Ex Parte Guo et alDownload PDFPatent Trial and Appeal BoardJan 17, 201712141939 (P.T.A.B. Jan. 17, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 12/141,939 06/19/2008 Wei-Qiang Guo 13768.2810 6306 47973 7590 01/19/2017 WORKMAN NYDEGGER/MICROSOFT 60 EAST SOUTH TEMPLE SUITE 1000 SALT LAKE CITY, UT 84111 EXAMINER WANG, HARRIS C ART UNIT PAPER NUMBER 2439 NOTIFICATION DATE DELIVERY MODE 01/19/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): Docketing @ wnlaw. com u sdocket @ micro soft .com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte WEI-QIANG GUO, LYNN AYRES, RUI CHEN, SARAH FAULKNER, and YORDAN ROUSKOV Appeal 2016-001554 Application 12/141,939 Technology Center 2400 Before ALLEN R. MacDONALD, JEFFREY S. SMITH, and MICHAEL J. ENGLE, Administrative Patent Judges. MacDONALD, Administrative Patent Judge. DECISION ON APPEAL Appeal 2016-001554 Application 12/141,939 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from a final rejection of claims 1, 2, 4, 6—10, 12, 14—17, and 20-24. Final Act. 1. Claims 3, 5, 11, 13, 18, and 19 have been cancelled. App. Br. 5. We have jurisdiction under 35 U.S.C. § 6(b). Exemplary Claims Exemplary claims 1 and 17 under appeal read as follows (emphasis added): 1. A method comprising: receiving, at a user device and via a non-home security authority login user interface implemented at the user device, user credentials of a user, the user credentials comprising at least an identifier of the user and a password; requesting, by the user device, identification of a home security authority of the user based on the user credentials by accessing a realm list datastore of the user device, the user device having an account with the home security authority but not with the non-home security authority; responsive to said requesting, receiving the identification of the home security authority of the user; and requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority. 17. A computer-implemented method comprising: receiving, at a user device and via a login user interface for a non-home security authority, a request from a user for identification of a home security authority of the user based on at least a portion of user credentials of the user provided with the request, the non-home security authority being in a first realm and the home security 2 Appeal 2016-001554 Application 12/141,939 authority being in a second realm, the first realm and the second realm being members of a federation and each being associated with at least one network service, the request not including a secret portion of the user credentials', evaluating, at the user device, a realm list providing one or more mappings between user credentials or portions thereof and realm information, the realm information identifying the home security authority corresponding to the user credentials or portion thereof; and sending, from the user device to the identified home security authority corresponding to the user, a request to authenticate the user for access to the non-home security authority using the user credentials, the request to authenticate the user not including a secret portion of the user credentials. Rejections 1. The Examiner rejected claims 1, 2, 4, 6—10, 12, 14—16, and 21—23 under 35 U.S.C. § 103(a) as being unpatentable over the combination of Howard et al. (US 2005/0223217 Al; published Oct. 5, 2005), Chia et al. (US 2008/0072301 Al; published Mar. 20, 2008), and Short et al. (US 6,636,894 Bl; issued Oct. 21, 2003).1 2. The Examiner rejected claims 17 and 24 under 35 U.S.C. § 103(a) as being unpatentable over the combination of Howard and Chia.2 1 Separate patentability is not argued for claims 2, 4, 6—10, 12, 14—16, and 21—23. As to claim 9, Appellants repeat for this claim (App. Br. 18—22) the arguments directed to claim 1. Such a repeated argument is not in fact an argument for “separate patentability.” As to claim 23, Appellants address this claim (App. Br. 26—27) by referencing the arguments for claim 17 only. Except for our ultimate decision, claims 2, 4, 6—10, 12, 14—16, and 21—23 are not discussed further herein. 2 Separate patentability is not argued for claim 24. Appellants address this claim only by referencing the arguments for claim 17. App. Br. 26—27. Except for our ultimate decision, this claim is not discussed further herein. 