14977505 (P.T.A.B. Dec. 6, 2018)

Ex Parte Sachtjen et al

Patent Trial and Appeal BoardDec 6, 2018

14977505 (P.T.A.B. Dec. 6, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. 14/977,505 73091 7590 Marc P. Schuyler P.O. Box 2535 Saratoga, CA 95070 FILING DATE FIRST NAMED INVENTOR 12/21/2015 Scott A. Sachtjen 12/06/2018 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 2015060 I Iconix-01ClC2 6169 EXAMINER CELANI, NICHOLAS P ART UNIT PAPER NUMBER 2449 MAIL DATE DELIVERY MODE 12/06/2018 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte SCOTT A. SACHTJEN, VLAD ADRIAN HOCIOTA, RAZVAN VLAD LAZAR, and SERBAN ADRIAN TIR Appeal 2018-002615 Application 14/977 ,505 1 Technology Center 2400 Before DEBRA K. STEPHENS, DANIEL J. GALLIGAN, and DAVID J. CUTITTA II, Administrative Patent Judges. Opinion for the Board filed by CUTITTA, Administrative Patent Judge. Opinion Dissenting filed by GALLIGAN, Administrative Patent Judge. CUTITTA, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. Â§ 134(a) from a final rejection of claims 2-21, which are all of the claims pending in the application. 2 Appellants identify this appeal as related to an appeal filed for co-pending application 12/024,980. See Appeal Br. 1. 3 We have jurisdiction under 35 U.S.C. Â§ 6(b ). We AFFIRM-IN-PART. 1 Appellants identify Iconix, Inc. as the real party in interest. See App. Br. 1. 2 Claim 1 has been cancelled. 3 This Appeal is withdrawn. See Issue Notification mailed October 3, 2018. Appeal 2018-002615 Application 14/977 ,505 STATEMENT OF THE CASE According to Appellants, the claims are directed to validating an email message using a sender policy framework (SPF) module with the FROM header of an email. If the message is not validated using the FROM header, the email message may be validated using a purported responsible address (PRA). Spec. ,r,r 37, 39, Abstract. 4 Claim 2 is reproduced below: 2. A computer-implemented method for processing an email message received from over a wide area network ("WAN"), the method comprising: receiving header information for the email message and storing the header information in processor-accessible storage, wherein the stored header information includes plural headers comprising at least a "FROM:" header; using at least one processor to extract one or more sending domains from the header information, transmit a request via the WAN to identify whether at least one domain from the one or more sending domains corresponds to a predetermined domain, dependent on a response received via the WAN which identifies at least one domain corresponding to the predetermined domain, access via the WAN at least one sender policy framework (SPF) record published in association with the at least one domain which corresponds to the predetermined domain, 4 This Decision refers to: (1) Appellants' Specification filed December 21, 2015 (Spec.); (2) the Final Office Action (Final Act.) mailed November 30, 2016; (3) the Appeal Brief (App. Br.) filed October 6, 2017; (4) the Examiner's Answer (Ans.) mailed November 14, 2017; and (5) the Reply Brief(ReplyBr.) filed January 12, 2018. 2 Appeal 2018-002615 Application 14/977 ,505 authenticate the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by the "FROM:" header and if the email message was received from an address determined according to the SPF record for email purporting to be from the sending domain represented by the "FROM:" header, and if there is no SPF record corresponding to the sending domain represented by the "FROM:" header, authenticate the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by a purported responsible address (PRA) identified by the email message and if the email message was received from an address determined according to the SPF record for email purporting to be from the sending domain represented by the PRA; and causing a processor-based system to deliver the email message to an addressed recipient following authentication. REFERENCES AND REJECTION Claims 2-21 stand rejected under 35 U.S.C. Â§I03(a) as being unpatentable over Lalonde et al. (US 2004/0068542 Al; published Apr. 8, 2004), RFC 4408 (Meng Weng Wong & Wayne Schlitt, Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1 (2006)), and RFC 4407 (Jim Lyon, Purported Responsible Address in E- Mail Messages (2006)). Final Act. 3-9. Our review in this appeal is limited only to the above rejection and the issues raised by Appellants. Arguments not made are waived. See MPEP Â§ 1205.02; 37 C.F.R. Â§Â§ 4I.37(c)(l)(iv) and 4I.39(a)(l). 