111 F3d 887 Zurko

111 F.3d 887

42 U.S.P.Q.2d 1476

In re Mary E. ZURKO, Thomas A. Casey, Jr., Morrie Gasser,
Judith S. Hall, Clifford E. Kahn, Andrew H. Mason,
Paul D. Sawyer, Leslie R. Kendall, and
Steven B. Lipner.

No. 96-1258.

United States Court of Appeals,
Federal Circuit.

April 15, 1997.

D.C. Toedt, III, Arnold, White & Durkee, Houston, TX, argued for appellants.

Kenneth R. Corsello, Associate Solicitor, Patent and Trademark Office, Arlington, VA, argued for appellee. With him on the brief were Nancy J. Linck, Solicitor, Albin F. Drost, Deputy Solicitor, and Karen A. Buchanan, Associate Solicitor.

Before ARCHER, Chief Judge, NEWMAN, and MICHEL, Circuit Judges.

ARCHER, Chief Judge.

view counter

Applicants Mary E. Zurko et al. appeal from a decision of the Board of Patent Appeals and Interferences (Board) sustaining the rejection of their U.S. Patent Application No. 07/479,666 (the '666 application) under 35 U.S.C. § 103 (1994), Ex parte Zurko, No. 94-3967 (Bd. Pat. Apps. & Int. Aug. 4, 1995). We reverse.BACKGROUND


The '666 application relates to a method for improving security in a computer system. A computer environment or system that has some form of security to prevent unauthorized users and commands is known as a "trusted" environment or system. Generally, "trusted" software or code is used to perform "trusted" commands. Because trusted code is often quite costly to obtain, applicants sought to design a secure system which could operate with untrusted as well as trusted code.


Applicants' claimed method1 generally involves processing a trusted command with untrusted code and sending that command to the trusted computing environment. The computer system then sends the command back to the user over a trusted pathway to verify the command. The user then sends a signal over the trusted pathway indicating whether the command is correct. If the command is correct, the system carries out the command.


Claims 1, 4, and 5 of the '666 application stand rejected under 35 U.S.C. § 103 based on two pieces of prior art. The primary reference is the UNIX operating system as disclosed in the applicants' information disclosure statement. Applicants described the UNIX system as operating in a "trusted" environment yet able to run some untrusted programs unsecurely. They concluded that "the prior art includes an untrusted program parsing a command and then executing the command by calling a trusted service that executes in a trusted computing environment."


The secondary reference is a program known as Dunford, FILER Version 2.20, (FILER2) also disclosed in applicants' information disclosure statement. Applicants described the FILER2 program as one which "repeats back potentially dangerous user commands and requests confirmation from the user prior to execution." For example, applicants stated that when a user asks to delete a file, the FILER2 program will seek confirmation before that command is executed.


The Board sustained the rejection of the claims at issue, stating that "the artisan would have been led from these teachings to take the trusted command parsed in the untrusted environment and submitted to the trusted computing environment, as taught by UNIX, and to display the parsed command to the user for confirmation prior to execution, as suggested by [FILER2]." (Emphasis added). According to the Board, the only claimed step not explicit in the prior art is the step of obtaining confirmation over a trusted path. The Board, however, viewed that step as inherent in the prior art. It stated in this connection that "[w]ith regard to communication over a trusted path, if not explicit in the prior art, it is either inherent or implicit." Because UNIX parses a command in an untrusted environment and executes it in a trusted environment, the Board reasoned that any confirmation communication must inherently be over a trusted pathway and stated that it "is basic knowledge that communication in trusted environments is performed over trusted paths."



Obviousness is a legal question based on underlying factual determinations. Panduit Corp. v. Dennison Mfg. Co., 810 F.2d 1561, 1566, 1 USPQ2d 1593, 1596 (Fed.Cir.1987). We review the ultimate determination of obviousness de novo and the underlying factual determinations for clear error. In re Kemps, 97 F.3d 1427, 1428, 40 USPQ2d 1309, 1311 (Fed.Cir.1996).

view counter

Applicants argue that the references relied on fail to teach or suggest parsing a trusted command with untrusted code, followed by performing a confirmation or repeat-back with trusted code over a trusted path as claimed. Applicants contend that the Board's finding that the prior art inherently teaches this confirmation is clearly erroneous: UNIX does not suggest obtaining confirmation over a trusted communication path. According to applicants, the combination of UNIX with FILER2 suggests, at most, a system in which trusted commands are parsed in an untrusted environment and then repeated back to the user via the untrusted UNIX system. Applicants further argue that there is no motivation to combine the references and that the Board used hindsight.


