Ex Parte Kastelewicz et alDownload PDFBoard of Patent Appeals and InterferencesJun 8, 200910442184 (B.P.A.I. Jun. 8, 2009) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte GEORG KASTELEWICZ and PETER KIM ____________ Appeal 2008-004808 Application 10/442,184 Technology Center 2400 ____________ Decided:1 June 9, 2009 ____________ Before LANCE LEONARD BARRY, ST. JOHN COURTENAY III, and JOSEPH L. DIXON, Administrative Patent Judges. COURTENAY, Administrative Patent Judge. DECISION ON APPEAL 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, begins to run from the decided date shown on this page of the decision. The time period does not run from the Mail Date (paper delivery) or Notification Date (electronic delivery). Appeal 2007-3345 Application 09/709,433 2 STATEMENT OF THE CASE This is a decision on appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1-10. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. INVENTION The invention on appeal is directed generally to a method for registering a communication terminal. More particularly, Appellants’ invention is directed to a secure and reliable method for registering a communication terminal (e.g., a mobile telephone) belonging to a service user (Spec. 1). ILLUSTRATIVE CLAIM Claim 1 further illustrates the invention: 1. A method for registering a communication terminal with a service network which organizes a communications service, where the service network is accessed by the communication terminal using an access network which connects the communication terminal to the service network, in which in a preliminary step, a logon IP address which was assigned to the communication terminal when the communication terminal logged onto the access network is received by the service network and is stored therein for the respective user of the communication terminal, when a first registration message sent by the communication terminal is received a token is transmitted to the communication terminal using a transport message sent using the logon IP address, the token having been produced by the Appeal 2008-004808 Application 10/442,184 3 service network from the logon IP address and a random number using an encryption method, and token data associated with the token having been stored in the service network, when a second registration message which is sent by the communication terminal and contains the token is received the service network compares the token received with the token data, successful registration is identified if the token matches the token data, and unsuccessful registration is identified if the token does not match the token data. PRIOR ART The Examiner relies upon the following references as evidence in support of the rejection: Nuutinen US 6,865,681 B2 Mar. 8, 2005 3rd Generation Partnership Project, "Technical Specification Group Core Network; Signalling flows for the IP multimedia call control based on SIP and SDP," Stage 3, Release 5, 3GPP TS 24.228, pp. 1- 690, published 2002. (hereinafter “3GPP”). THE REJECTION Claims 1-10 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of 3GPP and Nuutinen. APPELLANTS’ CONTENTIONS Appellants contend that neither 3GPP nor Nuutinen teaches or suggests that the token is produced by both the logon IP address and a random number (App. Br. 7, ¶3). Appellants further contend that “[t]he Examiner has used impermissible hindsight by picking and choosing various Appeal 2008-004808 Application 10/442,184 4 elements from the two cited reference in an effort to create the claimed invention.” (Id.) EXAMINER’S RESPONSE In the “Response to Arguments” section of the Answer (p. 10), the Examiner asserts that “the combination of [3GPP] 24.228 and Nuutinen teaches the token is produced using the logon IP address. Page 37, NOTE 1 of [3GPP] 24.228 teaches the use of RAND, a random number used in AUTN and RES.” (Ans. 10). The Examiner previously stated in the Answer (p. 9) that “[a]s defined in RFC 2327 [see Nuutinen, col. 7, TABLE 2], in the Session Description Protocol, the ‘c’ identifier can contain the fully- qualified domain name or the unicast IP address of the expected data source.” (Ans. 9). The Examiner finds that “[c]learly, this definition shows the IP address included in the authentication signature of Nuutinen can be the address of the receiver.” (Ans. 9). The Examiner maintains that “in the combination of [3GPP] 24.228 and Nuutinen, the authentication signature of Nuutinen would include both the logon IP address of the receiver and RAND of [3GPP] 24.228. Therefore, the combination of [3GPP] 24.228 and Nuutinen would teach the token is produced from both the logon IP address and a random number.” (Ans. 10). The Examiner does not respond to Appellants’ allegation of impermissible hindsight. Appeal 2008-004808 Application 10/442,184 5 ISSUES Based upon our review of the administrative record, we have determined that the following issues are pivotal in this appeal: 1. Have Appellants shown the Examiner erred in finding that the combination of 3GPP and Nuutinen teaches and/or suggests that the token is produced from the logon IP address and a random number? (See claim 1). 