Ex Parte Chen et alDownload PDFPatent Trial and Appeal BoardMar 31, 201713222033 (P.T.A.B. Mar. 31, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/222,033 08/31/2011 Liang Chen RPS920110042USNP(710.175) 4629 58127 7590 04/03/2017 FERENCE & ASSOCIATES LLC 409 BROAD STREET PITTSBURGH, PA 15143 EXAMINER DOAN, HUAN V ART UNIT PAPER NUMBER 2437 MAIL DATE DELIVERY MODE 04/03/2017 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte LIANG CHEN, JOSHUA N. NOVAK, ROD D. WALTERMANN, DAVID RIVERA, and JUN LI Appeal 2017-001210 Application 13/222,033 Technology Center 2400 Before: JEAN R. HOMERE, DEBRA K. STEPHENS, and JOHN A. EVANS, Administrative Patent Judges. STEPHENS, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134 from a Final Rejection of claims 1—3, 5—13, and 15—21 (App. Br. 5). Claims 4 and 14 have been canceled. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. Appeal 2017-001210 Application 13/222,033 THE CLAIMED SUBJECT MATTER According to Appellants, the claims are directed to an information handling device and a method to permit execution of code of an application on the information handling device upon a determination that the application has system privileges the information handling device (Abstract). Claim 1, reproduced below, is representative of the claimed subject matter: 1. An information handling device comprising: one or more processors; a mobile operating system designating user and system privileges; a permission vector; a memory in operative connection with the one or more processors, the memory storing instructions executable by the one or more processors to: retrieve an application from a remote device, wherein the application requires system privileges to the information handling device for full installation; install the application on the information handling device; determine, using the permission vector operating on said information handling device, whether the installed application has system privileges via determining whether the installed application contains one or more certificates that match one or more device keys; execute non-privileged code from the installed application responsive to determining that the installed application has user privileges and not system privileges; and 2 Appeal 2017-001210 Application 13/222,033 execute privileged code from the installed application responsive to determining that the application has system privileges. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Zuk et al. Freund Chatterjee et al. Braams US 2003/0154399 Al US 2004/0199763 Al US 2008/0148298 Al US 2010/0058317 Al Aug. 14, 2003 Oct. 7, 2004 June 19, 2008 Mar. 4, 2010 REJECTIONS1 Claims 1—3, 5—9, 11—13, and 15—21 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Chatterjee, Freund, and Braams (Final Act. 5-18). Claim 10 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Chatterjee, Braams, Freund, and Zuk (Final Act. 18). ISSUES 35 U.S.C. § 103(a): Claims 1—3, 5—9, 11—13, and 15—21 Appellants contend their invention as recited in claims 1—3, 5—9, 11— 13, and 15—21, is unpatentable over Chatterjee, Freund, and Braams (App. Br. 15—19; Reply Br. 16—20).2 The issues presented by the arguments are: 1 The Examiner objects to claims 1—3, 5—10, 12, and 21 (Final Act. 4—5). These objections are not before us (See MPEP §§ 706.01, 1201 (9th ed., Rev. 9, March 2014)). 2 Rather than repeat the arguments here, we refer to the Appeal Brief and Reply Brief for the positions of Appellants and the Final Office Action and Answer for the positions of the Examiner. Only those arguments actually made by Appellants have been considered in this decision. Arguments that 3 Appeal 2017-001210 Application 13/222,033 Issue 1: Does the combination of Chatterjee, Freund, and Braams teach or suggest “determine, using a permission vector operating on said information handling device, whether the installed application has system privileges via determining whether the installed application contains one or more certificates that match one or more device keys,” as recited in claim 1? Issue 2: Does the combination of Chatterjee, Freund, and Braams teach or suggest “determining whether the installed application has user privileges and not system privileges,” as recited in claim 1? Issue 3: Did the Examiner improperly combine the teachings of Chatterjee, Freund, and Braams? ANALYSIS Issue 1: Appellants contend Chatterjee does not teach “determine, using a permission vector operating on said information handling device, whether the installed application has system privileges via determining whether the installed application contains one or more certificates that match one or more device keys,” as recited in claim 1 (App. Br. 15—16; Reply Br. 16—17). According to Appellants, Chatterjee discloses an application runtime environment (A.R.E.) that receives an individual function call from a browser based application and determines whether to block or allow a function based on digital signature information (App. Br. 15—16). Thus, Appellants assert Chatterjee’s use of the manifest is not a determination as to Appellants did not make in the Briefs have not been considered and are deemed to be waived. See 37 C.F.R. § 41.37(c)(l)(iv) (2012). 4 Appeal 2017-001210 Application 13/222,033 whether an installed application has system or user privileges (App. Br. 16 (citing Chatterjee 145); Reply Br. 17). We are not persuaded. The Examiner finds Chatterjee teaches determining based on a list of permitted function calls whether to block or allow a function call to access the computing device’s system resources controlled by the operating system (Ans. 5 (citing Chatterjee Tflf 31—34)). We agree with the Examiner that Chatterjee teaches determining whether the individual function call is permitted to access native functions and data of the computing device which require system privileges to access and thus, that Chatterjee teaches determining whether the application has system privileges (Ans. 5). Appellants next argue Chatterjee’s list of functions signed and authorized, does not teach a permission vector because the signing file contains information of functions the application will access to execute (App. Br. 16). Appellants additionally contend the signed list in Chatterjee, is connected to application’s requirements, not the system’s requirements tied to the permission vector (Reply Br. 18). Appellants further contend Braams’ public key distributed by a software provider does not teach the recited permission vector (App. Br. 17—18). We are not persuaded by Appellants’ arguments. Initially, we note Appellants have not defined explicitly the term “permission vector” in their Specification. Appellants’ Specification describes anon-limiting example in which the permission vector may comprise a software service interrupter, which may, for example, conduct a permission check on the application to determine its permission level (Spec. 123). 