Ex Parte Okunseinde et alDownload PDFPatent Trial and Appeal BoardApr 26, 201310803590 (P.T.A.B. Apr. 26, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 10/803,590 03/18/2004 Folu Okunseinde AUS920031041US1 7383 50170 7590 04/26/2013 IBM CORP. (WIP) c/o WALDER INTELLECTUAL PROPERTY LAW, P.C. 17330 PRESTON ROAD SUITE 100B DALLAS, TX 75252 EXAMINER GERGISO, TECHANE ART UNIT PAPER NUMBER 2494 MAIL DATE DELIVERY MODE 04/26/2013 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ________________ Ex parte FOLU OKUNSEINDE and TYRON STADING ________________ Appeal 2011-000090 Application 10/803,590 Technology Center 2400 ________________ Before JOHNNY A. KUMAR, JOHN G. NEW, and MIRIAM L. QUINN, Administrative Patent Judges. NEW, Administrative Patent Judge. DECISION ON APPEAL Appeal 2011-000090 Application 10/803,590 2 SUMMARY Appellants file this appeal under 35 U.S.C. § 134(a) from the Examiner’s Final Rejection of claims 1-2, 4, 6-8, 28-29, and 31-341 as unpatentable under 35 U.S.C. § 103(a) as being obvious over the combination of Suzuki (US 2004/0259529 Al, December 23, 2004) (“Suzuki”) and Lee, IV et al. (US 2005/0188072 Al, August 25, 2005) (“Lee”). We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM-IN-PART. NATURE OF THE CLAIMED INVENTION Appellants’ invention is directed to a method and apparatus for providing transaction-level security. The method comprises determining security information associated with at least one object of a transaction and determining if a remote device is capable of providing a level of security indicated by at least a portion of the security information. The method further comprises transmitting the object to the remote device in response to determining that the remote device is capable of providing the level of security. Abstract. 1 Appellants also appeal the Examiner’s rejection of claims 1, 3, and 5 under 35 U.S.C. § 112(b). App. Br. 4. Because the Examiner withdrew the rejection of the claims on this ground, we need not reach that issue in this appeal. Ans. 3. Claims 9-27 and 30 are cancelled. App. Br. 2. Appeal 2011-000090 Application 10/803,590 3 GROUPING OF CLAIMS Because Appellants argue that the Examiner erred for substantially the same reasons with respect to claims 1, 2, 4, 6-8, 28, 29, and 31-34, we select claim 1 as representative. App. Br. 6, 14. Claim 1 recites: 1. A method, comprising: determining security information associated with a[n] object of a transaction, wherein the security information is inserted in a header of the object and the object is to be transmitted from a source device to a target device along a transmission path that includes at least one intermediate device determining, at each of the source device, and the at least one intermediate device along the transmission path as the object is transmitted along the transmission path, whether a next device in the transmission path to which the object is to be transmitted provides a level of security indicated by at least a portion of the security information in the header of the object; and transmitting, at each of the source device, and the at least one intermediate device along the transmission path as the object is transmitted along the transmission path, the object to the next device in the transmission path in response to determining that the next device provides the level of security required by the at least a portion of the security information. App. Br. 25. Appellants argue separately that the Examiner also erred with respect to claim 2, which Appellants allege contains separate subject matter not rendered obvious over the prior art references. App. Br. 15. Claim 2 recites: Appeal 2011-000090 Application 10/803,590 4 2. The method of claim 1, wherein the object is a business object, and wherein determining if the next device in the transmission path provides the level of security comprises: transmitting to the next device in the transmission path information representative of the level of security that is desired; and receiving a response from the next device in the transmission path indicating that the next device in the transmission path provides the desired level of security. App. Br. 25. Appellants argue separately that the Examiner erred with respect to claims 6 and 32, which Appellants allege contain separate subject matter not rendered obvious over the prior art references. App. Br. 15, 22. We therefore select claim 6 as representative. Claim 6 recites: 6. The method of claim 1, further comprising determining an alternative device along a different transmission path that provides the level of security required by the at least a portion of the security information in response to determining that the next device in the transmission path does not provide the level of security required by the at least a portion of the security information. App. Br. 27. Appellants argue separately that the Examiner erred with respect to claims 7 and 29, which Appellants allege contain separate subject matter not rendered obvious over the prior art references. App. Br. 18. We therefore select claim 7 as representative. Claim 7 recites: 7. The method of claim 1, further comprising sending a message to the next device in the transmission path instructing the next device to execute at least one module that allows the Appeal 2011-000090 Application 10/803,590 5 next device to provide the level of security required by the at least a portion of the security