3 Appeal 2016-001554 Application 12/141,939 3. The Examiner rejected claim 20 under 35 U.S.C. § 103(a) as being unpatentable over the combination of Howard, Chia, and SearchNetworking.com (definition of URL (Uniform Resource Locator); Aug. 9, 2000).3 Appellants ’ Contentions 1. Appellants contend that the Examiner erred in rejecting claim 1 under 35 U.S.C. § 103(a) because: In making out the rejection of claim 1, the Office admits that “Howard and Chia do not explicitly teach responsive to said requesting, receiving the identification of the home security authority of the user, requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority” (Final Office Action, p. 5). Appellant agrees. The Office then relies on Short for disclosing this subject matter of claim 1, citing in support to Short at column 13, lines 7-21 (Final Office Action, p. 6). Appellant respectfully disagrees and submits that this above- noted subject matter of claim 1 is similarly missing from Short. App. Br. 15, bold-italic emphasis added. Short appears to merely describe redirecting a user to a login page, in response to determining that the user is not authorized to access a network, so that the user may enter credentials and be authorized to access the network. Appellant respectfully submits that redirecting a user to a login page, as described by Short, is not the same as [the above-noted subject matter] recited in claim 1. . . . Short’s discussion of redirecting a user to a login page “where the user has to login and identify themselves” expressly requires that a user enter credentials and submit the entered 3 Separate patentability is not argued for claim 20. Appellants address this claim only by referencing the arguments for claim 17. App. Br. 26—27. Except for our ultimate decision, this claim is not discussed further herein. 4 Appeal 2016-001554 Application 12/141,939 credentials via the login page and to a network in order to gain access to the network {Short, col. 12, lines 62 and 63). App. Br. 17, bold-italic emphasis added. 2. Appellants contend that the Examiner erred in rejecting claim 17 under 35 U.S.C. § 103(a) because: Requesting user credentials, including a login and a password, by an authentication service as described by Howard, however, is not the same as “receiving, at a user device and via a login user interface for a non-home security authority, a request from a user for identification of a home security authority of the user based on at least a portion of user credentials of the user provided with the request, the non-home security authority being in a first realm and the home security authority being in a second realm, the first realm and the second realm being members of a federation and each being associated with at least one network service, the request not including a secret portion of the user credentials” as recited in claim 17 (emphasis added). App. Br. 25. In contrast to this subject matter of claim 17, Howard offers no indication that the “request user ID (3)” performed by the authentication broker service 302 is associated with a user interface of the relying computing entity resource and/or services 306 (See, e.g., Howard, paragraphs [0048]-[0050]; Fig. 3). Without any such indication, it is virtually impossible for Howard to teach or in any way suggest the above-noted subject matter of claim 17. App. Br. 25, bold-italic emphasis added. 3. Appellants contend that the Examiner erred in rejecting claim 17 under 35 U.S.C. § 103(a) because: When a user, via a terminal, first associates with a visited domain, “the terminal presents its credentials embedded in the login message to the Authentication Controller of the Visited Domain” (Chia, paragraph [0068]). However, as Chia does not discuss a login interface for the visited domain, it is virtually 5 Appeal 2016-001554 Application 12/141,939 impossible for Chia to disclose or in any way suggest “receiving, at a user device and via a login user interface for a non-home security authority . . .” as recited in claim 17. App. Br. 26. Issue on Appeal Did the Examiner err in rejecting claims 1 and 17 as being obvious? ANALYSIS We have reviewed the Examiner’s rejections in light of Appellants’ arguments (Appeal Brief and Reply Brief) that the Examiner has erred. As to Appellants’ above contention 1 covering claim 1, we agree. In response to Appellants’ argument, as in the Final Action at page 6, the Examiner again points to Short at column 13, lines 7—9, as teaching “receiving the identification of the home security authority of the user and requesting authentication . . . without sending the user credentials to the non home security authority.” Ans. 4; Final Act. 5—6. Our review of Short does not find a teaching of the limitation as asserted by the Examiner.4 4 Although we conclude that Short is lacking as to this limitation, the Examiner rejects claim 17 by relying on Howard as teaching such a limitation. Final Act. 16—17. However, in rejecting claim 1, the Examiner finds “Howard and Chia do not explicitly teach . . . requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority.” Final Act. 5. To the extent the Examiner may have made contradictory findings as to Howard, we do not newly reject claim 1 based on Howard and Chia, and we leave it to the Examiner to determine the appropriateness of any such rejection. 