Ex Parte SinghalDownload PDFPatent Trial and Appeal BoardMar 29, 201611503825 (P.T.A.B. Mar. 29, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. 111503,825 103550 7590 Tara Chand Sighal P.O. Box 5075 Torrance, CA 90510 FILING DATE FIRST NAMED INVENTOR 08/13/2006 Tara Chand Singhal 03/30/2016 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 11195.79 2707 EXAMINER D AGOSTA, STEPHEN M ART UNIT PAPER NUMBER 2643 MAILDATE DELIVERY MODE 03/30/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte TARA CHAND SINGHAL Appeal2014-004011 Application 11/503,825 Technology Center 2600 Before CAROLYN D. THOMAS, JOSEPH P. LENTIVECH, and KARA L. SZPONDOWSKI, Administrative Patent Judges. LENTIVECH, Administrative Patent Judge. DECISION ON APPEAL Appellant seeks our review under 35 U.S.C. § 134(a) of the Examiner's final rejection of claims 1-7, 10-13, and 16-24. Claims 8, 9, 14, and 15 have been canceled. See App. Br. 30-31 (Claims App'x). We have jurisdiction over the pending claims under 35 U.S.C. § 6(b ). We AFFIRM. Appeal2014-004011 Application I 1/503,825 STATEMENT OF THE CASE Appellant's Invention Appellant's invention generally relates to two-factor remote user authentication that does not use a security token and uses certain features of a telephone network. Spec. I. Claims I 0, I2, and 2 I are independent claims and read as follows: I 0. A remote user authentication system comprising: a. an authentication server that is used for authenticating remote users to a business computer network has an interface A with a telephone network; b. the authentication server also has an Interface B with a private communication line with a cellular telephone network of a cellular wireless carrier, which verifies caller id of authorized callers to the authentication server, and the authentication server; c. the authentication server has different methods of authentication A and B respectively depending upon which interface A or B a remote user connection authentication request originated from. I2. A method for a remote user authentication system comprising the steps: a. setting up an interface between an authentication server that is used for authenticating remote users to a business computer network and a telephone network for receiving telephone calls on the interface and the server prompting by an interactive voice response system for entry of a PIN-I; b. verifying PIN-I in an authentication database and delivering a message of an "to hang up now" otherwise a message of "an unauthorized call"; c. calling back by the system on a caller id that is present for this PIN-I in the database immediately after step (b ); 2 Appeal2014-004011 Application 11/503,825 d. prompting for entry of a PfN-2, a secret number, and checking it in database to authenticate the remote user. 21. A cellular telephone network providing enhanced remote user authentication services to their business clients from cellular network's own clients that connect to the business's authentication servers via their cellular telephone devices, compnsmg: a. the cellular telephone network establishes a private communication line, with an assigned telephone number, to an authentication server of a business for authenticating remote users, the network only routs on to the assigned number callers whose caller id can be verified within the cellular telephone network database; b. a call handling logic operative within the computer systems of the cellular telephone network that receives a plurality of telephone calls and of these plurality of received calls screens those calls that originated from customers of its own network and routes only those calls to the assigned telephone number for which the network is able to verify a caller id of the caller, wherein the caller id serves both as a user identification and as an authentication step to the authentication server thereby minimizing number of remote user authentication steps. Rejections Claims 1-7, 10, 16, and 19-22 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over West et al. (US 6,538,996 Bl; issued Mar. 25, 2003) in view of Roach, Jr. et al. (US 5,526,401; issued June 11, 1996), and (Raith (US 5,930,706; issued July 27, 1999) or Chaudhary et al. (US 7,155,526 B2; issued Dec. 26, 2006)). Final Act. 4--11. Claims 11 and 23 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over West in view of Roach and (Raith or Chaudhary), and 3 Appeal2014-004011 Application 11/503,825 further in view of Cook et al. (US 6,788,770 Bl; issued Sept. 7, 2004). Final Act. 11-13. Claims 12 and 13 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over West in view of Roach and (Raith or Chaudhary), and further in view of Bathrick et al. (US 5,280,581; issued Jan. 18, 1994). Final Act. 13-15. Claims 17 and 18 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over West in view of Roach and (Raith or Chaudhary), and further in view of Fraser et al. (US 5,329,589; issued July 12, 1994) and Cook. Final Act. 15-16. Claim 24 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over West in view of Roach and (Raith or Chaudhary), and further in view of