11874807 - (D) (P.T.A.B. Jul. 9, 2019)

Ex Parte TANG et al

Patent Trials and Appeals BoardJul 9, 2019

11874807 - (D) (P.T.A.B. Jul. 9, 2019)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 11/874,807 10/18/2007 123896 7590 07/11/2019 Mintz Levin/Wayne Fueling Systems LLC One Financial Center Boston, MA 02111 FIRST NAMED INVENTOR Weiming TANG UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 47376-057F01US 3271 EXAMINER QAYYUM, ZESHAN ART UNIT PAPER NUMBER 3685 NOTIFICATION DATE DELIVERY MODE 07/11/2019 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipdocketingbos@mintz.com ipfileroombos@mintz.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte WEIMING TANG and TIMOTHY MARTIN WESTON 1 Appeal2018-005697 Application 11/874,807 Technology Center 3600 Before ROBERT E. NAPPI, STEVEN M. AMUNDSON, and IFTIKHAR AHMED, Administrative Patent Judges. NAPPI, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE This is a decision on appeal under 35 U.S.C. Â§ 134(a) from the Examiner's Final Rejection of claims 1 through 12, 23, 24, and 26 through 30, which constitute all the claims pending in this application. We have jurisdiction over the pending claims under 35 U.S.C. Â§ 6(b). We affirm-in-part. 1 According to Appellants, the real party in interest is Wayne Fueling Systems, LLC. App. Br. 1. Appeal2018-005697 Application 11/874,807 INVENTION The invention is directed to a system for secure communication between a payment module and a point of sale system in fueling environment. Specification 4. Claim 1 is illustrative of the invention and is reproduced below. 1. A system for secure communication in a fueling environment, comprising: a first card reader configured to be disposed in a fuel dispenser; a first secure payment module (SPM) configured to be disposed in the fuel dispenser, the first SPM being communicably coupled to the first card reader, the first SPM including at least one processor configured to receive data from the first card reader, the first SPM storing a first public key certificate uniquely identifying the first SPM, the first public key certificate issued by a trusted certificate authority system, and a first private key associated with the first public key certificate; and a point-of-sale (POS) system, the POS system comprising at least one POS server storing a second public key certificate issued by the trusted certificate authority system, the POS system including at least one processor, wherein the at least one processor of the POS system is configured to: retrieve the first public key certificate from the first SPM, wherein the first public key certificate contains a first public key associated with the first SPM; verify an identity of the first SPM by authenticating the first public key certificate with the second public key certificate; generate a random first session key; encrypt the first session key using, at least in part, the first public key; and transmit the encrypted first session key to the first SPM; wherein the at least one processor of the first SPM is configured to execute instructions stored at the first SPM, the instructions stored at the first SPM operable, when executed, to: 2 Appeal2018-005697 Application 11/874,807 receive the encrypted first session key from the POS system; decrypt the first session key using, at least in part, the first private key; receive a first set of sensitive data from the first card reader; encrypt the first set of sensitive data using, at least in part, the first session key; and transmit the encrypted first set of sensitive data to the POS system. REJECTION AT ISSUE2 The Examiner has rejected claims 1 through 12, 23, 24, and 26 through 30 under 35 U.S.C. Â§ I03(a) as being unpatentable over Tang (US 2005/0147250 Al, published July 7, 2005), Kobozev et al. (US 7,500,100 Bl, issued March 3, 2009) and Bruce Schneier, Applied Cryptography, 32- 33 (2d ed. 1996) (hereinafter Bruce). Final Act. 4--10. ANALYSIS We have reviewed Appellants' arguments in the Briefs, the Examiner's rejection, and the Examiner's response to Appellants' arguments. Appellants' arguments have not persuaded us of error in the Examiner's obviousness rejections of claims 1 through 6, 8 through 12, 24, and 26 through 29, but have persuaded us of error in the rejection of claims 7, 23, and 30. Appellants argue the Examiner's obviousness rejection of claim 1 is in error as the Examiner has improperly combined the teachings of Tang and Bruce. App. Br. 12-14. Appellants assert "(a) the proposed modification 2 Throughout this Decision, we refer to the Appeal Brief ("App. Br.") filed September 1, 2017, Reply Brief ("Reply Br.") filed May 14, 2018, the Final Office Action ("Final Act.") mailed February 21, 2017, and the Examiner's Answer ("Ans.") mailed March 15, 2018. 