Ex Parte McPherson et alDownload PDFPatent Trial and Appeal BoardAug 29, 201813251607 (P.T.A.B. Aug. 29, 2018) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/251,607 10/03/2011 110084 7590 08/31/2018 MH2 Technology Law Group LLP (w/Verisign) 1951 Kidwell Drive Suite 310 Tysons Corner, VA 22182 FIRST NAMED INVENTOR Danny McPherson UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 11569.0100 7835 EXAMINER MASUD, ROKIB ART UNIT PAPER NUMBER 3687 NOTIFICATION DATE DELIVERY MODE 08/31/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): docketing@mh2law.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte DANNY MCPHERSON, JOSEPH WALDRON, and ERIC OSTER WEIL Appeal2017-003703 Application 13/251,607 Technology Center 3600 Before CARLA M. KRIVAK, NABEEL U. KHAN, and AMBER L. HAGY, Administrative Patent Judges. HAGY, Administrative Patent Judge. DECISION ON APPEAL Appellants 1 appeal under 35 U.S.C. § 134(a) from the Examiner's Non-Final Rejection of claims 1-32, which are all of the pending claims. 2 We have jurisdiction under 35 U.S.C. § 6(b). We reverse. 1 Appellants identify Verisign, Inc., as the real party in interest. (App. Br. 3.) 2 Claims 33-37 have been withdrawn. (App. Br. 28-29 (Claims App'x); Non-Final Act. 2).) Appeal2017-003703 Application 13/251,607 STATEMENT OF THE CASE Introduction According to Appellants, their invention pertains to "methods and systems for authenticating DNS resolution requests and providing authentication dependent responses." (Spec. ,r 1.) By way of background, Appellants' Specification states that, typically, when a user seeks to access an Internet resource at a domain name, a DNS resolution request will return an IP address to the user "regardless of the status of the user's permission to ultimately use the resource." (Id. ,r 3.) Appellants' Specification further notes, however, that "[i]f the user does not have a valid account" with a desired resource that requires authentication credentials, "allowing the user to access the site at all may be unnecessary and poses a potential security risk." (Id. ,r 4.) Appellants' Specification further states: A method and system is desired that can perform authentication of a DNS requester prior to returning an IP address ( or network layer identifier or service location identifier), to in part ensure that the requester has authorization to access to the ultimate resource before opening the door or disclosing the address. The following disclosure solves these problems and provides added conveniences and functionality to the name resolution process. For example, ... this pre-authentication system allows administrators to prescribe specialized behavior at the DNS level based on the authentication status of the requester. (Id. ,I 8.) Exemplary Claims Claims 1, 10, 19, and 28 are independent. Claims 1 and 28, reproduced below with the disputed limitations italicized, are exemplary of the claimed subject matter: 2 Appeal2017-003703 Application 13/251,607 1. A method for authenticating a DNS request, comprising: receiving at an authenticating server comprising an electronic processor a DNS resolution request including a domain name and authentication information, wherein the information is not in the domain name, and wherein the authentication information comprises at least one of a username/password combination, or a security certificate; validating, on the authenticating server comprising an electronic processor, the authentication information; determining, by the authenticating server comprising an electronic processor, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of: sending a response message with an IP address, network layer identifier, or service location identifier; delaying sending a response message; sending a response message with an IP address corresponding to a website address containing authentication instructions; or responding with an alternative IP address corresponding to a special version of a resource configured to look just like the resource; and executing, on the authenticating server compnsmg an electronic processor, the DNS action. 28. A method for authenticating a DNS request, comprising: receiving, at an authenticating server comprising an electronic processor, a DNS resolution request from a user, wherein the request includes a domain name to be resolved and an authentication certificate, wherein the authentication certificate was issued by a community authority trust in response to a request for identification authentication by the user, and wherein [the] authentication certificate was added to the DNS resolution request by a device other than a device that originates the DNS resolution request; validating, on the authenticating server comprising an electronic processor, the authentication certificate; determining, by the authenticating server comprising an electronic processor, a network layer address or service location 3 Appeal2017-003703 Application 13/251,607 address based on the validation of the authentication certificate; and sending the network layer address to the user. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Shuster Hotz et al. ("Hotz") Hegde et al. ("Hegde") Boesgaard Sorensen US 2002/0073335 Al US 2004/0039798 Al US 2006/0242321 Al US 8,468,351 B2 REJECTIONS June 13, 2002 Feb.26,2004 Oct. 26, 2006 June 18, 2013 Claims 1-6, 8-15, 17-24, 26, and 27 stand rejected under 35 U.S.C. § I03(a) as being unpatentable over Hotz and Hegde. (Non-Final Act 2-7.) Claims 7, 16, and 25 stand rejected under 35 U.S.C. § I03(a) as being unpatentable over Hotz, Hegde, and Sorensen. (Non-Final Act. 7-8.) Claims 28-32 stand rejected under 35 U.S.C. § I03(a) as being unpatentable over Shuster and Hegde. (Non-Final Act. 8-10.) ISSUES 1. Whether the Examiner erred in finding the combination of Hotz and Hegde teaches or suggests "receiving at an authenticating server comprising an electronic processor a DNS resolution request including a domain name and authentication information, wherein the information is not in the domain name, and wherein the authentication information comprises at least one of a usemame/password combination, or a security certificate," 4 Appeal2017-003703 Application 13/251,607 as recited in independent claim 1 and commensurately recited in independent claims 10 and 19. 