Ex Parte Katzer et alDownload PDFPatent Trial and Appeal BoardSep 13, 201714632850 (P.T.A.B. Sep. 13, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/632,850 02/26/2015 Robin Dale Katzer IDF 7911A (4300-13002) 1044 7590 09/15/201728003 SPRINT 6391 SPRINT PARKWAY KSOPHTO101-Z2100 OVERLAND PARK, KS 66251-2100 EXAMINER LAGOR, ALEXANDER ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 09/15/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): 6450patdocs @ sprint.com steven.j.funk@sprint.com S printMail @ dfw. conleyrose .com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ROBIN DALE KATZER and LYLE W. PACZKOWSKI Appeal 2017-004306 Application 14/632,850 Technology Center 2400 Before JOHN A. JEFFERY, ERIC S. FRAHM, and LARRY J. HUME, Administrative Patent Judges. JEFFERY, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s decision to reject claims 1—20. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. STATEMENT OF THE CASE Appellants’ invention is a mobile access terminal that provides access to secure information in a secure element in the terminal. To this end, a terminal-based web browser is provided exclusive access to a web server in the terminal. See generally Abstract; Figs. 1—2. Claim 1 is illustrative: Appeal 2017-004306 Application 14/632,850 1. A mobile access terminal providing access to secure information in a secure element of the mobile access terminal comprising: the secure element storing the secure information; a web browser, stored in a non-transitory memory of the mobile access terminal, configured to transmit a secure information request to a server on the mobile access terminal and transmit the secure information, that is received from the server, to a vendor website; a trusted security zone, wherein the trusted security zone provides at least one chipset with a hardware root of trust, a secure execution environment for applications, and secure access to peripherals; and the server residing and executing within at least one of the secure element or the trusted security zone of the mobile access terminal, wherein the server is configured to: in response to receiving the secure information request from the web browser, provide access to the secure information stored in the secure element exclusively to the web browser, transmit the secure information using Hypertext Transfer Protocol Secure protocol when the secure information leaves the server for the web browser, and block access to the secure information stored in the secure element when receivmg secure information requests from entities other than the web browser. 2 Appeal 2017-004306 Application 14/632,850 THE REJECTIONS The Examiner rejected claims 1—20 on the ground of nonstatutory obviousness-type double patenting over claims 1—17 of U.S. Patent 9,027,1023 Final Act. 3-6.1 2 The Examiner rejected claims 1—3, 5—11, 13, 14, and 16—183 under 35 U.S.C. § 103(a) as unpatentable over Deprun (US 2010/0281139 Al; Nov. 4, 2010) and Benaloh (US 2012/0272306 Al; Oct. 25, 2012). Final Act. 6-13. The Examiner rejected claims 4, 12, 15, 19, and 20 under 35 U.S.C. § 103(a) as unpatentable over Deprun, Benaloh, and Melideo (Nov. 25, 2004). Final Act. 13-15. 1 Although the Examiner characterizes this rejection as provisional because conflicting claims have ostensibly not been patented (Final Act. 3), these conflicting claims are, in fact, patented in U.S. Patent 9,027,102. We, therefore, treat the Examiner’s double patenting rejection not as a provisional rejection, but rather as a double patenting rejection, and deem the Examiner’s error in this regard as harmless. 2 Throughout this opinion, we refer to (1) the Final Rejection mailed November 6, 2015 (“Final Act.”); (2) the Appeal Brief filed April 29, 2016 (“App. Br.”); (3) the Examiner’s Answer mailed November 16, 2016 (“Ans.”); and (4) the Reply Brief filed January 12, 2017 (“Reply Br.”). 3 Although claim 20 was included in this rejection, this claim depends from claim 19 which is rejected over Deprun, Benaloh, and Melideo. See Final Act. 13. Accordingly, we presume that claim 20 was intended to be so rejected, and we present the correct claim listing here for clarity. 3 Appeal 2017-004306 Application 14/632,850 THE DOUBLE PATENTING REJECTION Because Appellants do not contest the Examiner’s double patenting rejection of claims 1—20 (Final Act. 3—6), we summarily sustain this rejection. See MPEP § 1205.02. THE OBVIOUSNESS REJECTION OVER DEPRUN AND BENALOH Regarding claim 1, the Examiner finds that Deprun’s mobile access terminal includes, among other things, a “secure element,” namely second storage device 40, that is also said to correspond to the recited server. Final Act. 7—8. Although the Examiner acknowledges that Deprun does not block access to secure information stored in the secure element when receiving requests from entities other than the terminal’s web browser, the Examiner cites Benaloh as teaching this feature in concluding that the claim would have been obvious. Final Act. 8—9. Appellants argue, among other things, that the Examiner not only failed to provide a factual basis for how Benaloh blocks access to stored secure information as claimed, but Deprun also does not disclose a server on the terminal residing within at least one of the secure element or trusted security zone as claimed. App. Br. 16—25; Reply Br. 5—13. ISSUE Under § 103, has the Examiner erred in rejecting claim 1 by finding that Deprun and Benaloh collectively would have taught or suggested a mobile access terminal with a server