Ex Parte Stephenson et alDownload PDFPatent Trial and Appeal BoardSep 27, 201211701371 (P.T.A.B. Sep. 27, 2012) Copy Citation UNITED STATES PATENT AND TRADEMARKOFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/701,371 02/02/2007 Mark M. Stephenson 000479.00192 6726 22907 7590 09/27/2012 BANNER & WITCOFF, LTD. 1100 13th STREET, N.W. SUITE 1200 WASHINGTON, DC 20005-4051 EXAMINER BIAGINI, CHRISTOPHER D ART UNIT PAPER NUMBER 2445 MAIL DATE DELIVERY MODE 09/27/2012 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte MARK M. STEPHENSON and STEVEN A. WALTERS ____________________ Appeal 2010-006099 Application 11/701,371 Technology Center 2400 ____________________ Before KARL D. EASTHOM, JEFFREY B. ROBERTSON, and THOMAS L. GIANNETTI, Administrative Patent Judges. ROBERTSON, Administrative Patent Judge. DECISION ON APPEAL Appeal 2010-006099 Application 11/701,371 2 STATEMENT OF CASE Appellants appeal under 35 U.S.C. § 134 from a rejection of claims 1- 40. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM-IN-PART. THE INVENTION Application 11/701,371 claims to be a divisional application of Application 09/824, 132, filed April 3, 2001. (Spec. Para. [0001].)1 Appellants state that the invention relates generally to the exchange of data between networks, and particularly, to sending information beyond a firewall. (Spec. Para. [0002].) Claims 1 and 33, reproduced below, are illustrative of the claimed subject matter: 1. A system for establishing communications across a firewall comprising: a communications network; a first server within said communications network; a first computer separated from said communications network by a first firewall, said first computer sending information to said first server; and, a second computer separated from said communications network by a second firewall, said second computer receiving information from said first server related to the information sent from said first computer, wherein said first computer transmits a hypertext transfer protocol (HTTP) message to said first server, said HTTP message comprising an encrypted identifier of said second computer and encrypted content, wherein the identifier is encrypted with a first encryption key associated with the first 1 In a prior decision, the Board affirmed-in-part the Examiner’s rejection of the claims over the same prior art applied herein as discussed infra. (Appeal No. 2008-005233, Decision mailed October 20, 2009.) Appeal 2010-006099 Application 11/701,371 3 server and the content is encrypted with a second different encryption key associated with the second computer, wherein said first server decrypts said encrypted identifier to an unencrypted identification of said second computer and forwards said encrypted content to said second computer using said unencrypted identification, wherein said HTTP message is transmitted through a firewall port that is normally open to HTTP packets. 33. A method of transferring data between a first computer and a second computer coupled over a network, comprising the steps of: (1) receiving a first hypertext transfer protocol (HTTP) message containing information intended for delivery to the second computer, wherein the first message is received through a first firewall associated with the first computer through a port that is normally open by default to Internet traffic; (2) receiving a second hypertext transfer protocol (HTTP) message from the second computer, wherein the second message causes a return path to be established to the second computer and is received through a second firewall associated with the second computer through a port that is normally open by default to Internet traffic; and (3) transmitting to the second computer via the return path contents of the first message received from the first computer. (Appeal Brief, Claims Appendix2 25, 33.) THE REJECTION I. The Examiner rejected claims 1-40 under 35 U.S.C. § 103(a) as unpatentable over Alden et al. (US 6,101,543, issued August 8, 2000) in view of Erickson et al. (US 6,412,009 B1, issued June 25, 2002). (Examiner’s Answer, dated February 5, 2010, “Ans.” 3-9.) 