DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 20 February 2026 has been entered.
By the above submission, Claim 7 has been amended. No claims have been added or canceled. Claims 1-19 are currently pending in the present application.
Response to Amendment
The response includes a certification that the correspondence was electronically transmitted on 11 February 2026 (see page 1 of the present response). However, the correspondence was not received electronically and was instead received by mail on 20 February 2026, and therefore, this certification appears to be inaccurate. It is acknowledged that the RCE Transmittal Form PTO/SB/30 and Transmittal Form PTO/SB/21 each include certificates of mailing.
The amendments to the specification do not clearly comply with the requirement of 37 CFR 1.121(b)(1) that replacement paragraphs must include markings showing all changes made relative to the previous version of the paragraph. In particular, although Applicant has stated that the amendments to paragraph 0016 are relative to “the last entered amendment of 8/1/22” (page 16 of the present response; see also page 3), first, it is noted that there was no response filed on 01 August 2022, although it appears that Applicant may have intended to refer to the response filed 10 August 2022. However, if that is the case, the 10 August 2022 response is not the most recent entered version of paragraph 0016, which was further amended in the response filed 28 February 2025 and such amendments were entered. Further, the markings do not clearly indicate the changes relative to either of the 10 August 2022 or 28 February 2025 versions of the paragraph. The amendments marked in line 1 were previously made in the response filed 28 February 2025, and in line 5, there is text that has been added relative to both the 10 August 2022 and 28 February 2025 versions of the paragraph which has not been marked with underlining as required. Applicant is hereby required to resubmit paragraph 0016 in the next response. If amendments compared to the 28 February 2025 version are desired, then they must be marked as required by 37 CFR 1.121(b)(1); if no amendments compared to the 28 February 2025 version are desired, then Applicant should re-file a clean copy of paragraph 0016. In order to avoid confusion of the record by partial entry of the specification amendments, Applicant is also required to resubmit the present amendments to the abstract and paragraph 0046.
The amendments to the claims do not comply with the requirement of 37 CFR 1.121(c) that the status of every claim must be indicated. In particular, although Claims 3, 9, 15, and 19 are provided with the status of “Currently Amended”, no amendments appear to be included relative to the prior version of the claims, and it appears that these claims should be marked as “Original” or “Previously Presented” as appropriate. The amendments to the claims also do not clearly comply with the requirement of 37 CFR 1.121(c)(2) that amended claims must include markings indicating the changes made relative to the immediate prior version of the claims. In particular, at least Claims 7 and 18 appear to include text, marked with strikethrough for deletion, which was previously deleted from the claims. As a courtesy and to advance prosecution, the amendments to the claims have been entered and treated as though they were fully compliant with 37 CFR 1.121(c). Applicant is again reminded that all subsequent amendments must fully comply with the provisions of 37 CFR 1.121.
Response to Arguments
Applicant's arguments filed 20 February 2026 have been fully considered but they are not persuasive.
Regarding the objection to the specification for failure to provide proper antecedent basis for the claimed subject matter and the rejection of Claims 1-19 under 35 U.S.C. 112(a) for failure to comply with the written description requirement, Applicant argues that the term “station” is used to refer to the client devices 102 described in the specification and would be understood by one of ordinary skill in the art (pages 17-18 of the present response, no evidence cited). However, it is reiterated that the term “station” appears nowhere in the specification, and the specification does not use or define the term “station” is equivalent to the client devices. Further, while “station” may often be used to refer to user equipment, for example, the term is not co-extensive in scope with the concept of client devices, which appears to be broader than merely a station. Applicant has provided no evidence of how one of ordinary skill in the art would interpret the term “station”. With respect to the limitation of “authenticating the particular user separate[ly] from the station”, Applicant argues that the discussion of user authentication in paragraphs 0052 and 0056 of the specification “as a distinct step from verifying the client device (e.g. via a MAC address list)” inherently supports the limitation of authenticating the user separate from the station (page 18 of the present response). However, there is no discussion in these cited paragraphs of verifying or authenticating a client device or station, and there is no mention of a MAC address list or authentication of a station in these paragraphs.
