Ex Parte Sonnega et alDownload PDFPatent Trial and Appeal BoardJan 24, 201712296909 (P.T.A.B. Jan. 24, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. KT06-001 2415 EXAMINER FORMAN, JAMES Q ART UNIT PAPER NUMBER 2445 MAIL DATE DELIVERY MODE 12/296,909 01/29/2009 28112 7590 SAILE ACKERMAN LLC 28 DAVIS AVENUE POUGHKEEPSIE, NY 12603 Marco Alexander Henk Sonnega 01/24/2017 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MARCO ALEXANDER HENK SONNEGA and ZDENEK KALENDA Appeal 2016-005592 Application 12/296,909 Technology Center 2400 Before MAHSHID D. SAADAT, CATHERINE SHIANG, and ALEX S. YAP, Administrative Patent Judges. YAP, Administrative Patent Judge. DECISION ON APPEAL Appellants1 appeal under 35 U.S.C. § 134(a) from the rejection of claims 31 and 33-56,2 which are all the claims pending in this application. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. 1 According to Appellants, the real party in interest is KEY TALK B.V. (App. Br. 2.) 2 Claims 1 30, 32, and 57 62 were cancelled previously. (See App. Br. 2.) Appeal 2016-005592 Application 12/296,909 STATEMENT OF THE CASE Introduction Appellants’ disclosed invention relates “to the field of protecting data communications in which secret keys are used to encrypt/decrypt data, and possibly digitally sign data, which data is transmitted along a communication path and needs to be secured.” (Specification (filed Oct. 10, 2008) (“Spec.”) 1,11. 4—6.) Claim 31 is illustrative, and is reproduced below: 31. A method of secure data transmission in a communication session between a client and a third party computer arrangement, comprising: a) setting up an initial secure, encrypted communication session between said client and a security server via a public communication network that is connecting said client and said security server while using client application software installed on the client, the security server being arranged to use an internal digital Certificate Authority, said initial secure, encrypted communication session using a Diffie-Hellman protocol; b) in said initial secure, encrypted communication session, authenticating a user of said client in an authentication process controlled by said security server while using an authentication protocol with a predetermined security level; c) in said initial secure, encrypted communication session, transmitting to said client a private key and a digital certificate comprising a public key and one or more attributes, said private key being associated with said public key, said digital certificate and said private key being associated with said client and being generated by said security server while using said digital certificate authority; d) in said initial secure, encrypted communication session, automatically installing said digital certificate and private key on said client; 2 Appeal 2016-005592 Application 12/296,909 e) performing said secure data transmission in said communication session between said client and said third party computer arrangement while setting up a two-sided SSL session with said public key and said private key; wherein said digital certificate has a limited life time defined by at least one attribute, said at least one attribute defining at least one of • a predetermined duration in time, • a predetermined number of communication sessions, • a predetermined number of actions. Prior Art and Rejections on Appeal The following table lists the prior art relied upon by the Examiner as evidence in rejecting the claims on appeal: Lafon et al. (“Lafon”) US 2003/0140252 Al July 24, 2003 Kamada et al. (“Kamada”) US 2004/0015406 Al Jan. 22, 2004 Lee et al. (“Lee”) US 2004/0064694 Al Apr. 1, 2004 Arditi et al. (“Arditi”) US 2004/0093499 Al May 13, 2004 Enokida US 7,366,906 B2 Apr. 29, 2008 Myers et al. (“Myers”) US 2009/0055642 Al Feb. 26, 2009 Claims 31 , 34—36, 38, 39, 41^49, and 51--56 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Enokida, in view of Arditi, and further in view of Lee. (See Office Action (mailed Apr. 8, 2015) (“Non- Final Act.”) 3-12.) 3 Appeal 2016-005592 Application 12/296,909 Claim 33 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Enokida, in view of Arditi and Lee, and further in view of Kamada. (See Non-Final Act. 12-13.) Claims 37 and 50 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Enokida, in view of Arditi and Lee, and further in view of Myers. (See Non-Final Act. 13-14.) Claim 40 stands rejected under 35 U.S.C. § 103(a) as being unpatentable over Enokida, in view of Arditi and Lee, and further in view of Lafon. (See Non-Final Act. 14.) ANALYSIS We have reviewed the Examiner’s rejections in light of Appellants’ arguments that the Examiner has erred. We disagree with Appellants’ conclusions. We adopt as our own the findings and reasons set forth by the Examiner in the action from which this appeal is taken and the reasons set forth by the Examiner in the Final Office Action and the Examiner’s Answer in response to Appellants’ Appeal Brief. (Non-Final Act. 3-14; Ans. 4—12.) However, we highlight and address specific findings and arguments for emphasis as follows. “Security Server Being Arranged to Use an Internal Digital Certificate Authority ” With respect to claim 31, the Examiner finds that Enokida teaches or suggests “that the certificate management apparatus acts as a certificate authority (i.e. the claimed ‘the security server being arranged to use an internal digital Certificate Authority’) and issues the private key and public key certificate to the server.” (Non-Final Act. 5.) Appellants contend that 4 Appeal 2016-005592 Application 12/296,909 Enokida only deals with a safe method to substitute a root certificate by a new root certificate on a client such that it is certain that the new certificate originates from the correct safe source[, therefore,] Enokida does not deal with a digital certificate and private key management system per se. (App. Br. 10, emphasis added.) Appellants have not persuaded us that the Examiner