3 Appeal 2018-002615 Application 14/977 ,505 ANALYSIS Independent Claim 2 "corresponding to the predetermined domain" Appellants contend the Examiner erred in finding Lalonde teaches "transmit[ting] a request via the WAN to identify whether at least one domain from the one or more sending domains corresponds to a predetermined domain" and "a response received via the WAN which identifies at least one domain corresponding to the predetermined domain," as recited in claim 2. App. Br. 7-9; Reply Br. 9-12, 14. Specifically, Appellants argue "all Lalonde says is that a domain from the FROM field [ of an email] is used to look up an IP address" from a WHOIS database, but doing so "does not produce the same result as [Appellants'] embodiments." App. Br. 8-9; Reply Br. 11. Appellants further argue Lalonde does not teach a "comparison against a predetermined domain ( e.g., a legitimate, known business)." Reply Br. 11-12; App. Br. 8. We are not persuaded. We agree with the Examiner's finding that (Ans. 7; Final Act. 3--4) Lalonde's system "for authenticating [an] email," which uses an email sender's domain to query a WHOIS database for the domain's IP address (Lalonde ,r,r 38, 40), teaches "transmit[ting] a request via the WAN to identify whether at least one domain from the one or more sending domains corresponds to a predetermined domain" and "a response received via the WAN which identifies at least one domain corresponding to the predetermined domain." Specifically, Lalonde "obtain[ s] the domain name of the purported sender from the FROM field 50" of an email (id. ,r 40) and therefore, teaches "at least one domain from the one or more sending domains." Further, as Appellants point out, Lalonde also discloses a 4 Appeal 2018-002615 Application 14/977 ,505 WHOIS database that stores domains and respective associated IP addresses. Ans. 8 ("as is known, the WHOSIS [sic] database represents a list of all domain names"); Lalonde ,r 40 ("the domain name from the WHOIS database"). As such, the domains stored in the WHOIS database teach "a predetermined domain." Further, Lalonde "identif[ies] whether at least one domain from the one or more sending domains," i.e., the email sender's domain name, "corresponds to a predetermined domain," i.e., a stored WHOIS domain name, by "provid[ing] the WHOIS database with the purported domain name (hotmail.com) of the purported sender to obtain an IP address associated with the particular domain name." Lalonde ,r 40, Fig. 6. That is, Lalonde' s IP address response identifies a correspondence between the sender's domain name and a stored WHOIS domain name. Appellants' arguments that Lalonde "does not produce the same result as [Appellants'] embodiments" because in Lalonde, a "fraudulent sending domain would correspond to the IP address registered by the fraudulent sender" (App. Br. 8-9) and a "predetermined domain," in the claim, is "e.g., a legitimate, known business" (Reply Br. 11; App. Br. 8) are not commensurate with the scope of the claim. Neither the claim nor the Specification define "a predetermined domain," let alone define "a predetermined domain" as a legitimate or known business. Further, neither the claim nor the Specification preclude a fraudulent domain from the meaning of "a predetermined domain." And, even if the claim did require that a predetermined domain is a legitimate and known business, Lalonde teaches that the domain "hotmail.com," which a legitimate and known business, is a domain included in its WHOIS database. Lalonde ,r 40. Appellants' remaining arguments address other features of Lalonde (see 5 Appeal 2018-002615 Application 14/977 ,505 App. Br. 7; see also Reply Br. 10-12), but do not address Lalonde's WHOIS authentication. Accordingly, we are not persuaded the Examiner erred in finding Lalonde teaches "transmit[ ting] a request via the WAN to identify whether at least one domain from the one or more sending domains corresponds to a predetermined domain" and "a response received via the WAN which identifies at least one domain corresponding to the predetermined domain" as recited in claim 2. "dependent on a response received" Appellants contend the combination of Lalonde, RFC 4408, and RFC 4407 does not teach the method steps of: dependent on a response received via the WAN which identifies at least one domain corresponding to the predetermined domain, access via the WAN at least one sender policy framework (SPF) ... authenticate the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain ... and if there is no SPF record corresponding to the sending domain ... authenticate the email message ... by a purported responsible address. App. Br. 9--12; Reply Br. 15-16. Appellants' arguments (see id.) are not commensurate with the scope of the claim. Under the broadest reasonable interpretation of these claimed method steps, these steps are only performed if certain conditions precedent are met; and as such, the Examiner does not have to find that the prior art teaches these method steps. Ex Parte Schulhauser, Appeal 2013-007847, 2016 WL 6277792, at *7-8 (Apr. 28, 2016) (precedential). Specifically, the steps of "access[ing] via the WAN at least one sender policy framework 6 Appeal 2018-002615 Application 14/977 ,505 (SPF)," "authenticat[ing] the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain," and "authenticat[ing] the email message ... by a purported responsible address" are conditional and thus, only performed "dependent on a response received via the WAN which identifies at least one domain corresponding to the predetermined domain." Claim 2 (emphasis added). More specifically, if the received response does not identify a corresponding domain to access the SPF, none of the conditional steps identified above will be performed. Even further, some of these conditional steps would only be performed if additional conditions precedent were met, e.g., "if the accessed at least one SPF record includes an SPF record," "if the email message was received from an address," and "if there is no SPF record." Claim 2 (emphasis added). Accordingly, we are not persuaded the Examiner erred in rejecting claim 2 under 35 U.S.C. Â§ I03(a) as being unpatentable over Lalonde, RFC 4408, and RFC 4407. Independent Claims 10 and 17 Appellants contend the Examiner erred in finding the combination of RFC 4408 and RFC 4407 does not teach: authenticate the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by the "FROM:" header ... [and] if there is no SPF record corresponding to the sending domain represented by the "FROM:" header, authenticate the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by a purported responsible address (PRA), 7 Appeal 2018-002615 Application 14/977 ,505 as recited in claim 10 and similarly recited in claim 17. App. Br. 12-20; Reply Br. 16. Specifically, Appellants argue RFC 4407 does not teach an authentication process "where an email is authenticated dependent on whether the FROM: header corresponds to a SPF record, but if in the event that fails, the specific steps of PRA are looked to." App. Br. 13; Reply Br. 16. We are persuaded. As an initial matter we note that the interpretation described above for method claim 2 does not apply to apparatus claim 10 and device claim 17 - an apparatus claim and a device claim have structure needed to perform a function that occurs only if a condition precedent is met. The broadest reasonable interpretation requires the structure for performing the function whether or not the condition occurs. See Schulhauser, 2016 WL 6277792 at *7 (the interpretation of a claim having structure that performs a function "differs from the method claim because the structure ... is present in the system regardless of whether the condition is met and the function is actually performed."). The Examiner finds RFC 4408 teaches "authenticat[ing] the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by the 'FROM:' header." Final Act. 4 (citing RFC 4408 Â§Â§ 2.4, 2.5.3, 3-3.1.1). The Examiner further finds RFC 4407 teaches "authenticat[ing] the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by a purported responsible address (PRA)." Final Act. 5 (citing RFC 4407 Â§ 2). The Examiner combines RFC 4408 and RFC 4407, determining that "[i]t is [a] simple combination ... to layer authentication checks after one another." Final Act. 11; see Final Act. 5. The Examiner 8 Appeal 2018-002615 Application 14/977 ,505 provides an example of layering authentication checks as "present[ing] a badge to a check in point, produc[ing] physical keys to unlock an office, and then provid[ing] a mental password to access the computer." Adv. Act. 2; see Ans. 26-27. The Examiner explains the combination "perform[ s] authentication checks on email to determine if the sending party is who they say they are," based on RFC 4408, and then "select[ s] an identity to perform authentication for," based on RFC 4407. Ans. 25. That is, the Examiner's proffered combination of RFC 4408 and RFC 4407 provides a series of progressing authentication methods in which an additional authentication is performed after a successful initial authentication. The claims, however, do not recite a series of progressing authentication methods in which an additional authentication is performed after a successful initial authentication. Instead, the claims recite