13997826 (P.T.A.B. Apr. 4, 2018)

Ex Parte Deutsch et al

Patent Trial and Appeal BoardApr 4, 2018

13997826 (P.T.A.B. Apr. 4, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 13/997,826 06/25/2013 45209 7590 04/06/2018 WOMBLE BOND DICKINSON (US) LLP/Mission Attn: IP Docketing P.O. Box 7037 Atlanta, GA 30357-0037 Steven Deutsch UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 42P41974 9199 EXAMINER FAROOQUI, QUAZI ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 04/06/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): Database_ Group@bstz.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte STEVEN DEUTSCH and ABHILASHA BHARGA V-SPANTZEL Appeal2017-008949 Application 13/997 ,826 Technology Center 2400 Before JOHN A. JEFFERY, BRUCE R. WINSOR, and JUSTIN BUSCH, Administrative Patent Judges. JEFFERY, Administrative Patent Judge. DECISION ON APPEAL Appellants 1 appeal under 35 U.S.C. Â§ 134(a) from the Examiner's decision to reject claims 1-23, 25, and 27-29, which constitute all the claims pending in this application. Claims 24 and 26 were cancelled. We have jurisdiction under 35 U.S.C. Â§ 6(b). We affirm. STATEMENT OF THE CASE Appellants' invention implements secure remediation of devices requesting cloud services. See generally Spec. i-fi-1 2, 7, 19. According to the 1 Appellants identify the real party in interest as Intel Corporation. Br. 1. Appeal2017-008949 Application 13/997,826 Specification, a services provider receives a request for services from a client. Id. i-f 19. In one embodiment, the services provider sends an attestation request to an attestation verifier to verify compliance of the client with a policy specified by the services provider, and receives an attestation confirmation that verifies compliance of the client. Id. i-fi-119, 33-35; Fig. lB. Claim 1, reproduced below, is illustrative: 1. A method at a system of a services provider, the system having at least a processor and a memory therein for executing instructions, wherein the method comprises: receiving, at the services provider, a request for services from a client; in response to the request for services: requesting authentication from the client to verify the client is one of a plurality of known subscribers of the services; sending a request for attestation from the services provider to an attestation verifier requesting attestation to verify compliance of the client with a policy specified by the services provider, wherein the policy specified by the services provider requires a plurality of hardware, firmware, and/or software requirements as pre-requisites to the client accessing the services requested; the attestation verifier to determine whether the client complies with the policy as specified by the services provider and, when a failure of the client to comply with the policy is determined by the attestation verifier, the attestation verifier to provide the client an upgrade from one or more upgrade service providers; receiving at the services provider an attestation confirmation from the attestation verifier, the attestation confirmation verifying compliance of the client with the policy specified by the services provider; and based on the attestation confirmation, granting the client access to the services requested. 2 Appeal2017-008949 Application 13/997,826 THE REJECTIONS The Examiner rejected claims 1---6, 14, 19,2 22, 25, 28, and 29 under 35 U.S.C. Â§ 103(a) as unpatentable over Suzuki (US 2006/0059549 Al; Mar. 16, 2006), Stuntebeck (US 2013/0152169 Al; June 13, 2013), and Newstadt (US 2007/0107043 Al; May 10, 2007). Final Act. 6-17. 3 The Examiner rejected claims 7-11, 15-18, 21, 23, and 27 under 35 U.S.C. Â§ 103(a) as unpatentable over Suzuki, Stuntebeck, Newstadt, and Herrmann (US 2004/0167984 Al; Aug. 26, 2004). Final Act. 17-29. The Examiner rejected claims 12, 13, and 204 under 35 U.S.C. Â§ 103(a) as unpatentable over Suzuki, Stuntebeck, Newstadt, and Lee (US 2009/0319782 Al; Dec. 24, 2009). Final Act. 29-32. 2 Claim 19 depends from claim 17 which was rejected over a different ground of rejection, namely the obviousness rejection over Suzuki, Stuntebeck, Newstadt, and Herrmann. See Final Act. 17, 24. Despite this inconsistency, Appellants do not contest the Examiner's findings and conclusions regarding claim 19 with particularity. See Br. 10-35. We, therefore, treat the Examiner's error in this regard as harmless. 3 Throughout this opinion, we refer to (1) the Final Rejection mailed May 19, 2016 ("Final Act."); (2) the Appeal Brief filed November 17, 2016 ("Br."); and (3) the Examiner's Answer mailed February 14, 2017 ("Ans."). 