Ex Parte Le Saint

Patent Trial and Appeal BoardMar 7, 2016

11834615 (P.T.A.B. Mar. 7, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 111834,615 08/06/2007 101221 7590 03/07/2016 Muirhead and Satumelli, LLC 200 Friberg Parkway, Suite 1001 Westborough, MA 01581 FIRST NAMED INVENTOR Eric Le Saint UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. AIM-206USCON2 1037 EXAMINER SHAIFER HARRIMAN, DANT B ART UNIT PAPER NUMBER 2434 MAILDATE DELIVERY MODE 03/07/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ERIC LE SAINT Appeal2014-001753 Application 11/834, 615 Technology Center 2400 Before JOHN A. EV ANS, KAMRAN JIV ANI and MATTHEW J. McNEILL, Administrative Patent Judges. Opinion for the Board filed by EV ANS, Administrative Patent Judge. Opinion dissenting filed by JIV ANI, Administrative Patent Judge. EV ANS, Administrative Patent Judge. DECISION ON APPEAL Appellant 1 seeks our review under 35 U.S.C. Â§ 134(a) of the Examiner's Final Rejection of Claims 1---6 and 8-62, which constitute all the claims pending in this application. App. Br. 2. Claims 7 and 63 are 1 The Appeal Brief identifies Activcard as the real party in interest. App. Br. 2. Appeal2014-001753 Application 11/834, 615 canceled. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We AFFIRM. 2 STATEMENT OF THE CASE The claims relate to a security token architecture. See Abstract. Claims 1, 2, 6, 32, 35, 39, 40, 42, 46-52, and 59 are independent. An understanding of the invention can be derived from a reading of exemplary claim 1, which is reproduced below with some paragraphing added: 1. A token that deploys a uniform security applications architecture for deployment in a security token comprising: a plurality of security applications functionally coupled to a shareable interface; and a security domain control services application operatively coupled between a runtime operating environment and the plurality of security applications and including said sharable interface, one or more security policies associated with each of said plurality of security applications and a controller that controls said plurality of security applications by enforcement of said one or more security policies, wherein the one or more security policies associated with each of the plurality of security applications include one or more logic based rules that are enforced for each respective associated security application of 2 Rather than reiterate the arguments of Appellant and the Examiner, we refer to the Appeal Brief (filed August 20, 2013, "App. Br."), the Reply Brief (filed November 18, 2013, Reply Br."), the Examiner's Answer (mailed September 17, 2013, "Ans."), the Final Action (mailed August 15, 2012, "Final Act."), and the Specification (filed August 6, 2007, "Spec.") for the respective details. 2 Appeal2014-001753 Application 11/834, 615 the plurality of security applications by the security domain control services application, the logic based rules including Boolean operators, and wherein the one or more security policies of each of the plurality of security applications are independently manageable by the security domain control services application. References and Rejections The Examiner relies upon the prior art as follows: Njemanze US 7,376,969 Bl May20, 2008 (filed Dec. 2, 2002) Chan us 6,005,942 Dec. 21, 1999 The claims stand rejected as follows: 3 1. Claims 1-6, 8-31, and 47---62 stand rejected under 35 U.S.C. Â§ 101 as directed to non-statutory subject matter. Final Act. 8-10. 2. Claims 32-39 stand rejected under 35 U.S.C. Â§ 101 as directed to non-statutory subject matter. Final Act. 10. 3. Claims 1-6 and 8-62 stand rejected under 35 U.S.C. Â§ 103(a) as obvious over Chan and Njemanze. Final Act. 11---69. 3 Based on Appellant's arguments in the Appeal Brief, we will decide the appeal on the basis of claims as set forth below. See 37 C.F.R. Â§ 41.37( c )(1 )(vii). 3 Appeal2014-001753 Application 11/834, 615 ANALYSIS We have reviewed the rejections of Claims 1---6 and 8---62 in light of Appellant's arguments that the Examiner erred. We have considered in this decision only those arguments Appellant actually raised in the Briefs. Any other arguments which Appellant could have made but chose not to make in the Briefs are deemed to be waived. See 37 C.F.R. Â§ 41.37(c)(l)(iv). We are not persuaded that Appellant identifies reversible error. Upon consideration of the arguments presented in the Appeal Brief and Reply Brief, we agree with the Examiner that all the pending claims are unpatentable over the cited combination of references. We adopt as our own the findings and reasons set forth in the obviousness rejection from which this appeal is taken and in the Examiner's Answer. We provide the following explanation to highlight and address specific arguments and findings primarily for emphasis. Non-Statutory Subject Matter Claims 40-46 We decline to reach the merits of the rejection of Claims 40-46. The rejection is moot because the Examiner has withdrawn the rejection in view of Appellant's amendment of independent Claims 40, 42, and 46 to recite "non-transitory computer readable medium," per the Examiner's suggestion. See Final Act. 2. 