DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1, 10, 17-22 are currently pending
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/10/2025 has been entered.
Response to Arguments
The present office action is responsive to communications filed on 11/10/2025. Claims 1, 3, and 7 have been amended. Claims 17-22 have been added. Applicant’s amendments with regards to the claims and arguments have overcome every objection and rejection in that were previously set forth in Final Office Action mailed 08/13/2025.
Applicant’s arguments filed on 11/10/2025 with respect to rejection claims 1, 3, and 7 under the 35 USC 103 over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Chennakeshu et al. (US PGPub No. 20170200324-A1) and Ando et al. (US PGPub No. 20080005029-A1 ) have been fully considered and are persuasive. Therefore, the rejection have been withdrawn. However, upon further consideration, a new grounds of rejection in view of Jeon et al. (US PGPub No. 20180183772-A1), Egner et al. (US PGPub No. 20180367314-A1 ), and Dobbins et al. (US PGPub No. 20200396211-A1).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-3 and 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Jeon et al. (US PGPub No. 20180183772-A1).
With respect to claim 1, Pomerantz teaches a apparatus adapted to connect to a network via a communication adaptor, the apparatus comprising: a storage device; a serial interface; and processing circuitry to receive, from a communication adaptor connected via the serial interface, a communication frame, and (Abstract: A securing apparatus includes a security adapter configured to be engaged with an electronic device. The security adapter includes an interface to couple to a host device. ¶0056: As seen in Figure 1A, the security adapter 100 may include a controller 1140 (e.g., electronic circuitry), a host device interface 1104, and an electronic device interface 1106. The host device interface 1104 may be coupled to the controller 1140 via a bus 1180 and the electronic device interface 1106 may be coupled to the controller 1140 via a bus 1182. The host device interface 1104 may be physical interface, such as a plug or a socket, or a wireless interface that is configured to enable the security adapter 100 to be communicatively coupled to the host device 130 (serial interface). As further seen ¶0061, the electronic device 120, such as a data storage device, may include a controller 1126 and a memory 1128, such as a non-volatile memory. );
responsive to receipt of the communication frame, decode data included in the communication frame [using a common key common to the apparatus and the communication adaptor, and] (¶0052-0058: The access control application 142 may be configured to authorize and/or control user access operations and data access operations, illustrated as data 1172 in Figure 1A, between the electronic device 120 and the host device 130 via the security adapter 100.).
determine whether the decoded data indicates a function-authentication information or a command, (¶0160-0162: The security adapter 100 may include the controller 1140 and a non-volatile memory 1160 via a bus 1184. The security adapter 100 may be configured to receive user access operations and data access operations, such as data and/or instructions (indication of function-authentication information or a command), from the host device 130 and/or from the electronic 120, via the controller 1140, for execution by the controller 1140 and/or for storage in the non-volatile memory 1160. ¶0190 lists examples where the decoded data is either indicating a function-authentication information or a command such as identifier may be received from the host device and the microprocessor may search a stored list of identifiers that are related to one or more security policies and may locate a particular security policy corresponding to the received identifier. );
the function-authentication information being information encrypted before being retained by the communication adaptor, (¶0017: The one or more security functions may also including executing an antivirus application on incoming data to be stored at the security adapter or the electronic device or on data to be read from the security adapter or from the electronic device, encrypting data transferred between the electronic device and the host device via the security adapter, initiating the host device to present a prompt for a password to enable data to be transferred from the electronic device to the host device via the security adapter, or updating a security policy stored at the security adapter, as illustrative, non-limiting examples.);
wherein the command commands the apparatus to perform a function, and (¶0162: The controller 1140 may be configured to perform one or more security functions associated with at least one of read access or write access, by the host device 130, to the memory 1128 of the electronic device 120. );
wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater, which performs the function corresponding to the command;
responsive to determining that the decoded data indicates the function-authentication information, decrypt the function-authentication information received from the communication adaptor, (¶0171 & ¶00187: The security application executable instructions 1164 may include one or more instructions 1164 may include one or more instructions or rules to be implemented by the controller 1140. For example, the one or more instructions or rules may be implemented by the encryption engine 1146, by the read/write access control 1148, by the antivirus engine 1150, by a processor of the controller 1140. Figure 11 may represent physical components, such as hardware controllers, state machines, logic circuits, or other structures, to enable controller 1140 to perform decryption/encryption at the encryption engine 1146. );
