Ex Parte KOHL et alDownload PDFPatent Trial and Appeal BoardFeb 28, 201813681515 (P.T.A.B. Feb. 28, 2018) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/681,515 11/20/2012 JOHN T. KOHL CAM920120060USl_8150-0220 7254 73109 7590 03/02/2018 Cuenot, Forsythe & Kim, LLC 20283 State Road 7 Ste. 300 Boca Raton, FL 33498 EXAMINER LEVITIAN, KARINA ART UNIT PAPER NUMBER NOTIFICATION DATE DELIVERY MODE 03/02/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ibmptomail@iplawpro.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JOHN KOHL, MASABUMI KOINUMA, MARGARET MARYNOWSKI, HUICHUNG WU, and MARK S. ZUKOWSKY Appeal 2016-001995 Application 13/681,515 Technology Center 2100 Before JAMESON LEE, MATTHEW CLEMENTS, and SCOTT E. BAIN, Administrative Patent Judges. LEE, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellant appeals under 35 U.S.C. § 134(a) from the Examiner’s Final Rejection of claims 1-3 and 7-10. Claims 4-6 have been objected to as depending from an unpatentable claim. Claims 1-10 are all claims pending in the application. We have jurisdiction over the appeal pursuant to 35 U.S.C. § 6(b).1 We reverse. 1 This Decision refers to Appellants’ Appeal Brief (“App. Br.,” filed April 28, 2015), the Examiner’s Answer (“Ans.,” mailed Oct. 7, 2015), Appellants’ Reply Brief (“Reply Br.,” filed November 24, 2015), and the Final Office Action (“Final Act.,” mailed November 28, 2014). Appeal 2016-001995 Application 13/681,515 The Invention The invention relates to sharing data among the users of different computing environments, such as by use of replicated data depositories. Spec. 1. An example of multiple computing environments in which data is shared corresponds to the various different geographical locations of a company or to one or more third party entities which work in cooperation with the company. Id. The Specification states: “In many cases, however, the users of each computing environment among which the replicated depositories are shared are different. The computing environments can be said to have different user identity spaces.” Id. ^[ 2. The Specification defines “user identity space” as follows: “A ‘user identity space’ refers to a computing environment having a defined set of users and/or user groups.” Id. ^[ 24. The definition is followed immediately by this sentence which provides additional clarification: “Two computing environments that have [the] same user identity space or that share [the] same user identity space have same users and same user groups.” Id. Specifically, the invention is directed to a method of managing access control lists (ACLs) across replicated data repositories. Id. ^3. Regarding ACLs, the Specification describes: “A data repository typically utilizes structures referred to as Access Control Lists (ACLs) to restrict access to the various artifacts included therein. Each ACL determines which users or group of users are permitted to access the artifact to which the ACL is associated or bound within the data repository.” Id. ^[ 2. The Specification describes: “Within ACLs, one or more user identities of the first user identity space of the data repository can be substituted with one or more user 2 Appeal 2016-001995 Application 13/681,515 identities from the second user identity space when the data repository is replicated to the different computing environment.” Id. ^} 19. Of all claims on appeal, claim 1 is the only independent claim and is reproduced below: 1. A method of managing access control lists (ACLs) across replicated data repositories, the method comprising: selecting, from a first data processing system, a control object and an ACL object bound to the controlled object, wherein the first data processing system is associated with a first user identity space; creating, using a processor, a replicated version of the controlled object within a second data processing system, associated a second user identity space, wherein the second user identity space is different from the first user identity space; creating, using the processor, a replicated version of the ACL object within the second data processing system; and substituting, within the replicated version of the ACL object, an identity from the first user identity space with a selected identity from the second user identity space. App. Br. 17 (emphasis added). The Applied Prior Art The prior art relied on in rejecting the claims on appeal are: Ducott US Pub. App. 2013/0191338 A1 July 25, 2013 Oracle Oracle® Database PL/SQL Packages and Types Reference llg Release 1 (11.1) August, 2012 Oracle2 Oracle®XML DB Developer’s Guide Release 2 (10.2) August, 2005 3 Appeal 2016-001995 Application 13/681,515 The Rejections on Appeal Claims 1-3 were finally rejected under 35 U.S.C. § 103(a) as obvious over Ducott and Oracle. Final Act. 3. Claims 7-10 were finally rejected under 35 U.S.C. § 103(a) as obvious over Ducott, Oracle, and Oracle2. Id. at 4-5. ANALYSIS A. Rejection of Claims 1-3 as Obvious over Ducott and Oracle In proceedings before the USPTO, claim terms are properly construed according to their broadest reasonable interpretation in light of the specification. In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 1989); see also In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004). The standard does not permit a claim to be construed so broadly that the position is no longer reasonable in light of the specification. That, however, is the circumstance here. For reasons discussed below, the Examiner has not established a prima facie case that any one of claims 1-3 would have been obvious over Ducott and Oracle. The rejection of claims 1-3 under 35 U.S.C. § 103(a) as obvious over Ducott and Oracle cannot be sustained. 