TRANSPORT LAYER APPROACH TO SECURE MOBILE TERMINATION

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/7/2026 has been entered. Response to Amendment This office action has been changed in response to the amendment filed on 1/7/2026. Claims 1, 3-8, 16, 17, 19, 20 and 24-29 have been amended. Claim 30 has been newly added. Claims 2, 10-15 and 21-23 have been canceled. Response to Arguments Applicant's arguments filed 1/7/2026 have been fully considered but they are not persuasive. In response to the Applicant’s argument that “the combination of Kshirsagar and Alt, as taught by the cited portions of Alt, does not disclose a mobile terminating call, or a combination of mobile terminating connections that connections (via a mobile terminating proxy) a mobile device which is not a subscriber of a mobile telecommunications service provider network to a mobile device that is a subscriber” (Pages 9-10), the Examiner respectfully disagrees. Alt discloses in Fig. 14 a mobile terminating call. (Fig. 14 [1427 & 1429] and Page 14 [0173 & 0176]) With respect to “a mobile device which is not a subscriber of a mobile telecommunications service provider network to a mobile device that is a subscriber”, the Examiner views this as non-functional descriptive material because it is not clear to the Examiner how the steps of the method are any different because a mobile device is not a subscriber of a mobile telecommunications service provider network. The Applicant is reminded that in method cases, the relevant inquiry is whether a new and unobvious functional relationship with the known method exists. See In re Kao, 639 F.3d 1057, 1072-73, 98 USPQ2d 1799, 1811-12 (Fed. Cir. 2011); King Pharmaceuticals Inc. v. Eon Labs Inc., 616 F.3d 1267, 1279, 95 USPQ2d 1833, 1842 (Fed. Cir. 2010). In apparatus claims, it is the structure that defines how an apparatus differs from prior art apparatuses and when no difference in structure is defined, the assumption is made that the prior art structure meets the limitations. The Examiner will not give patentable weight to descriptive material absent a new and unobvious functional relationship between the descriptive material and the substrate. See In re Lowry, 32 F.3d 1579, 1582-1583 (Fed. Cir. 1994); In re Ngai, 367 F.3d 1336,1339 (Fed. Cir. 2004) (nonfunctional descriptive material cannot render nonobvious an invention that would have otherwise been obvious). See also Ex parte Mathias, 84 USPQ2d 1276 (BPAI 2005) (nonprecedential), aff' d, 191 Fed. Appx. 959 (Fed. Cir. 2006). “Claim limitations directed to printed matter are not entitled to patentable weight unless the printed matter is functionally related to the substrate on which the printed matter is applied.” Praxair Distribution, Inc. v. Mallinckrodt Hosp. Prods. IP Ltd., 890 F.3d 1024, 1031 (Fed. Cir. 2018) (emphasis added). This printed matter doctrine is not strictly limited to “printed” materials. Mallinckrodt, 890 F.3d at 1032. More specifically, “a claim limitation is directed to printed matter ‘if it claims the content of information.' ” Mallinckrodt, 890 F.3d at 1032 (quoting In re Distefano, 808 F.3d 845, 848 (Fed. Cir. 2015)). In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., “Examples” paragraph spanning pages 10-11) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). In response to the Applicant’s argument regarding claim 24 (Pages 13-14), the Examiner respectfully disagrees. The Examiner’s point of the citations to Kshirsagar are the inclusion of a domain name URL in the access certificate is that this shows an access request can include the domain name requested. With respect to the second mobile device, the Examiner has pointed to Alt to show the first user mobile device establishing a mobile terminating connection at a second mobile device. (Alt Fig. 14) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3, 7-9, 16-20, 24, 28 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Kshirsagar et al. (US-2017/0373860 hereinafter, Kshirsagar) in view of Alt et al. (US-2007/0019545 hereinafter, Alt). Regarding claim 1, Kshirsagar teaches a method comprising: receiving, by a processing system (Fig. 6 [600]) including at least one processor (Fig. 6 [620]), a request (Fig. 2 [210]) from a first user endpoint device (Fig. 2 [201]) to establish a connection to a second endpoint device; (Page 5 [0031] and Page 3 [0023-0024]) determining, by the processing system, whether an access certificate that is associated with the second endpoint device has been received from the first user endpoint device; (Page 3 [0023] and Page 4 [0028] “For example, the request and the digital certificate may be received at the same time (e.g., simultaneously)” & “In response to determining the digital certificate is valid, in 530 the method includes detecting tenant information of the network object from an attribute