10287119 (B.P.A.I. Nov. 5, 2010)

Ex Parte Suzuki et al

Board of Patent Appeals and InterferencesNov 5, 2010

10287119 (B.P.A.I. Nov. 5, 2010)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/287,119 11/04/2002 Yoshihiko Suzuki 450100-04242 5617 7590 11/08/2010 FROMMER LAWRENCE & HANG LLP 745 FIFTH AVENUE NEW YORK, NY 10151 EXAMINER AVERY, JEREMIAH L ART UNIT PAPER NUMBER 2431 MAIL DATE DELIVERY MODE 11/08/2010 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE _____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ______________ Ex parte YOSHIHIKO SUZUKI, TAKESHI FUNAHASHI, and AKIMICHI KURIHARA ______________ Appeal 2009-006428 Application 10/287,119 Technology Center 2400 ______________ Before ROBERT E. NAPPI, KENNETH W. HAIRSTON, and JOHN C. MARTIN, Administrative Patent Judges. MARTIN, Administrative Patent Judge. DECISION ON APPEAL1 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, as recited in 37 C.F.R. § 41.52, begins to run from the “MAIL DATE” (paper delivery mode) or the “NOTIFICATION DATE” (electronic delivery mode) shown on the PTOL-90A cover letter attached to this decision. Appeal 2009-006428 Application 10/287,119 2 STATEMENT OF THE CASE This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1, 3, 5, and 7-17, which are all of the pending claims. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. A. Appellants’ invention Appellants’ invention is a correspondence education system and method that can securely provide information to only a person whose personal authentication has been performed. Specification ¶ 0001.2 Figure 1 is reproduced below. 2 As in Appellants’ Amended Appeal Brief (“Br.”) filed May 13, 2008, at 4, para. 5, references herein to the Appellants’ Specification are to corresponding Patent Application Publication 2004/0005059 A1. Appeal 2009-006428 Application 10/287,119 3 Figure 1 is a schematic diagram showing a configuration of a correspondence education system according to an embodiment of the invention (id. at [0011]). The system is formed by connecting a plurality of personal terminals 2 (21 to 2n) used by students with a “lecture providing server” 4 arranged by a school 3 via a network 5 (id. at [0023]). As shown in Figure 2 (not reproduced herein), each personal terminal 2 includes a fingerprint identification unit 2F for identifying a fingerprint and a separate main unit 2H ([0025]). The system employs two pairs of cryptographic keys: (1) an authentication private key Fd and an authentication public key Fe; and (2) a delivery private key Hd and a delivery public key He (id. at [0050]). Authentication private and public keys Fd and Fe are created by fingerprint identification unit 2F (id. at [0053]), whereas delivery private and public Appeal 2009-006428 Application 10/287,119 4 keys Hd and He are created by lecture providing server 4 (id. at [0054]). All four keys are created during a registration session in which a student goes to a service window of the school 3 in person and submits some form of personal identification, such as a driver’s license (id. at [0064]). At this time, the student registers his/her fingerprint with a fingerprint identification unit 2F and registers his/her electronic mail address and user ID with the lecture providing server 4 (id.). The system “allows the authentication public key Fe and the delivery public key He to be shared in advance between the personal terminal 2 of the student whose personal registration has been made and the lecture providing server 4 of the school 3” (id. at [0097]). Thus, by the end of the registration session, flash memory 30 of fingerprint identification unit 2F stores authentication public key Fe and delivery private key Hd, whereas flash memory 36 in server 4 stores authentication private key Fd and delivery public key He (id. at [0065]- [0067]). Following completion of the registration session, the school 3 lends the fingerprint identification unit 2F to the student, who can then connect it to main unit 2H of the student’s personal terminal 2 (id. at [0066]). It further appears from paragraphs [0049] to [0053] that the process of creating and registering the cryptographic keys during the above-discussed registration session involves (1) comparing the student’s applied fingerprint with fingerprints stored in fingerprint identification unit 2F in order to detect a match and (2) then creating and registering the cryptographic keys only Appeal 2009-006428 Application 10/287,119 5 once if a match is detected. Paragraph [0049], for example, reads as follows:3 [0049] The fingerprint identification unit 2F is configured to be able to create and register cryptographic keys for the student only once immediately after the student is authenticated as a registered student by the fingerprint comparison. (Emphasis added.) Paragraph [0051] also employs this “only once” terminology: [0051] In practice, when a finger is pressed into contact with the sensor surface of the fingerprint identification sensor 21A and a fingerprint of the finger is authenticated as that of one of preregistered students, the CPU 25 in the fingerprint identification unit 2F allows an attribute area AA belonging to an index IX1 to IXn corresponding to the fingerprint in the flash memory 23 to be accessed only once. (Emphasis added.) Each of the procedures depicted in Figures 6 and 7, which take place after the student has connected fingerprint identification unit 2F to main unit 2H of the student’s personal terminal 2H, also includes a fingerprint comparison step. Figure 6 is reproduced below. 