 21 and 22, we also do not sustain the rejection of claim 23.