2 Appeal Brief filed June 1, 2009, hereinafter “App. Br.” and “Claims App’x,” respectively. Appeal 2010-006099 Application 11/701,371 4 ISSUES Independent claims 1, 14, 16, 18, 19, 20, and 31 Regarding the claimed step in which a first server decrypts an identifier to a second computer from a message transmitted from a first computer to the first server, the Examiner found that Alden discloses exchanging encryption keys between each section of a tunnel having relays between endpoints connected in a pair-wise manner, and which are separated by firewalls. (Ans. 4, 9.) Appellants argue that the only decryption disclosed by Alden takes place between the two endpoints (node A and node D in Fig. 3) of the tunnel connection. (App. Br. 19.) Appellants argue that Alden’s tunnel relays (node B and node C in FIG. 3) do not exchange encryption keys with the tunnel endpoints, and are thus not capable of decrypting any encrypted data between the two endpoints. (App. Br. 19.) Independent claim 33 Regarding claimed step (2), in which receiving a second message causes a return path to be established to the second computer, the Examiner found that Alden creates a return path by creating the relay system disclosed therein. (Ans. 10.) The Examiner’s position is that data packets are able to return back through the relays in the reverse order and the communication links are established when the initial connection is made. (Ans. 10-11.) Appellants argue that Alden does not disclose creating a return path because Alden’s tunnel servers are only able to receive messages if the firewall is programmed to pass packets received over transport layer Appeal 2010-006099 Application 11/701,371 5 connection into a private network on the other side of the firewall. (App. Br. 22.) Therefore, the dispositive issues on appeal are: 1. Whether the Examiner erred in finding that Alden discloses a first server that decrypts an encrypted identifier to a second computer in a message transmitted from a first computer to the first server as recited in claim 1? 2. Whether the Examiner erred in finding that Alden discloses “wherein the second message causes a return path to be established to the second computer,” as recited in claim 33? DISCUSSION Issue One We agree with Appellants that Alden does not teach decryption by an intermediate server because the tunnel relays disclosed therein do not exchange encryption keys with the tunnel endpoints. Rather, Alden discloses that the endpoints, nodes A and D of the tunnel, exchange key material to agree upon a set of session parameters for use during the tunnel connection such as cryptographic keys. (Col. 8, ll. 53-57.) Thus, the only decryption disclosed by Alden takes place at the two endpoints (node A and node D in Fig. 3) of the tunnel connection and not at the tunnel relays as would be required in order for the decryption to take place at the first server as specified in the method of claim 1. Accordingly, we do not sustain the Examiner’s rejection of claim 1. Because the Examiner relies on a similar rationale in rejecting independent Appeal 2010-006099 Application 11/701,371 6 claims 14, 16, 18, 19, 20, and 31, we also do not sustain the rejections of those claims and claims 2-13, 15, 17, 21-30, and 32, which are dependent thereon. Issue Two We are not persuaded by Appellants’ arguments that Alden does not disclose creating a return path because Alden’s tunnel servers are only able to receive messages if the firewall is programmed to pass packets. In this regard, Alden does not disclose that the tunnel servers are unable to receive messages. Alden only discloses that the firewall may be conveniently programmed to pass packets. (Col. 6, ll. 36-40.) Thus, Alden informs one of ordinary skill in the art that the firewalls are capable of passing packets between servers at two end points, which includes passing packets between intermediate relay computers. Therefore, when the firewalls are programmed to pass packets, the second message from the second computer would cause a return path to be established to the second computer as recited claim 33. Accordingly, we sustain the Examiner’s rejection of claim 33 and dependent claims 34-36 and 38-40. However, claim 37 stands on different footing. Claim 37 requires in part that “the intermediate server computer decrypts at least a portion of the first message.” As explained above with respect to Issue one, Alden does not teach decryption by an intermediate server. Accordingly, we reverse the Examiner’s rejection of dependent claim 37. Appeal 2010-006099 Application 11/701,371 7 DECISION We affirm the Examiner’s rejection of claims 33-36 and 38-40 under 35 U.S.C. § 103(a) as unpatentable over Alden in view of Erickson. We reverse the Examiner’s rejection of claims 1-32 and 37 under 35 U.S.C. § 103(a) as unpatentable over Alden in view of Erickson. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1). AFFIRMED-IN-PART cu Copy with citationCopy as parenthetical citation
