Ex Parte Hoornaert et alDownload PDFPatent Trial and Appeal BoardDec 13, 201209789197 (P.T.A.B. Dec. 13, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 09/789,197 02/20/2001 Frank Hoornaert VAS-107US 4820 23122 7590 12/14/2012 RATNERPRESTIA P.O. BOX 980 VALLEY FORGE, PA 19482-0980 EXAMINER SHAW, YIN CHEN ART UNIT PAPER NUMBER 2439 MAIL DATE DELIVERY MODE 12/14/2012 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte FRANK HOORNAERT and MARIO HOUTHOOFT ____________ Appeal 2010-0115231 Application 09/789,197 Technology Center 2400 ____________ Before SCOTT R. BOALICK, DENISE M. POTHIER, and BARBARA A. BENOIT, Administrative Patent Judges. POTHIER, Administrative Patent Judge. DECISION ON APPEAL 1 On August 2, 2012, Appellants waived the oral hearing scheduled for November 16, 2012. Appeal 2010-011523 Application 09/789,197 2 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1-11, 13-25, 27-31, 34-39, 41, 45-71, 73-75, 77-91, 102-107, and 118-126. Claims 12, 26, 32, 33, 40, 42-44, 72, 76, and 92 have been canceled; claims 93-101 and 108-117 have been withdrawn from consideration. App. Br. 2.2 We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. Invention Appellants’ invention relates to a programmable smart card terminal device and token for use with user authentication, secure access, and encryption. See Abstract. Illustrative claim 1 is reproduced below with certain disputed limitations emphasized: 1. A handheld electronic smart card terminal capable of acting as a token device for allowing secure communication between a user and a remote application provided by a service provider, said handheld terminal comprising: a smart card reader adapted to receive and communicate with a smart card having data stored thereon; a token personality logic that is initially generic and is programmed with a token device personality subsequent to insertion of a smart card in said smart card reader, said token device personality dependent on said stored data; and a communications mechanism for communicating a dynamic credential derived from said token device personality to said user for transmission to said remote application provided by a service provider. The Rejections The Examiner relies on the following as evidence of unpatentability: 2 Throughout this opinion, we refer to the Final Rejection mailed August 4, 2009, the Appeal Brief filed January 4, 2010, the Examiner’s Answer mailed March 30, 2010, and the Reply Brief filed June 1, 2010. Appeal 2010-011523 Application 09/789,197 3 Weiss US 5,485,519 Jan. 16, 1996 Levie US 6,065,679 May 23, 2000 Mooney US 6,351,813 B1 Feb. 26, 2002 (filed Aug. 7, 1998) Montgomery US 6,564,995 B1 May 20, 2003 (filed Sept. 17, 1998) The Examiner rejected claims 1, 5, 7-11, 13-20, 24, 27-31, 34, 38, 41, 45-71, 73-75, 77-91, 102-107, 118, 120, and 123-126 under 35 U.S.C. § 103(a) as unpatentable over Mooney and Levie. Ans. 3-17. The Examiner rejected claims 2-4, 6, 21-23, 25, 35-37, and 39 under 35 U.S.C. § 103(a) as unpatentable over Mooney, Levie, and Weiss. Ans. 17-19. The Examiner rejected claims 119, 121, and 122 under 35 U.S.C. § 103(a) as unpatentable over Mooney, Levie, and Montgomery. Ans. 19-20. THE OBVIOUSNESS REJECTION OVER MOONEY AND LEVIE Claims 1, 15-17, and 126 Regarding independent claim 1, Appellants argue: (1) Mooney does not teach: (a) a handheld smart card terminal (App. Br. 10, 12-13); (b) a terminal capable of acting as a token device for allowing secure communications between a user and a remote application (App. Br. 13-15) and (c) a token personality logic separate from the recited smart card reader and smart card (App. Br. 10, 15-16). Appellants also contend that Levie fails to cure the deficiencies of Mooney, including the recited communications mechanism. App. Br. 11, 16-18; Reply Br. 5-7. Appellants assert that the Examiner has not provided a reason for combining Mooney Appeal 2010-011523 Application 09/789,197 4 with Levie. App. Br. 18. Appellants lastly contend that the Examiner has fashioned a new rejection in the Examiner’s Answer. See Reply Br. 3-4. ISSUES Under § 103, has the Examiner erred in rejecting claim 1 by finding that Mooney and Levie collectively would have taught or suggested: (1) a handheld electronic smart card terminal capable of acting as a token device for allowing secure communication between a user and a remote application provided by a service provider? (2) a token personality logic programmed with a token device personality? (3) a communications mechanism for communicating a dynamic credential derived from said token device personality to said user for transmission to said remote application provided by a service provider? Under § 103, is the Examiner’s reason to combine Mooney and Levie supported by articulated reasoning with some rational underpinning to justify the Examiner’s obviousness conclusion? ANALYSIS We begin by noting that the Examiner’s rejection of claim 1 relied upon Mooney to teach the recited: (a) handheld electronic smart card terminal capable of acting as a token device for allowing secure communication between a user and a remote application provided by a service provider and (b) token personality logic, and Levie to teach (c) the recited communications mechanism. Ans. 4-5; see also Final Rej. 10-11. Yet, for the first time in the Response to Argument section of the Appeal 2010-011523 Application 09/789,197 5 Examiner’s Answer, the Examiner discusses Levie as “singularly” teaching all the limitations, including the handheld electronic smart card terminal and the token personality logic. Ans. 22-23. As noted by Appellants (Reply Br. 3-4), such shifts must be designated as a new ground of rejection to give Appellants notice and a fair opportunity to respond to the new position. See MPEP § 1207.03; see also In re Kronig, 539 F.2d 1300, 1302-03 (CCPA 1976). The Examiner did not follow this procedural requirement. We therefore decline to reach the merits of the newer, shifted position in the Response to Argument section concerning Levie and elements (a) and (b). Because we decline to review the Examiner’s newer position, many of Appellants’ arguments in the Reply Brief (Reply Br. 5-6) are not addressed in this opinion. We now turn the disputed limitations based on the rejection presented in the Ground of Rejection section of the Answer. Ans. 3-5. 