4 Claim 20 depends from claim 17 which was rejected over a different ground of rejection, namely the obviousness rejection over Suzuki, Stuntebeck, Newstadt, and Herrmann. See Final Act. 17, 24. Despite this inconsistency, Appellants do not contest the Examiner's findings and conclusions regarding claim 20 with particularity. See Br. 10-35. We, therefore, treat the Examiner's error in this regard as harmless. 3 Appeal2017-008949 Application 13/997,826 THE OBVIOUSNESS REJECTION OVER SUZUKI, STUNTEBECK, ANDNEWSTADT The Examiner finds that Suzuki discloses many recited elements of independent claim 1 including, among other things, verifying that a "client" (devices 1 Oa, 1 Ob) is one of plural known subscribers of services requested from the client. Ans. 3--4. The Examiner also finds Suzuki's "services provider" (service provider apparatus) ( 1) sends a request for attestation to an "attestation verifier" (service control apparatus) requesting attestation to verify the client's compliance with a policy specified by the services provider (id. at 8, 10), and (2) receives an attestation confirmation from the attestation verifier that verifies the client's compliance with the policy (Final Act. 7-8). Although the Examiner acknowledges that Suzuki does not explicitly disclose providing the client an upgrade in the event the attestation verifier determines the client does not comply with the policy, the Examiner cites Newstadt for teaching this feature in concluding that the claim would have been obvious. Id. at 9-10. Lastly, the Examiner cites Stuntebeck for teaching that the policy requires hardware, firmware, and/or software requirements as pre-requisites to the client accessing the services being requested. Id. at 9. Appellants argue that the Examiner's reliance on Suzuki is misplaced because, among other things, Suzuki's device authentication, involving a certification of correspondence between a device and device identification information, does not verify whether the device is one of plural known subscribers of the requested services. Br. 10-1 7. Appellants add that Suzuki's compliance certification request does not involve the device certifying its compliance with a policy as specified by a services provider. 4 Appeal2017-008949 Application 13/997,826 Id. at 20-22. Appellants add that Suzuki's service provider apparatus does not send a request for attestation to an attestation verifier. Id. at 26. According to Appellants, Suzuki's service provider apparatus sends a request for rule compliance certification directly to the device. Id. ISSUES I. UnderÂ§ 103, has the Examiner erred in rejecting claim 1 by finding that Suzuki, Stuntebeck, and Newstadt collectively would have taught or suggested (1) a client requesting services being one of plural known subscribers of the services; (2) sending a request for attestation from the services provider to an attestation verifier requesting attestation to verify compliance of the client with a policy specified by the services provider; and (3) receiving at the services provider an attestation confirmation from the attestation verifier, the attestation confirmation verifying compliance of the client with the policy specified by the services provider? II. Is the Examiner's proposed combination supported by articulated reasoning with some rational underpinning to justify the Examiner's obviousness conclusion? ANALYSIS To resolve the question of patentability underÂ§ 103, we begin by construing claim 1. During examination, claims are given their broadest reasonable interpretation consistent with the Specification. See In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). Appellants' Specification does not define the term "subscriber," but does note that both subscribers and devices request cloud services. See Spec. i-f 19. Thus, we 5 Appeal2017-008949 Application 13/997,826 interpret the term with its plain meaning, namely "[a ]nyone who pays for and/or uses the services of a communications system. A subscriber can also be called a party, station, customer, or user." Gilbert Held, DICTIONARY OF COMMUNICATIONS TECHNOLOGY 517 (3d ed. 1998). The Examiner finds that Suzuki's Figure 5 illustrates devices lOA, 1 OB as being known subscribers of a service provider apparatus and service control apparatus because the devices are verified by their respective device IDs. Ans. 4 (citing Suzuki i-f 61 ). We see no error in this finding. Suzuki's devices lOA and lOB request services provided by a service provider apparatus by sending a service request to the service provider apparatus through a gateway apparatus 40. Suzuki i-fi-161, 75; Fig. 5. As shown in Figure 6, Suzuki's gateway apparatus includes a service control apparatus 44. Id. i-f 62. Suzuki's Figure 7 is illustrative and is reproduced below: DEVICE DEVICE AUTHENTICATION APPARATUS FIG. 7 SERVICE CONTROL APPARATUS SERVICE PROVIDER APPARATUS Suzuki's Figure 7 illustrates a sequence diagram of a service control method. 