Ex Parte Wilding et alDownload PDFPatent Trial and Appeal BoardMar 21, 201411861740 (P.T.A.B. Mar. 21, 2014) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte MARK F. WILDING and RANDALL W. HORMAN ____________________ Appeal 2011-012736 Application 11/861,740 Technology Center 2400 ____________________ Before ST. JOHN COURTENAY III, THU A. DANG, and LARRY J. HUME, Administrative Patent Judges. DANG, Administrative Patent Judge. DECISION ON APPEAL Appeal 2011-012736 Application 11/861,740 2 I. STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from a Final Rejection of claims 1, 3-6, and 8-22 (App. Br. 4). Claims 2 and 7 have been canceled (id.). We have jurisdiction under 35 U.S.C. § 6(b). We affirm. A. INVENTION Appellants’ invention is directed to a method and apparatus for directing a client to establish a secure connection with a server across a public network, where the server and the client exchange a Server Authentication Public Key, a Client Authentication Public Key, and a Remote Service Unique Identifier during a registration process (Abstract). B. ILLUSTRATIVE CLAIM Claim 1 is exemplary: 1. A method of directing a client to establish a secure connection with a server providing remote customer services across a network, the method comprising: (a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between the server and the client during a registration process, and transmitting from the client to the server a client information package encrypted with a temporary public key provided by the server in response to initiating a connection between the client and the server, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key to authenticate the client to the server, wherein the unique identifier uniquely identifies a remote service customer, and decryption of the client challenge information package by the server with a server authentication private key authenticates the client, and wherein said server authentication private key is associated with the server authentication public key and is retrieved based on the unique identifier serving as an index; Appeal 2011-012736 Application 11/861,740 3 (b) receiving at the client from the server a server information package having the unique identifier and a server challenge information package encrypted with the client authentication public key; (c) decrypting and verifying the server challenge information package with a client authentication private key associated with the client authentication public key to authenticate the server, wherein decryption of the server challenge information package by the client with the client authentication private key authenticates the server; and (d) transmitting from the client to the server an encrypted portion of the received server challenge information to indicate decryption of the server challenge information and authenticity of the server and facilitate access by the client to the remote customer services. C. REJECTIONS The prior art relied upon by the Examiner in rejecting the claims on appeal is: Kelly US 5,636,280 June 3, 1997 Cuccia US 6,151,676 Nov. 21, 2000 Yeager US 2003/0028585 A1 Feb. 6, 2003 Palekar US 2003/0226017 A1 Dec. 4, 2003 Young US 7,024,690 B1 Apr. 4, 2006 Oxford US 7,203,844 B1 Apr. 10, 2007 Claims 1, 6, 11, 12, 16, 17, 21, and 22 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Young in view of Yeager, Oxford, and Cuccia. Claims 3, 4, 8, 9, 13, 14, 18, and 19 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Young in view of Yeager, Oxford, Cuccia, and Kelly. Claims 5, 10, 15, and 20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Young in view of Yeager, Oxford, Cuccia, and Palekar. Appeal 2011-012736 Application 11/861,740 4 II. ISSUES The dispositive issues before us are whether the Examiner has erred in determining that the combination of Young, Yeager, Oxford, and Cuccia teaches or would have suggested “exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between the server and the client . . . wherein said server authentication private key is associated with the server authentication public key and is retrieved based on the unique identifier serving as an index,” “decrypting and verifying the server challenge information package with a client authentication private key associated with the client authentication public key to authenticate the server,” and “transmitting from the client to the server an encrypted portion of the received server challenge information to indicate decryption of the server challenge information and authenticity of the server and facilitate access by the client to the remote customer services” (claim 1, emphasis added). III. FINDINGS OF FACT The following Findings of Fact (FF) are shown by a preponderance of the evidence. Young 1. Young discloses a process for mutual authentication of users and networks over an unsecured wireless communication channel, where hashed representations of user identifiers, passwords, and randomly generated numbers are communicated between the client and the network during the log-in process (Abstract; col. 4, ll. 32-35). Appeal 2011-012736 Application 11/861,740 5 2. In particular, a wireless network 200 includes an access point 210 that is coupled to a wireless client computer system 220 (Fig. 2; col. 4, ll. 37-39). The log in procedure begins with the user challenging the access point 210 to prove its identity, where the client system 220 draws a random number and sends both this random number and its user identifier to the access point 210 (col. 5, ll. 1-6). 