information. App. Br. 27. Appellants argue separately that the Examiner also erred with respect to claim 31, which Appellants allege contains separate subject matter not rendered obvious over the prior art references. App. Br. 19. Claim 31 recites: 31. The method of claim 1, wherein at least one intermediate device includes at least a first intermediate device and a second intermediate device; wherein determining if a next device in the transmission path provides a level of security required by the at least a portion of security information includes performing the determining at the source device, wherein the next device is the first intermediate device; wherein transmitting the object to the next device comprises transmitting the object to the first intermediate device, and wherein in response to determining that the next device provides the level of security, and in response to determining that the first intermediate device provides the level of security: determining, at the first device, if a second device of the plurality of intermediate devices that is adjacent the first device provides the level of security indicated by the at least a portion of the security information; transmitting the object to the second device of the plurality of intermediate devices in response to determining that the second device provides the level of security; and Appeal 2011-000090 Application 10/803,590 6 transmitting the object to the target device from the second device. App. Br. 28-29. Appellants argue separately that the Examiner also erred with respect to claim 33, which Appellants allege contains separate subject matter not rendered obvious over the prior art references. App. Br. 22. Claim 33 recites: 33. The method of claim 1, wherein the at least one intermediate device includes a plurality of intermediate devices; wherein determining if a next device in the transmission path provides a level of security comprises determining, at a previous device in the transmission path, a security level for each intermediate device of the plurality of intermediate devices; wherein transmitting the object to the next device in the transmission path, in response to determining that the next device is adapted to provide the level of security, comprises transmitting the object to each of the plurality of intermediate devices in the transmission path in response to determining that each of the plurality of intermediate devices provides the level of security; further comprising: transmitting the object to the target device. App. Br. 29-30. Appellants argue separately that the Examiner also erred with respect to claim 34, which Appellants allege contains separate subject matter not rendered obvious over the prior art references. App. Br. 24. Claim 34 recites: Appeal 2011-000090 Application 10/803,590 7 34. The method of claim 1, wherein the object is one of a plurality of objects of the transaction, and wherein at least two of the objects in the plurality of objects have different security information in their respective headers identifying different levels of security required to be provided by devices along corresponding transmission paths to receive the at least two objects. App. Br. 30. ISSUES AND ANALYSES We address each of Appellants’ arguments seriatim, as presented in Appellants’ Brief. A. The Examiner’s rejection of claims 1 2, 4, 6-8, 28, 29, and 31-34 under 35 U.S.C. § 103(a). Issue Appellants argue that the Examiner erred in finding that the combination of Suzuki and Lee teaches or suggests the limitations of claim 1 reciting “determining, at each of the source device, and the at least one intermediate device along the transmission path as the object is transmitted along the transmission path, whether a next device in the transmission path to which the object is to be transmitted provides a level of security indicated by at least a portion of the security information in the header of the object” and “transmitting, at each of the source device, and the at least one intermediate device along the transmission path as the object is transmitted along the transmission path, the object to the next device in the transmission path in response to determining that the next device provides the level of Appeal 2011-000090 Application 10/803,590 8 security required by the at least a portion of the security information.” App. Br. 6-7. We therefore address the issue of whether the Examiner so erred. Analysis Appellants argue that neither Suzuki nor Lee, alone or in combination, teaches or suggests the disputed limitation. App. Br. 7. Specifically, Appellants argue that Suzuki is directed to validating that a frame is being sent from an authenticated valid terminal and is not concerned with determining whether a next device along a transmission path provides a level of security indicated by at least a portion of the security information in the header of an object being transmitted. Id. To the contrary, argue Appellants, Suzuki is specifically “looking backward” to the source to determine if the source was valid. Id. Appellants argue further that Suzuki neither teaches nor suggests transmitting an object along the transmission path to the next device in response to determining that the next device provides a level of security required by the portion of the security information in the header of the object. App. Br. 7-8. To the contrary, contend Appellants, Suzuki teaches that the frame is processed