Fraser. Final Act. 16. ANALYSIS We have reviewed the Examiner's rejections in light of Appellant's arguments that the Examiner has erred. We disagree with Appellant's conclusions. We adopt as our own the findings and reasons set forth by the Examiner in the Final Office Action from which this appeal is taken and the reasons set forth in the Examiner's Answer in response to Appellant's Appeal Brief. Final Act. 2-16; Ans. 2-11. We highlight and address specific findings and arguments for emphasis as follows. Claims 1-7 and 19-22 Appellant argues claims 21 and 22 as a group. App. Br. 12-21; Reply Br. 3-8. In accordance with 37 C.F.R. § 41.37(c)(l)(iv), we select 4 Appeal2014-004011 Application 11/503,825 independent claim 21 as the representative claim. Claim 22 stands or falls together with claim 21. See id. Issue 1 : Did the Examiner err by finding the combination of West, Roach, and (Raith or Chaudhary) teaches or suggests the limitations recited in claim 21? Appellant contends the Examiner erred in rejecting claim 21 because the Examiner fails to "understand[] the specialized art remote user authentication as the first prong of the Graham driven obviousness enquiry is to determine the nature and scope of the claimed subject matter." App. Br. 19; Reply Br. 18. Appellant contends the claimed subject matter includes several distinguishing features over the combination of applied references. App. Br. 20; Reply Br. 19. Particularly, Appellant contends the distinguishing characteristics include: (1) "[ t ]he claimed subject matter minimizes the number of actions and steps a remote user needs to perform for a two-factor remote user authentication to a remote system;" (2) the claimed "private line" differs from "the information security industry prior art of IP Sec tunnel;" and (3) identification and authentication via MIN/ESN and Kc, encryption key "does not teach or make obvious the 'call handling logic' of the claimed subject matter as performing an entirely different function." App. Br. 20-21; Reply Br. 19--20. Regarding the first distinguishing characteristic, Appellant contends: Having a cell phone with a SIM card and the ability of the remote system to ascertain that a telephone call had originated in a cellular system and that the cellular telephone system assures the remote system by use of a private line to the remote system, provides assurance to the remote system that a caller id of such a call can be relied upon to perform one or more factors of remote user authentication protocol. 5 Appeal2014-004011 Application 11/503,825 This thereby, minimizes the number of steps a user needs to perform for remote user authentication, as carrying and any use of a physical card token for a "what you have" factor is eliminated as well as user id step is also eliminated as a caller id also functions not only as user id but at the same time also functions as a security token. App. Br. 20; Reply Br. 19. We do not find Appellant's contentions persuasive. The Examiner finds, and we agree, West teaches a corporate communication system that includes firewall security for authenticating a user attempting to remotely access a corporate network. Final Act. 4 (citing West, Figs. 1, 3, 6, 8, 22, 23); Ans. 5. The Examiner also finds, and we agree, West teaches accepting an identification of a user of the remote computer. Final Act. 5 (citing West 3:1-2); Ans. 6-7. We further agree with the Examiner that Roach teaches that a phone number (e.g. MIN (mobile identification number)) can be used to identify a user. Ans. 7; Final Act. 5. For example, Roach teaches a cellular radiotelephone unit transmits an identification signal, which includes an electronic serial number (ESN), to the cellular mobile radiotelephone (CMR) system when the cellular radio telephone unit first identifies itself to the CMR system. Roach 6:43--49. Roach teaches determining whether the radiotelephone is an authorized user or subscriber by looking up the unit's telephone number, serial number, and other information supplied by the radiotelephone to see if there is an entry in the mobile switching center's database corresponding to that particular radiotelephone. Roach 13: 17-22. Further, we agree with the Examiner's findings that Roach, Raith, and Chaudhary teach determining if a user is roaming (not a customer) and allowing or denying accessed based on that determination. Ans. 7; Final Act. 6-7. Regarding the claimed "private line," the Examiner finds: 6 Appeal2014-004011 Application 11/503,825 [T]he concept of a "private line" is taught when one skilled combines the network design put forth by West ( eg. [sic] only one path exists to the corporate network through either a PSTN link or an Internet link in figure 1 which ultimately connect to the router/firewall as shown in figure 3, #330/#331) AND taking the teachings that a user can be allowed/denied access as based on them being a customer (or non-roamer) to thusly yield that the service provider is acting as a "filtering agent" to only allow communications to the corporate network via their "private link". Hence while West shows a