5 Appeal 2017-001210 Application 13/222,033 We agree with the Examiner that Chatterjee computing device’s A.R.E., not the list, makes the determination whether the application’s function call has permission to access specific system resources (Ans. 5—6). In particular, Chatterjee teaches the A.R.E. operating on the computer system, checks the individual function call to restrict access (see Chatterjee 131). Contrary to Appellants’ argument (Reply Br. 18), Chatterjee teaches the operating system regulates which functions on the computing system are to be accessed based on its requirements, not the application’s requirements (see Chatterjee 133; Ans. 6—7). Therefore, Chatterjee determines, using the permission vector operating on the system, whether the installed application has system privileges. Appellants further argue none of the relied upon references teaches “determining whether the installed application contains one or more certificates that match one or more device keys,” as recited in claim 1 (App. Br. 18). More specifically, Appellants assert Freund does not teach use of certificates or device keys (App. Br. 18 (citing Freund 1 80). However, the Examiner relies on Braams to teach the application’s digital signature is verified with the application provider’s public key as the device key (Ans. 6—7 (citing Braams 1 6)). Braams teaches certification of a public key is achieved by providing a set of certificates (Braams 1 6). Braams further teaches that certificates are used to trace the signature on the software module back to the certification authority (id.). Thus, Braams teaches determining whether the software module contains certificates that match a device key. 6 Appeal 2017-001210 Application 13/222,033 Therefore, Appellants have not persuaded us the Examiner erred in finding the combination of Chatterjee, Freund, and Braams teaches “determine, using a permission vector operating on said information handling device, whether the installed application has system privileges via determining whether the installed application contains one or more certificates that match one or more device keys,” as recited in claim 1. Issue 2 Appellants argue the combination of Chatterjee, Freund, and Braams fails to teach “determining whether the installed application has user privileges and not system privileges,” as recited in claim 1 (App. Br. 18). Appellants contend Freund teaches a user privilege level for controlling incoming and outgoing communications made by an application (App. Br. 18 (citing Freund 1 80)). According to Appellants, system privileges refer to root level privileges, superior to user privileges (Reply Br. 19). The Examiner finds Freund teaches regulating software processes with user privileges so as not to be permitted to access services reserved for software processes with kernel-level privileges (Final Act. 8 (citing Freund 70, 73)). We agree with the Examiner because Freund specifies kernel-level privileges provide greater access than user privileges (see Freund 70, 73)). Accordingly, Appellants have not persuaded us the Examiner erred in finding the combination of Chatterjee, Freund, and Braams teaches “determining whether the installed application has user privileges and not system privileges,” as recited in claim 1. 7 Appeal 2017-001210 Application 13/222,033 Issue 3: Appellants further argue Chatterjee teaches web-hosted application permissions are compared against a manifest which Appellants argue, are “largely irrelevant” to the recited claim (App. Br. 15—16). According to Appellants, the applications for which permissions are determined in Chatterjee are web hosted (App. Br. 16). Appellants additionally argue Braams teaches away because it requires successful verification before the program is installed (App. Br. 18 (citing Braams 118)). We interpret Appellants’ argument that the applications in Chatterjee are installed on remote web servers, rather than on the computing device. Appellants’ arguments that Chatterjee, being directed to a web-hosted application, is a “wholly different application process” (App. Br. 16) are not persuasive. The Examiner finds Chatterjee teaches that the application is installed on the computing device (Ans. 5; see Chatterjee 131 (“[T]he A.R.E. [] may receive an individual function call from a browser based application [] running locally on a computing device”)). Thus, as set forth above, we find Chatterjee teaches the application is installed on the information handling device. We additionally are not persuaded Braams teaches away (App. Br. 18). The Examiner relies on Braams to teach preloading the key and software module to determine the authenticity of the key actually used to sign the software module (Ans. 6—7 (citing Braams 1 6)) and not installing the application. Thus, Appellants appear to be arguing the reference individually while the Examiner is relying on the combination. Moreover, Braams teaches verifying the software integrity before installing it on the electronic device (see Braams Tflf 17—18). Appellants have not proffered 8 Appeal 2017-001210 Application 13/222,033 sufficient evidence or argument to persuade us Braams criticizes, discredits, or otherwise discourages modifying Chatterjee, Freund, or a combination thereof, to arrive at the recited invention; therefore, Appellants have not persuaded us the Examiner improperly combined the teachings and suggestions of Chatterjee, Freund, and Braams. Summary In light of these findings and conclusions, Appellants have not persuaded us the combination of Chatterjee, Freund, and Braams fails to teach, suggest, or otherwise render obvious the limitations as recited in claim 1, and claims 2, 3, 5—9, 11—13, and 15—21, not separately argued (App. Br. 19; Reply Br. 20). 35 U.S.C.§ 103(a): Claim 10 Appellants did not separately argue claim 10, instead relying on arguments set forth with respect to claim 1 (App. Br. 19; Reply Br. 20). For the reasons set forth above, we are not persuaded by Appellants’ arguments. Therefore, we sustain the rejection of claim 10 under 35 U.S.C. § 103(a) for obviousness over Chatterjee, Braams, Freund, and Zuk. DECISION The Examiner’s rejection of claims 1—3, 5—9, 11—13, and 15—21 under 35 U.S.C. § 103(a) as being unpatentable over Chatterjee, Freund, and Braams is affirmed. 9 Appeal 2017-001210 Application 13/222,033 The Examiner’s rejection of claims 10 under 35 U.S.C. § 103(a) as being unpatentable over Chatterjee, Braams, Freund, and Zuk is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 10 Copy with citationCopy as parenthetical citation