12212368 (P.T.A.B. Aug. 5, 2016)

Ex Parte Gustave et al

Patent Trial and Appeal BoardAug 5, 2016

12212368 (P.T.A.B. Aug. 5, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 12/212,368 09/17/2008 48116 7590 FAY SHARPE/LUCENT 1228 Euclid Avenue, 5th Floor The Halle Building Cleveland, OH 44115-1843 08/09/2016 FIRST NAMED INVENTOR Christophe Gustave UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. LUTZ 200603US01 1194 EXAMINER PEARSON, DAVID J ART UNIT PAPER NUMBER 2438 NOTIFICATION DATE DELIVERY MODE 08/09/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): docketing@faysharpe.com ipsnarocp@nokia.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Exparte CHRISTOPHE GUSTAVE, VINOD CHOYI, and SHU-LIN CHEN Appeal2014-007982 Application 12/212,3 68 Technology Center 2400 Before JOSEPH L. DIXON, LARRY J. HUME, and JOHN D. HAMANN, Administrative Patent Judges. DIXON, Administrative Patent Judge. DECISION ON APPEAL Appeal2014-007982 Application 12/212,3 68 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. Â§ 134(a) from a rejection of claims 1-18. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We affirm. The claims are directed to a reliable authentication of message sender's identity. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. In a telecommunications network, a method for authenticating a sender of a message to a recipient of the message, said method comprising: (a) registering the sender with a trusted certificate authority (CA), said registering including providing the CA with (i) identification information identifying the sender and (ii) a public key of the sender; (b) creating an authentication certificate including the sender's identification information and the sender's public key; ( c) signing the certificate with a private key of the CA; ( d) provisioning a message sending device of the sender with the certificate that was signed with the private key of the CA; ( e) provisioning a message receiving device of the recipient with a public key of the CA, said CA's public key being a corresponding counterpart to the CA's private key; (f) generating a signature with a private key of the sender, said sender's private key being a corresponding counterpart for the sender's public key; (g) sending a message from sender's message sending device, said message including the certificate and the signature; 2 Appeal2014-007982 Application 12/212,3 68 (h) retrieving the message with the recipient's message receiving device; (i) using the CA's public key with which the recipient's receiving device was provisioned to obtain the sender's public key from the certificate received in the retrieved message; and, U) using the sender's public key obtained from the certificate received in the retrieved message to verify the signature generated with the sender's private key. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Van Oorschot Robertson Hung Logan et al. US 6,370,249B1 US 2005/0228864 Al US 2008/0022110 Al US 2008/0256072 Al REJECTIONS Apr. 9, 2002 Oct. 13, 2005 Jan.24,2008 Oct. 16, 2008 The Examiner made the following rejections: Claims 1-3, 7-9, and 13-15 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Robertson in view of Logan. Claims 4, 5, 10, 11, 16, and 17 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over the combination of Robertson and Logan as applied to claims 3, 9, and 15 above, and further in view of Hung. Claims 6, 12, and 18 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over the combination of Robertson, Logan, and Hung as applied to claims 5, 11, and 17 above, and further in view of Van Oorschot. 3 Appeal2014-007982 Application 12/212,3 68 ANALYSIS We have reviewed the Examiner's rejections in light of Appellants' arguments the Examiner erred. We disagree with Appellants' arguments, and we adopt as our own ( 1) the pertinent findings and reasons set forth by the Examiner in the action from which this appeal is taken (Final Act. 2-9 (statement of rejection) and 9-12 (responses to argument)) and (2) the corresponding reasons set forth by the Examiner in the Examiner's Answer in response to Appellants' Appeal Brief (Ans. 2-8), and we concur with the applicable conclusions reached by the Examiner. We emphasize the following. Claims 1--4 and 13-16 With respect to independent claims 1 and 13, Appellants argue the claims together. (App. Br. 8.) As a result, we select independent claim 1 as the representative claim for the group and address Appellants' arguments thereto. With respect to independent claim 1, Appellants argue the Logan reference does not disclose step ( d) in claim 1 and the Logan reference does not disclose providing the message sender 401 or provisioning a message sending device of the sender 401 with the certificate created by the Certification Authority 403. (App. Br. 9-10.) Appellants identify paragraphs 35, 38, 41, and 42 of the Logan reference and contend that these portions do not necessarily mean that the certificate is provided or provisioned at the sending device. The Examiner clarifies the rejection and maintains: In paragraph [0041], Logan teaches in step 2 of the certification process, the Certificate Authority verifies the identity of the sender and issues a certificate. Applicant argues Logan never discloses the certificate being sent to the sender. However, in 4 Appeal2014-007982 Application 12/212,3 68 Fig. 4, step 2 of the process shows the Certification Authority sending the certificate to the Sender as represented by the arrow with a 2 on it. (Ans. 4.) Appellants additionally contend the arrow in Figure 4 of the Logan reference does not teach or suggest that the sender possesses the certificate