among the plurality of attributes included in the digital certificate. The detected tenant information may identify a tenant included in the multi-tenant cloud computing environment to which the network object belongs”) terminating, by the processing system, the mobile terminating connection at the processing system when1 the access certificate that is associated with the second endpoint device is determined to be received from the first user endpoint device (Fig. 2 [210 & 240]), wherein the terminating creates the mobile terminating connection from the first user endpoint device to the processing system; (Page 2 [0019]) identifying, by the processing system, a private internet protocol address that is associated with the second endpoint device when the access certificate that is associated with the second endpoint device is determined to be received from the first user endpoint device; (Fig. 4 [UNSTRUCTUREDADDRESS IP address], Fig. 5 [530] and Page 4 [0028]) and establishing, by the processing system, a second connection from the processing system to the second endpoint device (Fig. 2 [250]), using the private internet protocol address of the second endpoint device (Pages 4-5 [0027-0028]), wherein communications between the first user endpoint device and the second endpoint device are exchanged subsequent to the establishing via a combination of the first mobile terminating connection from the first user endpoint device to the processing system and the 2nd mobile terminating connection from the processing system to the second endpoint device, with the processing system serving as an intermediary for forwarding packets of the communications between the first user endpoint device and the second endpoint device. (Page 2 [0019] “Once connected, data captured by the device 110 may be transmitted to the cloud through the load balancer 120, the proxy server 130, and the message brokers 140, where it may be analyzed, stored, and the like, by the application in the cloud”) Kshirsagar differs from the claimed invention by not explicitly reciting the processing system resides in a mobile packet core of a mobile telecommunications service provider network, the first user endpoint device and the second user endpoint device are first and second mobile devices with a connection that is mobile terminating and wherein the second mobile device is a subscriber to a service of the mobile telecommunications service provider network and the first mobile device is not a subscriber to the service of the mobile telecommunications service provider. In an analogous art, Alt teaches a method and apparatus for securing and authenticating communications between domains (Abstract) that includes a request from a first mobile device (Fig. 2A [207d] and Fig. 14 [Dual Mode Mobile Station A]) to establish a mobile terminating connection to a second mobile device (Fig. 2A [209d], Fig. 14 [Dual Model Mobile Station B], Fig. 2B and Page 5 [0061]), with the processing system resides in a mobile packet core of a mobile telecommunications service provider network (Fig. 14 [Cellular Mobile Switch, Mobile Gateway, SIP Proxy Server]) and wherein the second mobile device is a subscriber to a service of the mobile telecommunications service provider network and the first mobile device is not a subscriber to the service of the mobile telecommunications service provider. (the Examiner views this as non-functional descriptive material2 because it is not clear to the Examiner how the steps of the method are any different because a mobile device is not a subscriber of a mobile telecommunications service provider network or to a service in general, because the service is not mentioned again in the claims) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to be motivated to implement the invention of Kshirsagar after modifying it to incorporate the ability to provide a mobile terminating connection of Alt since it enables providing encrypted communications to endpoint devices over various domains (Alt Page 5 [0060 & 0065]), thereby increasing deployment of IP telephones. (Alt Page 1 [0006]) Regarding claim 3, Kshirsagar in view of Alt teaches wherein the access certificate is a credential that is specific to the second mobile device. (Kshirsagar Page 4 [0028]) Regarding claim 7, Kshirsagar in view of Alt teaches wherein the access certificate is included in the request received from the first mobile device. (Kshirsagar Page 4 [0028]) Regarding claim 8, Kshirsagar in view of Alt teaches wherein the access certificate is received in response to a prompt by the processing system for the first mobile device to provide the access certificate. (Kshirsagar Fig. 2 [220]) Regarding claim 9, Kshirsagar in view of Alt teaches wherein the determining is performed as part of a transport layer security handshake. (Kshiragar Page 3 [0024]) Regarding