Regarding the rejection of Claims 1-19 under 35 U.S.C. 112(b) as indefinite, Applicant merely alleges that “the same arguments from the written description section apply” to this rejection (page 18 of the present response). Applicant's arguments fail to comply with 37 CFR 1.111(b) because they do not clearly respond to every ground of objection and rejection in the prior Office action. It is not clear how these arguments apply to the portion of the rejection relating to the term “separate”, and there appears to be no attempt to address the other outstanding issues of indefiniteness. Applicant has not provided any substantive response or explanation with respect to the outstanding rejection under 35 U.S.C. 112(b).
Regarding the rejection of Claims 1-19 under 35 U.S.C. 103 as unpatentable over Mukherjee et al, US Patent 7421736, in view of Glazemakers et al, US Patent 9148408, and Short et al, US Patent 8156246, Applicant generally does not refer to any particular language of the claims, but merely alleges that Mukherjee, individually, does not contemplate a portable client device that manages its own local allow-list of devices; that Glazemakers, individually, does not provide portability or dual-mode operation triggered by the portable client’s physical location’ and that Short lacks multi-factor user-to-site enforcement logic where a tunnel is established only after user authentication and device list verification occur on the hardware client (page 19 of the present response, no evidence cited). Applicant further alleges that the prior art does not suggest a single portable device that acts as a gatekeeper for multiple peripheral stations by performing independent user authentication and device hardware verification prior to establishing a secure tunnel (page 20 of the present response, no evidence cited). First, in response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., an “allow-list”, dual-mode operation “triggered by the portable client’s physical location”, “user-to-site enforcement logic”, “gatekeeper for multiple peripheral stations”, “independent user authentication and device hardware verification”) are not recited in the rejected claims. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Although Claim 1 recites establishing either a local connection or VPN tunnel depending upon a location, this does not require selecting or triggering which kind of connection is to be established based on the physical location. Further, Claims 7 and 13 are silent with respect to the “depending upon a location” aspect. Additionally, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Although Applicant argues that Mukherjee, individually, does not contemplate a portable client device and that Glazemakers, individually also does not provide the portability, it is noted that Short was relied upon for suggestion of portability (see Short, Figure 4, portable nomadic router 110; see also column 12, line 43-column 17, line 24 for general discussion, noting especially column 12, lines 43-50, and column 15, lines 3-10). Further, although Applicant argues that Glazemakers does not provide the specific dual mode operation (e.g. VPN or local mode) triggered by the client’s physical location, Glazemakers does disclose establishing a local connection or VPN tunnel between the authentication device and appliance depending on a location (see Glazemakers, column 6, lines 53-67, and Figure 4, step 405, as previously cited). It is again noted that the claims do not require the location to trigger selection of one or the other of the local connection or VPN tunnel.
Therefore, for the reasons detailed above, the Examiner maintains the rejections as set forth below.
Drawings
The objection to Figure 4 for informalities is maintained because additional informalities have been noted in Figure 4 as amended.
The drawings are objected to because they include informalities. In Figure 4, step 402, “systmes” should read “systems”. In Figure 4, step 404, “unque” should read “unique”. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
As noted above, the amendments to the abstract and specification do not fully comply with 37 CFR 1.121(b) and have NOT been entered. As noted above, Applicant is required to resubmit paragraph 0016 either with further amendments relative to the last entered version filed 28 February 2025 or as a clean version of the last entered version, and to avoid confusion due to partial entry of the amendments, the present amendments to the abstract and paragraph 0046 must also be resubmitted.
The objection to the abstract for informalities and the objection to the disclosure for informalities are NOT withdrawn, because the amendments have not been entered as noted above. It is noted that further conditional objections based on the assumed future entry of the amendments are set forth below. The objection to the specification for failure to provide proper antecedent basis for the claimed subject matter is NOT withdrawn for the reasons detailed above.
The abstract of the disclosure is objected to because it includes informalities. In particular, in lines 1-3, the verb “are provided” does not agree in number with the singular subject “A portable, hardware-based authentication client solution”. If the present amendments to the abstract were to be entered, then the sentence at lines 1-3 would be a fragment (missing a verb). A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:
The specification includes minor grammatical and other errors. For example, if the amendments to paragraph 0016 were entered, then in paragraph 0016, line 5, “a” should be deleted before “may operate”. The sentence at paragraph 0046, lines 19-23 appears to be a run-on, noting the comma splice after “devices 316-1 and 316-5”, although it appears that the proposed insertion of a period to separate the sentences would overcome this issue. In paragraph 0046, lines 25-26, in the phrase “no direct access is allowed and computer is isolated”, it is not clear what the direct access would be to, and it is not clear which computer is being referred to. Further, it is noted that, in paragraph 0046, lines 21-25, reference is made to elements 316-1, 316-2, 316-4, 316-5, and 316-6 as “authentication client devices”; however, the specification previously distinguished between elements including reference numeral 318 as the authentication client devices (see paragraph 0046, lines 7-8) and elements including reference numeral 316 as the client devices (see paragraph 0046, line 5). Additionally, it appears that the proposed addition of “authentication client 318-1” in line 28 should instead refer to an “authentication client device”.