6 Appeal2017-008949 Application 13/997,826 Suzuki's Figure 7 illustrates a device sending the service request to the service provider apparatus through the service control apparatus at step S301. Id. i-f 75. This functionality and the term "service provider apparatus" (emphasis added) itself, then, at least suggests that the device uses the requested services of the service provider apparatus and, therefore, is a subscriber of the requested services. Suzuki's Figure 7 further illustrates that, in response to the service request, the service provider apparatus sends a request for rule compliance certification to the service control apparatus, which, in tum, relays the request for rule compliance certification to the device at step S302. Id. i-f 76. Because Suzuki's service provider apparatus and service control apparatus send the request for rule compliance certification to the device at step S302, in that sense, then, Suzuki at least suggests that the existence of the device is known to the service provider apparatus and service control apparatus and, therefore, the device is a known subscriber of the requested services. And because Suzuki discloses multiple devices requesting the service provider apparatus's services (see, e.g., id. i-f 61, Fig. 5), in that sense, then, Suzuki at least suggests the device in Figure 7 is one of plural known subscribers of the requested services. Therefore, the Examiner's finding in this regard has at least a rational basis that has not been persuasively rebutted. Nor do Appellants persuasively rebut the Examiner's finding that Suzuki sends a request for attestation from the service provider apparatus to the service control apparatus via the device. Ans. 10. Suzuki's Figure 7 illustrates that, in response to the service provider apparatus sending the request for rule compliance certification to the device at step S302, the 7 Appeal2017-008949 Application 13/997,826 device sends a service request with compliance certification request to a service control apparatus at step S303. Suzuki i1i176-77. Thus, Suzuki's service control method sends a request for attestation from the service provider apparatus (the claimed "service provider") to a service control apparatus (the claimed "attestation verifier") at steps S302 and S303. Nothing in the claim precludes sending the request for attestation from Suzuki's services provider apparatus to the services control apparatus via the device as noted above and, as such, Appellants' arguments regarding Suzuki's service provider apparatus directly sending a request for attestation to the device, and not directly sending the request to an attestation verifier (Br. 26) are unavailing and not commensurate with the scope of the claim. Therefore, the Examiner's finding in this regard has at least a rational basis that has not been persuasively rebutted. That Suzuki's service control apparatus relays the request received from the service provider apparatus to the device in paragraph 7 6 further undermines Appellants' arguments in this regard. Nor do Appellants persuasively rebut the Examiner's finding that Suzuki's service provider apparatus sends the request for attestation to the service control apparatus, as described above, to verify compliance of the device with a policy specified by the service provider apparatus. As the Examiner explains, because Suzuki's service provider apparatus sends the requests for rule compliance certification at step S302, and the service control apparatus executes the compliance certification at step S303, then the service provider apparatus verifies compliance of the device with an access control rule or policy specified by the service provider apparatus. Ans. 8. 