erred. Specifically, we agree with the Examiner that Enokida teaches or suggests the limitation because, for example, Enokida “discloses a mutual authentication process between a client and server using a digital certificate and private (and public) keys.” (Ans. 5; see Enokida, FIG. 4; 23:54—57 (“FIG. 4 shows a flow chart of operations performed by the respective apparatuses when mutual authentication according to SSL is performed between a server apparatus and a client apparatus together with information employed there.”) Appellants do not respond. “transmitting to said client a private key” “via a public communication network that is connecting said client and said security server ” Appellants further contend that Enokida does not show “transmitting to said client a private key” “via a public communication network that is connecting said client and said security server” because, according to Appellants, “as all persons skilled in the art knew, no one would ever transmit a private key via a public network.” (App. 10-11.) The Examiner explains that “Enokida is not used to disclose transmission of private data through a public network [and i]t would not be reasonable to allow claim 30 [sic] because of this feature.” (Ans. 8-9; see also Non-Final Office Act 5 (“Enokida does not explicitly disclose setting up an initial secure, encrypted communication session between said client and a security server via a public 5 Appeal 2016-005592 Application 12/296,909 communication network that is connecting said client and said security server.”).) According to the Examiner, transmitting private data securely through an unsecured network such as the Internet (i.e. a public network) is well known in the art. Arguably, the Whole Field of Encryption is built on the idea of protecting communications traveling through an unsecured/public network. Many arts disclose methods of securely transmitting private data through a public network. For example, see paragraph [0080] of Arditi, which discloses “The communication between the CA and the server 2 can be encrypted if necessary” and paragraph [0002] where the network can be the Internet (i.e. a public network). Also see Lee paragraphs [0002], [0003], where data can be encrypted before being sent through an insecure channel to another device, and upon reaching the intended device, the data may be decrypted into its original, usable form. “Therefore, cryptographic systems are designed to provide a level of assurance that the data can be decrypted by those intended to have the ability to do so.” (Ans. 9, emphasis added.) Appellants, in their Reply, present similar contention that the prior art references neither teaches nor suggests the limitations at issue but do not address the Examiner’s findings regarding Arditi and Lee. (Reply 2-4.) Appellants’ contentions do not persuade us the Examiner erred because we agree with the Examiner’s findings regarding Arditi and Lee. Moreover, “one cannot show non-obviousness by attacking references individually where, as here, the rejections are based on combinations of references.” See In re Keller, 642 F.2d 413, 426 (CCPA 1981). “transmitting to said client a private key ” Appellants also contend that Arditi does not teach nor suggest “transmitting to said client a private key.” (App. Br. 12-13.) Appellants’ contention, however, is not persuasive of Examiner error because the 6 Appeal 2016-005592 Application 12/296,909 Examiner relies on Enokida (not Arditi) for this limitation. (See Non-Final Act. 3^4 (“As to claims 31, 47, 53-56, Enokida discloses . . . transmitting to said client a private key . . . see Enokida col. 26 lines 57-64, col. 31 lines 48-60 and 15-20, col. 2 lines 10-25) where the certificate management apparatus . . . issues a private key and a public key certificate to the server (i.e. the claimed ‘transmitting to said client a private key and a digital certificate . . Ans. 9.) “said initial secure, encrypted communication session using a Diffie-Hellman protocol ” The Examiner finds that Arditi and Enokida do not teach or suggest “said initial secure, encrypted communication session using a Diffie- Hellman protocol,” but paragraph 23 of Lee teaches this limitation and it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the teachings of Lee with the teachings of Enokida and Arditi. (Non-Final Act. 7-8, emphasis added.) Appellants, however, contend that “Lee does not disclose communicating a private key as generated on a security server as part of a private/public key pair to a client via a public network using a Diffie-Hellman protocol.” (App. Br. 14.) Appellants do not contend that Lee does not teach or suggest using a Diffie- Hellman protocol but instead contend that Lee does not teach or suggest “communicating a private key as generated on a security server as part of a private/public key pair to a client via a public network.” (App. Br. 14.) The Examiner, however, is not relying on Lee for that limitation. As discussed above, the Examiner is relaying on Lee only for using a Diffie-Hellman protocol for communications. (Non-Final Act. 7-8; Ans. 10-11.) As further discussed above, “one cannot show non-obviousness by attacking references 7 Appeal 2016-005592 Application 12/296,909 individually where, as here, the rejections are based on combinations of references.” See In re Keller, 642 F.2d at 426. For the foregoing reasons, we are not persuaded the Examiner erred in rejecting claim 31, and thus we sustain the 35 U.S.C. § 103 rejection of claim 31. Appellants do not make any separate, substantive patentability arguments regarding independent claims 47 and 53-56 and dependent claims 33^46 and 48-52, but instead rely solely on the arguments raised with respect to claim 31. (App. Br. 14—15.) Therefore, we also sustain the 35 U.S.C. § 103(a) rejections of claims 33-56. DECISION We affirm the decision of the Examiner to reject claims 31 and 33-56. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 8 Copy with citationCopy as parenthetical citation