an alternative authentication method, i.e., "an SPF record corresponding to a sending domain represented by a purported responsible address (PRA)," that is conditioned on an unsuccessful authentication method, i.e., "if there is no SPF record corresponding to the sending domain represented by the 'FROM:' header." The Examiner finds the combination is a "simple substitution," a "rearrangement of parts," or a "removal of an element if its functionality is not desired." Ans. 22. But substituting, rearranging, or removing authentication methods do not support using an alternative authentication method conditioned on a failed authentication method. While the Examiner makes a passing reference to the conclusion that it would have been obvious to use an alternative authentication "if the first authentication technique fails" (Final Act. 12), the motivation proffered by the Examiner for the combination of RFC 4408 and RFC 4407 does not 9 Appeal 2018-002615 Application 14/977 ,505 support that conclusion. When "the missing limitation goes to the heart of an invention," (i.e., the use of an alternative authentication method if there is no SPF record corresponding to the sending domain represented by the 'FROM:' header) then "our search for a reasoned basis for resort to common sense must be searching." Arendi S.A.R.L. v. Apple Inc., 832 F.3d 1355, 1363 (Fed. Cir. 2016). The Examiner's motivation for the combination of RFC 4408 and RFC 4407 is directed to "selecting the FROM header as a PRA." Ans. 21, 23 ("a specific motivation for selecting the FROM field ... for authentication"); Adv. Act. 2 ("one of skill would be motivated to use the FROM header as an authentication check"); see Final Act. 5 ("utilize the authentication scheme of SPF for other email header fields"). That motivation supports the obviousness of using certain information for authentication, but does not support the conclusion that it would have been obvious to use an alternative authentication method conditioned on a failed authentication. While there may be motivation fairly supporting the conclusion that it would have been obvious to use an alternative authentication method conditioned on a failed authentication, the Examiner has not provided such a motivation in the record before us. The Examiner characterizes the combination as an aggregation; however, the claim contemplates deciding, based on specified criteria, which authentication method to use. Thus, the Examiner's proffered combination is described as a system progressing through a series of successful authentication methods, rather than a system with an alternative authentication method (see Ans. 22, 26-27; see also Adv. Act. 2; see also Final Act. 5, 11 ). As such, we are constrained by the record to reverse the Examiner's obviousness rejection of independent claims 10 10 Appeal 2018-002615 Application 14/977 ,505 and 17. Because we agree with at least one of the arguments advanced by Appellants, we need not reach the merits of Appellants other arguments directed to claims 10 and 17. See Ans. 9--12. Therefore, we cannot sustain the rejection of independent claims 10 and 17 under 35 U.S.C. Â§ 103(a) as being unpatentable over Lalonde, RFC 4408, and RFC 4407. Dependent Claim 3 Appellants contend the Examiner erred in finding Lalonde teaches "transmitting a result over the WAN to a third party destination address, the result identifying both of the first domain and each sending domain extracted from the header information," as recited in claim 3. See App. Br. 20-21. Specifically, Appellants argue Lalonde "does not show or reflect any authentication results reporting to a third party of any type whatsoever." Id. at 21. We are persuaded of error. The Examiner asserts Lalonde discloses that "an email may have multiple headers," and "[ a ]fter receiving the results ... Lalonde check[ s] back from the server, [ and] the same check is made for the additional sending domains." Ans. 25-26 ( citing Lalonde ,r,r 33, 38, 40, Fig. 2); Final Act. 6. The result Lalonde describes, however, is sent back to its original requesting computer to display a confidence factor or authenticity indicator to its user, rather than sending the result to "a third party destination." See Lalonde ,r 40. The Examiner does not identify where Lalonde describes sending a result to some other destination nor do we readily find where Lalonde describes any other destination. Accordingly, we cannot sustain the rejection of dependent claim 3 under 35 11 Appeal 2018-002615 Application 14/977 ,505 U.S.C. Â§ 103(a) as being unpatentable over Lalonde, RFC 4408, and RFC 