StrikeForce Technologies, Inc.

Patent Trials and Appeals BoardDec 14, 2021

2020005914 (P.T.A.B. Dec. 14, 2021)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/056,645 10/17/2013 Ram PEMMARAJU 121172.00107 5011 27557 7590 12/14/2021 BLANK ROME LLP 1825 EYE STREET NW WASHINGTON, DC 20006-5403 EXAMINER POWERS, WILLIAM S ART UNIT PAPER NUMBER 2419 NOTIFICATION DATE DELIVERY MODE 12/14/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): WashingtonDocketing@blankrome.com jyeddo@BlankRome.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte RAM PEMMARAJU Appeal 2020-005914 Application 14/056,645 Technology Center 2400 BEFORE MICHAEL J. STRAUSS, JEREMY J. CURCURI, and MINN CHUNG, Administrative Patent Judges. CURCURI, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 21-43 and 52-59. Claims 1-20 and 44- 51 have been cancelled. Appeal Br. 27, 32. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 We use the word Appellant to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies the real party in interest as Strikeforce Technologies, Inc. Appeal Br. 3. Appeal 2020-005914 Application 14/056,645 2 CLAIMED SUBJECT MATTER The claims are directed to a “MULTICHANNEL DEVICE UTILIZING A CENTRALIZED OUT-OF-BAND AUTHENTICATION SYSTEM (COBAS).” Spec., Title. Claim 21, reproduced below, is illustrative of the claimed subject matter: 21. A system for increasing the security of a host computer, the system comprising: a host computer that receives a user request to use the host computer from a user computer via a first bi-directional communication path, the first bi-directional communication path for receiving user identification for identifying the user and a password for authenticating the user; a data storage device for storing predetermined data of users seeking access to the host computer; and a security computer for outputting a prompt to a peripheral device of the user via a second bi-directional communication path without requiring a bi-directional communication session with the user computer via the first bi- directional communication path, receiving a response to the prompt from the user peripheral device via the second bi- directional communication path, comparing the response to the prompt to data stored by the data storage device, determining whether to grant or deny access to the host computer in response to the comparison, and outputting an instruction to the host computer to grant access to the user computer or to deny access to the user computer in response to the determination. Appeal Br. 27 (Claims App.). REFERENCES The prior art relied upon by the Examiner is: Appeal 2020-005914 Application 14/056,645 3 Name Reference Date Tuai US 5,153,918 Oct. 6, 1992 Feigen US 5,699,513 Dec. 16, 1997 Pickett US 6,012,144 Jan. 4, 2000 Li US 6,219,793 B1 Apr. 17, 2001 REJECTIONS Claims 21-43 and 52-59 are rejected under 35 U.S.C. § 112(a) as failing to comply with the written description requirement. Final Act. 3-4. Claims 21-43 and 52-59 are rejected under 35 U.S.C. § 112(b) as being indefinite. Final Act. 4-5. Claims 21-23, 25-27, 29-31, 33, 34, 36-38, 40-42, 52-54, and 56-58 are rejected under 35 U.S.C. § 103 as obvious over Tuai, Feigen, and Pickett. Final Act. 6-12. Claims 24, 28, 32, 35, 39, 43, 55, and 59 are rejected under 35 U.S.C. § 103 as obvious over Tuai, Feigen, Pickett, and Li. Final Act. 12. OPINION The Written Description Requirement of Claims 21-43 and 52-59 The Examiner finds claims 21-43 and 52-59 fail to comply with the written description requirement. Final Act. 3-4. In particular, the Examiner finds “without requiring a bi-directional communication session with the user computer via the first bi-directional communication path” (claim 21) lacks written description support. Final Act. 3-4. Appellant presents the following principal argument: “Except for embodiments where the entry of the user identification and password is requested by the security computer 52, the security Appeal 2020-005914 Application 14/056,645 4 computer 52 does not send an information request to the user 24 via the access channel.” Appeal Br. 24 (citing Spec. ¶¶ 51-63). In response, the Examiner explains, The user is requesting access through the access channel. Later in the process, “Upon verification, the control module at DOES THE PASSWORD MATCH? Block 166 sends confirmation thereof back along the software pathway to inform the user of the event” (Specification, [054]). The Examiner contends that the cited contradict the claim limitations. Ans. 16-17. In reply, Appellant argues the limitation has “support in FIGS. 9A-9E and paragraphs [051]-[063], which describe the direct, bi-directional communication between the security computer and the user via the access channel as ‘optionally’ a feature in only some embodiments.” Reply Br. 5. We review the