only when it is determined that the source of the frame, i.e. the terminal from which the frame is transmitted, is an authenticated valid terminal. App. Br. 8. Furthermore, Appellants contend, Lee does not remedy the alleged deficiencies of Suzuki. App. Br. 11. Appellants argue that Lee is directed to a mechanism for dynamically constructing a protocol to facilitate communication between nodes and across multiple nodes. Id. Appellants assert that Lee provides a mechanism for establishing internode protocols Appeal 2011-000090 Application 10/803,590 9 dynamically, based on the policies of the nodes positioned between the source and destination. Id. Appellants argue that Lee teaches creating a protocol that is supported by all of the nodes along a communication path prior to performing any communication. Id. Appellants contend that this means that the protocol that is created has a minimum number of protocol properties, according to the lowest common denominator amongst the nodes. Id. Appellants therefore argue that Lee does not teach or suggest performing security level checks on each individual device of a transmission path, wherein the individual device provides a level of security required by header information an object of a transaction prior to the object being transmitted to the device and transmitting the object to that device in response to a determination that the device supports the required level of security. App. Br. 12. In fact, argue Appellants, Lee implicitly teaches that there is no need to perform a check at each device along a transmission path as to whether a next device along the transmission path provides a required level of security since the protocol is established a priori before any transmission is performed. Id. Hence, contend Appellants, any alleged combination of Suzuki and Lee, even if such a combination were possible and one were somehow motivated to attempt such a combination, would still not result in the features of independent claim 1 being taught or rendered obvious. App. Br. 14. The Examiner responds that, applying the broadest reasonable interpretation to the claims in light of the specification, “at least one intermediate device” is interpreted as “an intermediate device” between a source device and a target device to constitute only three devices to form a Appeal 2011-000090 Application 10/803,590 10 path (a source device, an intermediate device and a target device). Ans. 12. Likewise, the Examiner finds that the limitation “determining a level of security provided by a next device (in effect a target device) indicated by at least a portion of security information in the header of the object” may be interpreted broadly and reasonably to correspond to any security function or rule or policy or a security key or even the device’s identification as long as it matches with security as indicated in the header of the object. Ans. 13. The Examiner finds that Suzuki teaches or suggests the latter limitation by teaching matching a key and a terminal identifier of a receiving terminal in the authentication header of a frame at a transmitting terminal and also by mutually authenticating the transmitting terminal and the receiving terminal. Ans. 13 (citing Suzuki, ¶¶ [0011], [0021], [0050], [0069]). The Examiner finds that the receiving terminal validates the received authentication header to validate the transmitter, the transmitting terminal validates the receiving terminal, and this mutual authentication is carried out in tandem form to include the intermediate devices. Ans. 13 (citing Suzuki, Fig. 1). The Examiner finds that, although Suzuki does not explicitly teach security information associated with a transaction object and providing a level of security indicated by at least a portion of the security information, Lee teaches or suggests that security information is associated with a transaction object (citing Lee, ¶¶ [0028], [0054]) and providing a level of security indicated by at least a portion of the security information. Ans. 13 (citing Lee ¶¶ [0043], [0054], [0094], [0106-0107]). The Examiner also finds that Lee discloses a method and a system for retrieving an intermediate node policy and a destination node policy, the intermediate Appeal 2011-000090 Application 10/803,590 11 node policy characterizing communication properties supported by an intermediate node and the destination node policy characterizing communication properties supported by a destination node, the intermediate node being between a source node and the destination node in a communication path. Ans. 14 (citing Lee, ¶¶ [0010], [0019], [0034]). We are persuaded by the Examiner’s reasoning and adopt it as our own. As an initial matter, we agree with the Examiner that the limitation “determining a level of security provided by a next device (in effect a target device) indicated by at least a portion of security information in the header of the object” may be interpreted broadly and reasonably to correspond to any security function or rule or policy or a security key or even the device's identification as long as it matches with security as indicated in the header of the object. Ans. 13; see, e.g., Biogen Idec, Inc. v. GlaxoSmithKline LLC, No. 2012–1120, 2013 WL 1603360, at *2 (Fed. Cir. April 16, 2013) (Examiner employs “broadest reasonable interpretation” standard in claim interpretation). We find that Lee teaches that “a policy can specify message encoding