claim 16, Kshirsagar in view of Alt teaches wherein the processing system is part of a transport layer mobile terminating proxy of a mobile telecommunications service provider network. (Kshirsagar Fig. 1 [130] and Page 2 [0019]) Regarding claim 17, Kshirsagar in view of Alt teaches wherein the mobile terminating connection cannot be initiated by the first mobile device without the access certificate. (Kshirsagar Fig. 5 [520] i.e. certificate is required to be validated in order to continue) Regarding claim 18, Kshirsagar in view of Alt teaches wherein the processing system obtains the private internet protocol address from an external database. (Alt Page 8 [0098]) Regarding claims 19 and 20, the limitations of claims 19 and 20 are rejected as being the same reasons set forth above in claim 1. Regarding claim 24, Kshirsagar in view of Alt teaches wherein the private internet protocol address is mapped to a server name identification comprising a host part of a domain name that is assigned to the second mobile device (Kshirsagar Fig. 4, Page 1 [0004] and Page 4 [0027]), wherein the domain name is included in the request received from the first mobile device. (Kshirsagar Fig. 4 and Page 4 [0027] and Alt Fig. 14) Regarding claim 28, Kshirsagar in view of Alt teaches wherein an ability of the first mobile device to provide the access certificate associated with the second mobile device serves as evidence that the first mobile device is authorized to establish the first mobile terminating connection. (Kshirsagar Page 3 [0023-0024] “the connection request may have fields such as one or more of a client ID, clean session, username, password, last topic, last QoS, last message, keep alive, and the like. The load balancer 202 may receive the connection request and transmit the request to the proxy server 203. In response, in 220 the TLS proxy server 203 may send a request to the device 201 for a digital certificate. In 230, the device 201 may provide the TLS proxy server 203 with the device's 201 digital certificate. In 240, the TLS proxy server 203 may validate the certificate based on a root certificate of a CA, an expiration date, and the like. In response to determining the digital certificate is valid, the TLS proxy server 203 may further detect tenant information from an attribute among a plurality of attributes included in the digital certificate, in 240. In this case, the detected tenant information may identify a tenant included in the multi-tenant cloud computing environment.”) Regarding claim 30, Kshirsagar in view of Alt teaches wherein a firewall is configured to allow only mobile terminating connections originating from the processing system to terminate at the second mobile device. (Alt Page 3 [0037-0039] “Firewalls monitor incoming and outgoing traffic and filters (or blocks) such traffic according to certain rules and policies. A firewall can employ various techniques to filter traffic; e.g., packet (or flow) filtering examines packets to ensure specified requirements are met with respect to the characteristics of the packet (or flow). Hence, the process only allows packets satisfying such requirements to pass. These requirements can be based on network addresses, ports, or whether the traffic is ingress or egress, etc”) Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Kshirsagar in view of Alt as applied to claim 3 above, and further in view of Heinla et al. (US-8,009,572 hereinafter, Heinla). Regarding claim 4, Kshirsagar in view of Alt teaches the limitations of claim 3 above, but differs from the claimed invention by not explicitly reciting wherein the mobile telecommunications service provider network provides the access certificate to the second mobile device. In an analogous art, Heinla teaches a peer-to-peer telephone system for communications using certificates for authorization (Abstract) that includes the mobile telecommunications service provider network that provides the access certificate to the second mobile device. (Col. 2 lines 62-65 and Col. 4 lines 25-30) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to be motivated to implement the invention of Kshirsagar in view of Alt after modifying it to incorporate the ability to have a service provider network provide the access certificate to the second mobile device of Heinla since it enables the end user to verify the certificate as authentic. Claims 6 and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Kshirsagar in view of Alt as applied to claim 3 above, and further in view of Bu et al. (US-2008/0159299 hereinafter, Bu). Regarding claim 6, Kshirsagar in view of Alt teaches the limitations of claim 3 above, but differs from the claimed invention by not explicitly reciting wherein a validity of the access certificate is unaffected by a change in an internet protocol address of the first mobile device. In