2. Whether the Examiner erred in finding the combination of Shuster and Hegde teaches or suggests "wherein [the] authentication certificate was added to the DNS resolution request by a device other than a device that originates the DNS resolution request," as recited in independent claim 28. ANALYSIS A. Claims 1-27 The Examiner finds Hotz teaches most of the limitations of claim 1, except the Examiner finds "Hotz does not explicitly disclose the feature wherein the information is not in the domain name," for which the Examiner relies on Hegde in combination with Hotz. (Non-Final Act. 3--4.) With regard to the disputed limitation "receiving at an authenticating server comprising an electronic processor, a DNS resolution request including a domain name and authentication information ... ," the Examiner finds "figure 1 [ of Hotz] shows receiving at a DNS server 100 query as it is described in the abstract stating 'The user request may be a domain name resolution request as the query mechanism provides an Internet Protocol (IP) address corresponding to the domain name."' (Id. at 3.) Claim 1 's recitation of "authentication information comprises at least one of a username/password combination, or a security certificate" provides two alternative options for the authentication information. We conclude that this limitation is satisfied if either one of the two stated options is met. The Examiner, however, finds only one of the stated options is taught or 5 Appeal2017-003703 Application 13/251,607 suggested by the prior art, finding Hotz teaches the "username/password combination." (Ans. 2 (citing Hotz ,r 123).) The Examiner does not find the "security certificate" option is taught by Hotz or Hegde, either alone or in combination. (See id.) Appellants argue the Examiner's findings are in error because neither Hotz nor Hegde, alone or in combination, disclose either option in the disputed limitation of claim 1. Because the Examiner finds only the usemame/password combination to be taught or suggested by the prior art, we do not address Appellants' arguments regarding the proper construction of "security certificate." (See App. Br. 10-11; Reply Br. 4--5.) We are persuaded by Appellants' argument that neither Hotz nor Hegde teach or suggest a DNS resolution request comprising a usemame/password combination, as recited in independent claim 1 ( and commensurately recited in independent claims 10 and 19). (See App. Br. 12.) The portion of Hotz cited by the Examiner states that "[t]he LOGIN table describes identity within the DNS system ... [and] includes information on how to authenticate a user to system." (Hotz ,r 123; Ans. 2.) Although this disclosure mentions a password, it does not disclose including the password in a DNS resolution request. Rather, as Appellants contend, and we agree, "[ a ]t most, Hotz discloses a usemame/password that is used only to log in and peiform administrative functions" on a DNS database. (Id. (citing Hotz at page 7, "Table List & Summary") (emphasis added)). Thus, Hotz does not disclose using a usemame/password in a DNS resolution request, as claimed. The Examiner makes no findings that Hegde makes up for the deficiency in Hotz's disclosure. (See Non-Final Act. 4.) 6 Appeal2017-003703 Application 13/251,607 For the foregoing reasons, we are persuaded of error in the Examiner's finding that the combination of Hegde and Hotz teaches or suggests "a DNS resolution request including a domain name and authentication information, ... wherein the authentication information comprises at least one of a usemame/password combination, or a security certificate," as recited in independent claim 1 and commensurately recited in independent claims 10 and 19. Therefore, we do not sustain the Examiner's 35 U.S.C. § 103(a) rejection of independent claims 1, 10, or 19, or of the claims dependent thereon, 3 over the combination of Hegde and Hotz. 4 B. Claims 28-32 With regard to claims 28-32, the Examiner finds Shuster teaches most of the limitations of independent claim 2 8, except for the disputed limitation requiring the authentication certificate to be "added to the DNS resolution request by a device other than a device that originates the DNS resolution request," for which the Examiner relies on Hegde. (Non-Final Act. 8-9.) In particular, the Examiner finds "Hegde teaches a method wherein [the] authentication certificate was added to the DNS resolution request by a device other than a device that originates the DNS resolution request 3 With regard to dependent claims 7, 16, and 25, which the Examiner rejects over Hegde, Hotz and an additional reference (Boesgaard S0rensen), the Examiner makes no findings that Boesgaard S0rensen remedies the deficiencies we have found regarding the base combination. (See Non- Final Act. 7-8.) 4 In the event of further prosecution on remand, the Examiner may wish to consider whether the Shuster reference, cited only in connection with claims 28-32, teaches or suggests the subject matter as recited in independent claims 1, 10, or 19, as well as in any of the claims dependent thereon. (See, e.g., Shuster ,r,r 41--42 and Fig. 5.) 7 Appeal2017-003703 Application 13/251,607 (paragraph [0034] discusses database located at DNS server assign priority to the request)." (Id. at 9.) Appellants argue the Examiner's findings are in error because Hegde does not disclose adding any information to a DNS resolution request, much less "authentication information" as claimed. (App. Br. 16.) In particular, Appellants argue: [P]aragraph 34 is about assigning priority to requests to translate domain names. Hegde elaborates on this process in the paragraphs following paragraph 34. See Hegde, paragraphs 35- 43. In some embodiments, the priority is based on a tag present in the request. See Hegde, paragraph 37. However, Hegde makes clear that such a tag is added to the request by the requesting device itself. See Hegde, paragraph 38 (" ... the client data processing system adds the tag or provides tag data when sending the request. Thus, some cooperation from the source is required."). Accordingly, at most, Hegde discloses that the requestor itself may add noncertificate data to a request. This clearly fails to meet the feature at issue. (Id. at 17.) We are persuaded of error for the above reasons as stated by Appellants. 5 According, we do not sustain the Examiner's 35 U.S.C. § 103(a) rejection of independent claim 28, or of the claims dependent thereon. 5 Appellants' contentions present additional issues. Because the identified issue is dispositive of Appellants' arguments on appeal, we do not reach the additional issues. 8 Appeal2017-003703 Application 13/251,607 DECISION The Examiner's 35 U.S.C. § 103(a) rejections of claims 1-32 are reversed. REVERSED 9 Copy with citationCopy as parenthetical citation