Appropriate correction is required. Applicant’s cooperation is again requested in correcting any other errors of which applicant may become aware in the specification.
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the following is required: Independent Claims 1 and 7 were previously amended to recite “authenticating the particular user separate from the station”, and independent Claim 13 was previously amended to similarly recite “authenticating the particular user separately from the station”. The independent claims have also been amended with other references to “a station” and “the station”. There is not clear antecedent basis for the authentication being “separate” as recited in the claims as amended. There appears to be no mention in the specification of any authentication being separate. Further, there appears to be no mention in the specification of a station as recited. For further detail, see below with reference to the rejection under 35 U.S.C. 112(a) for failure to comply with the written description requirement.
Claim Rejections - 35 USC § 112
The rejections of Claims 1-19 under 35 U.S.C. 112(a) for failure to comply with the written description requirement and under 35 U.S.C. 112(b) as indefinite are NOT withdrawn, for the reasons detailed above in the Response to Arguments, and further because not all issues have been addressed and/or because the amendments have raised new issues, as detailed below.
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-19 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent Claims 1 and 7 were previously amended to recite “authenticating the particular user separate from the station”, and independent Claim 13 was previously amended to similarly recite “authenticating the particular user separately from the station”. There is no mention in the specification of any authentication being performed separately, and there is no mention of the term “separate” except in reference to a machine-readable storage medium in paragraph 0042. Although Applicant has generally pointed to paragraphs 0052 and 0056 of the specification for support, and although Applicant asserts that user authentication is separate from verification of the client device (page 18 of the present response), there is no mention of verification of the client device in these paragraphs, and there is no mention of separate authentication in these paragraphs or elsewhere in the specification. The independent claims have also been amended with other recitations of “a station” and “the station”. Although Applicant argues that the term “station” is intended to refer to client devices 102 (pages 17-18 of the present response), Applicant has not pointed to any evidence of the equivalent of this terminology, and there is no mention of the term “station” anywhere in the specification. Therefore, there is not clear written description of the claimed subject matter as amended in the specification. See also MPEP § 2163.04.
If Applicant intended for the “station” terminology to refer to a particular one of the client devices (see pages 17-18 of the present response), then the claims could be amended to replace “a station” and “the station” with “a first client device” (or “a particular client device”) and “the first client device” (or “the particular client device”) or similar language that more particularly identifies a specific client device.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “authenticating… the connection establishment request was initiated by the particular user by authenticating the particular user separate from the station” in lines 17-22. First, it is not clear how authenticating the user would also authenticate that the connection request was initiated by the user. Further, it is not grammatically clear what the term “separate” is intended to modify; that is, it is not clear what element is separate from what other element(s). For purposes of applying the prior art, this has been interpreted that the user is authenticated separately from a station, similar to the recitation in Claim 13. The above ambiguities render the claim indefinite.
Claim 3 recites “the client device” in lines 2-3. It is not clear whether this is intended to refer to the authentication client device or one of the pre-authorized client devices.
Claim 7 recites “authenticating… the connection establishment request initiated by the particular user by authenticating the particular user separate from the station” in lines 19-24. First, it is not clear how authenticating the user would also authenticate the connection request initiated by the user. Further, it is not grammatically clear what the term “separate” is intended to modify; that is, it is not clear what element is separate from what other element(s). For purposes of applying the prior art, this has been interpreted that the user is authenticated separately from a station, similar to the recitation in Claim 13. The above ambiguities render the claim indefinite.
Claim 9 recites “the client device” in lines 3-4. It is not clear whether this is intended to refer to the authentication client device or one of the pre-authorized client devices.