6 Appeal 2016-001554 Application 12/141,939 As to Appellants’ above contention 2 covering claim 17, we disagree with Appellants’ conclusions. Howard at paragraphs 48—54 performs a message process (1)—(9) which includes an initial request (1) for access to relying computing entity 300, a subsequent request of message (3) for a user ID for realm discovery, which ID is then returned at (4). The realm discovery is performed based thereon, and the request is redirected at (5). Then, a further request (6) is provided for a login and password (150). The overall process of message process (l)-(9) logs into relying computing entity 300 based on an initial request (1), and the subsequent request of message (3) does not include a secret portion of the user credentials. To the extent Appellants are arguing that in the context of Howard claim 17 would require “that the ‘request user ID (3)’ performed by the authentication broker service 302 is associated with a user interface of the relying computing entity resource” (App. Br. 25), we disagree. Claim 17 requires only that the interface is “for” the non-home security entity. That is, the interface must ultimately provide access to the non-home security entity. We find no requirement that the interface be otherwise associated with the non-home security entity. Appellants’ argument is not commensurate with the scope of claim 17. As to Appellants’ above contention 3 covering claim 17, we disagree. Chia teaches performing a single-sign-on to provide its credentials. Chia 116. Those credentials are then provided to an Authentication Controller of the Visited Domain. Id. | 68. Again, we conclude that nothing more particular is required by the language of claim 17. 7 Appeal 2016-001554 Application 12/141,939 CONCLUSIONS (1) The Examiner has not erred in rejecting claims 17, 20, 23, and 24 as being unpatentable under 35 U.S.C. § 103(a). (2) Appellants have established that the Examiner erred in rejecting claims 1, 2, 4, 6—10, 12, 14—16, 21, and 22 as being unpatentable under 35 U.S.C. § 103(a). (3) Claims 1, 2, 4, 6—10, 12, 14—16, 21, and 22 have not been shown to be unpatentable. (4) Claims 17, 20, 23, and 24 are not patentable. DECISION The Examiner’s rejections of claims 17, 20, 23, and 24 are affirmed.5 The Examiner’s rejections of claims 1, 2, 4, 6—10, 12, 14—16, 21, and 22 as being unpatentable under 35 U.S.C. § 103(a) is reversed. 5 As the Examiner has shown that claim 17 is unpatentable, we do not further reject Appellants’ claim 17 under 35 U.S.C. § 112, first paragraph, as failing to comply with the written description requirement. However, should there be further prosecution of these claims, the Examiner’s attention is directed to our following concerns. On February 19, 2014, Appellants filed an amendment as to the limitation of a request for a non-home security authority by adding (a) “the request not including a secret portion of the user credentials” and as to the limitation of a request to authenticate sent to a home security authority by adding (b) “the request to authenticate the user not including a secret portion of the user credentials” to claim 17. We have reviewed Appellants’ Specification. While we find support for above amendment (a), we have not found sufficient support for the above amendment (b). Appellants identify Figure 6 and paragraph 40 as supporting this amendment (b) claim language (App. Br. 10). However, paragraph 40 8 Appeal 2016-001554 Application 12/141,939 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED-IN-PART recites an embodiment where contrary to above amendment (b), the password (secret portion as shown at paragraph 5) is sent directly to realm A’s account authority (home security authority). We do not find support in paragraph 40 for above amendment (b). Thus, in the event of further prosecution, the Examiner may wish to consider whether claim 17 lacks sufficient written description. 9 Copy with citationCopy as parenthetical citation