formats, security algorithms, tokens, transport addresses, transaction semantics, routing requirements, and other properties related to message transmission or reception” and that “[i]mplementations of policies … specify one or more assertions, which can aid two or more nodes in a message exchange in determining if their requirements and capabilities are compatible.” Lee, ¶ [0028]; see Ans. 13. We further agree with the Examiner that Lee teaches or suggests that such security information is associated with a transaction object (Lee, ¶ [0054]; see Ans. 13) and that Lee teaches or suggests retrieving an intermediate node policy and a Appeal 2011-000090 Application 10/803,590 12 destination node policy, the intermediate node policy characterizing communication properties supported by an intermediate node and the destination node policy characterizing communication properties supported by a destination node, the intermediate node being between a source node and the destination node in a communication path. Ans. 14. Furthermore, we agree with the Examiner that Suzuki teaches matching a key and a terminal identifier of a receiving terminal in the authentication header of a frame at a transmitting terminal and also by mutually authenticating the transmitting terminal and the receiving terminal. Ans. 13. We are not persuaded by Appellants’ argument that the teachings or suggestions of Suzuki are essentially “backward-looking” only. See App. Br. 7. On the contrary, we find that Suzuki teaches that authentication via a header authentication key occurs in both directions: “when a terminal is to be connected to the network resources, mutual authentication is performed among the devices. Then, an authentication header key (FIG. 9) and a unicast encryption key (FIG. 10) are shared in accordance with the key distribution sequence described below following the mutual authentication.” Suzuki, ¶ [0069]; see Ans. 13. We therefore find that the combination of Lee and Suzuki teaches or suggests the limitations of claim 1 reciting “determining, at each of the source device, and the at least one intermediate device along the transmission path as the object is transmitted along the transmission path, whether a next device in the transmission path to which the object is to be transmitted provides a level of security indicated by at least a portion of the security information in the header of the object” and “transmitting, at each of the source device, and the at least one intermediate device along the Appeal 2011-000090 Application 10/803,590 13 transmission path as the object is transmitted along the transmission path, the object to the next device in the transmission path in response to determining that the next device provides the level of security required by the at least a portion of the security information.” We consequently conclude that the Examiner did not err in so finding. B. The Examiner’s rejection of claim 2 under 35 U.S.C. § 103(a). Issue Appellants argue that the Examiner erred in finding that the combination of Suzuki and Lee teaches or suggests the additional limitations of claim 2 reciting “transmitting to the next device in the transmission path information representative of the level of security that is desired” and “receiving a response from the next device in the transmission path indicating that the next device in the transmission path provides the desired level of security.” App. Br. 15. We therefore address the question of whether the Examiner so erred. Analysis Appellants admit that Lee teaches or suggests that the system includes a source node policy, a policy retriever for retrieving an intermediate node policy, and a message generator that generates a request message. App. Br. 15 (citing, Lee, ¶ [0011]). Appellants additionally contend that Lee teaches or suggests that the policy retriever retrieves policies from other nodes by requesting the policy from another node, receiving the policy, and caching the received policy or retrieving the policy from local memory. App. Br. 15 (citing, Lee, ¶ [0034]). Appellants Appeal 2011-000090 Application 10/803,590 14 argue that the retriever can also determine if the retrieved policy is compatible with a local policy and select a compatible policy expression in the retrieved policy. App. Br. 15-16. Appellants argue that Lee merely teaches that node B’s policy retriever operates in the same way as the policy retriever of node A and has a message generator that transmits a message in accordance with an input policy of node A. App. Br. 16 (citing, Lee, ¶ [0037]). Appellants contend, therefore, that the sections of Lee cited above teach policy retrieval for intermediate nodes, but that nothing in these sections, or any other section, of Lee teaches or suggests the specific features of transmitting to the next device in the transmission path information representative of the level of security that is desired or receiving a response from the next device in the transmission path indicating that the next device in the transmission path provides the desired level of security. App. Br. 16. To the contrary, argue Appellants, Lee retrieves the policy for the intermediate node and determines compatible expressions in the intermediate node’s policy that are compatible with the policy of the source node. Id. The Examiner responds that Lee discloses that policy messages and policy expression are transmitted and received between each