3. In response, the access point 210 responds by looking up a secret access code that corresponds to the user identifier; concatenating the user identifier, secret access code, and random number together to generate a calculated digest of the concatenation; and sending a second random number along with the calculated digest of the concatenation to the client system 220 (col. 5, ll. 10-19). 4. After the access point 210 is authenticated, the client system 220 concatenates the user identifier, secret access code, and the second random number together and calculates a new digest from the concatenation, which it sends to the access point 210 (col. 5, ll. 29-34). Yeager 5. Yeager discloses a decentralized, distributed trust mechanism that may be used in various networking platforms including Peer-to-Peer platforms, where a peer A generates a public, private key pair, and sends the public key, associated algorithm parameters, and personal identification to a peer B to acquire a signed certificate from peer B (¶ [0118]). 6. In an effort to prove ownership of the private key from peer A, peer B presents a challenge encrypted in the public key and sends this to peer A (id.). Since only peer A can decrypt the challenge and re-encrypt it with peer A’s private key, the data peer A provides to peer B in response Appeal 2011-012736 Application 11/861,740 6 represents verification for A’s private key (id.). Once ownership is verified, peer B issues a signed certificate to peer A (id.). Cuccia 7. Cuccia discloses a public key cryptosystem having a server 16 that uses a received identifier (ID) as an index to read encrypted private and public keys of a user from store 18 (col. 8, ll. 30-33). IV. ANALYSIS Claims 1, 6, 11, 12, 16, 17, 21, and 22 Appellants contend Young “discloses locally encoding local copies of data and comparing that to received data encoded remotely” and not a “teaching or suggestion of use of public and private keys for authentication or, for that matter, decryption of the client challenge information package” or “decryption of the server challenge information package” (App. Br. 23). Appellants assert since Young “discloses that the access point concludes the mutual authentication by verifying the client, there is no need to transmit a final message from the client to the server to indicate successful authentication” (id. (citation omitted)). Appellants argue that Yeager “discloses one-way authentication of a peer receiving certificates from another peer” (id.). Appellants contend further Cuccia merely “discloses entry of a user identification on a sign-in page that is used for retrieval of an encoded private key” and not “decryption of a received client challenge information package by the server with a server authentication private key retrieved based on the unique identifier within a received client information package (including the client challenge package) serving as an index” (App. Br. 24). Appeal 2011-012736 Application 11/861,740 7 Appellants finally argue “the requirement” found in Young “to utilize comparison of encoded data for authentication is in direct contrast to, and clearly teaches away from, the utilization of decryption for mutual authentication” (App. Br. 24-25). However, the Examiner finds that “Yeager discloses peers A and B exchanging public keys, and that peer B encrypts a challenge with the public key of peer A, wherein only peer A can decrypt it with it’s [sic] private key and therefore prove ownership” (Ans. 5). The Examiner notes that “Young was not cited to teach” use of public and private keys for authentication and decryption (Ans. 12). The Examiner finds further that “Cuccia discloses using the received ID as an index to retrieve both the private and public key” (Ans. 6). Young is directed to a process for mutual authentication of users and networks over an unsecured wireless communication channel; wherein, the client sends a random number and its user identifier to an access point and the access point, in response, sends a calculated digest along with a second random number to the client (FF 1-3). After the access point is authenticated, the client generates a new digest and transmits this to the access point (FF 4). We agree the Examiner’s finding that “Young teaches mutual authentication” and “a final message is sent from the client to the access point that includes a concatenation of the secret access code and the second