communications link to the corporate network, it is only accessible via the ability of the remote user to authenticate to the service provider and prove that the[y] are a customer of that service provider and should be allowed access. Final Act. 7-8; see also Ans. 7. As such, we agree with the Examiner that the combined teachings of the references teach or suggest the limitations recited in claim 21. Regarding Appellant's second distinguishing characteristic, Appellant contends: "Private line" of [the] claimed subject matter is not the same as the information security industry prior art of IP Sec tunnel ( not in the West) because, IP Sec tunnel is used for secure encrypted data communication, whereas the claimed subject matter "private line" to a business authentication server is used to automatically identify and authenticate a caller by their verified caller id and thus remove or does away with step of user identification and authentication in a multi-factor remote user authentication scheme. App. Br. 20; Reply Br. 19. We do not find Appellant's contentions persuasive because they are not responsive to the Examiner's findings. As discussed supra, the Examiner finds the combined teachings of the references teach or suggest the claimed "private line." Appellant's contention fails to address the 7 Appeal2014-004011 Application 11/503,825 combined teachings of the references and, therefore, is unpersuasive of error. Regarding Appellant's third distinguishing characteristic, Appellant contends "[a] cellular network as a routine part of their security and business operation authenticate those who connect to their wireless network ... via MIN/ESN and Kc encryption key" and "' [ s ]creening' or filtering agent, as [the] Examiner characterizes it, is not the same as the claimed subject matter element (b) to a person of ordinary skill for having used very different means for an entirely different purpose." App. Br. 20-21; Reply Br. 20. We do not find Appellant's contentions persuasive. As discussed supra, the Examiner finds the combined teachings of the applied references teach or suggest the limitations recited in claim 21. Appellant offers no persuasive explanation or reasoning as to how or why the cited portions of the applied references fail to teach or suggest the respective limitations. See 37 CPR § 41.37(c)(l)(iv) ("The arguments shall explain why the examiner erred as to each ground of rejection contested by [A ]ppellant. . . . [A ]ny arguments or authorities not included in the appeal brief will be refused consideration by the Board for purposes of the present appeal.") (Emphasis added.) Moreover, arguments not made are deemed waived. See id. Cf In re Baxter Travenol Labs., 952 F.2d 388, 391 (Fed. Cir. 1991) ("It is not the function of this court to examine the claims in greater detail than argued by an [A]ppellant, looking for nonobvious distinctions over the prior art."). Issue 2: Did the Examiner err by combining the teachings of West in view of Roach, and (Raith or Chaudhary)? Appellant contends the combination of applied references is improper 8 Appeal2014-004011 Application 11/503,825 because the Examiner fails to "understand[] 'a person of ordinary skill in the art' requirement and the 'ordinary skill person' driven requirements to be able to combine prior art references." App. Br. 19; Reply Br. 18. Appellant contends: [The] Examiner misunderstands and misapplies the Graham v. Deere obviousness analysis including KSR driven amplification of "a person of ordinary skill in the art" driven obviousness analysis to the claims for the following reasons. Under the third prong of the obviousness enquiry, to be able to combine prior art references, by "a person of ordinary skill in the art", a teaching, suggestion or motivation in the arts themselves is a necessary pre-requisite to be able to combine these prior art references. Stated differently, that is, if there is no teaching or suggestion or motivation, then a combination of prior art references would not be combined by a person of ordinary skill and thus would be un-obvious under this prong of the Graham obviousness analysis. KSR amplified the definition of that ordinary skill of a person to include common sense of the person. However, that application of KSR or common sense based obviousness enquiry is limited; with specific KSR pre-conditions. The KSR driven "common sense" enquiry is limited by the preconditions of (i) a known problem, known in the industry, (ii) the problem is solved by combining known parts present in the prior art references, and (iii) the problem is solved by combining these known parts working in known ways. That is, for the "common sense" driven obviousness enquiry, each of these three separate and distinct preconditions have to be satisfied. If any of these three pre-conditions cannot be satisfied, then the common sense enquiry cannot even begin as it is conditioned by the presence of each of these pre- conditions. App. Br. 19; Reply Br. 18-19; see also App. Br. 24; Reply Br. 23. 