4 Appeal2014-001753 Application 11/834, 615 Claims 1-6, 8-31, and 47-62 The rejection of Claims 1---6, 8-31, and 47---62 is moot in view of Appellant's amendment of Claims 1, 2, 6, 47-52, and 59 to recite: "[a] token that deploys a uniform security applications architecture," as suggested by the Examiner. See Final Act. 9. Claims 32-39 The Examiner finds claims 32-39 to be non-statutory because they are not tied to a particular machine, nor do they transform underlying subject matter (such as an article or material) to a different state or thing. Final Act. 10. Appellant contends the method of claims 32-39 recites steps for installing security software inside a security token. Thus the physical token is transformed to a different state. App. Br. 15. Appellant's Specification discloses: "GlobalPlatform Card Specification 2.1, supports multiple applications residing in a security token, includes a mechanism for sharing of resources in a secure manner and standardizes the mechanism by which applications are loaded and installed in the security token." Spec., i-f 30. "GlobalPlatform is a non-profit, member driven association which defines and develops specifications to facilitate the secure deployment and management of multiple applications on secure chip technology." "GlobalPlatform applies the term 'secure chip' in reference to embedded technologies used in various chips - such as smart cards, application 5 Appeal2014-001753 Application 11/834, 615 processors, SD cards, USB tokens and secure elements - for protecting assets (data, keys and applications) from physical or software attacks." See http://www.globalplatform.org/. The Examiner finds that the claimed "token" is not limited to hardware, but may be pure software. Ans. 69. We agree with Appellant that, in view of the Specification, the claimed "token" is a physical device, such as a "secure chip," and is transformed by installation of security software, as claimed. The Examiner finds "the mere recitation of a machine in the preamble with an absence of a machine in the body of the claim fails to make the claim statutory under 35 U.S.C. [Â§] 101." Ans. 67 (citing Ex parte Langemyer, Appeal 2008-1495 (BP AI May 28, 2008) (Informative). With respect to the instant claims, we find "the claim preamble, when read in the context of the entire claim, recites limitations of the claim, [and that] the claim preamble is 'necessary to give life, meaning, and vitality' to the claim, [therefore,] the claim preamble should be construed as if in the balance of the claim." Pitney Bowes, Inc. v. Hewlett-Packard Co., 182 F.3d 1298, 1305, (Fed. Cir. 1999). In Langemyer, an expanded Panel of the Board noted that the patent-eligible claims in The Telephone Cases "recited certain specified conditions for using a particular circuit for the transmission of sounds." Langemyer, slip op. at 11 (citing Gottschalkv. Benson, 409 U.S. 63 (1972), citing The Telephone Cases, 126 U.S. 1 (1888)). The present invention claims "specified conditions" for using "particular circuit[ s ]," i.e., 6 Appeal2014-001753 Application 11/834, 615 the circuits (tokens) defined by the GlobalPlatfonn standards to carry out functions specified by the GlobalPlatform standards. We disagree with the Examiner for the further reason that the claims, in their body of recitations, when read in light of the Specification, necessarily refer to the recitations of the preamble. The preambles of each of independent Claims 32, 35, and 39 recite "a security token." Appellant discloses a "security token" is an integrated circuit based hardware device: The term "security token" as defined herein refers to hardware based security devices such as security tokens, integrated circuit tokens, subscriber identification modules (SIM), wireless identification modules (WIM) , USB token dongles, identification tokens, secure application modules (SAM), hardware security modules (HSM), secure multi-media token (SivHviC) and like devices. Spec., p. 3, 11. 19--24. Appellant further discloses the "security token architecture is compliant with the international standard ISO/IEC 7816-4, "Information technology - Identification tokens - Integrated circuit(s) tokens with contacts - Part 4: Interindustry commands for interchange." Id. Thus, the claimed security token is an article of manufacture, a physical device. The body of independent Claim 32 recites a "downloadable" "security domain control services application." Appellant defines "security domain" to be a "logical or physical workspace[] within a security token allocated to an application provider for installation and execution of applications." Spec., p. 3, 11. 