appealed rejections for error based upon the issues identified by Appellant, and in light of the arguments and evidence produced thereon. Ex parte Frye, 94 USPQ2d 1072, 1075 (BPAI 2010) (precedential). “[T]he test for sufficiency [of the written description] is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date.” Ariad Pharms., Inc. v. Eli Lilly & Co., 598 F.3d 1336, 1351 (Fed. Cir. 2010) (citations omitted) (en banc). Appellant’s Specification discloses, The pathway commences at the REQUEST FOR ACCESS block 150 whereby a request to enter the host computer or web server 34 is received from the user at the remote computer 22. The user requesting access to the host computer from the remote computer is immediately prompted to login at the LOGIN SCREEN PRESENTED block 152. While the login Appeal 2020-005914 Application 14/056,645 5 procedure here comprises the entry of the user identification and password and is required by the host computer 34, such information request is optionally a function of the security computer 40. Upon entry of data by user at the ENTRY OF ID AND PASSWORD block 154 the information is passes to the security computer 40. Spec. ¶ 52 (emphasis added). Thus, Appellant’s Specification describes an embodiment where the entry of the user identification and password is required by the host computer 34, but is not a required function of the security computer 40. Spec. ¶ 52 (“optionally a function of the security computer”). We interpret claim 21 in a manner consistent with this description in the Specification. In light of the Specification, we interpret claim 21 as requiring the security computer outputting the prompt without the security computer requiring a bi-directional communication session with the user computer via the first bi-directional communication path. We do not agree with the Examiner’s interpretation of claim 21, which appears to require that there is not any bi-directional communication with the user computer via the first bi-directional communication path because such an interpretation is not consistent with the Specification. Given our interpretation of claim 21 and the disclosure in the Specification, we find claim 21 has sufficient written description support as the disclosure in Appellant’s Specification reasonably conveys to those skilled in the art that the inventors had possession of the claimed subject matter as recited in claim 21 as of the filing date. We, therefore, do not sustain the Examiner’s written description rejection of claim 21. Appeal 2020-005914 Application 14/056,645 6 For these same reasons, we also do not sustain the Examiner’s written description rejection of claims 22-43 and 52-59. The Indefiniteness Rejection of Claims 21-43 and 52-59 The Examiner concludes claims 21-43 and 52-59 are indefinite. Final Act. 4-5. In particular, the Examiner determines, Using the broadest reasonable interpretation of the claim language, the Examiner sees the added limitation of “without requiring a communication session with the user computer via the first bi-directional communication path” as being contradictory to the previous limitation that the user sends data (a communication) to the host computer over the access channel which is diverted to the security computer. Final Act. 5. Appellant presents the following principal argument: “[T]he claims were amended on March 27, 2020, to recite that the security computer performs the functions recited in the claims ‘without requiring a bi-directional communication session with the user computer via the access channel.’” Appeal Br. 25. In response, the Examiner explains, The user is requesting access through the access channel. Later in the process, “Upon verification, the control module at DOES THE PASSWORD MATCH? Block 166 sends confirmation thereof back along the software pathway to inform the user of the event” (Specification, [054]). The Examiner contends that the cited contradict the claim limitations. Ans. 16-17. Appeal 2020-005914 Application 14/056,645 7 In reply, Appellant argues, “the security computer can simply receive the access request from the host computer as described in the Specification.” Reply Br. 3-4. We do not agree with the Examiner’s conclusion that the claims are indefinite. We determine that the metes and bounds of the claim are clear because the claim does not contain words or phrases whose meaning is unclear. We interpret claim 21 in a manner consistent with the description in the Specification. As explained above, in light of the Specification, we interpret claim 21 as requiring the security computer outputting the prompt without the security computer requiring a bi-directional communication session with the user computer via the first bi-directional communication path. We do not agree with the Examiner’s interpretation of claim 