3 In the quotations herein from the Specification, bolding of the reference numerals is omitted. Appeal 2009-006428 Application 10/287,119 6 Figure 6 is a flowchart used to explain an initial setting processing procedure (id. at [0016]). If fingerprint identification unit 2F finds a match between the applied fingerprint and one of the preregistered (i.e., stored) Appeal 2009-006428 Application 10/287,119 7 fingerprints (steps SP1, SP2), fingerprint identification unit 2F sends “successful authentication data” (SP3) to server 4 (id. at [0069], [0070]). Server 4 and fingerprint identification unit 2F then exchange information that is encrypted using the public encryption keys and decrypted using the private encryption keys (id. at [0071]-[0074]) in order to “confirm[] that the student already registered in the lecture providing server 4 operated his/her personal terminal 2” (id. at [0075]). Figure 7 is reproduced below. Appeal 2009-006428 Application 10/287,119 8 Figure 7 is a flowchart used to explain a correspondence course processing procedure (id. at [0017]). This procedure, too, starts with a comparison (SP11, SP12) of an applied fingerprint with the preregistered fingerprints (id. at [0080]). If the result of this comparison is affirmative, fingerprint identification unit 2F transmits (step SP13) the authentication Appeal 2009-006428 Application 10/287,119 9 public key Fe and a student-side authentication ID to the lecture providing server 4 (id. at [0081]). Lecture providing server 4 responds (SP14) by transmitting the delivery public key He, a school-side authentication ID, and the teaching material data to personal terminal 2 (id. at [0082]). At step SP15, personal terminal 2 displays the received lecture contents (id. at [0083]). B. The claims The independent claims before us are claims 1, 3, 5, 10-12, and 17. Claim 1, which Appellants (Br. 12) characterize as representative of the claims before us, reads as follows: 1. A correspondence education system in which a terminal apparatus and an information processing apparatus are connected to each other via a network, said correspondence education system comprising: authentication communication means disposed in said terminal apparatus for performing authentication processing on the basis of human body characteristics of a student and transmitting a predetermined authentication signal to said information processing apparatus via said network only when a positive result of the authentication processing is obtained; and control means disposed in said information processing apparatus for transmitting teaching material data representing lecture contents according to a predetermined educational program to said terminal apparatus via said network on the basis of said authentication signal received from said authentication communication means, wherein said authentication communication means creates a first public key and a first private key by public key Appeal 2009-006428 Application 10/287,119 10 cryptography and then supplies said first public key to said control means only once immediately after the positive result of the authentication processing is obtained, while said control means creates a second public key and a second private key by said public key cryptography and then supplies said second public key to said authentication communication means; said control means encrypts predetermined information with said first public key on the basis of said authentication signal outputted from said authentication communication means, and then transmits the information to said authentication communication means; said authentication communication means decrypts the information encrypted with said first public key with said first private key, and then encrypts the information with said second public key and transmits the information to said control means; and said control means transmits said teaching material data to said terminal apparatus on the basis of the information encrypted with said second public key. Claims App. (Br. 17) (emphasis added). C. The references The rejection is based on the following references: Ganesan US 5,535,276 July 9, 1996 Kharon US 6,487,662 B1 Nov. 26, 2002 D. The rejection Claims 1, 3, 5, and 7-17 stand rejected under 35 U.S.C. § 103(a) for obviousness over Kharon in view of Ganesan. Final Action 2. Appeal 2009-006428 Application 10/287,119 11 ANALYSIS Appellants argue (Br. 12-16) that the combined teachings of the references do not satisfy the “only once” limitation in the “wherein” paragraph of claim 1, which reads on Appellants’ own disclosure as follows: wherein said authentication communication means [fingerprint identification unit 2F] creates a first public key [Fe] and a first private key [Fd] by public key cryptography and then supplies said first public key [Fe] to said control means [CPU 30 in lecture providing server 4] only once immediately after the positive result of the authentication processing is obtained, while said control means creates a second public key [He] and a second private key [Hd] by said public key cryptography and then supplies said second public key [He] to said authentication communication means[.] (Emphasis added.) Appellants’ arguments against the rejection are unpersuasive because they do not accurately reflect the meaning of the above claim language. Appellants, for example, argue that immediately after a positive result of the identification of the student based upon human body characteristics, the first private and first public keys are supplied only once to the authentication communication means. The authentication communication means is configured to be able to create and register cryptographic keys for the student only once immediately after the student is authenticated as a registered student by the fingerprint comparison. Publ. App. par. [0049]. (Br. 13.) This argument is unpersuasive for a number of reasons. First, the claim language does not apply the phrase “only once” to the first private key and the first public key; that phrase refers to only the first public key. Appeal 2009-006428 Application 10/287,119 12 Second, the claim language does not recite supplying a key only once to the authentication communication means; it recites supplying a key only once from the authentication communication means to the control means. Third, Appellants’ reliance on paragraph [0049] is misplaced because it discusses creating and registering keys, not supplying keys. It is improper to read limitations from the Specification into the claims. In re Zletz, 893 F.2d 319, 321-22 (Fed. Cir. 1989). The arguments directed to Ganesan similarly reflect an incorrect claim interpretation. A first such argument is that “neither of these descriptions [relied on by the Examiner] in Ganesan can be said to mean ‘creat[ing] a first public key and a first private key . . . only once immediately after the positive result of the authentication processing is obtained,’ as recited in claim 1.” (Br. 14)(emphasis added). As noted above, the “only once” claim language refers to only the first public key, and more specifically refers to supplying rather than creating that key. A second such argument is that “[t]here is no suggestion in either citation that Ganesan is suggesting the authentication through cryptographic keys is done only once after authentication processing has been accomplished, as in claim 1” (id. at 14)(emphasis added). The claim language does not apply the “only once” term to authentication using cryptographic keys. Instead, the claim applies the “only once” term to supplying the first public key from the authentication communication means to the control means. Also, to the extent Appellants are suggesting that the phrase “supplies said first public key to said control means” in the “wherein” Appeal 2009-006428 Application 10/287,119 13 paragraph refers to supplying data encrypted using the first public key, we do not agree. It is clear from claim 1’s recitation (in the fourth paragraph) that “said control means encrypts predetermined information with said first public key” that the term “first public key” refers to the key itself rather than to data encrypted therewith. Appellants also argue that Ganesan, in stating that “it may be desirable to limit the utilization of the present invention to temporary key distribution” (col 13, ll. 3-5), “is simply discussing an alternative implementation of his method wherein there is no suggestion of limiting the respective keys to only being generated once.” (Br. 15)(emphasis added). However, the claim language at issue concerns supplying a key, not generating a key. Because for the foregoing reasons Appellants have failed to persuade us of error in the Examiner’s conclusion that the language at issue in the “wherein” clause of claim 1 does not read on the combined teachings of Kharon and Ganesan, we sustain the rejection of claim 1. For the same reasons, we sustain the rejection of the other independent claims (viz., claims 3, 5, 10-12, and 17), as to which Appellants (Br. 16) rely on their claim 1 arguments, and the rejection of dependent claims 7-9 and 13-16, which are not separately argued. In re Nielson, 816 F.2d 1567, 1572 (Fed. Cir. 1987). Appeal 2009-006428 Application 10/287,119 14 DECISION The rejection of claims 1, 3, 5, and 7-17 under 35 U.S.C. § 103(a) for obviousness over Kharon in view of Ganesan is sustained. The Examiner’s decision that claims 1, 3, 5, and 7-17 are unpatentable is therefore affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(1)(v) (2010). AFFIRMED KIS FROMMER LAWRENCE & HANG LLP 745 FIFTH AVENUE NEW YORK, NY 10151