from the certificate authority. (App. Br. 12-13.) Appellants further argue: Logan does NOT disclose step ( d) identified above, which the Examiner has admitted in the outstanding Office Action that Rober[t]son also fails to disclose. In particular, nowhere does Logan disclose providing the message sender 401 or provisioning a message sending device of the sender 401 with the certificate created by the Certification Authority 403. Indeed, at paragraph [0041], Logan discloses that in step 2 the "Certification Authority 403 verifies identity of sender 401 and issues a 'No Spam' Digital Certificate." However, this does NOT mean the certificate is provided to the sender or is provisioned on a message sending device of the sender. In generally, the act of "issuing" a certificate does NOT necessarily mean that the issued certificate is given or providing to any particular entity or element. Rather, the term "issues" as used in paragraph [0041] of Logan merely means creation of the certificate. Indeed, as expressly disclosed throughout Logan, the digital certificate is provisioned and/or provided elsewhere - i.e., other than at the sender 401. See paragraph [0035] of Logan for example. The last sentence of paragraph [0035] indicates that the digital certificate 324 may either "exist in the receiver's local database" or if not there then it "may be automatically retrieved from an online repository. " In either case, the certificate is NOT obtained from the sender, presumably because the sender is NOT provisioned with it. Additionally, see FIGURE 4 and paragraph [0042] of Logan which expressly discloses that at step 3 "[t]he 5 Appeal2014-007982 Application 12/212,3 68 Certification Authority 403 publishes Certificate to the public Repository 405." Indeed, as expressly discloses the digital certificate is provisioned in the repository 405 and NOT a message sending device of the sender 401. See also paragraph [0038] of Logan which indicates that the "digital certificates are preferably stored in an on line, publically accessible repository seen at 405 in FIG. 4." (App. Br. 9.) The Examiner further maintains: Logan states "a digital certificate issued to the sender by a certification authority in reliance on the sender's binding commitment not to use the supplied certificate to sign outgoing email that does not conform to predetermined good conduct rules" (note paragraph [001 OJ) and "certification authorities (CAs) who would issue digital certificates containing the sender's public key only to senders who agreed to obey the anti- spam rules stated in a policy for certificates of a particular type" (note paragraph [0033]) (emphasis added). These statements shovv the certification authorities send the certificates to the message senders since they issue certificates "to" message senders and the message senders are clearly in possession of those certificates if they "use" the certificate to the sign their messages. Furthermore, even assuming arguendo Logan does not disclose the certificate authority "sending" the certificate to the message sending device, the claims merely state "provisioning" a message sending device of the sender with the certificate. Merriam-Webster defines "provisioning" as "the act or process of supplying or providing something" and "provide" as "to make (something) available". Therefore, giving the claim its broadest, reasonable interpretation, the Certification Authority of Logan would merely need to make the certificate "available" to the message sending device in order to meet the requirements of the claims. Clearly the certificate is "available" to the message 6 Appeal2014-007982 Application 12/212,3 68 sending device since it is placed in a "publicly available repository" (note paragraph [0038] and used by the message sender to sign their outgoing messages (note paragraph [001 OJ). (Ans. 4.) Appellants have not filed a Reply Brief to rebut the Examiner's further clarifications in the application of the prior art teachings of Logan reference. Consequently, Appellants' argument does not show error in the Examiner's conclusion of obviousness based upon the revised factual findings. Therefore, Appellants' arguments do not show error in the Examiner's conclusion of obviousness of representative independent claim 1 and independent claim 13 grouped therewith. Moreover, Appellants have not set forth separate arguments for patentability of dependent claims 2--4 and 14--16. As a result, we group these claims as falling with representative independent claim 1. Claims 7-12 With respect to independent claim 7 and the dependent claims 8-12, Appellants argue the claims together. (App. Br. 12 and 13.) As a result, we select independent claim 7 as the representative claim for the group and will address Appellants' arguments thereto. Appellants generally contend the combination of Robertson in view of Logan does not teach or suggest the claimed: (f) sending a message from a message sending device of the sender, said message including the signature and a pointer that indicates a location where the certificate is stored; and (h) fetching the certificate with the recipient's message receiving device from the location indicated by the pointer. 