9 Appeal2014-004011 Application 11/503,825 We do not find Appellant's contentions persuasive. We are unable to find, and Appellant does not cite to, any authority in support of Appellant's contention that the "common sense driven obviousness enquiry" is limited to the three pre-conditions discussed supra. Instead, KSR instructs "[t]he combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results." KSR Int 'l Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). Further: [ o ]ften it will be necessary for a court to look to interrelated teachings of multiple patents; ... and the background knowledge possessed by a person having ordinary skill in the art, all in order to determine whether there was an apparent reason to combine the known elements in the fashion claimed by the patent at issue. Id. at 418. Additionally: [r]ejections on obviousness grounds cannot be sustained by mere conclusory statements; instead, there must be some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness .... [H]owever, the analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ. Id. (citation and internal quotation marks omitted). The Examiner finds: It would have been obvious to one skilled in the art at the time of the invention to modify the combo, such that it uses caller-id and a "private communication line"; and (i) calls that originate in the cellular telephone network of the carrier from customers of the cellular wireless carrier and thus have a verifiable caller identity data in the carrier's own database and (ii) all other calls that have originated from other telephone networks and have been forwarded to the cellular telephone network of the carrier for routing to customers of the wireless carrier; c. the call handling logic then routes only those incoming calls to the 10 Appeal2014-004011 Application 11/503,825 authentication server on the private line that have originated in its own network from its own customers and thus is able to provide an assurance of their caller identity data to the authentication server for the authentication server to use such caller, to provide means for identifying only customers of that one service provider to be pass through to the remote corporate network for added security (prevents roamers/hackers). Final Act. 8; see also Ans. 9-10. We find the Examiner has articulated how the claimed features are met by the proposed combination of the reference teachings with some rational underpinning consistent with the guidelines in KSR. Appellant does not present persuasive evidence that the resulting arrangement was "uniquely challenging or difficult for one of ordinary skill in the art" or "represented an unobvious step over the prior art." See Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR, 550 U.S. at 418-19). Accordingly, we are unpersuaded the Examiner erred in combining the teachings of the applied references. For the foregoing reasons; we are unpersuaded the Examiner erred in rejecting claim 21; claim 22, which falls with claim 21; and claims 1-7, 19, and 20, which depend from claims 21 and 22 and are not separately argued with particularity. Claims 10, 11, and 16-18 Issue 3: Did the Examiner err in finding the combination of West in view of Roach and (Raith or Chaudhary) teaches or suggests the limitations recited in claim 1 O? Appellant contends the Examiner erred in rejecting claim 10 because: Claim 1 O's subject matter teaches two different specific methods for an authentication server, using telephone connections, one exclusively with a wireless carrier with the 11 Appeal2014-004011 Application 11/503,825 ability to verify a caller id and other with any telephone network. These two different claimed methods are not the same and are distinguishable over the cited prior art methods of using MIN/ESN for authenticating a wireless device to a wireless network and using user id and password for logging into a web server, to a person of ordinary skill in the art because, for one claimed methods are used in the same authentication server and whereas the prior art methods operate and are used in entirely different domain for different purposes using entirely different protocols. App. Br. 21; Reply Br. 20. Appellant further contends: [C]laim 10 is patentable over the cited prior art in any combination, because the cited prior art to a person of ordinary skill in the art do not teach the claimed subject matter, as the claimed subject matter is directed to a system that require two different methods of remote user authentication that are directed to facilitating remote user authentication for a business client of the telephone company. App. Br. 21-22; Reply Br. 21. We do not find Appellant's contentions persuasive. The Examiner finds, and we agree, West teaches establishing multiple communication links between a remote user and a corporate network. Final Act. 4 (citing West, Figs. 1, 3); Ans. 5. West teaches that the multiple communication links include a communication link established using a public switched telephone network (PSTN) and a communication link established by coupling the remote computer (e.g., a remote user) to a direct Internet access network. West 5: 1-11. West