12109443 (P.T.A.B. Dec. 26, 2018)

Ex Parte Levergood et al

Patent Trial and Appeal BoardDec 26, 2018

12109443 (P.T.A.B. Dec. 26, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 12/109,443 04/25/2008 Thomas Mark Levergood 26111 7590 12/28/2018 STERNE, KESSLER, GOLDSTEIN & FOX P.L.L.C. 1100 NEW YORK A VENUE, N.W. WASHINGTON, DC 20005 UNITED ST A TES OF AMERICA UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 3935.0020008 3475 EXAMINER WINDER, PATRICE L ART UNIT PAPER NUMBER 2452 NOTIFICATION DATE DELIVERY MODE 12/28/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): e-office@stemekessler.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte THOMAS MARK LEVERGOOD, LAWRENCE C. STEWART, STEPHEN JEFFREY MORRIS, ANDREW C. PAYNE, and GEORGE WINFIELD TREESE Appeal2017-001693 Application 12/109 ,443 1 Technology Center 2400 Before KAL YANK. DESHPANDE, JASON V. MORGAN, and HUNG H. BUI, Administrative Patent Judges. MORGAN, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Introduction This is an appeal under 35 U.S.C. Â§ 134(a) from the Examiner's Non- Final Rejection of claims 1-19, 27-61, and 69-84. Claims 20-26 and 62---68 are canceled. Appeal Br. 21, 29. An oral hearing was requested (Req. for Oral Hearing (Nov. 21, 2016)) and scheduled for November 8, 2018 (Notification of Appeal Hearing (Sept. 10, 2018)). However, Appellants 1 Appellants identify Soverain Software LLC as the real party in interest. Appeal Br. 3. Appeal2017-001693 Application 12/109,443 waived the oral hearing. Notice of Hearing Response (Sept. 28, 2018). We have jurisdiction under 35 U.S.C. Â§ 6(b ). We AFFIRM. Invention Appellants disclose "methods for controlling and monitoring access to network servers" in which a "user is provided with a session identification which allows the user to access ... requested file[ s] as well as any other files within [a] present protection domain." Abstract. Representative Claim (key limitations emphasized) 1. A method of controlling access to protected content within a content server, comprising: transmitting session data from a content server associated with a content server domain to a user computer system that is configured to store the session data, the session data comprising a session identifier corresponding to a communication session between the user computer system and the content server, wherein the session identifier identifies the communication session, the communication session comprising one or more service requests from the user computer system to the content server related to accessing controlled files within a protection domain located at the content server, the protection domain comprising a collection of controlled files of common protection within the content server domain; receiving, at the content server, a request from the user computer system to access a controlled file from the collection of controlled files, the request to access including the session identifier; and processing, by the content server, the request to access the controlled file and using the session identifier to determine whether to allow the user computer system to access the controlled file. Rejection The Examiner rejects claims 1-19, 27---61, and 69-84 under 35 U.S.C. Â§ 103(a) as being unpatentable over Narasimhalu et al. (US 2 Appeal2017-001693 Application 12/109,443 5,499,298; issued Mar. 12, 1996) ("Narasimhalu") and Dedrick (US 5,768,521; issued June 16, 1998). Non-Final Act. 2-10 FINDINGS OF FACT Narasimhalu discloses a Sealed Controlled Information (COIN) that includes "[ o ]riginal information encoded in some digital form; identified by unique identification IID." Narasimhalu col. 9, 11. 19-20. Specifically, in establishing "a contract between an Information Provider 10 and an Information Consumer 30" (id. at col. 10, 11. 14--16), Narasimhalu's Information Provider generates a Sealed COIN-based on a contract identifier (CID) that logically associates information such as an information provider identifier (PID), original content identifier (IID), a device on which the COIN can be accessed legally (LAD), and a consumer or user identifier (UID}-and transmits the Sealed Coin to the Information Consumer (see id. at col. 9, 11. 19-34, col. 10, 11. 16-21). As part of accessing the content, the Information Consumer makes an access request to the Information Provider using the contract identifier CID and user identifier UID. See id. at col. 10, 11. 22-24, Fig. 10. "After verifying the information consumer's request ... the Information Provider 10 generates an Opener ... and transmits the Opener to the information consumer." Id. at col. 10, 11. 24--28. The Information Consumer then "presents both the Sealed-COIN received earlier and the Opener to Controller 48 for accessing the COIN." Id. at col. 10, 11. 29-30. The Controller applies a logical sequence of steps to determine whether to grant access. Id. at col. 10, 11. 