1. Handheld electronic smart card terminal Appellants specifically argue that Mooney’s portable or laptop computer (Ans. 4 (citing col. 3, l. 38-39)), is not equivalent to a handheld terminal. App. Br. 10, 12-13. We disagree. First, identity of terminology is not required for Mooney to teach “[a] handheld electronic smart card.” See In re Bond, 910 F.2d 831, 832 (Fed. Cir. 1990). As such, Mooney need not use the exact words, “handheld,” or “terminal,” to teach or suggest such a limitation. Second, Appellants have not defined the terms, “handheld” or “terminal.” See generally Specification. Nor have Appellants demonstrated that the Examiner’s construction of these words is inconsistent with the meaning one skilled in the art would reach. App. Br. 12-13. Third, Appeal 2010-011523 Application 09/789,197 6 Appellants merely assert with no convincing supporting evidence that Mooney’s portable computer is not the same as a handheld terminal. App. Br. 12. Arguments unsupported by persuasive factual evidence are entitled to little probative value. Cf., In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997). Given that Mooney shows a computer system having a display and keyboard (see Fig. 1), we find that Mooney teaches or suggests a terminal. Additionally, Mooney teaches the computer can be a portable or laptop version of the computer (col. 3, ll. 34-39), suggesting at a minimum that the terminal can be a handheld embodiment. Additionally, Mooney teaches the smart card reader is part of the computer (see col. 3, ll. 50-52; Fig. 1), and thus Mooney teaches and suggests a “handheld smart card terminal,” as broadly as recited. 2. Terminal capable of acting as a token device for allowing secure communication between a user and a remote application provided by a service provider Before we address the Examiner’s reliance on Mooney, we begin by construing the recited terminal limitation that is capable of acting as a token device and allowing secure communication between a user and a remote application provided by a service provider. This limitation is located in the preamble of claim 1 and only describes the intended purpose of the claimed invention. A preamble is not limiting when it only states the invention’s purpose or intended use. See Catalina Marketing Int’l, Inc., v. Coolsavings.com Inc., 289 F.3d 801, 808 (Fed. Cir. 2002). Appeal 2010-011523 Application 09/789,197 7 Claim 1 also includes an additional limitation to the remote application in the body of claim when reciting the “communications mechanism.” Similar to the recitation in the preamble, this recitation that the communications mechanism is “for communicating a dynamic credential derived from said token device personality to said user for transmission to said remote application provided by a service provider” is a functional limitation. Thus, the preambular limitation (e.g., being capable of allowing communications between a user and a remote application) is not necessary to give meaning to claim 1, see Pitney Bowes, Inc. v. Hewlett-Packard Co., 182 F.3d 1298, 1305 (Fed. Cir. 1999), and is considered at best a functional recitation. As such, Mooney need only demonstrate the ability to perform the functions recited in the preamble. See In re Schreiber, 128 F.3d 1473, 77-78 (Fed. Cir. 1997). We now turn to Mooney. The Examiner cites Mooney’s Figure 11 and its teaching of transporting files in a secure manner using encryption from a remote location (e.g., one user) to a user over the Internet. See Ans. 4 (citing Abstract, col. 1, ll. 50-53, col. 6, ll. 31-53). These teachings demonstrate Mooney’s ability to transfers files in an encrypted form from a remote location. Since applications consists of files, Mooney further demonstrates the ability to communicate securely between a user and a remote application (e.g., located at the remote user where the files are transferred). Moreover, this remote application at the remote user can originally be provided by a service provider. Thus, Mooney discloses the capability to allow secure communication between a user and remote application provided by a service provider as recited. Appeal 2010-011523 Application 09/789,197 8 We further note that Mooney teaches using the electronic keys for electronic controlled door locks and automobile ignition systems, which are both remote applications. Col. 7, ll. 38-45; see also Ans. 15 (citing col. 8, ll. 20-30 when rejecting claim 61). Additionally, Appellants’ argument that Mooney does not “suggest[] that the decryption occurs when the remote application (at the location of user B) is in communication with a site at the location of user A” (App. Br. 14) is not commensurate in scope with claim 1. Nor does claim 1 recite “remote access” of the remote application. Regarding the recitation of a “terminal capable of acting as a token device for allowing secure communication . . .[,]” Mooney’s Figure 11 shows that each user uses a smart card (e.g., 1150, 1190). Fig. 11. When referring to Weiss, Appellants have stated that a smart card is an example of a token. App. Br. 4. Additionally, Mooney describes the system uses the key generated by a user’s smart card (e.g., 1150) to encrypt files and another key generated by another user’s smart card (e.g., 1190) at a remote location to decrypt files. See col. 6, ll. 31-49; Fig. 11. As these keys are generated using the smart card connected to Mooney’s card reader to permit access to files and, as a result, also the network in Figure 11, we find that Mooney’s terminal also has the ability to act “as token device” as broadly as recited in claim 1’s preamble. 3. Token personality logic The Examiner finds that Mooney has “a token personality logic” (see Ans. 4, 21), which only further demonstrates Mooney’s ability to act “as a token device.” Appellants contend that the Examiner ignores the distinction between the smart card and the terminal and relies on the session files on the Appeal 2010-011523 Application 09/789,197 9 smart card as the separately recited token personality logic that is part of the terminal and separate from the smart card. See App. Br. 15-16. We initially note that, while Appellants recite the smart card reader that receives a smart card separately from the token personality logic in claim 1, there is no restriction in the claim that the logic cannot be located on the smart card. Also, Appellants have not defined the phrase, “token personality logic” (see generally Specification), and state that the token personality logic “can generate a token device personality using said user authentication data” (5:3- 4) stored on the smart card (4:30-5:4). Thus, giving the phrase, “token personality logic,” its broadest reasonable construction in light of the disclosure, we find no error in the Examiner’s interpretation that the logic used to generate the session keys, even if located on the smart card, can be the recited token personality logic in claim 1. The cited passages in Mooney (Ans. 4, 21) teach the smart card includes default questions, session keys and data files. Col. 5, ll. 1-9. Upon receiving the system, the disclosed default questions and answers stored on the smart card are changed by the user. Id. To elaborate, the smart card can be personalized by changing the questions and answers and that these questions and answers are used to unlock a security compartment. Col. 7, ll. 1-13. New keys can also be generated using the questions and answers. See Col. 5, ll. 27-45; Figs. 5-6. Thus, Mooney teaches