3 Appeal2018-005697 Application 11/874,807 would serve no purpose in Tang, (b) Tang teaches away from the proposed modification, ( c) the proposed modification of Tang fails to achieve the advantage proffered by the Examiner, and ( d) the proposed modification impermissibly changes the principle of Tang's operation." Id. at 12. We are not persuaded of error in the Examiner's rejection by these arguments. With respect to the point (a) Appellants argue that in Tang's system there is no need for the symmetric key to be transmitted from the point of sale (POS) system to the dispenser system as Tang teaches both generate the symmetric key. Id. at 12-13. The Examiner provides two rationales as to why the skilled artisan would substitute Bruce's teaching of transmitting the symmetric key for the generation of the symmetric key feature of Tang. First the Examiner states: Tang discloses: in order to generate the symmetric key, first node and second node exchange random numbers and Algorithms identification. (See paragraph 0079-0080). If any of the information such as random numbers or algorithms name is compromised while being exchanged, then it reduces the security for the future session keys. For example, an intruder can generate all the future session keys. On the other hand prior art Bruce teaching of exchanging the session key between the first and second node would increase the security because if the session key was compromised during communication then the intruder has only one session key but not all future session keys. Therefore, modification of the Tang with Bruce reference will provide extra security. Answer 3. We concur with the Examiner's finding that Tang teaches transmitting the random numbers and algorithms and reasoning that if the transmission is compromised, future communications using the session key are also compromised, as such Bruce's teaching provides extra security. However, we do not see either reference to have an improved security over 4 Appeal2018-005697 Application 11/874,807 the other as both references use the asymmetrical (public/private) key to transmit the data to establish the session key (Tang teaches using the asymmetrical keys to encrypt and transmit the random number and function identifier (see para. 79), and Bruce uses the asymmetrical keys to encrypt and transmit the symmetrical keys (seep. 32)) and thus both are only as secure as the asymmetrical key pair. Additionally, the Examiner states: Further, the modification of Tang with the teaching of Bruce provides other advantages as well. Tang discloses that the first node and second node have to have an agreed key generation algorithm in order to exchange data, and if the two nodes cannot find an agreed key generation algorithm, then they cannot exchange data (See paragraph 0080). On the other hand Bruce's teaching of exchanging session keys will not have this draw back because it would allow data to be exchanged without any interruption even in situations where there is no agreed key generation algorithm. Tang does not teach that it is prohibited to transmit symmetric key over the network. The Tang reference states "there is no requirement for the symmetric key to be explored or exchanged over the network" (See paragraph 0067) but this does not preclude modification in which symmetric key exchange (See Tang paragraph 0082). Answer 4. We agree with this rationale. While Tang does disclose an advantage of generating the symmetric key at each location is that an adverse party cannot steal the key (see e.g., para. 74), as discussed by the Examiner the data to generate the key is transmitted and thus subjected to theft. Further, as identified by the Examiner, Tang recognizes communication between nodes will not occur if the two nodes do not have at least one key generation algorithm in common (see e.g., Tang para. 80), a problem which is solved when modified with the teachings of Bruce. Further, we are not persuaded of error by Appellants' argument on page 3 of 5 Appeal2018-005697 Application 11/874,807 the Reply Brief, that the Examiner has not cited evidence to support the conclusion of obviousness, as the Examiner's rejection and response discussed above cite to the relevant portions of Tang and Bruce to support the findings upon which the conclusion of obviousness is based. Accordingly, Appellants' arguments have not persuaded us "the proposed modification would serve no purpose in Tang." Reply Br. at 3. Similarly, Appellants' arguments with respect to point (b ), asserting Tang teaches away from the proposed modification, have not persuaded us of error. Appellants argue Tang's statement that generating symmetric keys helps "to prevent hackers from reversing engineer the symmetric key used in the monitored transaction" because "the symmetric key is not explored over the network, [ and] an adverse party or device may not steal the key" teaches away from the transmission of the key as taught by Bruce. App. Br. 14 (citing MPEP Â§ 2145 andÂ§ 2141.02). We are not persuaded of error by these arguments as we do not find that the cited teachings of Tang discourage the transmission of a session key over as done in Bruce. "' A reference may be said to teach away when a person of ordinary skill, upon reading the reference, would be discouraged from following the path set out in the reference, or would be led in a direction divergent from the path that was taken by the applicant."' Ricoh Co., Ltd. v. Quanta Computer, Inc., 550 F.3d 1325, 1332 (Fed. Cir. 2008) (quoting Optivus Tech., Inc. v. Ion Beam Applications S.A., 469 F.3d 978, 989 (Fed. Cir. 2006)). A reference does not teach away if it merely expresses a general preference for an alternative invention from amongst options available to the ordinarily skilled artisan, and the reference does not discredit or discourage investigation into the invention claimed. In re 6 Appeal2018-005697 Application 11/874,807 Fulton, 391 F.3d 1195, 1201 (Fed. Cir. 2004). Here we find that the cited teaching of Tang merely identifies one method of establishing a symmetrical key for encrypted transmission between two nodes, and a benefit of that method. The Examiner has found that Bruce teaches another method of establishing a symmetrical key and has identified an additional benefit (it is not dependent upon both devices having at least one key generation algorithm in common). 3 We further note that Tang in other embodiments discusses transmitting keys between devices for use, further showing that Tang does not discourage using this technique of establishing a symmetrical key for encrypted transmission between two nodes. (See, e.g., Tang para. 51 which discusses the POS periodically generating new public/private key pairs which are encrypted (using old private key) and transmitted to the consumer access terminal, see also similar teaching in paragraphs 58-59.) Accordingly, Appellants' arguments have not persuaded us Tang teaches away from the proposed modification. Appellants' arguments with respect to point ( c ), which assert the proposed modification fails to achieve the advantage proffered in the rejection, have not persuaded us of error. Appellants argue that the combination eliminates safeguards in Tang to improve security, and that the modification with Bruce worsens security. App. Br. 16-17. We are not persuaded of error by these arguments. Initially, we note that the Examiner's rationale to combine is that it provides extra security, not that it improves security. As discussed above, we concur with the 3 Bruce teaches use of a "session key" in which the same key is used by both devices to encrypt/ decrypt communications, as such this key is a symmetric key. See, e.g., Bruce 33. 7 Appeal2018-005697 Application 11/874,807 Examiner that it provides extra security, but do not consider either to provide improved security over the other as both references use the asymmetrical (public/private) to transmit information about the symmetrical key, and thus both are only as secure as the asymmetrical key pair. Further, as discussed above, the Examiner has provided the additional rationale that the combination is not dependent upon both devices having at least one key generation algorithm in common, which is not addressed by this argument. As discussed above, we concur with this additional rationale, which is supported by the teachings of Tang. Accordingly, Appellants' arguments have not persuaded us the proposed modification fails to achieve the advantage proffered in the rejection. Appellants' arguments with respect to point ( d), which assert the proposed modification changes the principle of Tang's operation, are not persuasive of error. App Br. 18-19. Appellants assert the principle operation of Tang is "for secure communications in a fueling environment and, more particularly, to the use of symmetric key encryption to encrypt communication and control messages transmitted between systems or nodes within a fueling environment." App. Br. 18-19 (citing Tang paras. 2, 7, 9). Appellants' argue the modification of Tang's generation of symmetric keys changes this. Id. at 19. We disagree, as discussed above the Examiner's rejection is merely using a different method of establishing a symmetric key between nodes, and the combination still has encrypted communication using a symmetric key. Accordingly, we are not persuaded that the proposed modification changes the principal of Tang's operation. As Appellants' arguments asserting error in the Examiner combining the teachings of Tang and Bruce are the only issue raised with respect to the 8 Appeal2018-005697 Application 11/874,807 rejection of claim 1, we sustain the Examiner's obviousness rejection of claim 1. Appellants have not presented separate arguments with respect to claims 2, 3, 9, 24, and 26 through 29; accordingly, we similarly sustain the Examiner's rejection of claims 2, 3, 9, 24 and 26 through 29 for the same reasons as claim 1. Rejection of claim 4. Appellants argue the Examiner's rejection of claim 4 is in error for the reasons discussed above with respect to claim 1 and because the Examiner's application of the duplication-of-parts rule does not render the claims obvious. App. Br. 19--20. Appellants argue: [C]laim 4 recites that the processor in the POS system be configured to ( 1) generate a second session key that is different from the first session key, (2) encrypt the second session key using, at least in part, the first public key, and (3) transmit the encrypted second session key to the first SPM. None of ( 1 )-(3) are recited in claim 1. Moreover, as discussed above, the generation, encryption, and transmission of a second session key as recited in claim 4 is unnecessary under the Examiner's proposed combination of Tang, Kobozev, and Bruce. Id. at 21. We are not persuaded of error by the Appellants' arguments. Claim 4 recites generating a second session key, encrypting it and transmitting it; however, claim 4 does not recite any criteria for the generation of the key (i.e., how often a second session key is generated or why). Tang teaches in paragraphs 74, 80, and 82 that the symmetric key can last for the duration of the transaction, upon an expiration date or any other time frame, thus suggesting that symmetric keys are routinely changed. This teaching in combination with Bruce's teaching of encrypting and transmitting the 9 Appeal2018-005697 Application 11/874,807 session key make obvious the claim 4 limitations of generating a different session key and transmitting it. As Tang provides the above teachings