33-34. As part of the Controller's use of an Opener to access a COIN, "the controller extracts the LAD" and "checks whether the LAD matches with its own (i.e., the Access Device's) identification." Id. at col. 11, 11. 24--26. 3 Appeal2017-001693 Application 12/109,443 Dedrick discloses providing a client computer "with a graphic user interface ( GUI) that allows the end user to participate in the system 10." Dedrick col. 3, 11. 13-15. The GUI contains fields such as "the user's name and possibly a password." Id. at col. 3, 1. 17. Providing this information enables a user to "request information and consume information." Id. at col. 3, 11. 26-27. Narasimhalu, which controls usage of distributed digital information (Narasimhalu col. 1, 11. 41--42), uses a consumer or user identifier (UID) in generating and transmitting a Sealed COIN from an Information Provider to an Information Consumer (see id. at col. 9, 11. 30- 31, col. 10, 11. 16-22). ADOPTION OF EXAMINER'S DETERMINATIONS AND CONCLUSIONS We agree with and adopt as our own the Examiner's determination as set forth in the Answer and in the Action from which this appeal was taken, and concur with the Examiner's conclusions in light thereof. We have considered Appellants' arguments, but do not find them persuasive of error. We provide the following explanation for emphasis. CLAIMS 1, 2, 4, 6-19, 27--44, 46, 48---61, and 69-84 In rejecting claim 1, the Examiner finds that Narasimhalu's Sealed COIN transmission teaches or suggests transmitting session data comprising a session identifier from a content server associated with a content server domain to a user computer system. Non-Final Act. 2-3 (citing Narasimhalu col. 9, 11. 20-21, col. 10, 11. 11-22). The Examiner relies on Narasimhalu's Information Consumer request to the Information Provider, and the Information Provider's transmission of an Opener for use by the Controller in accessing the content of the Sealed Coin, to teach or suggest receiving, at 4 Appeal2017-001693 Application 12/109,443 the content server, a request from the user computer system to access a controlled file, the request to access including the session identifier, and processing, by the content server, the request to access the controlled file. Non-Final Act. 3 (citing Narasimhalu col. 10, 11. 24--46). The Examiner relies on the Narasimhalu's Controller determination whether to grant access to the Sealed Coin to teach or suggest using the session identifier to determine whether to allow the user computer system to access the controlled file. Non-Final Act. 3 (citing Narasimhalu col. 10, 11. 32--46). Appellants contend the Examiner erred because "how the Narasimhalu system controls information dissemination is fundamentally different from the claimed methods and systems." Appeal Br. 6. Specifically, Appellants argue Narasimhalu's "Sealed-COIN also contains the controlled information." Appeal Br. 6 (emphasis in original). Appellants argue "a person skilled in the art (POSA) would have understood that the transmitted 'session data' as set forth in claim 1 does not contain the claimed 'controlled file,' encrypted or non-encrypted." Id. at 9; see also Reply Br. 3 (use of original content identifier IID "does not suggest exclusion of controlled information in the Sealed-COIN"). Appellants' arguments are unpersuasive because, as the Examiner correctly finds "[i]n its sealed form, the 'digital information' would be inaccessible and ultimately not useable." Ans. 7-8. Until the Information Provider transmits an Opener for use by the Controller in accessing the content of the Sealed Coin, the encrypted digital information would be inaccessible information still under control of the Information Provider. See Non-Final Act. 3. Moreover, Narasimhalu's Sealed-COIN contains additional information-including a contract identifier ( CID }--that 5 Appeal2017-001693 Application 12/109,443 identifies a session (e.g., a contract). See Narasimhalu col. 9, 11. 19-34, col. 10, 11. 16-21; see also Ans. 3 ("The COIN is part of the contractual agreement between the information provide [ r] and the information consumer"). Thus, Narasimhalu's Sealed COIN contains more than encrypted content information; it contains a session identifier. Therefore, we agree with the Examiner that N arasimhalu teaches or suggests "transmitting session data from a content server associated with a content server domain to a user computer system ... the session data comprising a session identifier," as recited in claim 1. See Non-Final Act. 2-3. Appellants argue the Examiner erred because the client device of Narasimhalu, in accessing the content of the Sealed COIN, "presents the Sealed-COIN and the Opener to a controller local to the client device." Appeal Br. 6 ( emphasis in original). Appellant argues that "[b ]ecause Controller 48 for determining information accessibility