21, which appears to require that there is not any bi-directional communication with the user computer via the first bi-directional communication path because such an interpretation is not consistent with the Specification. We, therefore, do not sustain the Examiner’s indefiniteness rejection of claim 21. For these same reasons, we also do not sustain the Examiner’s indefiniteness rejection of claims 22-43 and 52-59. Appeal 2020-005914 Application 14/056,645 8 The Obviousness Rejection of Claims 21-23, 25-27, 29-31, 33, 34, 36-38, 40-42, 52-54, and 56-58 over Tuai, Feigen, and Pickett The Examiner finds Tuai, Feigen, and Pickett teach all limitations of claim 21. Final Act. 6-8; see also Ans. 13-16. In particular, the Examiner finds Tuai teaches most limitations of claim 21. Final Act. 6. The Examiner further finds Pickett teaches out of band authentication. Final Act. 7-8. The Examiner reasons, “one of ordinary skill in the art at the time the invention was made would have been motivated to implement the authentication scheme of Tuai with the out of band authentication of Pickett in order to transmit sensitive data securely over inherently unsecure communication channels as suggested by Pickett.” Final Act. 8 (citing Pickett, col. 2, ll. 48- 65). Appellant presents the following principal arguments: “[T]he cited portion of Tuai describes the kind of self-authenticating ‘call back’ system of the prior art. The central access controller 15 of Tuai calls back a designated user via an outgoing line, but only after a (bi- directional) communication session via the incoming line.” Appeal Br. 20; see also Reply Br. 4. [T]he system described in Feigen requires the “a communication session dialog” between the source host 22 and the security host 26 occurs via the outside network 12. In other words, to access a destination host via the Internet (outside network 12), a source host 22 communicates bidirectionally with the security host 26 via the Internet. Again, this is the kind of “self-authenticating” environment the claimed system improves upon. Appeal Br. 22. Appeal 2020-005914 Application 14/056,645 9 The Final Rejection of December 27, 2019, cites column 6, lines 36-40, and column 7, lines 13-25, as teaching “outputting a prompt to a peripheral device of the user . . . without requiring a communication session with the user computer” via the access channel. But Pickett describes a system 10 where a remote computer system 40 calls the user in response to a bi-directional communications session between the user’s PC 35 and the remote computer system 40 via the internet 20. Appeal Br. 23; see also Reply Br. 6. We do not see any error in the Examiner’s contested findings. We concur with the Examiner’s conclusion of obviousness. Tuai discloses a communication path 14 for enabling use of the host computer 10 by the user terminal 11. See Tuai, Fig. 1, col. 6, ll. 38-53 (“[T]he user provides the proper keystrokes (ASCII input) and/or speech and/or other identification.”). Thus, Tuai teaches, “a host computer that receives a user request to use the host computer from a user computer via a first bi-directional communication path, the first bi-directional communication path for receiving user identification for identifying the user and a password for authenticating the user” (claim 21). Final Act. 6 (citing Tuai, col. 6, ll. 38-53). Tuai discloses, “comparing the compressed digital signal with a stored signal unique for each designated user of the system in order to permit access to the host computer system.” Tuai, col. 3, ll. 12-14. Thus, Tuai teaches, “a data storage device for storing predetermined data of users seeking access to the host computer” (claim 21). Final Act. 7 (citing Tuai, col. 3, ll. 4-15). Pickett discloses, “[t]he Slice 1 computer again calls the user, insures that the correct person has answered by requiring the person to enter the Appeal 2020-005914 Application 14/056,645 10 correct PIN, and asks for verification for the purchase to take place. Again, this second communication does not contain enough information to be a threat by itself.” Pickett, col. 6, ll. 36-40; see also Pickett, Abstract (“A method for performing secure transactions, such as credit card purchases, using two or more non-secure networks (such as the Internet and the public telephone system) in such a way that security is insured. A person wishing to initiate a secure transaction sends a message over one of the non-secure networks to a computer. That computer automatically uses the second non- secure network to contact the person back to verify the transaction.”). Thus, Pickett teaches, “a security computer for outputting a prompt to a peripheral device of the user via a second bi-directional communication path” (claim 21) (Pickett’s call back to the user), “receiving