2. Have Appellants shown the Examiner erred by relying upon impermissible hindsight in combining the 3GPP and Nuutinen references to formulate a token produced from the logon IP address and a random number? PRINCIPLES OF LAW “What matters is the objective reach of the claim. If the claim extends to what is obvious, it is invalid under § 103.” KSR Int’l Co. v. Teleflex, Inc., 550 U.S. 398, 419 (2007). To be nonobvious, an improvement must be “more than the predictable use of prior art elements according to their established functions.” Id. at 417. Appellants have the burden on appeal to the Board to demonstrate error in the Examiner’s position. See In re Kahn, 441 F.3d 977, 985-86 (Fed. Cir. 2006). Therefore, we look to Appellants’ Briefs to show error in the proffered prima facie case. Appeal 2008-004808 Application 10/442,184 6 FINDINGS OF FACT In our analysis infra, we rely on the following findings of fact (FF) that are supported by a preponderance of the evidence: THE PRIMARY 3GPP REFERENCE 1. 3GPP teaches a random number (RAND) is used to generate part of the authentication token (AUTN), as shown under “NOTE 1” at the top of page 37: NOTE 1: The authentication vector may be of the form as in 3GPP TS 33.203 (if IMS AKA is the selected authentication scheme): - AV = RANDn, || AUTNn || XRESn || CKn || IKn where: - RAND: random number used to generate the XRES, CK, IK, and part of the AUTN. It is also used to generate the RES at the UE. - AUTN: Authentication token (including MAC and SQN). - XRES: Expected (correct) result from the UE. - CK: Cipher key (optional). - IK: Integrity key. (3GPP, p. 33). 2. 3GPP teaches a registration request from the user equipment (UE) that is routed through the P-CSCF (Proxy Call Session Control Function) server where the “contact field” indicates the point-of-presence for the subscriber – the IP address of the UE, as shown at the top and bottom portions of page 33: 2. REGISTER request (UE to P-CSCF) - see example in table 6.2-2 The purpose of this request is to register the user's SIP URI with a S- CSCF in the home network. This request is routed to the P-CSCF because it is the only SIP [Session Initiation Protocol] server known to the UE. In the following SIP request, the Contact field contains the user's host address. Appeal 2008-004808 Application 10/442,184 7 The P-CSCF will perform two actions, binding and forwarding. The binding is between the User's SIP address (userl_publicl@homel.net) and the host (terminal) address ([5555::aaa:bbb:ccc:ddd]) which was acquired during PDP context activation process. Contact: This indicates the point-of-presence for the subscriber - the IP address of the UE. This is the temporary point of contact for the subscriber that is being registered. Subsequent requests destined for this subscriber will be sent to this address. This information is stored in the P-CSCF and S- CSCF. (3GPP, p. 33). THE SECONDARY NUUTINEN REFERENCE 3. Nuutinen teaches “[f]or addressing SIP [Session Initiation Protocol] uses an email-like identifier (SIP URL) in the form sip: user@host, where the user part is a user name or phone number and the host part is either [a] domain or a numeric network address. In many cases the email-like name may be the same as user's email address and can be easily mapped.” (Col. 5, ll. 36-41). 4. Nuutinen teaches that “[t]he Session Description Protocol (SDP) is used by SIP [Session Initiation Protocol] for description of the capabilities and media types supported by the terminals. Text based SDP messages, which are sent in SIP message bodies, lists the features that must be supported by the terminals.” (Col. 5, ll. 28-32). 5. Nuutinen teaches that “[w]hen using authentication the user digitally signs the message that is about to be sent. The signature extends over the SIP Appeal 2008-004808 Application 10/442,184 8 [Session Initiation Protocol] message, so that the status-line, the Sip version number, the headers after the Authorization header and the message body are included in the signature.” (Col. 19, ll. 36-40). 