Ex Parte DavisDownload PDFPatent Trial and Appeal BoardApr 28, 201612541480 (P.T.A.B. Apr. 28, 2016) Copy Citation UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. 12/541,480 22442 7590 Sheridan Ross PC 1560 Broadway Suite 1200 Denver, CO 80202 FILING DATE FIRST NAMED INVENTOR 08/14/2009 Michael L. Davis 05/02/2016 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 2943AAAB-184 3460 EXAMINER MORTELL, JOHN F ART UNIT PAPER NUMBER 2689 NOTIFICATION DATE DELIVERY MODE 05/02/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): e-docket@sheridanross.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MICHAEL L. DA VIS Appeal2014-005435 Application 12/541,480 Technology Center 2600 Before CAROLYN D. THOMAS, DEBRA K. STEPHENS, and JOSEPH P. LENTIVECH, Administrative Patent Judges. LENTIVECH, Administrative Patent Judge. DECISION ON APPEAL .6. .... ,1 .. • .. ,....,-TTr'1.r-"\ l\-1,....AI/'\. £',"1 Appeuant' seeKs our review unaer j) u.~.L. s U4~aJ or me Examiner's final rejection of claims 1-27 and 29. Claim 28 has been cancelled. Br. 2. We have jurisdiction over the pending claims under 35 U.S.C. § 6(b). We affirm. STATEMENT OF THE CASE Appellant's Invention Appellant's invention generally relates to detecting attempts to compromise security and authentication measures used in access control 1 According to Appellant, the real party in interest is Assa Abloy AB. Br. 2. Appeal2014-005435 Application 12/541,480 systems. Spec. 1: 11-13; Abstract. Claim 1, which is illustrative, reads as follows: 1. An access control system comprising: a reader adapted to obtain access permissions information by reading one or more of (a) machine readable credentials, (b) an individual's biometric data, and ( c) knowledge-based user input; an upstream device using a Wiegand protocol to communicate with the reader; and an attack detection module adapted to analyze the information obtained by the reader and based upon such information to detect an attempted attack on the reader, the attack detection module being configured to detect the attempted attack at least by monitoring a control line that connects the upstream device to the reader for whether or not the control line is brought low. Rejections Claims 1-8, 10-18, 21, 22, 24--27, and 29 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Davis (US 2007/0034691 Al; Feb. 15, 2007). Final Act. 3-10. Claim 9 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Davis and Relyea (US 2008/0072283 Al; Mar. 20, 2008). Final Act. 10-11. Claim 19 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Davis and Jernstrom (US 200910066509 Al; Mar. 12, 2009). Final Act. 11. Claim 20 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Davis and Grunwald (US 8, 138,923 B2; Mar. 20, 2012). Final Act. 12. 2 Appeal2014-005435 Application 12/541,480 Claim 23 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over the combination of Davis and Bailey (US 7, 771,334 B2; Aug. 10, 2010). Final Act. 12-13. ANALYSIS Claim 1 Issue 1: Did the Examiner err by finding Davis teaches or suggests "the attack detection module being configured to detect the attempted attack at least by monitoring a control line that connects the upstream device to the reader for whether or not the control line is brought low," as recited in claim 1? Appellant contends the Examiner erred in rejecting claim 1 because Davis does not teach or suggest the disputed limitation. Br. 7-8. Particularly, Appellant contends Davis' teaching of monitoring a control line for an output signal announcing an attack does not teach or suggest detecting an attack by monitoring a control line for whether or not the control line is brought low because: In one attack scenario, a reader is presented with the claimed, "one or more of (a) machine readable credentials, (b) an individual's biometric data, and/or (c) knowledge-based user input," and signals to the upstream device for authentication - which may or may not be received by the upstream device - and, in response, receives no reply signal from the upstream device. In response to a valid credential, Wiegand protocol would bring the line low. However, an invalid credential would result in no signal. The teachings of Appellant's claim 1 allows for the attack detection module to detect the attack by determining, amongst other things, whether or not the control signal was brought low. 3 Appeal2014-005435 Application 12/541,480 To further illustrate the novelty over Davis, the upstream device may not be operational, such as due to the acts of an attacker. Davis provides no solution to such a scenario. However, Appellant's claim 1 provides for the attack detection module to receive information from the reader to monitor whether or not