node across the transmission path to comply with application level security at each node. Ans. 14 (citing Lee, ¶¶ [0093]-[0095]). We agree with the Examiner. Lee teaches sending and receiving policy retrieval messages between the source node and the intermediate and destination nodes, and returning policy messages to the source node from the intermediate and destination modes. Lee, ¶¶ [0087]-[0088], [0093]- Appeal 2011-000090 Application 10/803,590 15 [0095]. We have explained supra that Lee teaches that policies can include information with respect to the levels of security available at each node. We therefore conclude that the Examiner did not err in finding that the combination of Suzuki and Lee teaches or suggests the disputed limitation of claim 2. C. The Examiner’s rejection of claim 6 under 35 U.S.C. § 103(a). Issue Appellants argue that the Examiner erred in finding that the combination of Suzuki and Lee teaches or suggests the limitation of claim 6 reciting “determining an alternative device along a different transmission path that provides the level of security required by the at least a portion of the security information in response to determining that the next device in the transmission path does not provide the level of security required by the at least a portion of the security information.” App. Br. 16. We therefore address the issue of whether the Examiner so erred. Analysis Appellants argue that Lee teaches or suggests a process of procuring the destination node policy by obtaining policy from an intermediate node, selecting a policy expression from the policy of the intermediate node and applying it to a policy retrieval message that includes the policy for the source node. App. Br. 17 (citing Lee, ¶¶ [0083]-[0088]). Appellants assert that Lee teaches that the intermediate node receives the policy retrieval message, validates it based on the selected policy expression that was applied to the policy retrieval message, and then requests the policy from Appeal 2011-000090 Application 10/803,590 16 the destination node. Id. Appellants further contend that the intermediate node then places the policy of the destination node into a message for the source node by applying a policy of the source node to the message and sending it back to the source node. Id. However, argue Appellants, Lee nowhere teaches or suggests the limitation of determining an alternative device along a different transmission path that provides the level of security required by the at least a portion of the security information in response to determining that the next device in the transmission path does not provide the level of security required by the at least a portion of the security information. App. Br. 17. The Examiner responds that Lee teaches routing through firewalls at each node in the path that may have policies related to data protocols that are preferred or available and/or required by the node. Ans. 15 (citing Lee, ¶ [0083]). The Examiner finds that Lee discloses selecting and retrieving a security policy expression at each node for the message to reach a destination from source though intermediate node. Ans. 15 (citing Lee, ¶¶ [0084]-[0085]). We are not persuaded by the Examiner’s findings. Lee teaches that: [o]ften, in actual operation, messages from one node are routed through other nodes before reaching the destination node. For example, in a corporate environment, messages may be routed through a firewall, a main server, and finally to a recipient’s computer. Each node in the path may have policies related to data protocols that are preferred, available, and/or required by the node. Lee, ¶ [0083]. Lee thus teaches that different nodes may have different levels of security, as expressed by differing policies. However, we do not find, in the paragraphs cited by the Examiner or elsewhere in Lee, that Lee Appeal 2011-000090 Application 10/803,590 17 teaches or suggests routing through an alternate node, with the desired level of security, if a node in the pathway does not have a sufficient level of security. We therefore conclude that the Examiner erred in finding that the combination of Suzuki and Lee teaches or suggests the disputed limitation of claim 6. D. The Examiner’s rejection of claim 7 under 35 U.S.C. § 103(a). Issue Appellants argue that the Examiner erred in finding that the cited prior art references teach or suggest the limitation of claim 7 reciting “sending a message to the next device in the transmission path instructing the next device to execute at least one module that allows the next device to provide the level of security required by at least a portion of the security information.” App. Br. 18-19. We therefore address the issue of whether the Examiner so erred. Analysis Appellants repeat their argument with respect to claim 6 supra, contending that Lee does not teach or suggest sending a message to a next device instructing that device to execute a module that allows the next device to provide a level of security required by the at least a portion of the security information, as recited in claim 7. App. Br. 19 (citing Lee, ¶¶ [0083]-[0088]). The Examiner answers that the cited paragraphs of Lee teaches or suggests the disputed limitation. Ans. 15 (citing Lee, ¶¶ [0083]-[0088]). We agree with the Examiner. Lee teaches that: Appeal 2011-000090 Application 10/803,590 18 Source node 502 generates a message intended for the destination node 