7 Appeal2014-007982 Application 12/212,3 68 (App. Br. 12.) Appellants further contend "[t]he outstanding Office Action erroneously alleges that the foregoing pointer is taught by Logan at paragraphs [0035] and [0043]-[0044]." (App. Br. 12.) The Examiner further explains how the Logan reference teaches and suggests the claimed limitation and maintains: The receiver's local database is "indexed" by Sender ID. The Microsoft Computer Dictionary, Fifth Edition defines "index" as "a listing of keywords and associated data that point to the location of more comprehensive information, such as files and records on a disk or record keys in a database" (emphasis added). Since the Sender ID "points to the location" in the receiver's local database of the sender's certificate, it is "a pointer that indicates a location where the certificate is stored" as required by the claim. (Ans. 6.) As mentioned above, Appellants have not filed a Reply Brief to address the Examiner's clarification in relying upon the "index." Consequently, Appellants have not shown error in the Examiner's conclusion of obviousness of independent claim 7, and we sustain the rejection representative independent claim 7 and with dependent claims 8- 12, not separately argued. Claims 5, 6, 11, 12, 17, and 18 1 With respect to dependent claims 5, 11, and 1 7 (along with dependent claims 6, 12, and 18), Appellants contend "claims 5, 11 and 17 recite that the generated signature is a hash of the message being sent, the recipient identifier and the timestamp encrypted by the sender's private key. Neither 1 We note the Examiner includes claims 11 and 12 in two separate groupings, but this does not change the outcome. 8 Appeal2014-007982 Application 12/212,3 68 Robertson nor Logan nor Hung teaches the foregoing." (App. Br. 13.) We select dependent claim 5 as the representative claim for the group and address Appellants' arguments thereto. Appellants further contend each of the Robertson and Hung references do not teach the totality of the claimed information items in the hash. (App. Br. 13-14.) The Examiner disagrees with Appellants and further clarifies the rejection. The Examiner maintains: paragraph [0032], Robertson teaches the signed message includes the To: address (recipient identifier) and other header information. As shown in paragraph [0030], Robertson teaches the signed message is created by performing a hash of the message and then encrypting the hash with the sender's private key. Since the recipient identifier is included in the signed message, it would also be hashed and encrypted with the private key. Therefore, Robertson teaches "the generated signature is a hash of the message being sent, the recipient identifier encrypted by the sender's private key." In paragraph [0048], Hung teaches a time stamp can be included in the information sent with a message. Robertson teaches other information can be included in the signed message. Thus, the combination of Robertson and Hung teaches a signed message including a time stamp. As noted above, the process of signing a message means performing a hash of the information and encrypting that hash with a private key of the sender. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871(CCPA1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 9 Appeal2014-007982 Application 12/212,3 68 The combination of Robertson and Hung teaches the generated signature is a hash of the message being sent, the recipient identifier and the timestamp encrypted by the sender's private key as required by the claims. (Ans. 7.) We agree with the Examiner that Appellants are arguing the references individually. We agree with the Examiner that each of the references disclose a different combination of information elements included in the hash, but we agree with the Examiner's finding that it would have been obvious to one of ordinary skill in the art to use any of the known information elements in the hash as identified by the prior art references. In KSR Int 'l Co. v. Teleflex, Inc., 550 US 398, 415 (2007), the Supreme Court emphasized "the need for caution in granting a patent based on the combination of elements found in the prior art," and discussed circumstances in which a patent might be determined to be obvious without an explicit application of the teaching, suggestion, and motivation test. In particular, the Supreme Court emphasized "the principles laid down in Graham reaffirmed the 'functional approach' of Hotchkiss, 11 How. 248." KSR, 550 US at 415 (citing Graham v. John Deere Co., 383 U.S. 1, 12 ( 1966) (emphasis added)), and reaffirmed principles based on its precedent that "[t]he combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results." Id. at 416. The Court explained: When a work is available in one field of endeavor, design incentives and other market forces can prompt variations of it, either in the same field or a different one. If a person of ordinary skill can implement a predictable variation, Â§ 103 likely bars its patentability. For the same reason, if a technique has been used to improve one device, and a person of ordinary skill in the art would recognize that it would improve similar devices in the 10 Appeal2014-007982 Application 12/212,3 68 same way, using the technique is obvious unless its actual application is beyond his or her skill. Id. at 417. The operative question in this "functional approach" is thus "whether the improvement is more than the predictable use of prior art elements according to their established functions." Id. Appellants have not filed a Reply Brief to further address the Examiner's proffered combination and show that the combination is more than a predictable use of known prior art information elements in combination in the hash. Consequently, Appellants have not shown error in the Examiner's conclusion of obviousness of representative dependent claim 5. CONCLUSION On this record, the Examiner did not err in rejecting claims 1-18 based upon 35 U.S.C. Â§ 103. DECISION For the above reasons, we sustain the Examiner's rejections of claims 1-18. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED 11