30-32. Thus, the "security domain" recitations in the body of 7 Appeal2014-001753 Application 11/834, 615 the claims relates to the "security token" recited in the preamble and distinguish the present claims over Langemyer. We find downloading and installing a security domain control services application into a security token, as claimed, changes the physical state or functionality of the hardware device. Independent Claims 35 and 39 contain similar recitations relating to updating a security domain within a physical security token. Thus, these claims are statutory, under Â§ 101, "because they do not merely recite the performance of some business practice known from the pre-Internet world along with the requirement to perform it on the Internet. Instead, the claimed solution is necessarily rooted in computer technology in order to overcome a problem specifically arising in the realm of computer networks." DDR Holdings, LLC, v. Hotels.Com., L.P., 2013-1505 slip op. at 20 (Fed. Cir. Dec. 5, 2014). We decline to sustain the rejection of Claims 32-39 underÂ§ 101. Obviousness Appellant argues all claims as a group. App. Br. 20. Appellant contends that each independent claim contains a limitation to a security domain control services application. Appellant argues that each security policy of each security application is independently managed by the security domain control services application. Id. According to Appellant, Chan discloses that each downloaded application has its own security domain, but that Chan fails to disclose a central security domain control services 8 Appeal2014-001753 Application 11/834, 615 application that enforces the security policies of the various downloaded applications. Id. Rather, the security domain of each security application enforces its own respective security policy. App. Br. 21. We agree with the Examiner's finding that Chan teaches that the applications can preferably manage its own life cycle management. The recitation "preferably" does not mean that card domain 308 cannot manage the life cycle of each application, as argued by Appellant. Ans. 69 (citing Chan, col. 12, 11. 50-56). Appellant quotes Chan: Card domain 308 is also responsible for the installation of applications on the card, but preferably has no control over the applications' life cycle states. Each application is preferably responsible for its own application life cycle state management but it preferably allows card domain 308 to have access to its life cycle states for auditing purposes. Reply Br. 3 (citing Chan, col. 12, 11. 50-56) (emphasis added). Appellant argues that Chan fails to disclose Card domain 308 enforces security policies. Ans. 69. We disagree with Appellant and note for emphasis that Chan discloses that the "card domain as the system security manager of the card maintains the current life, cycle state, enforces the associated security policies, and controls the state transitions in the card life cycle." Chan. Col. 12, 11. 63----67. DECISION 9 Appeal2014-001753 Application 11/834, 615 The rejection of Claims 1---6, 8-39, and 47---62 under 35 U.S.C. Â§ 101 is REVERSED. The rejection of Claims 40-46 under 35 U.S.C. Â§ 101 has been withdrawn. The rejection of Claims 1---6 and 8---62 under 35 U.S.C. Â§ 103(a) is AFFIRMED. 4 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l)(iv). AFFIRMED DISSENTil~G OPil~ION JIV ANI, Administrative Patent Judge. I join my colleagues in affirming the Examiner's decision rejecting claims 1---6 and 8---62 under 35 U.S.C. Â§ 103(a). 4 Claim 1, and various of the other independent claims, recite a "token that deploys a uniform security applications architecture for deployment in a security token." Should prosecution continue, the Examiner may wish to consider whether the multiple recitations of the term "token" renders the claims indefinite. 10 Appeal2014-001753 Application 11/834, 615 I dissent, respectfully, from reversal of the Examiner's decision rejecting claims 1---6, 8-31, and 47-62 as directed to non-statutory subject matter under 35 U.S.C. Â§ 101. I would affirm the Examiner's decision for essentially the reasons set forth by the Examiner. The preambles of independent claims 1, 2, 6, 4 7-52, and 59 each recite "A token that deploys a uniform security applications architecture for deployment in a security token comprising." Thus each of these claims, and their dependent claims, recites "a token" as a distinct entity from the recited architecture. Appellant fails to identify sufficient disclosure in the Specification to limit clearly the preamble phrase "token" to a physical structure. Although the Specification limits the phrase "security token" to a physical structure (Spec. 3: 19-23), such limits do not apply to the recited "token," which is presumably broader than the recited "security token." Further, the "security token" recited in the preamble is merely the intended environment of the architecture that the "token" deploys. Thus, I am not persuaded that the preamble of each of independent claims 1, 2, 6, 47-52, and their dependent claims 3-5, 8-31, and 53---62 is limiting and circumscribes the claim scope to patent-eligible subject matter. 11