a response to the prompt from the user peripheral device via the second bi-directional communication path, comparing the response to the prompt to data stored by the data storage device” (claim 21) (Pickett’s verify the transaction by requiring the user to enter the correct PIN). Final Act. 7-8 (citing Pickett, col. 6, ll. 36-40). Together, the disclosures in Tuai and Pickett, when combined such that Pickett’s verification process is used to verify the user and grant or deny access to host computer 10 by the user terminal 11 in Tuai, further teach, “determining whether to grant or deny access to the host computer in response to the comparison” (claim 21) (Pickett’s verifying the transaction by requiring the user to enter the correct PIN), “and outputting an instruction to the host computer to grant access to the user computer or to deny access to the user computer in response to the determination” (claim 21) (Tuai’s enabling use of the host computer 10 by the user terminal 11, when Appeal 2020-005914 Application 14/056,645 11 combined with Pickett’s verification process). Final Act. 8 (citing Pickett, col. 6, ll. 36-40). The Examiner has articulated a reason to combine the references that is rational on its face and supported by evidence drawn from the record. See Final Act. 8 (citing Pickett, col. 2, ll. 48-65). We agree with and adopt this reasoning as our own. Regarding the additional limitation of “without requiring a bi- directional communication session with the user computer via the first bi- directional communication path” (claim 21), we interpret claim 21 as requiring the security computer outputting the prompt without the security computer requiring a bi-directional communication session with the user computer via the first bi-directional communication path. When Tuai and Pickett are combined such that Pickett’s verification process is used to verify the user and grant or deny access to host computer 10 by the user terminal 11 in Tuai, requiring the user to enter the correct PIN (from Pickett) does not require a bi-directional communication session with the user computer via the first bi-directional communication path-the user in Tuai provides identification, then Pickett’s verification process is performed. Thus, for reasons explained above, we agree with the Examiner that the combination of Tuai, Feigen, and Pickett teaches all limitations of claim 21. Appellant’s arguments do not show any error at least because they focus only on the references individually, and the rejection is based on the combined teachings of the references. Appeal 2020-005914 Application 14/056,645 12 The test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art. In re Keller, 642 F.2d 413, 425 (CCPA 1981). Appellant’s arguments relating to Tuai and Pickett are not persuasive because Appellant focuses on the call back feature of Tuai, but when Tuai is modified in light of the teachings of Pickett, the user in Tuai provides identification, and then Pickett’s verification process is performed. This does not require a bi-directional communication session with the user computer via the first bi-directional communication path because, in the combination, Pickett’s verification process is performed upon receiving the identification as taught by Tuai. Appellant’s arguments relating to Feigen are not relevant because the “interception device” was deleted from the claims in an amendment. See Final Act. 7 (finding Feigen teaches an “interception device”), Amendment After-Final 2 (deleting the “interception device” from the claims). We, therefore, sustain the Examiner’s obviousness rejection of claim 21. We also sustain the Examiner’s obviousness rejection of claims 22, 23, 25-27, 29-31, 33, 34, 36-38, 40-42, 52-54, and 56-58, which are not separately argued with particularity. Appeal Br. 24. Appeal 2020-005914 Application 14/056,645 13 The Obviousness Rejection of Claims 24, 28, 32, 35, 39, 43, 55, and 59 over Tuai, Feigen, Pickett, and Li Appellant does not present separate arguments for this ground of rejection. Appeal Br. 24. We, therefore, sustain the Examiner’s obviousness rejection of claims 24, 28, 32, 35, 39, 43, 55, and 59 for the same reasons discussed above. CONCLUSION The Examiner’s decision to reject claims 21-43 and 52-59 is affirmed. DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 21-43, 52- 59 112(a) Written Description 21-43, 52- 59 21-43, 52- 59 112(b) Indefiniteness 21-43, 52- 59 21-23, 25- 27, 29-31, 33, 34, 36- 38, 40-42, 52-54, 56- 58 103 Tuai, Feigen, Pickett 21-23, 25- 27, 29-31, 33, 34, 36- 38, 40-42, 52-54, 56- 58 24, 28, 32, 35, 39, 43, 55, 59 103 Tuai, Feigen, Pickett, Li 24, 28, 32, 35, 39, 43, 55, 59 Overall Outcome 21-43, 52- 59 Appeal 2020-005914 Application 14/056,645 14 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED