10870666 (B.P.A.I. Sep. 29, 2010)

Ex Parte Vanderheyden et al

Board of Patent Appeals and InterferencesSep 29, 2010

10870666 (B.P.A.I. Sep. 29, 2010)

UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte PETER J. VANDERHEYDEN, TIMOTHY G. NORTHRUP, and THOMAS J. COLSON ____________ Appeal 2009-007699 Application 10/870,666 Technology Center 2100 ____________ Before JOHN A. JEFFERY, THU A. DANG, and DEBRA K. STEPHENS, Administrative Patent Judges. JEFFERY, Administrative Patent Judge. DECISION ON APPEAL1 Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 86-89. Claims 1-85 have been canceled. See App. Br. 2. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, as recited in 37 C.F.R. § 41.52, begins to run from the “MAIL DATE” (paper delivery mode) or the “NOTIFICATION DATE” (electronic delivery mode) shown on the PTOL-90A cover letter attached to this decision. Appeal 2009-007699 Application 10/870,666 2 STATEMENT OF THE CASE Appellants invented a method for using digital fingerprints to certify files. See generally Spec. 1-2. Claim 86 is illustrative: 86. A computer-based method for certifying a file, comprising the steps of: generating at least one respective digital fingerprint for at least one first file in a specified location in a first general purpose computer; creating a first aggregation of said at least one respective digital fingerprint; transmitting said first aggregation to a second general purpose computer; generating a first digital fingerprint including said transmitted first aggregation; and, publishing said first digital fingerprint in a public domain, where said steps of generating at least one respective fingerprint, creating a first aggregation, and transmitting the first-aggregation are performed by said first general purpose computer specially programmed to perform said steps of generating at least one respective fingerprint, creating a first aggregation, and transmitting the first aggregation; and said steps of generating a first digital fingerprint and publishing are performed by said second general purpose computer specially programmed to perform said steps of generating a first digital fingerprint and publishing, and where said first and second computers are disposed in different physical locations. The Examiner relies on the following as evidence of unpatentability: Eagle US 2003/0145209 A1 July 31, 2003 Palliyil US 2005/0132205 A1 June 16, 2005 (filed Dec. 12, 2003) Appeal 2009-007699 Application 10/870,666 3 THE REJECTION The Examiner rejected claims 86-89 under 35 U.S.C. § 103(a) as unpatentable over Palliyil and Eagle. Ans. 3-6. 2,3 CLAIM GROUPING Appellants argue claims 86-894 together as a group. See App. Br. 5-10; Reply Br. 4-9. Accordingly, we select claim 86 as representative of that group. See 37 C.F.R. § 41.37(c)(1)(vii). THE CONTENTIONS Regarding representative independent claim 86, the Examiner finds that Palliyil discloses all recited limitations, except for publishing the first digital fingerprint in the public domain. Ans. 3-4. The Examiner relies on Eagle to cure this deficiency. Ans. 5. Appellants argue that Palliyil fails to teach generating a fingerprint including the transmitted aggregation and such a composite fingerprint would destroy Palliyil’s principle of operation to recognize changes to the fingerprint. App. Br. 6-7; Reply Br. 4-5. Appellants also contend that neither Palliyil nor Eagle teaches publishing a fingerprint that is wholly accessible to the public, and teaches away from publishing in such a manner since Eagle’s system is secure. App. Br. 8-10; Reply Br. 5-8. 2 Throughout this opinion, we refer to: (1) the Appeal Brief filed August 15, 2008; (2) the Examiner’s Answer mailed October 3, 2008; and (3) the Reply Brief filed November 14, 2008. 3 The Examiner has withdrawn the § 101 rejection. See Ans. 7. 4 Independent claim 88 relies on the arguments made for claim 86. See App. Br. 10; Reply Br. 9. Appeal 2009-007699 Application 10/870,666 4 The issues before us, then, are as follows: ISSUES Under § 103, has the Examiner erred in rejecting claim 86 by finding that Palliyil and Eagle would have taught or suggested (1) generating a first digital fingerprint including the transmitted first aggregation, and (2) publishing the first digital fingerprint in a public domain? FINDINGS OF FACT 1. Appellants explain that a fingerprint for a file can sometimes be called a file signature or hash and is “computationally unique to the contents of the file.” Spec. ¶ 0020. 