1. Claim 1 Different User Identity Spaces Claim 1 recites: “the first data processing system is associated with a first user identity space,” “a second data processing system associated with a second user identity space,” and “wherein the second user identity space is different from the first user identity space.” App. Br. 17. As noted above, the Specification defines “user identity space” as follows: “A ‘user identity space’ refers to a computing environment having a defined set of users 4 Appeal 2016-001995 Application 13/681,515 and/or user groups.” Spec. ^ 24. The definition is followed immediately by this sentence which provides additional clarification: “Two computing environments that have [the] same user identity space or that share [the] same user identity space have same users and same user groups.” Id. According to the Examiner, so long as a data processing system has “a set of users,” even if not defined, it has a user identity space. Final Act. 2. We disagree. Such a reading of “user identity space” is excessively broad and not supported by the Specification. Appellants persuasively argue that a “defined” set of users is not met by “any” set of users. App. Br. 10. The Examiner, in the Answer, explains that Ducott in Paragraph 30 describes that for certain data objects in a computing environment the associated access control list may specify that “everyone” can read it but only “supervisors” can write. Ans. 7. That, according to the Examiner, means each computing environment has its own defined set of users. Id. We disagree. The only defined user-group noted by the Examiner is “supervisors.” To the extent the Examiner is relying on “supervisors” as the first user identity space and “everyone” as a second user identity space, that does not teach the claimed requirement that the “second user identity space” be associated with a “second data processing system.” To the extent the Examiner is alleging that both data processing systems would have a “supervisors” user-group constituting a user identity space, that does not meet the claim requirement that the first and second user identity spaces associated with the first and second data processing systems, respectively, are different from each other. The Examiner’s understanding of “different” user identity space also is excessively broad and not supported by the Specification. First, the 5 Appeal 2016-001995 Application 13/681,515 Examiner contends that Ducott in Paragraph 32 discloses that access control files themselves are data objects. Final Act. 2. There is no such disclosure in the cited paragraph of Ducott. Nevertheless, even assuming that there is such disclosure, the rest of the Examiner’s reasoning lacks merit. The Examiner explains that given that the access control files are themselves data objects, and given that Ducott also teaches that the data objects between the two systems or sites may be different, Ducott teaches “multiple environments with individual access control objects.” Id. We agree with that assertion only to the extent that the same data object in the two systems may be associated with different access control lists specifying who may access the object. The Examiner then reasons: “The user groups of different sites taught by Ducatt [sic] have different users access permissions which make the different sites different identity spaces.” Id. That reasoning is unpersuasive. As is correctly asserted by Appellants: “While the data objects between the sites of Ducatt [sic] may be different, this is not dispositive as to the limitations at issue since the user identity space is based upon a defined set of users and/or group [of users] - not data objects.” App. Br. 10. The Examiner’s position characterizing the existence of different access control lists in the two data processing systems as indicating different user identity spaces for the two sites is unreasonable. Based on the definition for “user identity space” provided in the Specification, having different access control lists between the two sites, whether it is for one, two, or all data objects, does not answer the question of whether the two sites have the same user identity space. Under the Examiner’s expansive view, two computing environments would have different user identity spaces 6 Appeal 2016-001995 Application 13/681,515 unless the objects in them are the same and the access control lists associated with each and every object are the same. We agree with Appellants that the definition provided in the Specification is based on a defined set of users or user groups, and not on objects. App. Br. 11. We further agree with Appellants that without a discussion of the users associated with each site, Ducott cannot be said to teach a second user identity space that is different from the first user identity space. Id. On the question of same or different user identity space, whether the two environments share or do not share objects or access control lists is non-determinative. For instance, the defined sets of users for the two environments may be the same and yet the access control lists for numerous objects, shared or non-shared, may be different. Also, the access control lists may be the same in the two environments for the some data objects, but the two environments overall may not be associated with the same users. The Examiner, in the Answer, evidently takes the position that a person who is associated with different access control authorities in different computing environments counts as two different users, and therefore two environments having different access control lists have different user identity spaces. Ans. 8. We disagree. As is persuasively asserted by Appellants, “[wjhile the same user may be identified with different access control objects, this does not transform the same user into ‘different users.’” Reply Br. 3. As is further correctly noted by Appellants, “[cjhanging how a user is identified does not change the identity of the underlying user.” Id. We disagree with the suggestion by the Examiner that if a person is a user in both the first and second computing environment but has different access authority to data depending on whichever computing environment it is in, 7 Appeal 2016-001995 Application 13/681,515 then the person represents two different users. The Examiner states: The appellant argues that the difference [is] “in the defined users - not different access permissions” however based on the appellant’s specifications at paragraph 24 the distinctions between different identities of users is based on data associated with the accounts which includes access permission data. Ans. 8. However, we have reviewed Paragraph 24 of the Specification, which is reproduced below, and find nothing in that disclosure to suggest that the same person, when assigned different access authorities by two different computing environments, constitute two difference users: A “user identity space” refers to a computing environment having a defined set of users and/or user groups. Two computing environments that have [the] same user identity space or that share [the] same user identity space have same users and same user groups. A “user” refers to a human being that operates or uses a particular data processing system. An “identity” of a user refers to data that uniquely identifies or distinguishes that user from one or more other users of the same user identity space. Similarly, an identity of a group of users refers to data that uniquely identifies or distinguishes that group from one or more other groups of the same user identity space. For example, an identity can be a user name or other unique identifier associated with a user and/or a group. Spec. ^ 24. In summary, the Examiner has not established that the two sites referred to in Ducott have different user identity spaces, i.e., different defined sets of users or user groups. Replicating an ACL Object Claim 1 recites, in pertinent part: “creating, using the processor, a replicated version of the ACL object within the second data processing 8 Appeal 2016-001995 Application 13/681,515 system.” App. Br. 17. According to the Examiner, Ducott in Paragraphs 30 and 35 discloses this limitation. Final Act. 4. We find no such disclosure in those paragraphs. In plain and ordinary meaning, and consistent with the Appellants’ Specification, replicate means to make a duplicate or a copy. The cited paragraphs of Ducott do not convey to one with ordinary skill in the art that any access control list (ACL) in a first data processing system would be duplicated or copied in a second data processing system. To the extent that the Examiner is of the position that the creation of any ACL in the second data processing system counts as a duplicated version of the corresponding ACL in the first data processing system for the same object, that reflects an excessively broad reading of “creating, using the processor, a replicated version of the ACL object within the second data processing system.” We determine that a replicated version of an item has to be a duplicate or copy of that item. In summary, the Examiner has not established that Ducott discloses “creating, using the processor, a replicated version of the ACL object within the second data processing system.” Substituting an Identity within the Replicated ACL Claim 1 recites, in pertinent part: “substituting, within the replicated version of the ACL object, an identity from the first user identity space with a selected identity from the second user identity space.” App. Br. 17. The Examiner takes several positions, first relying on Ducott and then relying on Oracle, to meet this substitution requirement. Final Act. 2-3. For reasons discussed