6. Nuutinen teaches that the “c” SDP [Session Description Protocol] session description item in an exemplary signed part of the message includes an IP address, as follows: “o-bell 53655765 2353687637 IN IP4 128.3.4.5” (col. 19, l. 55, underlining added). ANALYSIS ISSUE 1 We decide the question of whether Appellants have shown the Examiner erred in finding that the combination of 3GPP and Nuutinen teaches and/or suggests that the token is produced from the logon IP address and a random number. (See claim 1). At the outset, we agree with the Examiner that 3GPP teaches a random number (RAND) is used to generate part of an authentication token (AUTN) (See FF 1, see also Ans. 10). The Examiner found that the logon address was also taught by 3GPP (Ans. 8, last paragraph). We also agree with the Examiner that 3GPP teaches a registration request from the user equipment (UE) that is routed through the P-CSCF (Proxy Call Session Control Function) server where the “contact field” indicates the point-of- presence for the subscriber – the IP address of the UE [i.e., logon address] (FF 2). Appeal 2008-004808 Application 10/442,184 9 However, the Examiner looks to the secondary Nuutinen reference for a teaching or suggestion that a token is produced using a logon address (Ans. 4, 9-10). The Nuutinen reference teaches that “[t]he Session Description Protocol (SDP) is used by SIP [Session Initiation Protocol] for description of the capabilities and media types supported by the terminals. Text based SDP messages, which are sent in SIP message bodies, lists the features that must be supported by the terminals.” (FF 4). The Examiner points out in the Answer (p. 9) that “[a]s defined in RFC 2327 [see Nuutinen, col. 7, TABLE 2], in the Session Description Protocol, the "c" identifier can contain the fully-qualified domain name or the unicast IP address of the expected data source. (Ans. 9, emphasis added). The Examiner finds that “this definition shows the IP address included in the authentication signature of Nuutinen can be the address of the receiver.” (Ans. 9). Appellants respond as follows: However, there is no suggestion in Nuutinen indicating that the descriptor "c" denotes the IP address of the receiver. Rather, both tables in col. 8 of Nuutinen clearly show that the entry assigned to "c" neither matches with the sender (entry 'From") nor with the receiver (entry "To") of the message. In the first of these tables the entry "c" matches only with the entry "Via"; in the second table the entry "C" does not match at all. Moreover, in both tables the entry "c" is not assigned to an E address but rather to a domain name address, Obviously, the entry "C" denotes not a specific IP address of the receiver but rather a general "connection information" as actually denoted in table 2. (App. Br. 6-7). Appeal 2008-004808 Application 10/442,184 10 Our review of the Nuutinen reference reveals that Appellants’ characterization of the sample SIP messages shown in column 8 is accurate. However, Nuutinen also teaches that as an alternative to the email-like identifier (SIP URL), e.g., in the form sip: user@host, “the user part is a user name or phone number and the host part is either [a] domain or a numeric network address.” (FF 3, emphasis added). Thus, the evidence supports the Examiner’s finding that “the ‘c’ identifier can contain the fully-qualified domain name or the unicast IP address of the expected data source. (Ans. 9, emphasis added). The Examiner previously found that “this definition shows the IP address included in the authentication signature of Nuutinen can be the address of the receiver.” (Ans. 9). We note that Nuutinen teaches that “[w]hen using authentication the user digitally signs the message that is about to be sent. The signature extends over the SIP message, so that the status-line, the Sip version number, the headers after the Authorization header and the message body are included in the signature.” (FF 5). In particular, we find that Nuutinen expressly teaches the use of the “c” SDP session description item (in an exemplary signed part of a SIP message) that includes an IP address, as follows: “o-bell 53655765 2353687637 IN IP4 128.3.4.5” (FF 6, underlining added). Therefore, regarding ISSUE 1, we find Appellants have not shown error in the Examiner's finding that 3GPP and Nuutinen, when combined, realize a token that could be produced from a logon IP address and a random number (see claim 1). Appeal 2008-004808 Application 10/442,184 11 ISSUE 2 - HINDSIGHT We now reach the dispositive question of whether Appellants have shown the Examiner erred by relying upon impermissible hindsight in combining the 3GPP and Nuutinen references to formulate the claimed token produced from both a logon IP address and a random number (claim 1). We note that in the rejection of claim 1, the Examiner stated that one of ordinary skill would have been motivated to combine the