2. Palliyil’s local area network (LAN) 10 has personal computers 70 and central or pool server 60 and may form a wider network (e.g., Internet). The network includes virus protection, such as antivirus software 90 running on each personal computer 70 and a virus coordinator 100 running on the central server 60. Palliyil, ¶¶ 0001, 0037-38, 0053; Fig. 1. 3. When the antivirus program 90 initially runs on a system 70 (e.g., C1), Palliyil computes hash values (e.g., MD1, MD5, MD6, MD7, MD8) at 200 for the system’s resources (e.g., files F1, F5, F6, F7, F8), which are stored on the local system. Palliyil, ¶¶ 0048-49, 0058; Figs. 2, 4. 4. Palliyil’s hash values are transmitted from the local system 70 to a pool server 60 over a secure channel, and the virus scan coordinator 100 updates the repository. Upon receipt, the hashes are stored within a Appeal 2009-007699 Application 10/870,666 5 repository 400. Repository 400 includes hash values for all system resources (e.g., C1- C4, S1) requiring virus scanning. Palliyil, ¶¶ 0049-50, 0053-54, 0059-60, 0070; Figs. 2, 4. 5. Subsequently, when a virus check is required, new hash values (e.g., MD1, MD5, MD6, MD7, MD8) for a resource’s files (e.g., files F1, F5, F6, F7, F8) are computed at 300. The new hashes are compared with the stored hash values at 310 to determine whether there is a match with hashes in repository 400 at 320. If new file has been added (e.g., F6) or a file has been modified (e.g., F10) to a resource (e.g., C4), Palliyil updates the repository with new virus-free hash values (e.g., MD4, MD10). Palliyil, ¶¶ 0051, 0062-67; Fig. 3. 6. Eagle transmits a digital fingerprint 510 between a data network 520, such as the Internet or LAN, and a notary server 540. Eagle, ¶ 0063; Figs. 5, 9-10. 7. To view a notary record (e.g., 315b), the user may be prompted to provide a password or other information. Eagle, ¶¶ 0063, 0065; Figs. 5, 9- 10. ANALYSIS We begin by construing the key disputed limitation of claim 86 which calls for, in pertinent part, “a first digital fingerprint including said transmitted first aggregation.” Appellants have not defined this term, but explain that a “fingerprint” for a file can be a signature or hash, and is unique to the file’s contents. See FF 1. Furthermore, Appellants have not provided any evidence that the term “fingerprint” has a particular meaning to those of ordinary skill in the art, such that it must contain only single, Appeal 2009-007699 Application 10/870,666 6 composite signature. Since no special or particular meaning has been established for the term “fingerprint,” we construe it with its broadest reasonable interpretation. See In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004)(internal citations omitted). We therefore find “a fingerprint” includes a single hash or a collection of hashes that are unique to an entity, such as a file, database, or repository. Additionally, since nothing in the claim precludes the “first aggregation” from being one fingerprint, the generated first digital fingerprint can include an “aggregation” of one. Palliyil computes (at 200) (i.e., generates) digital “fingerprints” (e.g., hash values MD1, MD5, MD6, MD7, MD8) for system files (e.g., files F1, F5, F6, F7, F8) at a first computer (e.g., C1). FF 2-3. These hash values (e.g., an aggregation of at least one digital fingerprint) are transmitted to a server 60 (i.e., a “second general purpose computer” as recited). FF 4. Upon receipt of this aggregation (e.g., hashes from system C1), Palliyil stores the aggregation within a repository 400. Id. The very act of storing also creates a repository or entity that contains a unique collection of hashes. See id. In essence, when hashes are stored within selected repository locations, a first “digital fingerprint” is generated that includes C1’s hash collection and the other systems’ hash collections (e.g., C2-C4, S1). Appellants argue for the first time in the Reply Brief that storing the hashes in Palliyil’s repository is not generating a fingerprint that includes the transmitted aggregated hashes or aggregation. See Reply Br. 4-5. This argument has been waived. See Ex parte Borden, 93 USPQ2d 1473, 1474 (BPAI 2010) (informative) (“[The reply brief [is not] an opportunity to make arguments that could have been made in the principal brief on appeal Appeal 2009-007699 Application 10/870,666 7 to rebut the Examiner's rejections, but were not.”). Nonetheless, as discussed above, we disagree. Placing the hashes at specific locations within the repository not only stores the hashes, but also generates a fingerprint as broadly recited. In any event, Appellants have not persuasively rebutted the Examiner’s findings. As Appellants acknowledge (see App. Br. 6), new virus-free hashes may be updated within the repository. See FF 5. For example, new and modified hashes (e.g., MD6 for F6, MD10 for F10) are transmitted and can replace or add to the hashes associated with a computer (e.g., C4). This modification of the stored values generates a new fingerprint that includes the aggregated, transmitted hashes (i.e., fingerprints). Also, each new fingerprint (e.g., MD6 for F6) is an aggregation transmitted to a second computer (e.g., server 60) and is used to create the new stored values (e.g., yet another first fingerprint in the case of MD6 for F6). We therefore are not persuaded that Palliyil fails to teach generating a first digital fingerprint including the transmitted first aggregation at the second computer as claim 86 requires. Additionally, Appellants contend that Eagle fails to teach publishing the fingerprint in a public domain.5 Eagle discloses that a fingerprint is transmitted between various networks, such as the Internet. FF 6. 5 Although Appellants can be their own lexicographer, see In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir. 1994), the term “public domain” more accurately describes works that are not covered by intellectual property rights. See, e.g., Microsoft Computer Dictionary, 5th ed. 2002, at 429 (defining “public domain” as “[t]he set of all creative works, such as books, music, or software, that are not covered by copyright or other property protection.”). We therefore presume Appellants intended this term to mean “publicly available” in the context of the claimed invention. Appeal 2009-007699 Application 10/870,666 8 Additionally, Palliyil’s computer system may be part of an Internet system. See FF 2. As the Examiner explains (Ans. 10), such an Internet network is publicly accessible or, in Appellants’ parlance, “a public domain.” Thus, Eagle’s teachings are merely cumulative. Moreover, when accounting for the creative steps and inferences that an ordinarily skilled artisan would employ, Palliyil’s teachings would have suggested to an artisan that such systems, including Palliyil’s pool server 60 and its contents, would be in a public domain so that the public can access and derive the benefits from the virus-scan program (see FF 2), like many publicly-available virus-check programs. See KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). Notably, Appellants have provided no persuasive evidence on this record that the disclosed systems cannot be publicly available. Nor do we see any reason why this cannot be the case. We reach this conclusion notwithstanding (1) Eagle’s security features (i.e., the notary system requiring a password (see FF 7)), and (2) Palliyil’s use of a secure channel for data transmissions (see FF 4)). Despite these security features, the components (e.g., a computer) and the computer operations (e.g., a virus- scan program) are still publicly available.6 We therefore are not persuaded that Palliyil and Eagle collectively fail to teach or suggest publishing the fingerprint in a “public domain.” 6 For example, a public library may contain information within its website (e.g., information stored on a server) that requires a password, but the information is nonetheless publicly available. Appeal 2009-007699 Application 10/870,666 9 For the foregoing reasons, Appellants have not shown error in the rejection of independent claim 86 based on Palliyil and Eagle. We therefore sustain the rejection of claim 86, and claims 87-89 which fall with claim 86. CONCLUSION The Examiner did not err in rejecting claims 86-89 under § 103. ORDER The Examiner’s decision rejecting claims 86-69 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED pgc C. Paul Maliszewski, P.E. Simpson & Simpson, PLLC 5555 Main Street Williamsville, NY 14221-5406