various logic (e.g., code) used to personalize the questions and answers as well as generate keys. This logic is also initially generic (e.g., based on a default) and then is programmed with a personality (e.g., changes based user-selected questions and answers or newly-generated keys) subsequent to inserting the smart card. Id. The changed data is also stored on the smart card (see col. 5, Appeal 2010-011523 Application 09/789,197 10 ll. 1-9, col. 6, ll. 32-36), and the personality is based on (i.e., dependent on) the stored data. Lastly, Mooney teaches that the logic uses the initially stored data (e.g., default questions, answers, and key) before any data on the smart card can be personalized. See col. 5, ll. 1-9, 27-47, col. 7, ll. 1-13. Thus, the device’s personality is dependent on the stored data. 4. Communications mechanism for communicating a dynamic credential derived from said token device personality to said user for transmission to said remote application provided by a service provider At the outset, we note that the phrase, “communications mechanism,” is used in the disclosure only on page five and has not been defined in the disclosure (see generally Specification). Appellants have mapped the communications mechanism in claim 1 to a display or user interface. App. Br. 4. We find that both Levie (Figs. 7-8) and Mooney (Fig. 1) have a display and thus include a communications mechanism consistent with Appellants’ understanding. Moreover, the Examiner when rejecting claim 13, which further limits the communications mechanism to a display, relied upon Levie’s display 60 in Figure 4. See Ans. 7. The Examiner also relies on Levie to teach the functional limitation of the communications mechanism – communicating a dynamic credential. Ans. 4-5. The Examiner proposes modifying Mooney’s device, which has a token device personality and transmits credentials (e.g., keys) to users over a network as explained above, for transmitting a dynamic credential as taught by Levie. See Ans. 5. Levie demonstrates using a Message Authentication Code (MAC) to verify the integrity of data from a downloaded application Appeal 2010-011523 Application 09/789,197 11 by “MAC’ing” the application’s data with a determined key. Col. 54, ll. 44-67. Levie thus illustrates the ability to generate a dynamic credential and, when combined with Mooney, teaches the ability to communicate such a credential that uses Mooney’s key (e.g., part of the token device personality) and thus is derived from a token device personality to a user so that the data’s integrity can be verified. See Ans. 5, 21-22. Additionally and as explained above, the combined Mooney/Levie device has the ability to transmit the credential to a remote user (see Fig. 11 in Mooney) that has a remote application (e.g., files). Moreover, contrary to Appellants’ assertion (App. Br. 18), the above discussion illustrates that the Examiner has articulated a reason with some rational underpinning (e.g., verify data’s integrity) to justify the Examiner’s obviousness conclusion. Verifying data’s integrity is not only applicable to Levie by such a feature will equally improve Mooney’s system. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of independent claim 1 and claims 15-17 and 126, not separately argued with particularity. Before addressing the disputed dependent claims of independent claim 1 and other independent claims, we will discuss the remaining independent claims 20, 34, 65, and 85 that vary in scope from claim 1. Claims 20, 24, 27-31, 49-56, 65-71, 73, 75, 77-82, and 103 Independent claim 20 recites a method and an active step of accessing the remote secure application using the data derived from the token device personality. Among other things, Appellants argues that Mooney does not disclose the accessing step. App. Br. 20. The Examiner does not Appeal 2010-011523 Application 09/789,197 12 specifically map the accessing step in claim 20 in the rejection (see Ans. 9-10), but finds that Mooney teaches accessing a remote application (see Ans. 9 (citing col. 6, ll. 31-53; Fig. 11)). For the first time in in Response to Argument section, the Examiner adds that the rejection relies on Levie to teach this limitation. See Ans. 24; see also Reply Br. 6-7. However, as stated above, this is a shift in the rejection we will not consider because it must be designated a new ground of rejection. Based on the evidence of record and how the rejection was originally presented, we agree with Appellants that Mooney does not teach or suggest accessing a remote secure application using the data derived from the token device personality. To be sure, we found that Mooney suggests the ability to transmit a remote application from a remote site (e.g., a user) in a secure manner. Col. 6, ll. 31-53; Fig. 11. However, this passage in Mooney fails to teach or suggest accessing a remote secure application, much less accessing the remote application using the data derived from the token device personality as recited. Independent claim 65 similarly recites accessing the secure remote application using the generated data. We find the Examiner’s rejection (Ans. 9-10), as originally presented, suffers from the same problem discussed above in connection with claim 20. For the foregoing reasons, Appellants have persuaded us of error in the rejection of: (1) independent claim 20; (2) independent claim 65, which recite commensurate limitations; and (3) dependent claims 24, 27-31, 49-56, 66-71, 73, 75, 77-82, and 103 for similar reasons. Appeal 2010-011523 Application 09/789,197 13 Claims 34, 38, 41, and 57 In contrast with independent claims 20 and 65, independent claim 34 is broader in scope, reciting a method that distributes handheld smart card terminals having the features recited in claim 1 as well as assisting the user in accessing the secure remote application. Appellants repeat that Mooney fails to teach a generic token personality logic and generating the token device personality using the data. App. Br. 23-24. We disagree for the reasons discussed above in connection with claim 1. Additionally, Appellants argue that Mooney does not teach: (a) distributing to users different generic handheld smart card terminals and (b) assisting in the user in accessing the secure remote application because Mooney does not describe remote access. Id. Appellants assert Levie does not teach these purportedly missing features and the Examiner has failed to provide a reason to combine Levie with Mooney. App. Br. 24-26. ISSUES Under § 103, has the Examiner erred in rejecting claim 34 by finding that Mooney and Levie collectively would have taught or suggested: (1) distributing to users different generic handheld smart card terminals and (2) assisting the user in accessing the secure remote application? ANALYSIS Based on the record, we find no error in the Examiner’s rejection. Notably, claim 34 does not recite remote access (App. Br. 23) or accessing the remote application, but rather claim 34 recites assisting the user in Appeal 2010-011523 Application 09/789,197 14 accessing a secure remote application. For example, claim 60 more specifically defines what this assisting entails (i.e., authenticating the user). As explained above in connection with claim 1, Mooney teaches authenticating the user for a particular security level by generating questions to answer and also authenticates a user before generating any new key or transmitting any encrypted files from a remote user. Abstract, col. 5, ll. 27-47, col. 6, ll. 31-49; Fig. 11; see also Ans. 28 (citing Fig. 11). As for the functional limitation of providing data, we refer to our previous discussion of: (a) claim 1; (b) the teachings of Levie; and (c) Mooney, when combined with Levie’s teaching of dynamic credentials, teaches or suggests communicating a dynamic credential derived from a token device personality for transmitting to a remote application. These combined teachings, likewise, provide the derived data from the token personality to the user for a secure remote application as broadly as recited in claim 34. As for the disputed distributing step, the Examiner relies upon Mooney. Ans. 11, 27. In particular, the Examiner discusses Mooney’s Figure 11 shows two users (e.g., A and B), each having a computer system, (Ans. 27) and also discusses Mooney stating the computer system can be portable computer (Ans. 11 (citing col. 3, ll. 38-39; Fig. 1)). Thus, Mooney teaches two or a plurality of computer systems, and as discussed in connection with claim 1, each computer system can be a handheld smart card terminal. For the above reasons, Appellants have not persuaded us of error in the rejection of independent claim 34 and claims 38, 41, and 57 not separately argued with particularity. Appeal 2010-011523 Application 09/789,197 15 Claims 85 and 89 Independent claim 85 recites a handheld terminal with some features recited in claim 1 as well as a processor that cooperates with the smart card capable of performing certain functions. Appellants argue that the rejection does not mention the processor limitations and the references do not describe a terminal with a processor as claimed. App. Br. 22. ISSUE Under § 103, has the Examiner erred in rejecting claim 85 by finding that Mooney and Levie collectively would have taught or suggested a terminal having a processor capable of performing its recited functions? ANALYSIS Based on the record, we find no error in the Examiner’s rejection. We note that the processor limitation includes functional limitations and thus the references need only be capable of performing the recited generating, initiating, receiving, and passing functions in claim 85. We also acknowledge that the Examiner did not specifically address the recitation of the handheld terminal having a processor. See Ans. 9-10. However, when discussing claim 85 collectively with claim 20 (Ans. 9), the Examiner finds that Mooney teaches generating a token device personality based on the data stored on the smart card and having the ability to access remote applications using data derived from the personality (see id. (citing col. 5, ll. 27-45, col. 6, ll. 35-49)). By discussing these limitations, the Examiner has further illustrated how Mooney teaches the ability to generate data useful in accessing a Appeal 2010-011523 Application 09/789,197 16 remote application by initiating operations within a smart card as recited in claim 85. Additionally, when the Examiner discusses accessing a remote secure application using the data derived from the personality in rejecting claims 1 and 20 (Ans. 9-10), the rejection also addresses how Mooney and Levie teach receiving the generated data and passing some of the data to the communications mechanism for communication to the user for the secure remote application. We refer Appellants to the above discussions of claims 1 and 20 for details. We further find Mooney at least suggests each computer system (e.g., 100 in Fig. 1 or 1110 in Fig. 11) includes that the processor to perform its functions and operate the computer system, including those recited in claim 85. The Examiner discusses in the Response to Argument section that Mooney teaches a processor capable of performing these functions. Ans. 26. Appellants have not challenged the Examiner’s finding that Mooney discloses a terminal with processor (Reply Br. 8-9), but rather that Mooney fails to teach generating data useful in accessing a remote application by initiating operations within the smart card, receiving the generated data, and passing the generated data to the communications mechanism for communication to the user for the secure remote application. As stated above, we disagree that Mooney does not teach or suggest these recited limitations. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of independent claim 85 and claim 89, not separately argued with particularity. We now turn to the remaining disputed dependent claims. Appeal 2010-011523 Application 09/789,197 17 Claim 5 Claim 5 recites a means for copying the data from the smart card to the smart card terminal. Appellants contend that the cited portions by the Examiner in Mooney (col. 10, ll. 19-25, col. 16, ll. 48-52) fail to teach this feature, particularly copying data to the smart card terminal. App. Br. 26. Appellants also repeat Mooney does not disclose a handheld smart card terminal. Id. We disagree. First, regarding Mooney failing to teach or suggest of handheld smart card terminal, we refer to our previous discussion of claim 1. Second, Mooney teaches a library that uses a caller’s answer, triggered by a question supplied by an interface (e.g., a display), and smart card’s serial number (e.g., data on the smart card) to calculate an access code unique to a smart card. Ans. 5 (citing col. 16, ll. 48-52). This illustrates that Mooney teaches copying some data from the smart card (e.g., serial number), even if on a temporary basis, to the computer system (e.g., the terminal as discussed above) so that the access code can be calculated. Third, the Examiner also supports this position in the Response to Argument section when stating Mooney teaches the question associated with accessing keys are temporarily copied to the computer terminal and displayed to the user. See Ans. 29. Appellants have not persuaded us of error in the rejection of claim 5. Claims 7-10 Claim 7 recites the terminal includes a computing mechanism and a memory device. Claim 10 recites a timing mechanism. Appellants argue that Mooney fails to disclose these limitations. App. Br. 26-27. However, merely pointing out what a claim recites and then asserting that Mooney Appeal 2010-011523 Application 09/789,197 18 fails to teach this limitation (see id.) is not considered a separate argument for patentability. See In re Lovin, 652 F.3d 1349, 1357 (Fed. Cir. 