504. As discussed above, source node 502 retrieves the policy of the destination node 504, in order to select a policy expression, and apply the selected policy expression to the message. However, in order to retrieve the policy of the destination node 504, the source node 502 must go through intermediate node X 506 and intermediate node Y 508. …. The policy retrieval message is a request for the policy from the destination node 504. Included with the policy retrieval message is the policy related to the source node 502. The intermediate node X 506 receives the policy retrieval message, including the policy of the source node 502, and validates the message, as discussed above, by checking to see that a valid policy expression was applied to the policy retrieval message. If the policy retrieval message is valid, the intermediate node X 506 requests the policy from the destination node 504. The intermediate node X 506 puts the policy of the destination node 504 into a message for the source node 502. This includes applying the policy of the source node 502 to the message so that the message to the source node 502 conforms to the policy of the source node 502. The source node 502 receives and validates the message and reads the policy of the destination node 504. Lee, ¶¶ [0085]; [0087]-[0088]. We have explained supra how the combination of Suzuki and Lee teaches or suggests transmitting, at each of the source device, and to the at least one intermediate device along the transmission path as the object is transmitted along the transmission path, the object to the next device in the transmission path in response to determining that the next device provides the level of security required by the at least a portion of the security information. We find that Lee teaches or suggests determining the security level that is to be executed at each node and then, as the object is transmitted, the policy (i.e., the security Appeal 2011-000090 Application 10/803,590 19 level) is executed at each node. Lee, ¶¶ [0092]-[0094]; see Ans. 15. We therefore conclude that the Examiner did not err in determining that the combination of Lee and Suzuki teaches or suggests the limitation of claim 7 reciting “sending a message to the next device in the transmission path instructing the next device to execute at least one module that allows the next device to provide the level of security required by at least a portion of the security information.” E. The Examiner’s rejection of claim 31 under 35 U.S.C. § 103(a). Issue Appellants argue that the Examiner erred in rejecting claim 31, which recites an implementation of the method of claim 1. App. Br. 19. We therefore address whether the Examiner so erred. Analysis Appellants argue that claim 31 recites a specific implementation of the method of claim 1, in which there are two intermediate nodes and the method is first implemented at the source node with regard to the first intermediate node being the “next node” in the transmission path and then the method is performed at the first intermediate node (which then operates as the “source node”) with regard to a second intermediate node (which then operates as the “next node” in the transmission path). App. Br. 19. Appellants argue that, for the same reasons with respect to claim 1, the alleged combination of Suzuki and Lee fails to teach or render obvious the features of claim 31. Id. Appeal 2011-000090 Application 10/803,590 20 The Examiner responds that Lee discloses that the retrieving operation 604 sends the created policy request to the first node in the list. Ans. 15 (citing Lee, ¶ [0104]). The Examiner finds that the first node in the list removes a policy level (related to the first node) from the message and forwards the request message on to the next node. App. Br. 15-16. The Examiner finds that the next node receives the policy request message and, if the request is for the node’s policy, that node sends back its policy; otherwise, the request is forwarded on to the next node. Ans. 16. The Examiner further finds that Lee teaches or suggests the retrieving operation 604, the selecting operation 606, the determining operation 608, the inserting operation 610, the determining operation 612, and the creating operation 614 continue until the policy of each node in the multiple-node communication path is retrieved and compatible policy expressions are selected from each of the policies. Ans. 17 (citing Lee, ¶ [0105]). Therefore, finds the Examiner, a compatible policy expression is selected corresponding to each of the policies and each of the nodes. Id. We agree with the Examiner. Appellants admit that their argument with respect to claim 31 is essentially the same as their argument with respect to claim 1. We have related supra our reasoning as to why the Examiner did not err with respect to claim 1, and we adopt the same reasoning with respect to claim 31. We therefore conclude that the Examiner did not err in finding that the cited prior art references teach or suggest the recitation of claim 31. Appeal 2011-000090 Application 10/803,590 21 F. The Examiner’s rejection of claim 33 under 35 U.S.C. § 103(a). Issue Appellants argue that the Examiner erred in finding that the combination of Lee and Suzuki teaches the limitations of claim 33 reciting the features of “wherein determining if a next device in the transmission path provides a level of security comprises determining, at a previous device