Ex Parte Chinen et alDownload PDFPatent Trial and Appeal BoardMar 22, 201713465805 (P.T.A.B. Mar. 22, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/465,805 05/07/2012 Mitsuru Chinen JP920080257US2 4568 70854 7590 03/24/2017 Knn7ler T aw frrniin/RSW EXAMINER 50 Broadway Ste 1000 REZA, MOHAMMAD W Salt Lake City, UT 84101 ART UNIT PAPER NUMBER 2436 NOTIFICATION DATE DELIVERY MODE 03/24/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): jeff@kunzlerlaw.com lauren@kunzlerlaw.com docket @ kunzlerlaw .com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MITSURU CHINEN and SHINSUKE NODA1 Appeal 2016-004961 Application 13/465,805 Technology Center 2400 Before CAROLYN D. THOMAS, DAVID J. CUTITTAII, and PHILLIP A. BENNETT, Administrative Patent Judges. CUTITTA, Administrative Patent Judge. DECISION ON APPEAL This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s decision rejecting claims 1—22, all pending claims of the application. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 According to Appellants, the real party in interest is International Business Machines Corporation. Appeal Br. 3. Appeal 2016-004961 Application 13/465,805 STATEMENT OF THE CASE According to Appellants, the application relates to shielding a sensitive file stored on a computer from leakage of sensitive information caused by ineffective protection from unauthorized access such as by file sharing software like P2P. Spec. Tflf 2—3.2 Claims 1,19, and 22 are independent. Claim 1 is representative and is reproduced below with disputed limitations in italics: 1. An apparatus for shielding a sensitive file, the apparatus comprising: a client computer configured to store the sensitive file and to connect to a server computer, wherein the client computer comprises: an encryption-decryption unit configured to perform a cryptographic operation on the sensitive file with a cryptographic key, wherein an encryption key ID is associated with the sensitive file, and the cryptographic key corresponds to the encryption key ID; a key storing unit configured to store the cryptographic key; a compliance requirements storing unit configured to store security compliance requirements from the server computer, wherein the security compliance requirements define a plurality of compliant operating conditions requiring that the client computer verify a presence of at least one updated security measure active on the client computer, and a security requirements monitoring unit configured to determine whether the client computer complies with 2 Throughout this Opinion, we refer to: (1) Appellants’ Specification filed May 7, 2012 (Spec.); (2) the Final Office Action (Final Act.) mailed March 23, 2015; (3) the Appeal Brief (Appeal Br.) filed August 21, 2015; (4) the Examiner’s Answer (Ans.) mailed February 2, 2016; and (5) the Reply Brief (“Reply Br.”) filed April 4, 2016. 2 Appeal 2016-004961 Application 13/465,805 the stored security compliance requirements in response to a file access instruction for the sensitive file by application software of the client computer, wherein the security requirements monitoring unit is further configured to pass the cryptographic key from the key storing unit to the encryption-decryption unit in response to a determination that the client computer complies with the security compliance requirements. Appeal Br. 19 (Claims App’x). REJECTION Claims 1—22 stand rejected under 35 U.S.C. § 103(a) as unpatentable over the combination of Hildebrand (US 7,921,288 Bl; Apr. 5, 2011) and Karjala et al. (“Karjala”) (US 2004/0268142 Al; Dec. 30, 2004). Final Act. 10-15. Our review in this appeal is limited only to the above rejection and issues raised by Appellants. We have not considered other possible issues that have not been raised by Appellants and which are, therefore, not before us. See 37 C.F.R. § 41.37(c)(l)(iv)(2014). ISSUES 1. Does the Examiner err in finding the combination of Hildebrand and Karjala teaches or suggests “a compliance requirements storing unit configured to store security compliance requirements from the server computer, wherein the security compliance requirements define a plurality of compliant operating conditions requiring that the client computer verify a 3 Appeal 2016-004961 Application 13/465,805 presence of at least one updated security measure active on the client computer,” as recited in claim 1? 2. Does the Examiner err in finding the combination of Hildebrand and Karjala teaches or suggests “a security requirements monitoring unit configured to determine whether the client computer complies with the stored security compliance requirements in response to a file access instruction for the sensitive file by application software of the client computer,” as recited in claim 1? 3. Is the Examiner’s rationale for modifying Hildebrand based on Karjala erroneous? DISCUSSION We disagree with Appellants’ contentions and we adopt as our own: (1) the findings and reasons set forth by the Examiner in the Office Action from which this appeal is taken (Final Act. 10—11) and (2) the reasons set forth by the Examiner in the Examiner’s Answer in response to Appellants’ Appeal Brief (Ans. 8—12). We concur with the findings and conclusions reached by the Examiner, and we highlight the following for emphasis. Issue 1 The Examiner finds Karjala’s transmission of a virtual private network (VPN) policy from server 20 to mobile device 10 and the subsequent storing of the VPN policy in the IP Sec policy storage 40 of the mobile device 10 teaches or suggests “a compliance requirements storing unit,” as recited in claim 1. Ans. 8—11 (citing Karjala 30, 31, 36, 38, 43, 44, 51, 65, and 81). 4 Appeal 2016-004961 Application 13/465,805 Appellants argue the Examiner’s finding is erroneous because “the VPN policies of Karjala, including the certificates and private keys, do not teach the claim limitation as recited.” Reply Br. 4. Specifically, Appellants argue “the VPN policy including certificates and keys are not compliant operating conditions because certificates and keys do not relate to the manner in which a device is being, or has been ‘operated.’” Reply Br. 5. We find this argument unpersuasive because we find Karjala teaches the VPN is used by the client device 10 to operate a secure link with server 20. See Karjala 136. As Appellants acknowledge, [t]he VPN Policies of Karjala contain all the information required to establish secure connections to a secure server.” Reply Br. 4 (citing Karjala 136). We agree, noting Karjala discloses a “VPN policy contains all the information required by a mobile device with a VPN client... to establish secure connections to SSM server 20 so as to, in at least one embodiment, access email 32, databases 34 and other facilities.” Karjala 1 36. Accordingly, Appellants fail to establish that Karjala’s “VPN policy including certificates and keys are not compliant operating conditions.” Reply Br. 5. Although not offering a specific definition from the Specification for the claim term “compliant operating conditions,” Appellants contend that interpreting the claim term to encompass a “VPN policy” is inconsistent with Appellants’Specification. Reply Br. 4—6. Appellants offer several examples of “operating conditions” from the Specification including hard disk password protection (Spec. 139) and security software (Spec. 136) and argue “if a client computer does not have security software [] then access to the sensitive file is not granted.” Reply Br. 5 (citing Spec. 136). 5 Appeal 2016-004961 Application 13/465,805 “Absent an express definition in their specification, the fact that appellants can point to definitions or usages that conform to their interpretation does not make the PTO’s definition unreasonable when the PTO can point to other sources that support its interpretation.” In re Morris, 111 F.3d 1048, 1056 (Fed. Cir. 1997). Here, Appellants’ Specification does not provide an express definition of “compliant operating conditions” that excludes Karjala’s VPN policy. Rather, Appellants’ proffered example from the Specification of security software encompasses Karjala’s VPN policy, which we find is a specific type of security software. See, e.g., Karjala 118 (“VPN-A is connected by tunnels . . . which represent secure communications between devices Al, A2 and A3.”). Appellants do not provide persuasive evidence to rebut the Examiner’s finding that the scope of the claimed “compliant operating conditions,” when read in light of Appellants’ Specification, encompasses Karjala’s VPN policy. See Ans. 11- 12. Thus, we agree that Karjala teaches “a compliance requirements storing unit,” as claimed. Issue 2 The Examiner finds Karjala’s retrieval from a server and storage of the VPN policies in the mobile device 10 teaches or suggests “a security requirements monitoring unit,” as recited in claim 1, because the VPN policies, including stored certificates and encryption keys, “will be used at the client device to access any content.” Ans. 11 (citing Karjala 34, 36, 38, 43, 47, and 55). 6 Appeal 2016-004961 Application 13/465,805 Appellants argue the Examiner’s finding is erroneous because “the security compliance requirements are not analogous to the certificates, keys (and passwords) that Karjala teaches.” Appeal Br. 6. We find this argument unpersuasive for the reasons discussed above in relation to Issue 1. Appellants argue “[t]he monitoring unit is determining whether the client computer complies with compliance requirements which again define a plurality of compliant operating conditions. This is above and beyond what Karjala teaches.” Appeal Br. 6. Appellants’ argument is unpersuasive because Appellants rely solely on attorney argument to conclude “the teachings of Karjala are insufficient to teach the claim limitation a security requirements monitoring unit.” Appeal Br. 6. Such argument is afforded little weight in the absence of persuasive evidence in support of the conclusion. It is well settled that mere attorney arguments and conclusory statements, which are unsupported by factual evidence, are entitled to little probative value. In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997); see also In re Pearson, 494 F.2d 1399, 1405 (CCPA 1974) (attorney argument is not evidence). Issue 3 Appellants argue that the Examiner’s analysis does not exhibit any articulated reasoning with some rational underpinning to support the legal conclusion of obviousness because “the Examiner provides a conclusory assertion for the proposed combination of Hildebrand and Karjala.” App. Br. 16. We disagree because the Examiner has found actual teachings in the prior art and has additionally provided a rationale for the combination i.e., 7 Appeal 2016-004961 Application 13/465,805 “it would have been obvious ... to have incorporated Karjala’s teachings of updating the security measure with the teachings of Hildebrand, for the purpose of suitably updating and verify [Vc] the presence of the updated security measures in the client computer to secure the client more effectively.” See Final Act. 11. The Examiner also finds one of ordinary skill would have been motivated “to combine these two analogues arts to develop a system to retrieve the access right or VPN policies from the remote server and uses that policies to access the locally stored file/content.” Ans. 13. Appellants argue “[tjhere is nothing in the Examiner’s assertion to explain how the security of the client computer of Hildebrand might be made more effective by the VPN processes described in Karjala.” Appeal Br. 16. We disagree because the Examiner finds Hildebrand does not specifically mention storing security compliance requirements from a server computer, where the security compliance requirements define a plurality of compliant operating conditions of the client computer and accordingly relies on Karjala to teach storing security compliance requirements that define a plurality of compliant operating conditions and that are received from a server. See Final Act. 11. Thus, we agree one skilled in the art would have recognized the benefit of storing a plurality of compliant operating conditions received from a server as taught by Karjala. Moreover, we find the benefit of using a VPN to enable a user to send and receive data across a public network as if the user’s computing devices were directly connected to the private network would have been apparent in view of Karjala. See, e.g., Karjala 6, 18 (a VPN “provides] secure network access to a great variety of users”). 8 Appeal 2016-004961 Application 13/465,805 Appellants argue “the Examiner does not provide any explanation as to how the technology of Karjala for managing VPN profiles and processes might integrate with or augment the encryption techniques of Hildebrand using multiple levels of keystores for security keys.” Appeal Br. 16. “The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference. . . . Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.” In re Keller, 642 F.2d 413, 425. See also In re Sneed, 710 F.2d 1544, 1550 (Fed. Cir. 1983) (“[I]t is not necessary that the inventions of the references be physically combinable to render obvious the invention under review.”); and In reNievelt, 482 F.2d 965, 968 (CCPA 1973) (“Combining the teachings of references does not involve an ability to combine their specific structures.”). Here, we find the teachings suggest that the combination involves the predictable use of prior art elements according to their established functions. “The combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results,” KSR Int 7 Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007), especially if the combination would not be “uniquely challenging or difficult for one of ordinary skill in the art f Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 (Fed. Cir. 2007) (citing KSR, 550 U.S. at 418). Appellants argue that the “the Examiner’s reasoning is “merely based on impermissible hindsight.” Appeal Br. 16. We disagree the Examiner’s rationale is based on impermissible hindsight because the Examiner has 9 Appeal 2016-004961 Application 13/465,805 articulated a reason having rational underpinnings for the proposed combination. Accordingly, we sustain the Examiner’s 35 U.S.C. § 103(a) rejection of independent claim 1. We also sustain the Examiner’s § 103(a) rejection of independent claims 19 and 22, which are argued with independent claim 1, for similar reasons. Appeal Br. 12. Dependent claims 2—18, 20, and 21 are not argued separately, and are rejected with their respective independent claims. Appeal Br. 13. DECISION We affirm the Examiner’s decision rejecting claims 1—22 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 10 Copy with citationCopy as parenthetical citation