2011). Appellants further argue that Mooney’s “counting mechanism” is not the same or equivalent to “a timing mechanism” but provide no convincing supporting evidence. App. Br. 27 n. 13. When giving this limitation its broadest reasonable construction and based on a lack of convincing supporting evidence provided by Appellants to contradict the Examiner’s position, we conclude that a counting mechanism can be “a timing mechanism.” Ans. 6, 30. Additionally, Appellants assert that the Examiner takes inconsistent positions when rejecting claim 1 and claims 7 and 10. App. Br. 27. Appellants find that the Examiner uses Mooney’s Abstract to teach the remote application limitation in claim 1 but now finds the “same structure” is now the handheld terminal in claims 7 and 10. App. Br. 27. We disagree. As discussed above when addressing claim 1, the rejection does not rely on Mooney’s Abstract to teach a remote application and Mooney teaches or suggests a handheld terminal without relying on any discussion in the Abstract. Ans. 4 (citing col. 3, ll. 38-39; Figs. 1, 11). The rejection of claims 7 and 10 do not contradict this position. See Ans. 5-6. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of claims 7 and 10 and claims 8 and 9 not separately argued with particularity. Claims 11, 105, 106, and 125 Claim 11 depends from claim 7 and further recites an interface, wherein the terminal application includes a connected mode application that Appeal 2010-011523 Application 09/789,197 19 configures the token in the connected mode such that the token acts as a slave to a computer connected to the interface. The Examiner finds that this limitation is taught by Mooney (Fig. 1) and Levie (col. 54, ll. 44-67; Fig. 7). Ans. 6. Appellants argue that neither Mooney nor Levie teaches the terminal acting as a slave to the computer connected to the interface. App. Br. 27; Reply Br. 10-11. We agree with Appellants. In the Response to Argument section, the Examiner attempts to clarify that Levie teaches the recitation of the token acting as a slave to a computer connected to the interface (Ans. 30) while Mooney discloses the interface in Figure 1. Mooney shows in Figure 1 various interfaces, a smart card reader, and a smart card. Fig. 1. This figure arguably demonstrates that when a smart card is inserted into a reader a token is configured in a connected mode. However, Levie’s citation does not teach or suggest that this configured token (e.g., the smart card when inserted into the reader) acts as a slave to a computer connected to the interface. The cited passage in Levie (Ans. 6) teaches “MAC’ing” data and comparing MACs. See col. 54, ll. 44-67. We fail to see how this suggests a token acting as a slave to a computer connected to Mooney’s interface. Also, as noted at the outset of this opinion, the new citations in Levie (Ans. 30) discussed in the Response to Argument section will not be considered. Appellants have persuaded us of error in the rejection of claim 11 and dependent claims 105, 106, and 125 for similar reasons. Claims 13 and 14 Claim 13 recites the communications mechanism comprises a display. Appeal 2010-011523 Application 09/789,197 20 Appellants argue that Levie’s display is not a display which communicates a dynamic credential which is derived from a token device personality. App. Br. 28. For the reasons previous discussed in connection with claim 1, we find that Mooney and Levie collectively teach the communications mechanism has the ability to communicate a dynamic credential as recited. Claim 14 recites the communications mechanism communicates the dynamic credential in response to the data input by the user. Appellants argue that Levie and Mooney fail to teach this limitation. App. Br. 28. As discussed in Mooney, the user inputs answers to questions using the keyboard attached to the display. Ans. 7 (citing col. 5, ll. 27-36). Mooney thus suggests the keystrokes the user enters to create an answer are presented on the display and are used to create a new key. See id. Also, when addressing claim 1, we further discussed how the communications mechanism can communicate a dynamic credential based on Mooney and Levie and refer to the above discussion for details. Thus, we find that Mooney and Levie based on the above discussion concerning claims 1 and 13 collectively teach the communications mechanism has the ability to communicate the dynamic credential in response to the data input (e.g., answers) by the user. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of claims 13 and 14. Claims 18 and 19 Claim 18 further recites a memory device storing at least one terminal application and the application supports an electronic wallet. Citing to column 7, lines 46-49 and column 12, line 65 through column 13, line 10, Appeal 2010-011523 Application 09/789,197 21 the Examiner finds that Mooney teaches this feature. Ans. 8. The Examiner further explains that Mooney allows for key management, which is a type of application that supports electronic transactions and “would be a type of electronic wallet.” Ans. 31-32. Among other things, Appellants argue that Mooney does not mention an electronic wallet. App. Br. 28. We agree with Appellants. Mooney discusses key administration using an electronic key module. Col. 7, ll. 46-49. Mooney also discusses a smart card database module for storing objects in a database. Col. 12, l. 65 – col. 13, l. 10. There is no discussion of a wallet or anything related to money or finance. Also, while the Examiner states that “it is not clear from the claim language as [to] what the recited limitation, ‘application that supports an electronic wallet’ mean[s,]” the Examiner newly discusses Levie to demonstrate the cited art teaches this limitation. Ans. 32 (citing col. 51, ll. 50-67, which discusses an electronic purse application). However, as stated above, we will not consider the new combination for the first instance on appeal. Appellants have persuaded us of error in the rejection of claim 18 and dependent claim 19 for similar reasons. Claims 45, 48, and 90 Claim 45 depends from claim 1 and further recites the terminal includes an internal battery supply. The Examiner finds this feature is taught by Levie. Ans. 12 (citing col. 30, ll. 65-67 which discusses a battery). Appellants assert that, while Levie may describe a terminal with a battery, the Examiner has not provided a reason to include such a battery within Mooney. See App. Br. 30. Appeal 2010-011523 Application 09/789,197 22 While acknowledging the Examiner did not provide an explicit reason for combining Levie’s teaching with Mooney, this rejection also relies upon the discussion of claim 1 due to its dependency. Notably, Mooney teaches that the terminal can be laptop or portable computer. See Ans. 4 (citing col. 3, ll. 38-39). Accounting for the creative steps and inferences of an ordinarily skilled artisan would have employed, such an artisan would have recognized that Mooney’s laptop or portable computer would include an internal battery for temporarily powering the device. See KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). Levie’s teaching further illustrates that it is known in the art to have a battery for powering such portable terminals. Claim 90 recites a similar limitation to claim 45 but depends from claim 85. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of claim 45 and claims 48 and 90 not separately argued. Claims 46 and 91 Claim 46 depends from claim 45 and further recites the battery supply includes at least one replaceable battery. The Examiner relies on the same passages to meet this limitation. Ans. 12. Appellants argue that the cited portions do not indicate the battery is replaceable. Yet, as stated above when addressing claim 45, Mooney teaches a laptop or portable computer can be used as the computer system (see Ans. 4) and Levie further illustrates that using a battery to power a terminal is well known (see Ans. 12). Accounting for the creative steps and inferences of an ordinarily skilled artisan would have employed, one skilled in the art would have recognized that such Appeal 2010-011523 Application 09/789,197 23 batteries in laptops and portable devices include replaceable batteries. See KSR, 550 U.S. at 418. Claim 91 recites a similar limitation to claim 46 but depends from claim 90. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of claim 46 and claim 91 not separately argued. Claim 47 Claim 47 depends from claim 45 and further recites a battery status indicator. The Examiner relies on Levie to teach this limitation. Ans. 12, 33. Appellants acknowledge that Levie teaches a battery status (BSTAT) signal (see col. 13, ll. 18, 26-28) but contend the Examiner erred because an indicator is a tangible device. App. Br. 30. We disagree. Appellants have not defined an “indicator” to be tangible device (see generally Specification) or explained how the word, “indicator,” is understood by an ordinary artisan to be a tangible device. App. Br. 30. Thus, we find that Levie’s BSTAT signal can reasonably be a battery status indicator as broadly as recited. Additionally, the BSTAT signal, which is only present on battery-operated products, must be used in some manner, such as being passed on to the core. Col. 13, ll. 26-28. Given this teaching, we find that an ordinary skilled artisan would have recognized that such signals are used in some way to provide the user with the battery’s status and thus each is “a battery status indicator.” Based on the record, Appellants have not persuaded us of error in the rejection of claim 47. Appeal 2010-011523 Application 09/789,197 24 Claims 58 and 59 Claim 58 depends from claim 34 and further claims generating the token device personality include reading a data element from the smart card and deriving a secret from the data element. The Examiner finds this feature is taught by Mooney. Ans. 14 (citing col. 5, ll. 26-36). Appellants argue that Mooney does not teach deriving a secret from a data element. App. Br. 37. We are not persuaded. Mooney teaches that new or “secret” key is generated after answering a number of questions. Col. 5, ll. 26-36. Also, as explained above and when rejecting claim 1 (citing col. 4, l. 66- col. 5, l. 9), the smart card is initialized with default questions. Thus, Mooney teaches and suggests that the data element (e.g., a question) is read from the smart card before a new key can be generated after answering questions. Col. 4, l. 46- col. 5, l. 9, col. 5, ll. 26-36). Thus, a secret (e.g., a new key) is derived from a smart card data element as broadly as recited. Claim 59 depends from claim 58 and further recites that the secret key comprises a cryptographic key. Appellants make the same argument for claim 59 as claim 58. See Ans. 38. We are not persuaded for the reasons discussed above when addressing claim 58. Claim 60 When discussing claim 60, Appellants refer to arguments made in connection with claim 34. App. Br. 38. We are not persuaded based on our above discussion of claim 34. Claims 61, 63, and 64 Claim 61 depends from claim 34 and further claims the terminal Appeal 2010-011523 Application 09/789,197 25 operates as a strong authentication token. The Examiner finds this feature is taught by Mooney. Ans. 15 (citing col. 5, ll. 1-9, col. 8, ll. 20-30). Appellants argue that Mooney fails to mention a strong authentication code and thus does not provide a prima facie case of obviousness. App. Br. 39. We disagree. First, we first note that identity of terminology is not required. See Bond, 910 F.2d at 832. Second, Appellants have not defined “a strong authentication code” (see generally Specification) or illustrated that this phrase has a particular meaning to an ordinarily skilled artisan (App. Br. 39). Third, Mooney teaches generating keys using a smart card (e.g., a token) to grant access to different application using an encryption technique, such as DES. Col. 8, ll. 20-34. Giving the phrase, “strong authentication token” it broadest reasonable construction and based on the evidence of record concerning claims 34 and 61, we are unpersuaded that Mooney fails to teach a terminal operating as a strong authentication token. Claims 63 and 64 depend from claim 34. Claim 63 recites the data derived from the token device personality comprises a message authentication code and claim 64 recites the data derived comprises a digital signature. The Examiner relies on the same passages in Mooney cited for claim 61. Ans. 15 (citing col. 5, ll. 1-9, col. 8, ll. 20-30). Appellants repeat some arguments presented for claim 34 (see App. Br. 39) and we refer to our previous discussion. Additionally, Appellants assert that Mooney teaches a digital signature but not one that is derived from the personality. Id. As explained above when discussing claim 34, we find Mooney teaches a personality after the user customizes the smart card. See col. 7, ll. 1-19. Thus, any data on the smart card that creates its personality also comprise its Appeal 2010-011523 Application 09/789,197 26 personality. Mooney teaches the smart card includes a digital signature from the key stored on the smart card. Col. 8, ll. 20-30. Mooney, thus, teaches and suggests the data derived from its personality that is the result of the data stored on the smart card comprises a digital signature. For the foregoing reasons, we sustain the rejection of claims 61, 63, and 64. Claims 62, 83, and 84 Claim 62 depends from claim 34 and recites the data derived from the token device personality comprises a one-time password. The Examiner relies on Mooney’s Figure 6 to teach this feature. Ans. 14. The Examiner elaborates that Mooney teaches an initial access code or password is created but is then changed by the user and thus teaches a one-time password. Ans. 36 (citing col. 6, ll. 56-60). Appellants assert that Mooney