below, the Examiner’s assertions are unpersuasive. First, the Examiner asserts that Ducott in paragraph 29 and 30 “describe substitution examples such [as] describing updating information 9 Appeal 2016-001995 Application 13/681,515 within the ACL.” Id. at 3; Ans. 8. We find, however, no such disclosure in these paragraphs which indicate, at most, the creation of a different ACL. The “data change updates” referenced in paragraph 30 refer to received changes on the content of data objects, not new ACL information. Second, the Examiner asserts: “Ducott teaches at paragraphs 31 and 32 updating aspects of the ACL related to specific sites. The limitation of substituting the identities is taught by the updated ACL information in specific sites.” Final Act. 3. However, as is correctly noted by Appellants (App. Br. 13), the only “updates” described in these paragraphs are directed to data maintained at the second site and not to the access control list (ACL) with which that data is associated. Moreover, Appellants have claimed a specific manner of creating a second ACL, i.e., by substituting, within a replicated version of an ACL object, an identity from the first user identity space with a selected identity from the second user identity space. The mere creation of a different ACL in the second data processing system to be associated with a stored data object, in general, is not sufficient to meet the claim limitation regarding the required substitution. The Examiner asserts: “Ducatt [sic] III at paragraph 31 teaches the concept of ‘cross-ACL’ which teaches having different identities of users between sites.” Ans. 8. But as discussed above, Ducott does not disclose two different user identity spaces. At most, “cross-ACL” indicates the ACL for a shared object between two sites may be different. The Examiner further asserts that because the ACL for the same data object may be different between two sites, that meets the claim limitation of “substituting, within the replicated version of the ACL object, an identity from the first user identity space with a selected identity from the second user identity 10 Appeal 2016-001995 Application 13/681,515 space.” For reasons discussed above, we disagree. Generally creating a different ACL does not meet the substitution limitation. The Examiner has failed to account for the specific requirements of the substitution claimed. Third, the Examiner relies on Oracle as teaching the claimed substitution limitation. Final Act. 3—4. Specifically, the Examiner states: “However the analogous art of Oracle teaches this technique of connect an ACL to a database (DBMSNETWORKACLADMIN.ASSIGNACL).” Id. at 4. The Examiner further states: “Moreover Oracle further teaches ‘DBMS NETWORK ACL ADMIN.ASSIGN ACL’ updating a specific user’s information which is substituting user access information.” Id. at 3; Ans. 9. The assertion is not understood and insufficiently explained. We do not find anything in the functionality of the DBMS NETWORK ACL ADMIN.ASSIGN ACL procedure that indicates substitution, within the replicated version of the ACL object, an identity from the first user identity space with a selected identity from the second user identity space. Oracle describes its ASSIGNACLProcedure as follows: “This procedure assigns an access control list (ACL) to a host computer, domain, or IP subnet, and if specified, port range.” Oracle 4. That does not indicate anything about substituting, within an already replicated ACL object, an identity from a first user identity space with a selected identity from the second user identity space. Note also that the Examiner does not contend that Oracle discloses a first data processing system associated with a first user identity space and a second data processing system associated with a second and different user identity space. Additionally, as discussed above, the mere creation of a different ACL in the second data processing system to be associated with a stored data object, in 11 Appeal 2016-001995 Application 13/681,515 general, is not sufficient to meet the claim limitation regarding the required substitution. 2. Claims 2 and 3 Claims 2 and 3 each depend directly from independent claim 1. The deficiencies of the rejection as applied to claim 1 carry through to dependent claims 2 and 3. Accordingly, the rejection of claims 2 and 3 as obvious over Ducott and Oracle cannot be sustained. B. Rejection of Claims 7-10 as Obvious over Ducott, Oracle, and Oracle2 Each of claims 7-10 depends directly from independent claim 1. They each recite additional limitations relative to those incorporated from claim 1. The deficiencies of the combined teachings of Ducott and Oracle, with respect to claim 1, have been discussed above. As applied by the Examiner, Oracle2 does not make up for those deficiencies. Accordingly, the rejection of claims 7-10 as obvious over Ducott, Oracle, and Oracle2 cannot be sustained. DECISION The rejection of claims 1-3 as obvious over Ducott and Oracle is reversed. The rejection of claims 7-10 as obvious over Ducott, Oracle, and Oracle 2 is reversed. REVERSED 12 Copy with citationCopy as parenthetical citation