wherein the decrypted function-authentication information (¶0165-0166: The encryption engine 1146 may be configured to encrypt data, such as the data 1172 and/or the data 1174, transferred between the electronic device 120 and the host device 130 via the security adapter 100. For example, data from the host device 130 to be stored in the electronic device 120 may be encrypted (e.g., using an encryption key) by the security adapter 100 prior to storage at the electronic device 120 to be unrecoverable from the electronic device 120 without the security adapter 100 (or knowledge of the encryption key). The antivirus engine 1150 may be configured to execute an antivirus application on data read from the non-volatile memory 1160, data read from the memory 1128, data to be written to the non-volatile memory 1160, data to be written to the memory 1128, or a combination thereof. ) indicates one or more permitted functions which the communication adaptor is permitted to instruct the apparatus to execute; and save the decrypted function-authentication information in the storage device; (¶0169-0171: The non-volatile memory 1160 may include an access control list 1162, security application executable instructions 1164, and the log 1166. The one or more instructions or rules may be associated with policy (e.g., a security policy) that corresponds to the security adapter 100, to the electronic device 120, or to a combination thereof. The security policy may indicate the one or more functions performed or executed by the controller 1140. The controller 1140 may be configured to update the one or more instructions or rules of the security policy stored at the non-volatile memory 1160. For example, the controller 1140 may update the one or more instructions or rules based on an update received from the host device 130.);
responsive to determining that the decoded data indicates the command, determine whether a function corresponding to the command is included in the decrypted function-authentication information stored in the storage device as indicating that the function corresponding to the command is permitted for the communication adaptor to instruct the apparatus to execute, (¶0190: As another example, to implement the read/write access control engine 1148, the microprocessor or the microcontroller may be programmed to receive a request for access to a memory at the host device or to a memory at the electronic device. The microprocessor or the microcontroller may be programmed to compare one or more parameters corresponding to the request a security policy corresponding to the requestor. ) and execute processing according to the command only when the function is permitted. (¶0190-0191: The microprocessor or the microcontroller may be programmed to compare a parameter of the request, such as a request type (e.g., to write data to the electronic device) to a corresponding permission indicated in the located security policy (e.g., indicating whether writing data is permitted), and to allow the request to be processed when the permission allows the request parameter(s) or to prohibit the request from being processed when the permission does not allow one or more of the request parameter(s).).
Pomerantz does not disclose:
decode data included in the communication frame using a common key common to the apparatus and the communication adaptor,
wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater, which performs the function corresponding to the command,
However, Jeon teaches decode data included in the communication frame using a common key common to the apparatus and the communication adaptor, and (¶0023: The first device exchanges encoded data with the second device through the second security session based on the master key stored in the secure element (step S400). For example, step S400 may be performed while the first device operates in the normal mode. As described above, the master key is not loaded from the secure element while the second security session is formed. Thus, to exchange the encoded data with the second device, the first device may forward or transfer output data that is to be transmitted to the second device and/or input data that is received from the second device to the secure element. The secure element included in the first device may encode the output data, or may decode the input data.);
wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater, which performs the function corresponding to the command, (¶0040-0041: As seen in Figure 2, when the secure communication system is an IoT system, the first device 200 may be an IoT device, and the second device 300 may be a router. IoT devices may be classified into several groups depending on their characteristics. For example, the IoT devices may be classified into a home gadget group (e.g., group 1010 in Figure 12), a home appliances/furniture group (e.g., group 1020 in Figure 12), an entertainment group (e.g., group 1030 in Figure 12), a vehicle group (e.g., group 1040 in Figure 12), etc. The router may include a hub, a gateway, an access point (AP), etc. The home appliances/furniture group 1020 may include a robot vacuum cleaner, a washing machine, a refrigerator, an air conditioner, a television (TV), a furniture item (e.g., a bed including a sensor), etc.);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of with Jeon regards to a common key and the apparatus to the method of Pomerantz in order to improve the performance of the system while maintaining security (Jeon ¶0024).