of using subsequent session keys (a second session key), Appellants' arguments directed to the application of the duplication-of-parts rule is moot. Accordingly, we sustain the Examiner's rejection of claim 4. Rejection of claims 5 and 6. Appellants' arguments directed to claims 5 and 6 on pages 23 and 24 of the Appeal Brief, apply the same rationale as discussed above with respect to claim 4. We are not persuaded of error for the same reasons. Claim 5 recites the process where the SPM receives the second session key, decrypts it, and uses it to send second data to the POS system. Claim 6 recites the process where the POS receives the data encrypted with the second session key. As discussed above, Tang teaches using subsequent session keys. As such the combination of the references teaches the receipt of the SPM receiving the encrypted second session key, using of it to encrypt data, transmit the data encrypted with the second session key to the POS, receiving the encrypted data at the POS, and decrypting the encrypted data as recited in claims 5 and 6. Accordingly, we sustain the Examiner's rejection of claims 5 and 6. Rejection of claim 7. Appellants argue the Examiner's rejection of claim 7 is in error as the claim recites generating a random session key using at least in part "pseudorandom POS system entropy data" which is not taught by the references. App. Br. 24--25. 10 Appeal2018-005697 Application 11/874,807 The Examiner in response to Appellants' arguments states: Specification discloses: "The PRNGs may use system entropy to seed data, using the randomness of system conditions to increase the difficulty attackers may face in attempting to derive the initial conditions that generated the session key" (See Publication paragraph 0028). The claim is broad enough to read on generating a key based on any random condition or value. Prior art of Bruce discloses random session key generated by a device (See page 32-33) because the system/device generate a random key, the system would have to use a random condition to obtain the random result. Answer 6. We disagree with the Examiner's claim interpretation, as it does not address the limitation that the key is generated in part based upon POS system entropy data, only that it is based upon random data. Further, the Examiner has not shown that the combination of the references teaches or suggests generating the session key based in part on "pseudorandom POS system entropy data." Accordingly, we do not sustain the Examiner's rejection of claim 7. Rejection of claim 8. Appellants argue the Examiner's rejection of claim 8 is in error for the reasons discussed above with respect to claim 1 and because the limitation of claim 8 should be afforded patentable weight and is not taught by the references. App. Br. 25-27. Specifically, with respect to the claim 8 limitation directed to the trusted certificate authority, Appellants argue it is not non-functional descriptive material as found by the Examiner. Id. 11 Appeal2018-005697 Application 11/874,807 Rather, Appellants argue "the trusted certificate authority system performs a function with respect to the recited first SPM and the recited POS system, namely the trusted certificate authority system issues the recited first and second public key certificates. The features of claim 8 should therefore be given patentable weight." Id. at 26. The Examiner responds to Appellants' arguments stating: Claim 8 discloses characteristics of the trusted certificate authority system, claim 1 from which claim 8 depends from recites "the first public key certificate issued by a trusted certificate authority system", however, claim does not recite that trusted certificate authority system is a part of the claimed system. Therefore, description of the trusted certificate authority system does not place any structure or functional limit on the claim and will not distinguish the invention from the prior art in term[ s] of patentability. Answer 7. While we concur with Appellants that the limitations of claim 8 should be afforded patentable weight, we nonetheless find that claim 8 is broad and met by the combination of the references. Claim 8 states "wherein the trusted certificate authority system is associated with an operator of the SPM." This limitation does not describe the content of the information, but rather when construed in light of independent claim 1, the source of the information and a relationship, i.e., "associated with." Thus, the limitations are not directed to non-functional descriptive material. See In re DiStefano 808 F.3d. 845 (Fed Cir. 2015) (where information came from is not part of the informational content and the printed-matter doctrine does not apply). Nonetheless, claim 8 merely recites the relationship between the certificate authority and the SPM with the broad term "associated with," 12 Appeal2018-005697 Application 11/874,807 which merely means having a connection. The Examiner has found, and Appellants have not contested, that the combination of the references teaches the claim 1 limitation of the SPM having a key issued by a certificate authority. Final Act. 4 (citing Tang paras. 53, 67, 71, and 73). As such there is a connection or relationship (association) between the operator SPM and certificate authority as the operator of the SPM has the SPM with the key issued by the certificate authority. 