Appeal No. 2002-1658
Application No. 08/922,339
would modify the primary reference to satisfy all of the claim
limitations.
In response to appellants' argument that Steinberg fails to
teach a decryption key distributed by a key server, the examiner
states (Answer, pages 11-12) that the difference between Steinberg
and appellants' system, the supplier of the identification code
and encryption key,
is superficial, as the appellant's [sic] invention does
not define a systematic process that would enable one
of ordinary skill of the art to distinguish a user
supplied versus a server supplied identification code
and key. Moreover, there are many ways a user can
obtain an encryption (or decryption) key, therefore, it
would have been obvious to use the EXCHANGE network of
McCarty to request a key . . . to provide further
security to the end-user's system. The advantage being
that an attack that compromises a system that uses a
single user encryption/ decryption key pair . . . to
encrypt requested software, allows the attacker access
to the entire user library of requested software,
whereas in a system that uses multiple encryption keys
to encrypt data including a key that is specific to the
requested program, or software, would only allow the
attacker, to at best, a single program.
There are numerous problems with the examiner's reasoning.
First, appellants do define a process that distinguishes a user
supplied versus a server supplied identification code and key.
Specifically, appellants disclose (Specification, page 7, line
20-page 8, line 4) and claim that the user obtains a program file
and an ID number that corresponds to the program file from the
file server. The user transmits the received ID number to the
5
Page: Previous 1 2 3 4 5 6 7 8 9 10 Next
Last modified: November 3, 2007