registration method of 24.228 [3GPP] and the digital signature of Nuutinen “because a digital signature would provide authentication for the receiver of the message to be sure the message is [from] who it claims to be from.” (Ans. 4, emphasis added). The presence or absence of a reason "to combine references in an obviousness determination is a pure question of fact." In re Gartside, 203 F.3d 1305, 1316 (Fed. Cir. 2000) (citing In re Dembiczak, 175 F.3d 994, 1000 (Fed. Cir. 1999)). Where the claimed subject matter involves more than the simple substitution one known element for another or the mere application of a known technique to a piece of prior art ready for the improvement, a holding of obviousness must be based on “an apparent reason to combine the known elements in the fashion claimed.” KSR Int’l v. Teleflex, Inc., 550 U.S. 398, 417-18 (2007). That is, “there must be some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness.” Id., 550 U. S. at 418 (quoting In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006)). Such reasoning can be based on interrelated teachings of multiple patents, the effects of demands known to Appeal 2008-004808 Application 10/442,184 12 the design community or present in the marketplace, and the background knowledge possessed by a person having ordinary skill in the art. KSR, 550 U.S. at 417-18. Here, we see the question before us to be whether the Examiner’s proffered combination of 3GPP and Nuutinen is merely “the predictable use of prior art elements according to their established functions” (KSR, 550 U.S. at 417), or, would an artisan reasonably have combined 3GPP and Nuutinen in the manner proffered by the Examiner to formulate a token produced from a logon IP address and a random number but for having the benefit of the claim to use as a guide (i.e., impermissible hindsight)? The case before us presents a close question. We are cognizant that our reviewing courts have not established a bright-line test for hindsight. However, in KSR, the U.S. Supreme Court stated that “[a] factfinder should be aware, of course, of the distortion caused by hindsight bias and must be cautious of argument reliant upon ex post reasoning.” KSR, 550 U.S. at 421 (citing Graham v. John Deere Co., 383 U.S. 1, 36 (1966)). Nevertheless, in KSR the Supreme Court also qualified the issue of hindsight by stating that “[r]igid preventative rules that deny factfinders recourse to common sense, however, are neither necessary under our case law nor consistent with it.” KSR, 550 U.S. at 421. Appeal 2008-004808 Application 10/442,184 13 Here, we find that an artisan having knowledge of mobile telephone session protocols and common sense at the time of the invention would not have reasonably combined the 3GPP and Nuutinen references in the manner suggested by the Examiner but for having the benefit of the claim to use as a guide (i.e., impermissible hindsight). In particular, we see no deficiency in the teachings of 3GPP that would have led an artisan familiar with mobile telephone session protocols to look to Nuutinen’s teaching of authentication. While the Examiner proffers that the digital signature of Nuutinen would provide authentication for the receiver of the message (Ans. 4), we find 3GPP already teaches authentication in the form of an authentication token (AUTN) (FF 1). We further find 3GPP also teaches encryption (FF 1; see “CK: Cipher key”). Thus, we find an artisan possessing common sense would have had no reason to look to Nuutinen for a teaching of authentication.2 Therefore, it is our view that the Examiner has not set forth an articulated reasoning with the requisite rational underpinning required to support the legal conclusion of obviousness. Moreover, we particularly note that the Examiner has failed to respond to Appellants’ allegation of hindsight. Accordingly, we are unconvinced that an artisan possessing common sense would have combined the 3GPP and Nuutinen references in the manner suggested by the Examiner without having the benefit of the claimed subject matter. 2 "[T]he best defense against the subtle but powerful attraction of a hindsight-based obviousness analysis is rigorous application of the requirement for a showing of the teaching or motivation to combine prior art references." In re Dembiczak, 175 F.3d 994, 999 (Fed. Cir. 1999). Appeal 2008-004808 Application 10/442,184 14 CONCLUSION Appellants have established the Examiner erred in rejecting claims 1- 10 under 35 U.S.C. § 103(a). DECISION We reverse the Examiner’s decision rejecting claims 1-10. REVERSED pgc BAKER BOTTS L.L.P. PATENT DEPARTMENT 98 SAN JACINTO BLVD., SUITE 1500 AUSTIN TX 78701-4039 Copy with citationCopy as parenthetical citation