4 Accordingly, we sustain the Examiner's rejection of claim 8. Rejection of claim 10. Appellants argue the Examiner's rejection of claim 10 is in error for the reasons discussed above with respect to claim 1 and because the Examiner's application of the duplication-of-parts rule does not render the claim obvious. App. Br. 28-29. Appellants argue that the claim 10 recitations of a second SPM and second and third public keys are not merely the duplication of parts. Id. 29. We disagree with Appellants' arguments. Claim 10 recites a second SPM which has a third key public key and a second private key (i.e. a different key pair from the first SPM). Appellants' Specification identifies the second SPM as associated with additional retail environments, such as different fueling dispensers ( e.g., different gas pumps). See page 6 lines 21 through 31 of Appellants' Specification. We concur with the Examiner that this is merely a duplication of parts, a second SPM. Further, we note that 4 We also note, paragraph 67 of Tang states the certificate includes the requestor, identity, the certificate authority identifier and signature which binds the two, thus showing the two are associated with each other. 13 Appeal2018-005697 Application 11/874,807 Tang is also concerned with fuel dispensers and in paragraph 68 suggests that more than one dispensing node ( equated to the claimed SPM) may be associated with a POS terminal, thus suggesting multiple SPMs. Accordingly, Appellants' arguments are not persuasive of error in the Examiner's rejection, and we sustain the Examiner's rejection of claim 10. Rejection of claims 11 and 12. Appellants' arguments directed to claims 11 and 12 on pages 29 through 31 of the Appeal Brief, apply the same rationale as discussed above with respect to claim 10. We are not persuaded of error for the same reasons. Claim 11 recites the process where the POS system provides a session key to the second SPM. Claim 12 recites the process where the second SPM uses received session key. As discussed above, Tang suggests multiple SPMs and in combination with the other references teaches the limitations of using session keys to communicate data from the SPM to the POS. As such the combination of the references teaches the features of claim 11 and 12. Accordingly, we sustain the Examiner's rejection of claims 11 and 12. Rejection of claim 23. Appellants argue the Examiner's rejection of claim 23 is in error as the claim recites "wherein a coupling between the first SPM and the first card reader is physically secured in a tamper-resistant enclosure" which is not taught by the references. App. Br. 31-32. 14 Appeal2018-005697 Application 11/874,807 The Examiner in response to Appellants' arguments states: Tang discloses: "Fig 5 a block diagram of a secure user data communication system 500 ... The communication system 500 includes a dispenser system 505, including a CAT 51 O" (See paragraph 0047). Communication between POS system 520 and the CAT 510 is performed using the new public key/private key pair ... Periodically updating the private key/public key pair provides for protection against tampering ... (See paragraph 0052). Therefore, the card reader is secured in enclosure of the CAT and it is temper-resistant because CAT is part of the secure data communication system. Answer 9. We concur with Appellants that the Examiner erred. As argued by Appellants, the Examiner appears to be confusing physical tampering with electronic tampering. Reply Br. 6. We have reviewed the teachings of Tang cited by the Examiner and concur with the Appellants that these teachings relate to prevent tampering with the data by encrypting it, whereas claim 23 is directed to a physical tamper-resistant enclosure. Accordingly, we do not sustain the Examiner's rejection of claim 23. Rejection of claim 30. Appellants argue the Examiner's rejection of claim 30 is in error as the claim recites that the SPM receives the session key and decrypts it before the SPM receives the first set of data from the card reader which is not taught by the combination of the references. App. Br. 32-33. The Examiner in response to Appellants' arguments states: Tang discloses: ["]the fuel dispenser may then dynamically generate a run-time symmetric key using at least in part the first private key and the second public key and communicate data associated with the ... node" (See paragraph 0007); "first node 15 Appeal2018-005697 Application 11/874,807 generates a runtime symmetric key for the communication with the second node["] (See paragraph 0074) Bruce discloses first node receive the encrypted session key and then decrypt the first session key (See Page 32-33). Therefore, the combination of prior art clearly disclose[ s] receive the key first after authentication for subsequent communication between the nodes. Answer 10. We are persuaded of error by Appellants' arguments. We have reviewed the teachings of Tang and Bruce cited by the Examiner and do not find that they teach or suggest that SPM receives the session key and decrypts it before the SPM receives the first set of data from the card reader. SUMMARY We affirm the Examiner's rejections of claims 1 through 6, 8 through 12, 24, and 26 through 29 under 35 U.S.C. Â§ 103(a). We reverse the Examiner's rejections of claims 7, 23, and 3 0 under 3 5 U.S.C. Â§ 103(a). The Examiner's decision rejecting claims 1 through 12, 23, 24, and 26 through 30 is affirmed-in-part. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED-IN-PART 16