the control line has been brought low. Br. 8 (citing Spec. 14: 15-16) (internal citations omitted). We do not find Appellant's contention persuasive. Davis relates to authenticating radio frequency identification (RFID) devices and validating readers of the RFID devices. Davis, Abstract; i-f 2. Davis teaches that each reader is adapted for exchanging information with the host computer and for requesting and acquiring data from an RFID device. Davis i-f 42. Davis further teaches that processing of the data acquired by the reader may be performed using the host computer and that the host computer may generate signals facilitating execution of the results of interrogating the RFID device (e.g., engage/disengage a locking mechanism, allow/disallow movement of a monitored article, temporarily disable the reader, activate an alarm system, etc.). Id. The Examiner finds, and we agree, Davis teaches the reader is coupled to a host computer via an interface implemented using a wired communication link. Ans. 2 (citing Davis i-f 3 7). The Examiner additionally finds the wired communication link is within the broadest reasonable interpretation of the claimed "control line" because the wired communication link is used to transmit the signals facilitating the execution of the results of interrogating the RFID device, thus describing a control line. Ans. 3. The Examiner's interpretation is reasonable and consistent with Appellant's Specification. See Spec. 14:13-15:4. The Examiner finds, and we agree, Davis teaches the wired communication link may utilize the Wiegand protocol. Non-Final Act. 3 (citing Davis i-f 37). Appellant 4 Appeal2014-005435 Application 12/541,480 acknowledges that when utilizing the Wiegand protocol, the control line would be brought low to signal a valid credential. Br. 8. Davis, therefore, teaches or suggests utilizing the Wiegand protocol to transmit the signals facilitating the execution of the results of interrogating the RFID device via the wired communication link. Davis further teaches that a portion of the process for determining whether the RFID device is valid or invalid (e.g., detecting an attack) can be performed by the reader. Davis i-f 76. As such, Davis teaches or suggests an attack detection module located at the reader for monitoring the control line for whether or not the control line (e.g., the wired communication link) is brought low (signaling a valid RFID device) or remains high (signaling an invalid RFID device). Accordingly, we are not persuaded the Examiner erred in rejecting claim 1 and claims 2-10, which depend from claim 1 and are not argued separately with particularity. Claim 11 Issue 2: Did the Examiner err by finding Davis teaches or suggests "monitoring a Wiegand control line that connects the reader to an upstream device to determine whether one or more void credentials have been read," as recited in claim 11? Appellant contends the Examiner erred in rejecting claim 11 because Davis does not teach or suggest the disputed limitation. Br. 9. Particularly, Appellant contends: [A] system utilizing the Wiegand protocol would result in a signal for a valid credential, but no signal for an invalid credential (See Specification, p. 14, lines 15-16). Contrary to the 5 Appeal2014-005435 Application 12/541,480 Br. 9. Examiner's position, the teachings of Davis do not provide for the claimed, "determine whether one or more void credentials have been read." Whereby the absence of a signal may be utilized to determine if a void credential has been read. We do not find Appellant's contention persuasive. As discussed supra, Davis teaches determining whether a RFID device is valid or invalid based on monitoring a wired communication link coupling the reader to the host computer and that the wired communication link may utilize the Wiegand protocol. The Examiner finds an RFID card determined to be invalid by Davis' host computer, is within the broadest reasonable interpretation of the claimed "one or more void credentials" and, therefore, that Davis teaches or suggests the disputed limitation. Ans. 5---6. Appellant's Specification does not expressly define the term "void credential." In describing a "Void Detection Mechanism," Appellant's Specification describes "void cards" as cards or credentials that are not acknowledged as being a valid credential. Spec. 14: 13-15:4. The Examiner's interpretation, therefore, is reasonable and consistent with Appellant's Specification. As such, we are not persuaded the Examiner erred in finding Davis teaches or suggests the disputed limitation. Accordingly, we are not persuaded the Examiner erred in rejecting claim 11 and claims 12-18, 21, 22, 24--27, and 29, which depend from claim 11 and