Ex Parte Craft et alDownload PDFPatent Trial and Appeal BoardSep 27, 201210601374 (P.T.A.B. Sep. 27, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/601,374 06/23/2003 David John Craft AUS920030401US1 7981 46239 7590 09/27/2012 IBM Corporation (PEC) c/o Patrick E. Caldwell, Esq. The Caldwell Firm, LLC PO Box 59655 DALLAS, TX 75229-0655 EXAMINER JOHNSON, CARLTON ART UNIT PAPER NUMBER 2436 MAIL DATE DELIVERY MODE 09/27/2012 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte DAVID JOHN CRAFT, MICHAEL NORMAN DAY, HARM PETER HOFSTEE, CHARLES RAY JOHNS, and JOHN SAMUEL LIBERTY ____________ Appeal 2009-015314 Application 10/601,374 Technology Center 2400 ____________ Before DENISE M. POTHIER, ERIC B. CHEN, and JOHN A. EVANS, Administrative Patent Judges. POTHIER, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 22-37. Claims 1-21 have been canceled. Br. 2.1 We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 Throughout this opinion, we refer to the Appeal Brief filed February 23, 2009, and the Examiner’s Answer mailed June 15, 2009. Appeal 2009-015314 Application 10/601,374 2 Invention Appellants’ invention relates to a technique for authenticating code or data in protected environment. See Abstract. Claim 22 is reproduced below with the key disputed limitation emphasized: 22. A secure processing system, comprising: a main processor unit (MPU) coupled to a processor bus; an attached processor complex (APC) coupled to the processor bus and comprising: a local store configured to store computer instructions and data; an attached processor unit (APU) coupled to the local store; wherein the APC is configured to receive commands from the MPU via the processor bus, to store a cryptographic master key, and to operate in a non-isolated state and an isolated state; and wherein in response to a LOAD command received from the MPU, the APC is configured to transition from the non-isolated state to the isolated state, to partition the local store into a general access section accessible by the MPU and an isolated section accessible only by the APU, to transfer a set of computer instructions or data into the isolated section of the local store, and to use the master key to extract and decrypt a portion of the computer instructions or data stored in the isolated section of the local store, thereby producing another cryptographic key. The Examiner relies on the following as evidence of unpatentability: Worley US 2002/0194389 A1 Dec. 19, 2002 Smeets US 6,769,062 B1 July 27, 2004 (filed Oct. 25, 2000) Ellison US 7,082,615 B1 July 25, 2006 (filed Sept. 22, 2000) The Rejections 1. The Examiner rejected claims 22-27 and 29-36 under 35 U.S.C. § 103(a) as unpatentable over Ellison and Smeets. Ans. 3-11. Appeal 2009-015314 Application 10/601,374 3 2. The Examiner rejected claims 28 and 37 under 35 U.S.C. § 103(a) as unpatentable over Ellison, Smeets, and Worley. Ans. 11-14. THE OBVIOUSNESS REJECTION OVER ELLISON AND SMEETS Regarding representative claim 22, Appellants argue that Examiner has not demonstrated that the references teach creating a partition as recited and, in particular, creating the recited isolated section in response to a LOAD instruction. Br. 11, 14. Appellants contend that Ellison teaches away from creating such a partition, because Ellison’s rings are perpetually partitioned into normal and isolated execution portions. Br. 13. Appellants also assert that the Examiner does not provide a reason why creating such a partition would be obvious. Br. 11. ISSUE Under § 103, has the Examiner erred by finding that Ellison and Smeets collectively would have taught or suggested, in response to a LOAD command received from the MPU, the APC is configured to partition the local store into a general access section accessible by the MPU and an isolated section accessible only by the APU? ANALYSIS Before we address what Ellison and Smeets teach, we construe a key disputed term of claim 1 or “partition.” While Appellants do not define this term (see generally Specification), Appellants describe the load command partitions the local store (LS) 110 into a general access section 111 and an isolated section 112 (Spec. 7:8-10, 24-26; Fig. 1). We also find, when Appeal 2009-015314 Application 10/601,374 4 consulting dictionaries for an ordinary meaning, that a “partition” includes “the act or process of diving into parts”2 and “[a] logically distinct portion of memory or a storage device that functions as though it were a physically separate unit.”3 Thus, using these definitions as a verb, “to partition” includes to designate or divide sections of storage into logical parts. Further, in the context of claim 22, the recited APC configured to partition the logical store can be broadly construed to include the APC being configured to designate or divide storage sections logically into a general access section accessible by the MPU and an isolated section accessible only by the APU. The collective teachings of Ellison and Smeets teach or suggest such a configured APC. Ellison teaches a logical operating architecture 50 having two modes of operation (i.e., a normal execution mode and an isolated execution mode) and a processor nub loader 52 that operates only in the isolated execution mode. Col. 3, ll. 4-8; Fig. 1A. The isolated execution mode is initialized using a privileged instruction located in the processor along with the processor nub loader 52. Ans. 4 (citing col. 3, ll. 43-45); see also col. 4, ll. 63-65. Additionally, the processor nub loader 52 is a loader code that loads the processor nub 18 into an isolated area and is invoked by execution of an appropriate isolated instructions (e.g., Iso_init), which is transferred to the isolated area 70. Ans. 14-15 (citing col. 3, ll. 21-25, 43-47); see also col. 6, ll. 49-51; Figs. 1B-C. Ellison thus teaches a load command (e.g., the privilege instruction which begins the process of loading the loader code and the isolated instruction invokes the loader 52 or loader code) being sent by the processor 2 Webster’s II New Riverside University Dictionary 857 (1994). 