discloses using passwords but that they “appear to be relatively permanent.” App. Br. 36. While we disagree with Appellants’ characterization that the passwords as “relatively permanent,” we are persuaded that the Examiner did not adequately demonstrate Mooney teaches a one-time password. First, the Examiner relies for the first time on a new passage of Mooney in the Response to Argument section to reject claim 62. See id. Additionally, Mooney does not state or teach that the initially generated access codes or passwords are used only once or one time before the end user changes them. See col. 6, ll. 56-60. For example, the user may use the password several times before changing it. Based on the evidence as presented, we are persuaded that the Examiner erred in rejecting claim 62 and dependent claims 83 and 84. Appeal 2010-011523 Application 09/789,197 27 Claim 74 Claim 74 depends from claim 34 and further claims the terminal includes a clock and the data derived from the token device personality is also dependent on the clock. The Examiner finds that this additional feature is taught by Levie. Ans. 13 (citing col. 30, ll. 65-67). Appellants contend that Levie fails to teach a clock or that the data derived from the token device personality is dependent on a clock. The cited passages of Levie at best teach a clock. Ans. 13, 33 (citing col. 30, ll. 65-67). Levie, however, does not teach or suggest the data derived from the token device personality is dependent on a clock. See id. Nor has the Examiner explained how Levie’s teaching would suggest making data derived by Mooney’s token device personality dependent on such a clock. See Ans. 13, 33. Appellants have thus persuaded us of error in the rejection of claim 74. Claim 86 Claim 86 depends from claim 85 and recites the data comprises a one-time password similar to claim 62. For the reason discussed above in connection with claim 62, we are persuaded of error in the Examiner’s rejection. Claims 87 and 88 Claim 87 depends from claim 85 and further claims the data useful in accessing the remote application comprises a message authentication code. The Examiner finds that both Mooney (col. 5, ll. 1-9, col. 8, ll. 20-30) and Levie (col. 54, ll. 44-46) teach this limitation. Ans. 13. Appellants repeat the same argument made for claims 1 and 85 that Levie does not teach a Appeal 2010-011523 Application 09/789,197 28 processor that cooperates with a card reader and smart card for generating data useful in accessing a remote application. See App. Br. 33. We disagree for the above noted reasons when addressing claims 1 and 85. Claim 88 depends from claim 85 and further recites that the data includes a response to a challenge. Just like claim 87, the Examiner finds this feature is met by Mooney and Levie. Ans. 13. Appellants acknowledge Mooney mentions a challenge but that the challenge is used to access keys in a local operation while claim 88 requires the challenge to be used with a remote access. App. Br. 33. We disagree. Clam 85 only recites generating data and that “at least some of the generated data” (emphasis added) is for communication to the user for the secure remote application. Thus, the recited generated data that includes the response to a challenge is not required also to be the “at least some of the generated data” used for the secure remote application. We thus find Appellants’ argument is not commensurate in scope with claim 88 and are not persuaded that the Examiner erred in rejecting claim 88. Claim 102 Claim 102 depends from claim 7 and further recites an interface connected to transmit secured data from the terminal to a connected device wherein the computing mechanism includes a firewall protecting the smart card. The Examiner relies on Levie to teach this feature. Ans. 15 (citing col. 1, ll. 44-46, col. 62, ll. 1-7). Appellants argue that Levie does not describe a terminal with a computing mechanism that includes a firewall protecting the smart card. App. Br. 40. We agree with Appellants. Appeal 2010-011523 Application 09/789,197 29 Levie teaches that a breach in security will not be assumed to originate from the application since there is a chance that the application could have been accessed or parts of the operating system altered even with extensive firewalling, “as they both reside in the same processor.” Col. 62, ll. 1-7. This suggests a processor or “computing mechanism” can include a firewall. However, contrary to the Examiner’s position (Ans. 38-39), Levie does not teach or suggest such “extensive firewalling” protects a smart card as recited. Nor has the Examiner presented a reason with some rational underpinning to include such feature in the Mooney/Levie system to protect the smart card. See Ans. 15, 38-39. The Examiner finds that the firewalling is used to protect a PIN and thus a smart card. Ans. 38-39. There is inadequate evidence in the record to demonstrate that an ordinarily skilled artisan would recognized that protecting against the risk of passing a PIN on to an attacker by “MAC’ing” code as discussed in Levie (col. 61, ll. 43-55) involves a firewall protecting a smart card. Based on the evidence of record, Appellants have persuaded us of error in the rejection of claim 102. Claim 104 Claim 104 depends from claim 41 and further recites the terminal has a processor providing a firewall to protect a smart card. For the reasons discussed above in connection with claim 102, Appellants have persuaded us of error in this rejection. Claim 107 Claim 107 depends from claim 14 and further recites the user input Appeal 2010-011523 Application 09/789,197 30 comprises application data to be signed. The Examiner relies on Levie to teach this limitation. Ans. 16 (citing col. 54, ll. 44-46, col. 62, ll. 9-10). The Examiner additionally relies on Mooney. Ans. 39. Appellants argue that there is no description of an input being signed in the cited passages. App. Br. 41. We disagree. The rejection is based on combining Levie’s teaching with Mooney. See Ans. 5 (addressing claim 1, from which claim 107 indirectly depends, and discussing modifying Mooney based on Levie’s teaching). Mooney, as discussed above, teaches a user inputs answers (e.g., a user input) from a series of questions. See col. 5, ll. 27-47. As broadly as recited, Mooney thus teaches a user input comprises “application data.” Additionally, claim 107 recites “application data to be signed,” which merely requires the data is capable of being signed. We find nothing in Mooney demonstrating the user input lacks the ability to be signed. Moreover, when combining Levie’s teaching of “MAC’ing” data with Mooney, the combination predictably suggest that the input application data (e.g., keys generated based on answers) in Mooney is to be signed. That is, Mooney teaches the key or access code has a digital signature (col. 8, ll. 20-30) and thus generating an access code or key that comprises a