are not argued separately with particularity. Claim 19 Issue 3: Did the Examiner err by finding the combination of Davis and J emstrom teaches or suggests "wherein the determining step comprises 6 Appeal2014-005435 Application 12/541,480 detecting that a credential presented to the reader is attempting to utilize a restricted data format," as recited in claim 19? Appellant contends the Examiner erred in rejecting claim 19 because the combination of Davis and Jernstrom does not teach or suggest the disputed limitation. Br. 10-11. Particularly, Appellant contends: Jerstrom, assuming arguendo, teaches the determination of the matching of a data format. Claim 19 is different and provides, in part, for, "detecting that a credential presented to the reader is attempting to utilize a restricted data format." Br. 11. We do not find Appellant's contention persuasive. The Examiner finds, and we agree, Jernstrom teaches a reader that obtains RFID data and validates the RFID data by comparing a format of the RFID data to a standardized data format. Ans. 7 (citing Jernstrom i-fi-15, 17, 55). The Examiner also finds, and we agree, Jernstrom teaches that when the format of the RFID data does not match the standardized data format, the user is alerted and the program ends. Id. Because Jernstrom teaches the program ends when the format of the RFID data does not match the standardized data format, we agree with the Examiner (Ans. 7) that Jernstrom teaches or suggests this non-matching data format is a restricted data format (e.g., a data format). As such, we are not persuaded the Examiner erred in finding the combination of Davis and Jernstrom teaches or suggests the disputed limitation. Accordingly, we are not persuaded the Examiner erred in rejecting claim 19. 7 Appeal2014-005435 Application 12/541,480 Claim 20 Issue 4: Did the Examiner err by finding the combination of Davis and Grunwald teaches or suggests "detecting that a phantom message has been transmitted to an upstream device without authorization of the reader," as recited in claim 20? Appellant contends the Examiner erred in rejecting claim 20 because the combination of Davis and Grunwald does not teach or suggest the disputed limitation. Br. 12-13. Particularly, Appellant contends the combination of Davis and Grunwald fails to teach or suggest the disputed limitation because "Grunwald expressly teaches the processing of messages which originate from an RFID reader" and "Grunwald is silent as to, 'detecting that a phantom message has been transmitted to an upstream device without authorization of the reader."' Br. 13. We do not find Appellant's contentions persuasive. Contrary to Appellant's contentions, the Examiner does not find that Grunwald expressly teaches detecting that a phantom message has been transmitted to an upstream device without authorization of the reader. Instead, the Examiner finds the limitation would be obvious in view of Grunwald teaching that an RFID security server, or appliance and RFID security software, detects and blocks unwanted malware and errors in the data obtained by a reader from an RFID tag. Ans. 8-9 (citing Grunwald 3: 14--27; 7:22-23; 8:4--9, 33--43; 10: 15-17). Appellant's contentions fail to persuasively rebut the Examiner's particular finding regarding the limitation being obvious in view of the teachings of Grunwald and, therefore, are unpersuasive of error. 8 Appeal2014-005435 Application 12/541,480 Accordingly, we are not persuaded the Examiner erred in rejecting claim 20. Claim 23 Issue 5: Did the Examiner err by finding the combination of Davis and Bailey teaches or suggests "detecting that data from a multi-technology credential does not match between technologies," as recited in claim 23? Appellant contends the Examiner erred in rejecting claim 23 because the combination of Davis and Bailey does not teach or suggest the disputed limitation. Br. 13-15. Particularly, Appellant contends "[m]ulti-technology credentials are credentials that utilize at least two RFID technologies, such as when a particular site has upgraded some, but not all, readers" and "Bailey is silent to such a teaching." Br. 14--15 (citing Spec. 13:6-14:11). We do not find Appellant's contention persuasive. We disagree that the term "multi-technology credentials" is limited to at least two RFID technologies. Appellant's Specification does not expressly define "multi- technology credentials." However, in the description of "Redundant Multi- technology Data," Appellant's Specification provides "[a]s credential technology changes, often times a credential will contain the same or very similar data in different machine-readable technologies." Spec. 13:6-8. Therefore, the broadest reasonable