in the transmission path, a security level for each intermediate device of the plurality of intermediate devices” and “wherein transmitting the object to the next device in the transmission path, in response to determining that the next device provides the level of security, comprises transmitting the object to each of the plurality of intermediate devices in the transmission path in response to determining that each of the plurality of intermediate devices provides the level of security.” App. Br. 22. We therefore address the issue of whether the Examiner so erred. Analysis Appellants argue that Lee teaches or suggests only that the policies of the nodes are gathered and applied to a message in a layered manner. App. Br. 23 (citing Lee, ¶¶ [0084]; [0094]). According to Appellants, the cited portions of Lee teach or suggest that the message includes multiple layers of policies that are retrieved from the nodes along a path to a destination node, but there is no teaching in any of these sections regarding determining, at a previous device in the transmission path, a security level for each intermediate device of the plurality of intermediate devices. Id. Moreover, assert Appellants, there is no teaching of transmitting the object to each of the plurality of intermediate devices in the transmission path in Appeal 2011-000090 Application 10/803,590 22 response to determining that each of the plurality of intermediate devices provides the level of security. Id. The Examiner responds that Appellants’ argument is no more than a general allegation instead of showing distinction between claimed features and cited prior art and that Lee teaches or suggests the disputed limitations of claim 33. Ans. 16 (citing Lee, ¶¶ [0084]; [0094]; [0100]). We agree with the Examiner that Appellants’ contentions, with respect to claim 33, amount to no more than a general allegation that the claim defines a patentable invention. Ans. 16. Accordingly, Appellants fail to show error in the Examiner’s rejection. See In re Lovin, 652 F.3d 1349, 1357 (Fed. Cir. 2011) (interpreting Rule 41.37). Moreover, we have addressed Appellants’ arguments supra with respect to the substance of these limitations in our discussion of the preceding claims. We therefore conclude that the Examiner did not err in finding that the combination of Lee and Suzuki teach or suggest the disputed limitations of claim 33. G. The Examiner’s rejection of claim 34 under 35 U.S.C. § 103(a). Issue Appellants argue that the Examiner erred in finding that the combination of Lee and Suzuki teaches or suggests the limitation of claim 34 reciting “wherein the object being one of a plurality of objects of the transaction, and wherein at least two of the objects in the plurality of objects have different security information in their respective headers identifying different levels of security required to be provided by devices along corresponding transmission paths to receive the at least two objects.” Appeal 2011-000090 Application 10/803,590 23 App. Br. 23-24. We therefore address the issue of whether the Examiner so erred. Analysis Appellants contend, with reference to their arguments supra, that there is no mention of objects, let alone multiple objects of a transaction or at least two objects of the same transaction having different levels of security required by devices along the transmission path, nor is there any correlation between what is taught or suggested by Lee and the limitations recited in claim 34. App. Br. 24. The Examiner responds that Appellants’ argument, instead of showing distinction between claimed features and cited prior art, is no more than a general allegation and that Lee teaches or suggests the disputed limitations of claim 34. Ans. 16-17 (citing Lee, ¶¶ [0083]-[0084]; [0094]; [0100]). We agree with the Examiner that Appellants’ contentions, with respect to claim 34, amount to no more than a general allegation that the claim defines a patentable invention. Ans. 16. Accordingly, Appellants fail to show error in the Examiner’s rejection. See In re Lovin, 652 F.3d at 1357. Furthermore Lee teaches that “[t]he selected policy expressions are applied to an underlying message 510 in order of farthest node to closest node, relative to the source node 502” and that, by way of example, “the underlying message 510 may be a book order [i.e., a business object].” Lee, ¶ [0092]. Lee further teaches that it was well-known in the contemporaneous art that different types of communications require different protocols. Lee, ¶¶ [0003]-[0004]; see also Ans. 5. We conclude Appeal 2011-000090 Application 10/803,590 24 that it would have been obvious for a person of ordinary skill in the art to know, in light of the teachings and suggestions of Lee and Suzuki, that multiple objects might be transmitted between a source and a target, requiring different security levels (i.e., policies). We therefore further conclude that the Examiner did not err in finding that the combination of the cited prior art references teaches or suggests the disputed limitation of claim 1. DECISION The Examiner’s rejection of claims 1-2, 4, 7, 8, 28-29, 31, 33, and 34 as unpatentable under 35 U.S.C. § 103(a) is affirmed. The Examiner’s rejection of claims 6 and 32 as unpatentable under 35 U.S.C. § 103(a) is reversed. TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a) (1)(iv). AFFIRMED-IN-PART msc Copy with citationCopy as parenthetical citation