is a component local to the client device, Narasimhalu's server (i.e., Information Server 10) does not receive a request and process the 'request ... to determine whether to allow the user computer system to access the controlled file."' Id. at 11 ( emphasis in original); see also Reply Br. 6 ("Combining the access device and Information Provider 10 into one server means that, for presenting the Sealed-COIN to Controller 48, the client needs to transmit the Sealed-COIN back to the server for requesting access"). Appellants' arguments are unpersuasive because they are not commensurate with the scope of the disputed claim limitation, which only recites the content server processing a request to access the controlled file. The claimed invention is silent as to whether the content server performs the step of "using the session identifier to determine whether to allow the user 6 Appeal2017-001693 Application 12/109,443 computer system to access the controlled file." Narasimhalu's Information Provider receives an access request, which it verifies (i.e., processes) before generating and transmitting an Opener to the information consumer. See Narasimhalu col. 10, 11. 22-28. We agree with the Examiner that this access request verification teaches or suggests "receiving, at the content server, a request from the user computer system to access a controlled file ... the request to access including the session identifier" and "processing, by the content server, the request to access the controlled file," as recited in claim I. See Non-Final Act. 3. Because claim 1 does not specify the component that uses the session identifier, we agree with the Examiner that the determination by Narasimhalu's Controller 48 whether a contract ID (CID) has expired (i.e., whether the contract can still be used for obtaining access to the content) teaches or suggests "using the session identifier to determine whether to allow the user computer system to access the controlled file." See Non-Final Act. 3. Moreover, Narasimhalu's Information Provider's verification of the Information Consumer's request, which also contains the contract ID, teaches or suggests the content server using the session identifier to determine whether to allow access in the claimed manner because: (1) the verification is performed by the Information Provider, not by the Information Consumer's local device and (2) verification is a prerequisite to generation of an Opener that is required to access the content. See Narasimhalu col. 10, 11. 22-31. For these reasons, we agree with the Examiner that N arasimhalu, in combination with Dedrick, teaches or suggests the disputed recitations of claim 1. Accordingly, we sustain the Examiner's 35 U.S.C. Â§ 103(a) 7 Appeal2017-001693 Application 12/109,443 rejection of claim 1, and claims 2, 4, 6-19, 27--44, 46, 48---61, and 69-84, which Appellants do not argue separately. Appeal Br. 13. CLAIMS 3 and 45 Claim 3 depends from claim 1 via intervening claim 2. Claim 2 recites "prompting the user computer system to provide credentials for accessing the controlled file; and comparing the user supplied credentials to information stored in a user account associated with the user of the computer system in order to authorize access to the controlled file." Claim 3 recites "The method of claim 2, wherein the prompting and comparing steps precede the step of transmitting session data from the content server to the user computer system" ( emphasis added). Claim 45 recites similar limitations. In rejecting claims 3 and 45, the Examiner finds that Dedrick's use of user credential information in making a request for electronic information teaches or suggests modifying Narasimhalu's system to include prompting and comparing steps that precede the step of transmitting session data from the content server to the user computer system. See Non-Final Act. 4, 10 ( citing Dedrick col. 7, 11. 21-28). The Examiner concludes that an artisan of ordinary would have recognized that such an ordering "would be the best implementation to ensure ... control [ ofJ the usage of the distributed digital information." Ans. 8-9 (citing Narasimhalu col. 1, 11. 39--44). Appellants contend the Examiner erred by not providing "any explanations and rationales as to why and how Narasimhalu and Dedrick can be combined to reach the claimed 'prompting and comparing steps precede the step of transmitting session data' as set forth in claim 3." Appeal Br. 13. Appellants do not persuasively rebut, however, the Examiner's reasonable 8 Appeal2017-001693 Application 12/109,443 explanation that an artisan of ordinary skill would have recognized that an implementation in which a user computer system is promoted to provide credentials, and the credentials compared with stored information, before transmitting session data as the "best implementation" for purposes of ensuring digital distributed digital information is controlled. See Ans. 8-9. The claimed ordering would have been obvious, in particular, given that N arasimhalu uses a consumer or user identifier (UID) in generating and transmitting a Sealed COIN from an Information Provider to an Information Consumer. See Narasimhalu col. 9, 11. 