interpretation of "multi-technology credentials" consistent with Appellant's Specification includes at least two credentials containing data in different machine-readable technologies. The Examiner finds, and we agree, Bailey teaches an interface coupled to both an RFID reader and a barcode reader and that the interface 9 Appeal2014-005435 Application 12/541,480 comprises a software program that compares the data received from the RFID tag to information received from the bar code reader to and issues an alert when the data from the RFID tag does not match the information received from the bar code reader. Ans. 9 (citing Bailey 7:32-8:17; Fig. 21). As such, we are not persuaded the Examiner erred in finding the combination of Davis and Bailey teaches or suggests the disputed limitation. Issue 6: Did the Examiner err by combining the teachings of Davis and Bailey? Appellant contends the combination of Davis and Bailey is improper because Bailey is not analogous art. Br. 14. Appellant contends "one attempting to solve a problem in the field of RFID attack heuristics would [] look to the 'same field of endeavor' and, therefore, not look to devices for the manufacturing of pharmaceuticals, such as Bailey." Br. 15. Appellant further contends "[t]he application of Bailey to Davis is without motivation, or if found would be discarded as non-analogous art." Br. 15. We do not find Appellant's contention persuasive. A reference qualifies as prior art for an obviousness determination under § 103 only when it is analogous to the claimed invention. In re Klein, 647 F.3d 1343, 1348 (Fed. Cir. 2011). Two separate tests define the scope of analogous prior art: (1) whether the art is from the same field of endeavor, regardless of the problem addressed and, (2) if the reference is not within the field of the inventor's endeavor, whether the reference still is reasonably pertinent to the particular problem with which the inventor is involved. Klein, 647 F.3d at 1348. A reference is reasonably pertinent if, even though it may be in a 10 Appeal2014-005435 Application 12/541,480 different field from that of the inventor's endeavor, it is one which, because of the matter with which it deals, logically would have commended itself to an inventor's attention in considering his problem. Id. Bailey relates to "a machine for assembling pharmaceutical and pharmaceutical-like products." Bailey 1:15-16. Appellant's invention "is generally directed to readers capable of reading machine-readable credentials and attacks directed against such readers and the communications between readers and other devices." Spec. 1:9-11. As such, we agree with Appellant that Bailey is not from the same field of endeavor as Appellant's invention. However, Appellant fails to address the second, separate test defining the scope of analogous art-whether Bailey is still reasonably pertinent to the particular problem with which the inventor is involved. In describing "Redundant Multi-Technology Data," Appellant's Specification provides updating readers in response to changes in credential technology as a particular problem with which the inventor is involved. Spec. 13:7-14:11. Appellant's Specification describes migration strategies as a solution to this particular problem and states "if multi-technology credentials are also deployed at the site having the same or similar data in both technologies, a better strategy is to actually read both technologies and compare the data read from each technology to make sure that the data matches." Spec. 14:1--4. Bailey describes an assembly machine that includes a bar code reader for reading a bar code (Bailey 7:32-35) and a RFID system for obtaining data from an RFID tag (Bailey 7:45-59). Bailey teaches that the assembly machine includes a software program that "compares the data received from the RFID tags 17 to the information received from bar code reader 98 to make sure there is a match." Bailey 11 Appeal2014-005435 Application 12/541,480 8: 11-14. Accordingly, we are not persuaded that one of ordinary skill in the art, when contemplating migration strategies for updating readers in response to changes in technology would fail to consider the Bailey's teachings regarding multi-technology credentials merely because Bailey generally relates to a machine for assembling pharmaceutical and pharmaceutical-like products. As such, we are not persuaded the Examiner erred in combining Davis and Bailey. For the foregoing reasons, we are not persuaded the Examiner erred in rejecting claim 23. DECISION We affirm the Examiner's rejections of claims 1-27 and 29. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l )(iv). AFFIRMED 12 Copy with citationCopy as parenthetical citation