an analogous art, Bu teaches a method and system for providing controlled access to the Internet (Abstract) that includes a validity of the access certificate is unaffected by a change in an internet protocol address of the first mobile device. (Page 4 [0039]) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to be motivated to implement the invention of Kshirsagar in view of Alt after modifying it to incorporate the ability to decouple certificates from a path and IP source address of Bu since it enables the consent part of a certificate to depends only on source/destination identities and thus, remains valid even when source/destination IP addresses change because IP addresses change, often, thereby only requiring an updated binding of the new IP address. (Bu Page 4 [0039]) Regarding claim 29, Kshirsagar in view of Alt teaches the limitations of claim 1 above, but differs from the claimed invention by not explicitly reciting wherein the access certificate remains valid when an internet protocol address of the second mobile device changes. In an analogous art, Bu teaches a method and system for providing controlled access to the Internet (Abstract) that includes a validity of the access certificate is unaffected by a change in an internet protocol address of the second mobile device. (Page 4 [0039]) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to be motivated to implement the invention of Kshirsagar in view of Alt after modifying it to incorporate the ability to decouple certificates from a path and IP source address of Bu since it enables the consent part of a certificate to depends only on source/destination identities and thus, remains valid even when source/destination IP addresses change because IP addresses change, often, thereby only requiring an updated binding of the new IP address. (Bu Page 4 [0039]) Claims 25-27 are rejected under 35 U.S.C. 103 as being unpatentable over Kshirsagar in view of Alt as applied to claims 1 and 24 above, and further in view of Sole et al. (US-2021/0392111 hereinafter, Sole). Regarding claims 25 and 26, Kshirsagar in view of Alt teaches the limitations of claim 24 above, differs from the claimed invention by not explicitly reciting wherein the domain name that is assigned to the second mobile device is mapped by a wild card record to a public internet protocol address assigned to the processing system, so that the request is routed to the processing system from a domain name system server of the mobile telecommunications service provider network, wherein the wild card record maps a plurality of domain names assigned to a plurality of mobile devices, including the domain name that is assigned to the second mobile device, and to the public internet protocol address assigned to the processing system. In an analogous art, Sole teaches a method and system for network traffic inspection (Abstract) and for protecting internal network resources that are mapped to external users (Page 13 [0178-0179]) that includes a domain name (Page 14 [0181-0182] “define a single resource that exposes multiple hosts” and “a resource is a mapping between a publicly accessible host name to a privately accessible one”) that is assigned to the second mobile device is mapped by a wild card record (Page 14 [0182] “One option is to define a Resource with a wildcard public host name of “*.websvc.internal” mapped to a wildcard internal name “*.websvc.internal”, allowing access to TCP port 22 to all users that are part of the DevOps group and have non-jailbroken devices. Another option is to create a mapping using different suffixes, for example using the public name “*.websvc.company.com” and internal name “*.websvc.internal”.”) to a public internet protocol address assigned to the processing system (Page 14 [0181-0186] “Resource 1: *.dev.fyde.local Matches: web1. dev.fyde.local, monitor.dev.fyde.local.”), so that the request is routed to the processing system from a domain name system server of the mobile telecommunications service provider network, (Page 4 [0032] “The user inputs a Uniform Resource Locator (URL), and, when the host section of the URL is not an Internet Protocol (IP) address, the host section of the URL is translated to an IP address by use of a Domain Name Service (DNS).”) wherein the wild card record maps a plurality of domain names assigned to a plurality of mobile devices (Page 14 [0182] “ an organization could have a number of cluster nodes with a format like: node1.websvc.internal, node2.websvc.internal, etc., that are dynamically added and removed as the service load requires. The organization desires to expose an administrative interface to securely access the nodes (e.g., SSH over TCP port 22). One option is to define a Resource with a wildcard public host name of “*.websvc.internal” mapped to a wildcard internal name “*.websvc.internal”, allowing