teaches that the direct Internet access network can use a cellular digital packet data (CDPD) wireless connection. West 5: 11-16. The Examiner also finds, and we agree, West teaches a corporate communication system that includes firewall security for authenticating a 12 Appeal2014-004011 Application 11/503,825 user attempting to remotely access the corporate network. Final Act. 4 (citing West, Figs. 1, 3, 6, 8, 22, 23); Ans. 5. The Examiner further finds, and we agree, West teaches a user must typically interact with multiple authentication and authorization systems requiring different passwords to access a computer system via different networks. Ans. 6 (citing West 2:9- 19). West, therefore, teaches or suggests "an authentication server that is used for authenticating remote users to a business computer network has an interface A with a telephone network;" "the authentication server also has an Interface B with a ... communication line with a cellular telephone network of a cellular wireless carrier;" and "the authentication server has different methods of authentication A and B respectively depending upon which interface A or B a remote user connection authentication request originated from." As discussed supra, the combined teachings of the references teach or suggest "a private communication line" and "verif[ying] caller id of authorized callers to the authentication server." As such, we are unpersuaded the Examiner erred in finding the combination of the applied references teaches or suggests the limitations recited in claim 10. Accordingly, we are not persuaded the Examiner erred in rejecting claim 10 and claims 11 and 16-18, which depend from claim 10 and are not separately argued with particularity. Claims 12, 13, 23, and 24 Issue 4: Did the Examiner err by finding the combination of West in view of Roach and (Raith or Chaudhary), and further in view of Bathrick teaches or suggests the limitations recited in claim 12? Appellant contends the Examiner erred in rejecting claim 12. App. 13 Appeal2014-004011 Application 11/503,825 Br. 22-24; Reply Br. 25. Appellant contends in contrast to the teachings of the applied references the claimed subject matter is on features of a cellular communication network that provides enhanced remote user authentication services to their business clients by eliminating the step of user identification for those clients connecting to the authentication server by using only their cell phone devices and for which their caller id is verified within the databases of the cellular telephone network. App. Br. 22-23. Appellant contends "[t]he call handling logic in the cellular telephone network of the claimed subject matter is not related or impacted by the cellular technologies of HLR and Roaming and these play no role in the claimed subject matter." App. Br. 23. Appellant's contentions are similar to those discussed supra regarding claims 10 and 21. For the reasons discussed with respect to claims 10 and 21, we are unpersuaded the Examiner erred. Appellant contends the Examiner erred in rejecting claim 12 because Bathrick' s "call back feature from a Host is for purposes other than for remote user authentication, as the remote user has already been authenticated" and "[ w ]hile Bathrick teaches the concept of call back by a server, it does not teach or suggest using such call back to authenticate a remote user." App. Br. 26; Reply Br. 25. We do not find Appellant's contention persuasive. Bathrick relates to a system for remotely accessing a host from a remote location. Bathrick, Abstract. As found by the Examiner (Ans. 11 ), Bathrick teaches permitting a user to remotely change a telephone number that allows the host computer to dial the user's current location and that the user is permitted to perform this change only after the user has been authenticated. Bathrick, Abstract; 14 Appeal2014-004011 Application 11/503,825 Fig. 2. Bathrick also teaches: To protect a host computer system from outside intruders using a dial-in modem attached thereto, the host computer system may require users to use a call-back procedure. A typical conventional call-back procedure works as follows. A remote user of the host computer system registers a remote telephone number with the system administrator. This remote telephone number is one where the remote computer is located. Once the user is at the remote location, and after he signs on, the user provides a user identification code and password. Then, the host computer system will call back to the user at the registered phone number for further processing. Bathrick 1: 13-25. Bathrick, therefore, teaches or suggests using the call- back procedure to authenticate a remote user. As such, we are unpersuaded the Examiner erred. Accordingly, we are unpersuaded the Examiner erred in rejecting claim 12 and claims 13, 23, and 24, which depend from claim 12 and are not separately argued with particularity. DECISION We affirm the Examiner's rejections of claims 1-7, 10-13, and 16-24 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 15 Copy with citationCopy as parenthetical citation