The Patent & Trademark Office (PTO) responds that one of skill in the art wanting to create a secure system would know to seek verification of a command over a trusted path because untrusted paths are by definition not secure. It points out that there are only two ways that FILER2's repeat-back confirmation can be performed--over a trusted path or over an untrusted path. The PTO asserts that one of skill in the art creating a high security system would naturally choose the trusted path. The PTO further argues that the motivation to combine the references comes from the nature of the problem to be solved.


We agree with applicants that the Board's finding that the prior art teaches, either explicitly or inherently, the step of obtaining confirmation over a trusted pathway is clearly erroneous.2 See In re Bell, 991 F.2d 781, 784, 26 USPQ2d 1529, 1531 (1993) ("What a reference teaches and whether it teaches toward or away from the claimed invention are questions of fact."); In re Napier, 55 F.3d 610, 613, 34 USPQ2d 1782, 1784 (Fed.Cir.1995) (stating that the inherent teaching of a prior art reference is a question of fact). In so erring, the Board impermissibly used hindsight to arrive at the claimed invention. See W.L. Gore & Assocs., Inc. v. Garlock, Inc., 721 F.2d 1540, 1553, 220 USPQ 303, 312-13 (Fed.Cir.1983) ("To imbue one of ordinary skill in the art with knowledge of the invention in suit, when no prior art reference or references of record convey or suggest that knowledge, is to fall victim to the insidious effect of a hindsight syndrome wherein that which only the inventor taught is used against its teacher."). While in retrospect, looking at applicants' invention, it might seem logical to perform a repeat-back in the UNIX system over a trusted line, neither UNIX nor FILER2 teaches communicating with the user over a trusted pathway.


In UNIX a command is parsed in an untrusted environment and is then sent to a trusted system. Thus, the only communication with the user takes place over an untrusted path. Likewise, the secondary reference, FILER2, relied on by the Board fails to supply this missing element. The Board has not pointed to any teaching of performing repeat-back commands in a trusted and secure system. The FILER2 program is directed to repeating back commands on an unsecure system to ensure that the user has correctly entered the command and not, as in the claimed invention, to ensure that the correct user has entered a command or to ensure that the command has not been altered. Because neither UNIX nor FILER2 teaches either explicitly or implicitly communicating with the user over a trusted pathway, the Board clearly erred in its finding of inherency from the prior art.


In addition, the Board also clearly erred in finding that UNIX, FILER2 and the record teach communicating with the user over both a trusted and an untrusted path as claimed. Indeed, the Board's findings that one skilled in the art knew that communications in trusted environments must be over trusted paths teaches away from using both a trusted and an untrusted path.


Finally, to say that the missing step comes from the nature of the problem to be solved begs the question because the Board has failed to show that this problem had been previously identified anywhere in the prior art. See In re Sponnoble, 56 C.C.P.A. 823, 405 F.2d 578, 585, 160 USPQ 237, 243 (CCPA 1969) ("[A] patentable invention may lie in the discovery of the source of a problem even though the remedy may be obvious once the source of the problem is identified.").


Thus, we must conclude that, on this record, the obviousness of the claimed invention has not been established.




Representative claim 1 reads as follows:


A machine-executed method for executing a trusted command issued by a user on a computer system, the computer system including an untrusted computing environment and a trusted computing environment, said method comprising the steps of:

(a) parsing the trusted command in the untrusted computing environment to generate a parsed command;

(b) submitting the parsed command to the trusted computing environment;

(c) displaying a representation of the parsed command to the user through a trusted path;

(d) receiving a signal from the user through a trusted path signifying whether the displayed representation accurately represents the user's intentions;

(e) if the signal signifies that the displayed representation does not accurately represent the user's intentions, then preventing the execution of the parsed command; and

(f) if the signal signifies that the displayed representation accurately represents the user's intentions, executing the parsed command in the trusted environment.


The Commissioner argues that this court should review findings by the Board using a more deferential standard as required by the Administrative Procedure Act, 5 U.S.C. § 706(2) (1994). Only the court sitting in banc may answer the question of whether a different standard of review of the Board's findings should apply and, if so, whether the Board's decision in light of supporting findings reviewed under such a standard should be affirmed

The argument is appropriately made in a petition suggesting rehearing in banc, in a case such as this, wherein the court has decided that clear error by the Board requires reversal. See In re Kemps, 97 F.3d 1427, 1431, 40 USPQ2d 1309, 1312 (Fed.Cir.1996).