digital signature. For the foregoing reasons, we sustain the rejection of claim 107. Claim 118 Claim 118 depends from claim 1 and further recites a processor that is responsive to an upgrade potential for initiating an upgrade function to install upgraded programs. The Examiner finds Levie teaches this feature. Ans. 16 (citing col. 1, ll. 12-14 and 29-32). While acknowledging Levie Appeal 2010-011523 Application 09/789,197 31 teaches terminals are subjected to upgrades, Appellants argue that Levie fails to teach a processor has a relation to the upgrade. App. Br. 41. We disagree. Levie teaches that terminal includes a processor with memory. Col. 1, l. 32; see also Ans. 40. Given that an ordinary skilled artisan would have recognized a processor’s function is to process data and information sent to its related computer or terminal in the case of Levie, we further find that an ordinarily skilled artisan would have recognized Levie’s processor and its memory would have been used to respond to a potential terminal upgrade taught by Levie and thus be a part of initiating an upgrade function. Levie also teaches that various approaches are used to provide terminal upgrades (col. 1, ll. 14-16), further suggesting that the processor may be used in one of these various approaches. For the foregoing reasons, Appellants have not persuaded us of error in the rejection of claim 118. Claims 120, 123, and 124 Claim 120 depends from claim 118 and further recites the processor responds to an upgrade potential by connected computing equipment and wherein the connected computing equipment is the upgrade program source. The Examiner finds this feature is taught by Levie. Ans. 16 (citing col. 1, ll. 12-14, 29-45, col. 54, ll. 44-46). When arguing this claim, Appellants focus their contentions on the finding in column 54. See App. Br. 41-42. While column 54 may not discuss a processor responding to an upgrade potential, as discussed above in connection with claim 118, we find that Levie teaches Appeal 2010-011523 Application 09/789,197 32 and suggests using a processor to upgrade the terminal and refer to our above discussion for details. Based on the evidence of record, Appellants have not persuaded us of error in the rejection of claim 120 or claims 123 and 124 not separately argued. THE REMAINING OBVIOUSNESS REJECTIONS The Examiner finds that (1) Mooney, Levie, and Weiss teach all the limitations in claims 2-4, 6, 21-23, 25, 35-37, and 39 (Ans. 17-19) and (2) Mooney, Levie, and Montgomery teach all the limitations of claims 119, 121, and 122 (Ans. 19-20). Appellants dispute claims 4, 23, 37, and 119. App. Br. 42-44. The remaining claims are not separately argued. Id. The issues before us for many of the remaining claims are thus the same as those in connection with claims 1, 20, and 34, and we refer Appellants to our previous discussion. Thus, claims 2, 3, 6, 35, 36, and 39 are sustained based on our previous discussion of claims 1 and 34. Claims 21-23 and 25 are reversed because of our previous discussion of claim 20. Claim 4 depends from claim 3 and claim 37 depends from claim 36. These claims are grouped together and similarly recite the token personality logic generates a token device personality using a combination of the data and a terminal identifier. The Examiner finds that neither Mooney nor Levie teaches this limitation and relies on Weiss. Ans. 18-19. Appellants argue that none of the references teaches what is recited and Weiss teaches away from the claimed invention. App. Br. 42-43. We disagree. First, attacking the cited references individually does not show nonobviousness where rejections are based on combinations of references. Appeal 2010-011523 Application 09/789,197 33 In re Merck & Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). Second, Mooney and Levie collectively, as stated above, teach generating an access code or key (e.g., a token) from data derived from the smart card and thus generates a token device personality. Weiss has been additionally cited to teach that a code (e.g., an access code) or key can also be used to create a multibit token secret by combining a key with a PIN. Col. 9, ll. 7-12. As the Examiner explains Mooney’s keys have unique key IDs (see Ans. 41 (citing col. 8, ll. 49-52) and thus when a key is combined with a PIN, as taught by Weiss, the collective teachings suggest personality is generated using the data found in the card (e.g., a PIN) and a terminal identifier as recited. See Ans. 41. Third, we fail to see how this teaching in Weiss teaches away from combining with Mooney and Levie just because Weiss does not discuss a terminal having a card reader. App. Br. 42-43. As Mooney illustrates, a smart card is inserted into a card reader and the terminal is used to read its contents. See Fig. 1, col. 3, ll. 38-60. Mooney, therefore, provides an example of how a terminal uses a smart card and does not teach away from combining Weiss’ smart card with the Mooney/Levie system. For the above reasons, we conclude that there is no error in the rejection of claim 4 and claim 37, which recites similar limitations. Regarding claim 119, this claim depends from claim 118 and further recites the smart card reader is adapted to receive and identify an upgrade smart card that is the upgrade program source. The Examiner additionally relies on Montgomery to teach this limitation. Ans. 19 (citing col. 6, ll. 46- 58). Appellants argue Montgomery does not teach the claim limitations because Montgomery teaches upgrading the programs in the smart card and Appeal 2010-011523 Application 09/789,197 34 has no reader to identify the upgrade smart card. App. Br. 43-44. We disagree. Once again, this rejection is based on combining the teachings of Mooney, Levie, and Montgomery. Mooney, as discussed, teaches a reader and thus would identify any smart card, including an upgrade smart card. Also, Montgomery teaches that the updated programs and data are downloaded or programmed into a smart card and such information can be transferred to external devices. Col. 6, ll. 46-58. We, thus, disagree that Montgomery only teaches upgrading the programs in the smart card and cannot serve as an “upgrade program source” as recited. Based on the evidence of record, Appellants have not persuaded us of error in the rejection of claim 119 or claims 121 and 122 not separately argued. CONCLUSION Under § 103, the Examiner erred in rejecting claims 11, 18-25, 27-31, 49-56, 62, 65-71, 73-75, 77-84, 86, 102-106, and 125 and did not err in rejecting claims 1-10, 13-17, 34-39, 41, 45-48, 57-61, 63, 64, 85, 87-91, 107, 118-124, and 126. DECISION The Examiner’s decision rejecting claims 1-11, 13-25, 27-31, 34-39, 41, 45-71, 73-75, 77-91, 102-107, and 118-126 is affirmed-in-part. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). Appeal 2010-011523 Application 09/789,197 35 AFFIRMED-IN-PART rwk Copy with citationCopy as parenthetical citation