challenge” (Ans. 13). Yeager is directed to a decentralized, distributed trust mechanism, where a peer A generates a public, private key pair, and sends the public key, associated algorithm parameters, and personal identification to a peer B to acquire a signed certificate from peer B, wherein peer B sends a challenge Appeal 2011-012736 Application 11/861,740 8 encrypted in the public key to peer A (FF 3). Peer A sends data in response verifying A’s private key, and peer B sends a signed certificate in response to peer A (id.). We agree the Examiner’s finding that use of public and private keys for authentication and decryption of data from both peers A and B (Ans. 12-13). Cuccia is directed to a public key cryptosystem having a server that uses a received ID as an index to read encrypted private and public keys of a user from a storage unit (FF 4). We agree the Examiner’s finding that Cuccia “teach[es] retrieving the private key based on the unique identifier” (Ans. 13). Though Appellants also contend that the Young’s teaching of comparison of encoded data “teaches away” from decryption for mutual authentication (App. Br. 24-25), our reviewing court has held that “‘[a] reference may be said to teach away when a person of ordinary skill, upon [examining] the reference, would be discouraged from following the path set out in the reference, or would be led in a direction divergent from the path that was taken by the applicant.’” Para-Ordnance Mfg., Inc. v. SGS Importers Int’l, Inc., 73 F.3d 1085, 1090 (Fed. Cir. 1995) (quoting In re Gurley, 27 F.3d 551, 553 (Fed. Cir. 1994)). Appellants have not identified persuasive support for a direction divergent from the claimed invention since we do not find that the disclosure in Young to comparison of encoded data would discourage one skilled in the art from further augmenting the system to include mutual authentication using a public and private key pair, as disclosed in Yeager. That is, since Young teaches mutual authentication using the exchange of data, the modification of Young to include the use of exchanging of public and Appeal 2011-012736 Application 11/861,740 9 private key pairs for mutual authentication is not a divergent direction from Young’s teachings. The issue we address here is not whether the systems of Yeager, Oxford, or Cuccia could have been bodily incorporated in the system of Young but rather whether a person of ordinary skill, upon reading Young, would have been discouraged using the public and private key pair authentication, temporary public key, and the identifier used as an index to retrieve the corresponding encrypted private key from the respective teachings of Yeager, Oxford, and Cuccia. We see no error with the Examiner’s explicit motivation that combining the references would be obvious since “sending a challenge that is encrypted with the public key of peer A by entity B and then decrypted by peer A using peer A’s private key proves ownership of the private key to peer B” (Ans. 6) and the index enables the server system “to know which key to use for which user” (Ans. 7). The Supreme Court has stated, “[t]he combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results.” KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 416 (2007). Thus, we find no error in the Examiner’s finding that the combination of Young’s process for mutual authentication of users and networks with the public and private key pair authentication, as disclosed in Yeager, and the identifier used as an index to retrieve the corresponding encrypted private key, as disclosed in Cuccia, produces a method comprising the exchanging of a server and client authentication public key registration process having decryption and a private key that is retrieved based upon a unique identifier serving as an index which would be obvious (Ans. 5-7; FF 1-4). Appeal 2011-012736 Application 11/861,740 10 Accordingly, on this record, we are not persuaded of error in the Examiner’s rejection of representative claim 1 under 35 U.S.C. § 103(a) over Young in view of Yeager, Oxford, and Cuccia. Further, independent claims 6, 11, 16, and 21 having similar claim language and claims 12, 17, and 22 (depending from claims 11, 16, and 21), and which have not been argued separately, fall with claim 1. Claims 3-5, 8-10, 13-15, and 18-20 Appellants contend that neither Kelly nor Palekar “compensate[s] for these deficiencies” (App. Br. 27-28). As noted supra, however, we see no deficiencies in the combined teachings of Young, Yeager, Oxford, and Cuccia. We therefore affirm the Examiner’s rejections of claims 3, 4, 8, 9, 13, 14, 18, and 19 over Young in view of Yeager, Oxford, Cuccia, and Kelly and of claims 5, 10, 15, and 20 over Young in view of Yeager, Oxford, Cuccia, and Palekar. V. CONCLUSION AND DECISION The Examiner’s rejection of claims 1, 3-6, and 8-22 under 35 U.S.C. § 103(a) is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED bab Copy with citationCopy as parenthetical citation