access to TCP port 22 to all users that are part of the DevOps group and have non-jailbroken devices. Another option is to create a mapping using different suffixes, for example using the public name “*.websvc.company.com” and internal name “*.websvc.internal”.”), including the domain name that is assigned to the second mobile device, and to the public internet protocol address assigned to the processing system. (Page 14 [0181-0199] note: [0185-0199] are exemplary mapping between internal sources i.e. [0186] and the domain name [0185] that links to the “second mobile devices”) Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to be motivated to implement the invention of Kshirsagar in view of Alt after modifying it to incorporate the ability to utilize wildcard mappings to a public internet protocol address of Sole since it enables and administrator to define a single resource that exposes multiple hosts when the hosts are a cluster of devices that is dynamically added to as service load requires and it enables the hosts to be exposed under the same policy, thereby simplifying the administrative burden. (Sole Page 14 [0181-0182]) Regarding claim 27, Kshirsagar in view of Alt and Sole teaches wherein the public internet protocol address is provided to the first mobile device by a domain name system server in response to the first mobile device providing the domain name that is assigned to the second mobile device to the domain name system server. (Sole Page 4 [0043] and Page 16 [0239-0240]) Allowable Subject Matter Claim 5 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is a statement of reasons for the indication of allowable subject matter: the Examiner was unable to find the combination of claims 1+4+5 in the prior art. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW C SAMS whose telephone number is (571)272-8099. The examiner can normally be reached M-F 8:30-5 EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matthew Anderson can be reached at (571)272-4177. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Matthew C Sams/Primary Examiner, Art Unit 2646 1 Under the broadest reasonable interpretation standard for conditional “if language” or “when language”, the condition does not occur and the step or function claimed would never be realized, hence the broadest reasonable interpretation of the claim does not require performing the step or function. See Ex parte Katz, 2011 WL 514314, at 4-5 (BPAI Jan. 27, 2011,2011 WL 1211248 at 2 (BPAI Mar. 25, 2011); see also In re Johnston, 435 f.3d 1381, 1384 (Fed. Cir. 2006)("optional elements do not narrow the claim because they can always be omitted”). If conditions are not limitations against which prior art must be found because the step or function only occurs “if the answer is positive” or “when the answer is positive”. Under the broadest scenario, the steps or functions dependent on the “if condition” or “when condition” would not be invoked, and such, the Examiner is not required to find these limitations in the prior art in order to render the claim anticipated. See In re Am. Acad. Of Sci. Tech Ctr., 367 f.3d 1359, 1359 (Fed. Cir. 2004). 2 The Applicant is reminded that in method cases, the relevant inquiry is whether a new and unobvious functional relationship with the known method exists. See In re Kao, 639 F.3d 1057, 1072-73, 98 USPQ2d 1799, 1811-12 (Fed. Cir. 2011); King Pharmaceuticals Inc. v. Eon Labs Inc., 616 F.3d 1267, 1279, 95 USPQ2d 1833, 1842 (Fed. Cir. 2010). In apparatus claims, it is the structure that defines how an apparatus differs from prior art apparatuses and when no difference in structure is defined, the assumption is made that the prior art structure meets the limitations. The Examiner will not give patentable weight to descriptive material absent a new and unobvious functional relationship between the descriptive material and the substrate. See In re Lowry, 32 F.3d 1579, 1582-1583 (Fed. Cir. 1994); In re Ngai, 367 F.3d 1336,1339 (Fed. Cir. 2004) (nonfunctional descriptive material cannot render nonobvious an invention that would have otherwise been obvious). See also Ex parte Mathias, 84 USPQ2d 1276 (BPAI 2005) (nonprecedential), aff' d, 191 Fed. Appx. 959 (Fed. Cir. 2006). “Claim limitations directed to printed matter are not entitled to patentable weight unless the printed matter is functionally related to the substrate on which the printed matter is applied.” Praxair Distribution, Inc. v. Mallinckrodt Hosp. Prods. IP Ltd., 890 F.3d 1024, 1031 (Fed. Cir. 2018) (emphasis added). This printed matter doctrine is not strictly limited to “printed” materials. Mallinckrodt, 890 F.3d at 1032. More specifically, “a claim limitation is directed to printed matter ‘if it claims the content of information.' ” Mallinckrodt, 890 F.3d at 1032 (quoting In re Distefano, 808 F.3d 845, 848 (Fed. Cir. 2015)).