Claim 13 recites “authenticating… the connection establishment request was initiated by the particular user by authenticating the particular user separately from the station” in lines 21-26. It is not clear how authenticating the user would also authenticate that the connection request was initiated by the user. The claim further recites “the VPN appliance” in line 35. There is insufficient antecedent basis for this limitation in the claim. The above ambiguities render the claim indefinite.
Claim 15 recites “the client device” in lines 3-4. It is not clear whether this is intended to refer to the authentication client device or one of the pre-authorized client devices.
Claim 19 recites “the client device” in lines 5 and 7. It is not clear whether this is intended to refer to the authentication client device or one of the pre-authorized client devices if this is distinct.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Mukherjee et al, US Patent 7421736, in view of Glazemakers et al, US Patent 9148408, and Short et al, US Patent 8156246.
In reference to Claim 1, Mukherjee discloses a method that includes maintaining a list of pre-authorized client devices in an authentication client device assigned to a user and paired with an appliance at a network (column 6, lines 21-35; see also Figure 1, CE router on client side corresponds to the authentication client device; IPSG router on network side and VISA device correspond to appliance); receiving a connection establishment request to connect with the network via the appliance (Figure 4A, request 404; column 8, lines 1-11); authenticating the user, verifying that a station is on the list of pre-authorized clients, and establishing a local connection or VPN tunnel between the authentication device and appliance (Figure 4A, steps 406-416; column 8, lines 8-48). However, Mukherjee does not explicitly disclose authenticating the user separately from the station.
Glazemakers discloses a method that includes maintaining a list of pre-authorized client devices (see column 2, lines 51-65, for example); receiving a connection establishment request to connect with the network via an appliance (column 2, lines 51-65; Figure 4, step 401) and verifying whether a station is on the list (column 2, lines 51-65); authenticating a user separately from authenticating a station (column 12, lines 10-42, biometric authentication of user); and establishing a local connection or VPN tunnel between the authentication device and appliance depending on a location (column 6, lines 53-67; Figure 4, step 405). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Mukherjee to include the separate user authentication of Glazemakers, in order to provide enhanced authentication (see Glazemakers, column 12, lines 10-42, for example).
However, while Mukherjee and Glazemakers generally disclose an authentication device, and while a router is generally a lightweight and therefore potentially portable device, neither Mukherjee nor Glazemakers explicitly discloses that the authentication device is portable. However, Short discloses a portable nomadic router device (see Figure 4, portable nomadic router 110; see also column 12, line 43-column 17, line 24 for general discussion, noting especially column 12, lines 43-50, and column 15, lines 3-10). Therefore, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to further modify the method of Mukherjee and Glazemakers to make the authentication device (i.e. router of Mukherjee) be portable as taught by Short, in order to transparently process data (see Short, column 12, lines 48-50) and prevent having to reconfigure devices and provide independence (see Short, column 13, lines 30-51).
In reference to Claims 2 and 3, Mukherjee, Glazemakers, and Short further disclose issuing to the authentication device a unique token used for authentication (Mukherjee, column 7, lines 20-34, unique address).
In reference to Claims 4 and 5, Mukherjee, Glazemakers, and Short further disclose a VPN mode or local mode and one or more types of VPN connections (Mukherjee, column 2, line 35-column 3, line 8, and throughout).
In reference to Claim 6, Mukherjee, Glazemakers, and Short further disclose a concurrent connection through the authentication device (Mukherjee, column 8, lines 8-48).
Claims 7-12 are directed to software implementations of the methods of Claims 1-6, and are rejected by a similar rationale.
Claims 13-18 are directed to devices having functionality corresponding to the methods of Claims 1-6, and are rejected by a similar rationale, mutatis mutandis.
In reference to Claim 19, Mukherjee, Glazemakers, and Short further disclose performing an antivirus scan and blocking an infected client device (Glazemakers, column 12, lines 10-42).
Conclusion
All claims are identical to or patentably indistinct from, or have unity of invention with claims in the application prior to the entry of the submission under 37 CFR 1.114 (that is, restriction (including a lack of unity of invention) would not be proper) and all claims could have been finally rejected on the grounds and art of record in the next Office action if they had been entered in the application prior to entry under 37 CFR 1.114. Accordingly, THIS ACTION IS MADE FINAL even though it is a first action after the filing of a request for continued examination and the submission under 37 CFR 1.114. See MPEP § 706.07(b). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:00am-5:30pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal D Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Zachary A. Davis/Primary Examiner, Art Unit 2492