4407. Dependent Claim 4 Appellants contend the Examiner erred in finding RCE 4408 teaches: if there is no SPF record corresponding to the sending domain represented by the 'FROM:' header, and if there is no SPF record corresponding to the sending domain represented by the PRA, authenticating the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by a 'MAIL-FROM' header identified by the email message and if the email message was received from an address determined according to the SPF record for email purporting to be from the sending domain represented by the 'MAIL-FROM' header, as recited in claim 4. App. Br. 22-24. We are not persuaded because Appellants' arguments are not commensurate with the scope of the claim, for reasons similar to those discussed in claim 2. In particular, Appellants argue methods steps which are only performed if certain conditions precedent are met. Accordingly, the Examiner does not have to find that the prior art teaches those method steps because under a broadest reasonable interpretation, the condition precedent may not be met. See Schulhauser, 2016 WL 6277792 at *7-8. In particular, the steps recited in claim 4, depending from claim 2, are only reached "dependent on a response received via the WAN which identifies at least one domain corresponding to the predetermined domain." Claim 2 ( emphasis added). Furthermore, the method steps of claim 4 are only performed when additional conditions precedent are also met, e.g., if there is no SPF record corresponding to the sending domain represented by the 'FROM:' header, and if there is no SPF record 12 Appeal 2018-002615 Application 14/977 ,505 corresponding to the sending domain represented by the PRA ... if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by a 'MAIL- FROM' header identified by the email message and if the email message was received from an address determined according to the SPF record for email purporting to be from the sending domain represented by the 'MAIL-FROM' header. Claim 4 ( emphasis added). Accordingly, we are not persuaded the Examiner erred in rejecting claim 4 under 35 U.S.C. Â§103(a) as being unpatentable over Lalonde, RFC 4408, and RFC 4407. Dependent Claim 7 Appellants contend the Examiner erred in finding Lalonde teaches a "confidence mark [that] is specific to a domain identified by the response," as recited in claim 7 and similarly recited in claim 14. App. Br. 24--26. Specifically, Appellants argue "Lalonde does not teach any structure or mechanism by which a receiving machine would obtain any type of domain- specific icon or brand that would be displayed as part of such a message." App. Br. 25. We are not persuaded. The Examiner finds (Ans. 30; Ans. 6) and we agree, Lalonde' s email "confidence factor or authenticity indicator" (Lalonde ,r 41) teaches a "confidence mark." Further, Appellants agree with the Examiner's finding that "marks can be used to identify the source of goods and services." Final Act. 7; App. Br. 25. We further agree with the Examiner's finding that the combination of those teachings teaches a "confidence mark is specific to a domain identified by the response." Ans. 30. Appellants' argument that Lalonde does not teach confidence marks "specific" to a domain (App. Br. 25-26) does not address the 13 Appeal 2018-002615 Application 14/977 ,505 Examiner's conclusion that it would have been obvious to "create a marking that identifies the source of the email" based on Lalonde' s confidence mark and the determination that marks can be used to identify a source of services (Ans. 30). Accordingly, we are not persuaded the Examiner erred in rejecting claim 7 under 35 U.S.C. Â§ 103(a) as being unpatentable over Lalonde, RFC 4408, and RFC 4407. Remaining Claims 5. 6. 8. 9. 11-16. and 18-21 Appellants do not argue separate patentability for dependent claims 5, 6, 8, and 9, which depend directly or indirectly from claim 2. See App. Br. 5-27. Accordingly, for the reasons set forth above, we sustain the Examiner's decision to reject claims 2-5, 9-13, and 21-28. Dependent claims 11-16 and 18-21 stand with their respective independent claims. Because we do not sustain the Examiner's decision to reject independent claims 10 and 1 7, we cannot sustain the Examiner's rejection of dependent claims 11-16 and 18-21. DECISION We affirm the Examiner's decision rejecting claims 2 and 4--9. We reverse the Examiner's decision rejecting claims 3 and 10-21. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a). See 37 C.F.R. Â§ 41.50(Â±). AFFIRMED-IN-PART 14 UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte SCOTT A. SACHTJEN, VLAD ADRIAN HOCIOTA, RAZVAN VLAD LAZAR, and SERBAN ADRIAN TIR Appeal 2018-002615 Application 14/977 ,505 Technology Center 2400 Before DEBRA K. STEPHENS, DANIEL J. GALLIGAN, and DAVID J. CUTITTA II, Administrative Patent Judges. GALLIGAN, Administrative Patent Judge, dissenting-in-part. I concur in the decision to affirm the Examiner's rejection of claims 2 and 4--9 and to reverse the Examiner's rejection of claim 3. I respectfully dissent, however, from the decision reversing the Examiner's rejection of independent claims 10 and 1 7. The relevant language of claims 10 and 17 is as follows: authenticate the email message if the accessed at least one SPF record includes an SPF record corresponding to a sending domain represented by the "FROM:" header and if the email message was received from an address determined according to the SPF record for email purporting to be from the sending domain represented by the "FROM:" header, and if there is no SPF record corresponding to the sending domain represented by the "FROM:" header, authenticate the email message if the accessed at least one SPF record includes an SPF Appeal 2018-002615 Application 14/977 ,505 record corresponding to a sending domain represented by a purported responsible address (PRA). Claims 10 and 17, therefore, expressly require having an SPF record corresponding to a sending domain represented by the "FROM:" header as a condition precedent to the first recited authentication procedure, which makes sense because that SPF record is used to make the first authentication determination. Claims 10 and 1 7 recite a second authentication procedure to be performed "if there is no SPF record corresponding to the sending domain represented by the 'FROM:' header." The claims as drafted do not perform the alternative authentication every time the prior authentication is unsuccessful. Rather, the second recited authentication procedure is performed "if there is no SPF record corresponding to the sending domain represented by the 'FROM:' header." Thus, the claims recite a second authentication procedure that is performed in the event that the information necessary for the first authentication is not available. I believe that a person of ordinary skill in the art would have been motivated to use a different authentication procedure if the information required for a first authentication procedure was not available. Lalonde itself suggests using multiple authentication techniques, stating that "[i]t is to be appreciated that any one or more of the exemplary methods 90, 100, and 120 may be performed when validating or authenticating electronic mail." Lalonde ,r 41 (emphasis added). As the Supreme Court has stated, "[a] person of ordinary skill is ... a person of ordinary creativity, not an automaton." KSR!nt'l Co. v. Teleflex, Inc., 550 U.S. 398,421 (2007). Such a person, I believe, would immediately recognize the benefit of using a second authentication procedure if a first authentication procedure could not be performed due to the lack of required information. The alternative would 2 Appeal 2018-002615 Application 14/977 ,505 be simply to abandon authentication altogether, but if the goal is to authenticate email and there is other information that can be used for such authentication, I believe a person of ordinary skill in the art would have been motivated to use such other information. RFC 4407 discloses other information that can be used to determine the sender of a message. "This document defines a new identity associated with an e-mail message, called the Purported Responsible Address (PRA), which is determined by inspecting the header of the message. The PRA is designed to be the entity that (according to the header) most recently caused the message to be delivered." RFC 4407, 3. Appellants argue that "RFC 4407 does not deal with authentication, or any 'series of checks."' Reply Br. 16. Although RFC 4407 may not define an authentication procedure, Appellants' own Specification belies the assertion that it "does not deal with authentication" when it states that "[a] number of technologies, such as SPF (sender policy framework; RFC 4408), Sender ID (sender identification, RFC 4406), PRA (purported responsible address; RFC 4407), Domain Keys, and Domainkeys identified mail (RFC 4871 ), have been developed to help verify e-mail exchanged between servers or MT As ( mail transfer agents)." Spec. ,r 4. A person of ordinary skill in the art, therefore, would clearly recognize the applicability of RFC 4407 's PRA teachings to email authentication. For these reasons, I respectfully dissent as to claims 10 and 1 7. 3