residing within at least one of the secure element or trusted security zone? 4 Appeal 2017-004306 Application 14/632,850 ANALYSIS We begin by noting that the mobile access terminal of claim 1 has three distinct elements: (1) a “secure element” that stores secure information; (2) a server; and (3) a “trusted security zone,” the latter providing at least one chipset with a hardware root of trust,4 a secure environment for applications, and secure access to peripherals. See Spec. 19—25 (detailing the secure element and trusted security zone). A key aspect of the claimed invention is that the terminal’s server resides and executes within the secure element and/or the trusted security zone. See Spec. 137 (noting that mobile phone 102 may securely store the user’s credit card information in secure element 218 and/or trusted security zone 206); see also Fig. 2 (showing web server 216 within secure element 218). Our emphasis underscores the fact that the terminal’s server must be within at least one of these elements as claimed. The Examiner’s rejection, however, falls short in this regard. On page 7 of the Final Rejection, the Examiner maps both the terminal’s secure element and server to Deprun’s second storage device 40—a Secure Digital (SD) card that is separate and distinct from mobile terminal 10 as shown in Figure 1. See Deprun 123. Not only is this mapping of multiple recited structural elements to a single element in Deprun dubious under fundamental claim interpretation principles,5 this single element that is said to correspond 4 A “hardware root of trust” means the chipset should only execute programs intended by the device manufacturer or vendor, and resists software or physical attacks, thus remaining trusted to provide the intended security level. Spec. 120. 5 See Lantech, Inc. v. Keip Mack Co., 32 F.3d 542, 547 (Fed. Cir. 1994); see also In re Robertson, 169 F.3d 743, 745 (Fed. Cir. 1999) (claims requiring 5 Appeal 2017-004306 Application 14/632,850 to the recited server in Deprun is not even part of the terminal, let alone within the terminal’s secure element or trusted security zone as claimed. The Examiner’s mapping in the Answer—mapping that differs from that articulated in the rejection—fares no better in this regard. On page 15 of the Answer, the Examiner maps the recited trusted security zone to Deprun’s first storage device 30, namely an SIM card. But like the second storage device 40, Deprun’s SIM card 30 is separate and distinct from the mobile terminal 10 as shown in Figure 1. So even assuming that this SIM card somehow constitutes a “trusted security zone” with the recited chipset, secure execution environment, and secure peripheral access (findings that have not been substantiated on this record), this “trusted security zone” is still not part of the terminal, but rather an external device. Therefore, the terminal’s server (which presumably corresponds to Deprun’s web server 50B under the Examiner’s revised mapping on page 15 of the Answer) cannot be within this external “trusted security zone.” Nor can this server be within the terminal’s separate and distinct secure element 50C as shown in Figure 1. Accord Reply Br. 8 (noting this point). To the extent that the Examiner intends to map the recited “trusted security zone” to (1) Deprun’s mobile terminal 10, or (2) the terminal’s third storage device 50 (see Final Act. 8; Ans. 15, 40), we cannot say on this record, particularly in light of the Examiner’s clear and unambiguous reference to Deprun’s SIM card 30 in this regard on page 15 of the Answer. Nevertheless, even if the Examiner also intended to map the recited “trusted security zone” Deprun’s mobile terminal 10 or its third storage device 50, three separate means not anticipated by structure containing only two means using one element twice). 6 Appeal 2017-004306 Application 14/632,850 the Examiner still has not shown that such a “trusted security zone” comprises the requisite chipset with a hardware root of trust, a secure application environment, and secure peripheral access as claimed. See Reply Br. 8—10 (noting this deficiency). The Examiner’s reference to Deprun’s secure elements 30C to 50C (Final Act. 7) is unavailing in this regard. Therefore, we are persuaded that the Examiner erred in rejecting (1) independent claim 1; (2) independent claims 9 and 16 that recite commensurate limitations; and (3) dependent claims 2, 3, 5—8, 10, 11, 13, 14, 17, and 18 for similar reasons. Because our decision is dispositive regarding our reversing the Examiner’s rejection of these claims, we need not address Appellants’ other associated arguments. THE REMAINING OBVIOUSNESS REJECTION Because the Examiner has not shown that the other cited prior art cures the foregoing deficiencies regarding the rejection of the independent claims, we do not sustain the obviousness rejections of dependent claims 4, 12, 15, 19, and 20 (Final Act. 13—15) for similar reasons. CONCLUSION The Examiner did not err in rejecting claims 1—20 on the ground of non-statutory double patenting, but erred in rejecting those claims under §103. DECISION We affirm the Examiner’s decision to reject claims 1—20. 7 Appeal 2017-004306 Application 14/632,850 Because we have affirmed at least one ground of rejection with respect to each claim on appeal, the Examiner’s decision rejecting claims 1-20 is affirmed. See 37 C.F.R. § 41.50(a)(1). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). See 37 C.F.R. § 41.50(f). AFFIRMED 8 Copy with citationCopy as parenthetical citation