8 Appeal2017-008949 Application 13/997,826 The Examiner's explanation is reasonable. Before providing a service to a device, Suzuki's service provider apparatus provides a request for certification of compliance with an access control rule to the device at step S3 02 if the device's service request did not include the request for certification of compliance with the access control rule at step S301. Suzuki i-fi-175-76, Fig. 7. Suzuki's device then extracts the request for certification of compliance and sends it to the service control apparatus at step S303 that then starts a compliance verification process using the request for certification of compliance. Id. i-fi-177-78, Fig. 7. Suzuki's service control apparatus sends the service provider apparatus a compliance certification once the service control apparatus verifies the device's compliance with access control rule at step S308. Id. i178, Fig. 7. Thus, Suzuki's service provider apparatus sends a request for attestation to the service control apparatus to verify the device's compliance with a rule-based "policy" specified by the service provider. Therefore, the Examiner's finding in this regard has at least a rational basis that has not been persuasively rebutted. Nor do we find availing Appellants' contention that Suzuki's service provider apparatus does not receive an attestation confirmation from an attestation verifier that verifies compliance of a client with a policy specified by the service provider apparatus. Br. 26. The Examiner finds, and we agree, that Suzuki's service provider apparatus receives the compliance certification (the claimed "attestation confirmation") from the service control apparatus that verifies compliance of the device with the rule-based policy specified by the service provider at step S308. Final Act. 7-8 (citing Suzuki i1 78, Fig. 7). 9 Appeal2017-008949 Application 13/997,826 We also find unavailing Appellants' contention that the proposed combination changes the principle of operation of Suzuki and renders Suzuki unsatisfactory for its intended purpose. Br. 28-32. Specifically, Appellants' argument that, absent a modification to Suzuki, it is impossible to send a request to and receive a response from an attestation verifier without involving a correspondence with a device (id. at 30-31) is unavailing and not commensurate with the scope of the claim for the reasons discussed above. That is, nothing in the claim precludes sending the request for attestation from Suzuki's services provider apparatus to the services control apparatus via the device. That Suzuki's service control apparatus relays the request received from the service provider apparatus to the device in paragraph 7 6 further undermines Appellants' arguments in this regard. Stuntebeck was cited for a very limited purpose, namely to show that it is known in the art for specified policies to require hardware, firmware, and/or software requirements as pre-requisites to access requested services, and that providing such requirements in connection with access control policies, such as those in Suzuki, would have been at least an obvious variation. See Final Act. 9-10 (citing Stuntebeck i-f 19). Not only are these technical requirements reasonably consistent with controlling access to resources via hardware, software, and/or firmware subject to those requirements, Appellants have not shown, apart from mere attorney argument, that providing such requirements would somehow impermissibly change Suzuki's principle of operation or render Suzuki unsatisfactory for its intended purpose. It is well settled that mere lawyer argument and conclusory statements, which are unsupported by factual evidence, are 10 Appeal2017-008949 Application 13/997,826 entitled to little probative value. In re Geisler, 116 F.3d 1465, 1470, 43 USPQ2d 1362, 1365 (Fed. Cir. 1997). The Examiner concludes that it would have been obvious to a person of ordinary skill in the art, at the time the invention was made, to combine Suzuki and Stuntebeck to "allow subscriber device security compliance service by a third party service provider to provide plurality of subscriber's software, hardware & firmware compliance conformance serviced by a third party service provider." Final Act. 10 (emphasis omitted). We find the Examiner has articulated reasoning with rational underpinnings sufficient to justify the legal conclusion of obviousness, which is not persuasively rebutted by Appellants' unsubstantiated contentions. See KSR Int 'l Co. v. Teleflex Inc., 550 U.S. 398, 416 (2007). Therefore, we are not persuaded that the Examiner erred in rejecting claim 1, and claims 2-6, 14, 19, 22, 25, 28, and 29, which were not argued separately with particularity. THE OTHER OBVIOUSNESS REJECTIONS We also sustain the Examiner's obviousness rejections of claims 7- 13, 15-18, 20, 21, 23, and 27. Final Act. 17-32. Because these rejections are not argued separately with particularity, we are not persuaded of error in these rejections for the reasons previously discussed. CONCLUSION The Examiner did not err in rejecting claims 1-23, 25, and 27-29 underÂ§ 103. 11 Appeal2017-008949 Application 13/997,826 DECISION The Examiner's decision in rejecting claims 1-23, 25, and 27-29 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a). See 37 C.F.R. Â§ 41.50(Â±). AFFIRMED 12