3 Microsoft® Computer Dictionary 392 (5th ed. 2002). Appeal 2009-015314 Application 10/601,374 5 or an MPU. In response to the load command, Ellison also discusses the system operates in an isolated execution mode where the isolated area 70 of the physical memory becomes accessible to certain elements of the operating system. See col. 4, ll. 12-14, 19-21; col. 5, ll. 1-10; col. 6, ll. 13-17; Figs. 1B-C. The processor designates this storage section logically as an isolated section. See id. This contrasts with Ellison’s normal execution mode where only the non-isolated areas 80 -- not the isolated area 70 -- are accessible and thus designated. See col. 3, ll. 26-31; col. 4, ll. 27-29; Fig. 1B. Ellison therefore, teaches or suggests an APC configured to designate and divide storage logically into parts -- a general access section (e.g., non-isolated area 80) and an isolated section (e.g., isolated area 70) in response to a LOAD command and when operating in the isolated execution mode. Because the isolated areas 70’s accessibility indicates whether Ellison’s system is operating in a normal execution or an isolated execution mode, we also disagree with Appellants that the Examiner was wrong in discussing a command used to invoke the isolated execution state. See Br. 12. Also, even assuming without agreeing that Ellison’s rings are perpetual (Br. 13), we do not find that Ellison teaches away from partitioning the local store in response to invoking the isolated execution mode or state (id.). That is, as explained above, Ellison teaches or suggests that the isolated area is made available to the specific components only when operating in the isolated execution mode or when the isolated mode is invoked by a load command. Thus, only when in this mode does Ellison provide accessibility and thus divides the local store (e.g., physical memory 60) into two logical sections -- a general access section (e.g., 80) and an isolated section (e.g., 70). Appeal 2009-015314 Application 10/601,374 6 We further note that claim 22 requires not only that the APC is configured to partition into a general access section and an isolated section but also that is configured to partition into a general access section accessible by the MPU and an isolated section accessible only by the APU. The Examiner further relies on Smeets’ disclosure, when combined with Ellison, to teach or suggest this entire recitation. See Ans. 4-5, 14-15. Also, while Appellants assert that Smeets fails to teach this limitation (see Br. 11), Appellants focus their arguments on Smeets failing to show an isolated section accessible only by the APU in response to a load command (see Br. 14). As noted, the Examiner did not rely on Smeets for the partition feature. Specifically, the Examiner relies on Smeets to teach the concept of using separate processors for different applications, including using a secure processor for storing and obtaining private keys and digital signatures and for performing cryptographic calculations. See Ans. 5, 15 (citing col. 2, ll. 2-5, 19-23; col. 3, ll. 18-20, 26-28, 58-60; Fig. 1). Ellison likewise teaches a nub 16, which is part of the isolated execution functions, obtains access to private keys and generates signatures. See col. 8, ll. 33-65. When these teachings are combined, they predictably yield no more than an ordinarily skilled artisan would have expected or designating storage into a general access section accessible by one processor (e.g., a MPU) and an isolated section accessible only by a secure processor (e.g., an APU) so as to secure and ensure the integrity of Ellison’s system by securing private keys and signatures. See Ans. 5 (citing col. 1, ll. 44-50); see also KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 416-17 (2007). We therefore find, contrary to Appellants’ assertion (Br. 11), that the Examiner has articulated a reason Appeal 2009-015314 Application 10/601,374 7 with some rational underpinning to combine Ellison and Smeets and justifies a conclusion of obviousness. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of independent claim 22 and claims 23-27 and 29-36 not separately argued with particularity (Br. 14). THE REMAINING OBVIOUSNESS REJECTION Regarding representative claim 28, Appellants repeat the argument that Ellison and Smeets fail to teach or suggest the same disputed “partition” limitation in connection with claim 22. Br. 15. We are not persuaded by for the reasons discussed above and need not address whether Worley cures any deficiency. See id. This argument also fails to persuasively rebut the Examiner’s prima facie case of obviousness (Ans. 11-14) – a position we find reasonable. We therefore, sustain the rejection of claims 28 and 37 not separately argued (Br. 15). CONCLUSION The Examiner did not err in rejecting claims 22-37 under § 103. DECISION The Examiner’s decision rejecting claims 22-37 