30-31, col. 10, 11. 16-22. An artisan of ordinary skill would have recognized that obtaining the UID by prompting the user for credentials and comparing those credentials to stored credentials, as taught or suggested by Dedrick (see Dedrick col. 3, 11. 22-26), before generating and transmitting the Sealed COIN based at least in part on the UID would provide for better control over the content than generating and transmitting the Sealed COIN without such prompting and comparing. Specifically, this particular ordering limits the risk of creating a contract that identifies a user who has not agreed to the terms of the contract. See Narasimhalu col. 10, 11. 13-16. Therefore, we agree with the Examiner that the combination of N arasimhalu and Dedrick teaches or suggests "wherein the prompting and comparing steps precede the step of transmitting session data from the content server to the user computer system," as recited in claim 3. Accordingly, we sustain the Examiner's 35 U.S.C. Â§ 103(a) rejection of claims 3 and 45. 9 Appeal2017-001693 Application 12/109,443 CLAIMS 5 and 4 7 Claim 5 depends from claim 1, and further recites ( emphases added): wherein the session data further includes a user identification associated with the user of the computer system and a protection domain identification associated with the protection domain, wherein determining whether to allow the user computer system to access the controlled file comprises: determining whether the controlled file is within the protection domain; processing the user identification and the protection domain identification in order to allow access by the user computer system to the controlled file when the controlled file is within the protection domain; and determining that the user computer system must be authorized before being allowed to access the controlled file when the controlled file is within the content server domain but not within the protection domain. Claim 4 7 recites similar limitations. In rejecting claims 5 and 4 7, the Examiner finds that N arasimhalu' s use of fields in an Opener, such as an LAD (the device on which the COIN can be accessed legally), teaches or suggests: (1) processing user identification in order to allow access by the user computer system to the controlled file and (2) determining that the user computer system must be authorized before being allowed to access the controlled file. See Non-Final Act. 4--5 (citing Narasimhalu col. 11, 11. 20-30). The Examiner asserts that in Narasimhalu "the information consumer is distinction from the 'controlled information access device' [ b ]ecause the information consumer, not the 'access device' enters into the contract the 'UID' provides identification of a user." Ans. 9. 10 Appeal2017-001693 Application 12/109,443 Appellants contend the Examiner erred because "N arasimhalu' s UID is an identification of the client device (i.e., information consumer), not an identification of a user." Appeal Br. 13-14. Appellants' argument is unpersuasive, however, because Narasimhalu identifies both the "information consumer" (UID) and "[t]he device on which the COIN can be accessed legally" (LAD). See Narasimhalu col. 9, 11. 25-26, 29-30. That is, Narasimhalu's contract logically associates controlled content with both the information consumer and the device on which the content can be accessed legally. Id. at col. 9, 11. 31-33. Moreover, Narasimhalu teaches or suggests using both the UID and the LAD in determining whether to grant access to controlled content. See id. at col. 10, 11. 22-27, col. 11, 11. 24--30, Figs. 10, llA-B. Appellants' arguments, which posit that Narasimhalu only teaches or suggests use of device identification without also teaching or suggesting use of user identification in allowing access to a controlled file, are therefore unpersuasive. See Appeal Br. 14. For these reasons, we agree with the Examiner that the combination of Narasimhalu and Dedrick teaches or suggests: (1) "processing the user identification ... in order to allow access by the user computer system to the controlled file" and (2) "determining that the user computer system must be authorized before being allowed to access the controlled file," as recited in claim 5 and similarly claim 4 7. Accordingly, we sustain the Examiner's 35 U.S.C. Â§ 103(a) rejection of claims 5 and 4 7. 11 Appeal2017-001693 Application 12/109,443 DECISION We affirm the Examiner's decision rejecting claims 1-19, 27---61, and 69-84. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a). See 37 C.F.R. Â§ 41.50(Â±). AFFIRMED 12