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED babc Notice of References Cited Application/Control No. 10/601,374 Applicant(s)/Patent Under Patent David John Craft et al. Appeal No. 2009-015314 Examiner Carlton Johnson Art Unit 2400 Page 1 of 1 U.S. PATENT DOCUMENTS * Document Number Country Code-Number-Kind Code Date MM-YYYY Name Classification A US- B US- C US- D US- E US- F US- G US- H US- I US- J US- K US- L US- M US- FOREIGN PATENT DOCUMENTS * Document Number Country Code-Number-Kind Code Date MM-YYYY Country Name Classification N O P Q R S T NON-PATENT DOCUMENTS * Include as applicable: Author, Title Date, Publisher, Edition or Volume, Pertinent Pages) U Webster’s II New Riverside University Dictionary 857 (1994). V Microsoft® Computer Dictionary 392 (5th ed. 2002). W X *A copy of this reference is not being furnished with this Office action. (See MPEP § 707.05(a).) Dates in MM-YYYY format are publication dates. Classifications may be US or foreign. U.S. Patent and Trademark Office PTO-892 (Rev. 01-2001) Notice of References Cited Part of Paper No. J'.',parrallaxing .......• passive-matrix display parrallaxing n. A 3-D animation technique, often used by computer game developers, where backgrounds are dis played using different levels of speed to achieve realism. For example. distant levels move at a slower speed than closer levels, thereby giving fr._ illusion ofdepth. See also animation. parse vb. To break input into smaller chunks so that a program can act upon the information. parser n. An application or device that breaks data into smaller chunks so that an application can act on the infor mation. See also parse.-·· partition n. 1. A logically distinct portion of memory or a storage device that functions as though it were a physi- . cally separate unit. 2. In database programming, a subset of a database table or file.U Partition Boot Sector n. The first sector in the system (startup) partition of a computer's bootable hard disk, or the first sector of a bootable floppy disk. On an x86-based computer, the Partition Boot Sector is read into memory at startup by the Master Boot Record. It is the Partition Boot Sector that contains the instructions required to begin the process of loading and starting the computer's operating system. See also Master Boot Record, partition table. partition table n. A table of information in the first sec tor of a computer's hard disk that tells where each parti tion (discrete portion of storage) on the disk begins and ends. The physical locations are given as the beginning and ending head, sector, and cylinder numbers. In addition to these "addresses," the partition table identifies the type of file system used for each partition and identifies whether the partition is bootable-whether it can be used to start the computer. Although it is a small data structure, the partition table is a critical element on the hard disk. partnership n. The settings on a desktop computer and Windows CE device that allow information to be synchro nized, as well as copied or moved between the computer and device. The mobile device can have partnerships with up to two desktop computers. See also synchronization (definition 6). Pascal n. A concise procedural language designed between 1967 and 1971 by Niklaus Wirth. Pascal, a com piled. structured language built upon ALGOL, simplifies syntax while adding data types and structures such as subranges, enumerated data types, files, records, and sets. See also ALGOL, compiled language. Compare C. pASP n. See pocket Active Server Pages. paSS1 n. In programming. the carrying out of one com plete sequence of events. pass2 vb. To forward a piece of data from one part of a program to another. See also pass by address, pass by value. pass by address n. A means of passing an argument or parameter to a subroutine. The calling routine passes the address (memory location) of the parameter to the called routine, which can then use the address to retrieve or mod. ify the value of the parameter. Also called: pass by refer. ence. See also argument, calli. Compare pass by value. pass by reference n. See pass by address. pass by value n. A means of passing an argument or a parameter to a subroutine. A copy of the value of the ment is created and passed to the called routine. When method is used, the called routine can modify the copy the argument, but it cannot modify the original See also argument, calP. Compare pass by address. passivation n. In Sun Microsystems's J2EE form. the process of "turning off' an enterprise java (EJB) by caching it from memory to secondary See also Enterprise JavaBeans, J2EE. Compare passive hub n. A type of hub used on ARCnet that passes signals along but has no additional See also ARCnet. Compare active hub, Intelligent passive-matrix display n. An inexpensive, tion liquid crystal display (LCD) made from a of liquid crystal cells that are controlled by side of the display screen. One transistor row or column of pixels. Passive-matrix monly used in portable computers, such as notebooks. because of their thin width. While plays have good contrast for monochrome olution is weaker for color screens. These difficult to view from any angle other than unlike active-matrix displays. However, passive-matrix displays are considerably those with active-matrix screens. See the called: dual-scan display. See also liquid supertwist display, transistor, twisted Compare active-matrix display. F e In 0; el, ro sit LC Pal 392 Copy with citationCopy as parenthetical citation