With respect to claim 2, the combination of Pomerantz in view of Jeon teaches the method of claim 1 (see rejection of claim 1 above), wherein in the function-authentication information stored in the storage device, for each of the one or more permitted functions, content, corresponding to the function, (Pomerantz ¶0054: The security policy may be stored at the host device 130 or at a host network system associated with the host device 130, as described with reference to Figure 13, at the security adapter 100, as described with reference to Figures 11 and 12, or at the electronic device 120, as described with reference to Figure 14.);
which the communication adaptor is permitted to instruct the apparatus to execute is described, and the processing circuitry executes the processing according to the command limited to the content permitted for the function corresponding to the command. (Pomerantz ¶0054: For example, the security policy may indicate a number and/or a type (e.g., such as personal computers) of host devices 130 that the electronic device 120 can communicate with, authorized times for communication between the host device and the electronic device 120, one or more authorized operations (e.g., read file, write file, edit file, etc.), one or more types of data (e.g., secured, protected, read-only) the electronic device 120 is authorized to access, an authorized location of data in a memory (residing on a public partition and/or on a secured partition of the host device 130 or of the host network system), an authorized information transfer rate, one or more other authorized parameters, or a combination thereof. );
With respect to claim 3, Pomerantz teaches a network apparatus comprising: (Abstract: A securing apparatus includes a security adapter configured to be engaged with an electronic device. The security adapter includes an interface to couple to a host device.¶0012: The security adapted, when mounted to a host, may be configured to communicate with an access control application running on the host for facilitating authentication with the host. The access control application may reside of the host and may be executed directly from the host or loaded onto the host, such as from server over a networked system environment for running on (e.g., execution by) the host. a communication adaptor; and an apparatus having a serial interface, (¶0056: As seen in Figure 1A, the security adapter 100 may include a controller 1140 (e.g., electronic circuitry), a host device interface 1104, and an electronic device interface 1106. The host device interface 1104 may be coupled to the controller 1140 via a bus 1180 and the electronic device interface 1106 may be coupled to the controller 1140 via a bus 1182. The host device interface 1104 may be physical interface, such as a plug or a socket, or a wireless interface that is configured to enable the security adapter 100 to be communicatively coupled to the host device 130 (serial interface) );
the apparatus being connectable to the communication adaptor via the serial interface, the communication adaptor comprising first processing circuitry to transmit, to the apparatus, function-authentication information that is information encrypted before being retained by the communication adaptor, (¶0017: The one or more security functions may also including executing an antivirus application on incoming data to be stored at the security adapter or the electronic device or on data to be read from the security adapter or from the electronic device, encrypting data transferred between the electronic device and the host device via the security adapter, initiating the host device to present a prompt for a password to enable data to be transferred from the electronic device to the host device via the security adapter, or updating a security policy stored at the security adapter, as illustrative, non-limiting examples.).
the apparatus comprising a storage device, and second processing circuitry to receive, from the communication adaptor connected via the serial interface, a communication frame, (¶0050-0052: The host device 130 may be configured to implement a communication protocol via an interface that enables communication via an security adapter 100, the electronic device 120, or combination thereof.) and responsive to receipt of the communication frame, decode data included in the communication frame [using a common key common to the apparatus and the communication adaptor,] (¶0052-0058: The access control application 142 may be configured to authorize and/or control user access operations and data access operations, illustrated as data 1172 in Figure 1A, between the electronic device 120 and the host device 130 via the security adapter 100.).
and determine whether the decoded data indicates the function- authentication information or a command, (¶0160-0162: The security adapter 100 may include the controller 1140 and a non-volatile memory 1160 via a bus 1184. The security adapter 100 may be configured to receive user access operations and data access operations, such as data and/or instructions (indication of function-authentication information or a command), from the host device 130 and/or from the electronic 120, via the controller 1140, for execution by the controller 1140 and/or for storage in the non-volatile memory 1160.);
wherein the command commands the apparatus to perform a function, and (¶0162: The controller 1140 may be configured to perform one or more security functions associated with at least one of read access or write access, by the host device 130, to the memory 1128 of the electronic device 120. );
responsive to determining that the decoded data indicates the function-authentication information, decrypt the function-authentication information received from the communication adaptor, (¶0171 & ¶00187: The security application executable instructions 1164 may include one or more instructions 1164 may include one or more instructions or rules to be implemented by the controller 1140. For example, the one or more instructions or rules may be implemented by the encryption engine 1146, by the read/write access control 1148, by the antivirus engine 1150, by a processor of the controller 1140. Figure 11 may represent physical components, such as hardware controllers, state machines, logic circuits, or other structures, to enable controller 1140 to perform decryption/encryption at the encryption engine 1146. );
wherein the decrypted function-authentication information (¶0165-0166: The encryption engine 1146 may be configured to encrypt data, such as the data 1172 and/or the data 1174, transferred between the electronic device 120 and the host device 130 via the security adapter 100. For example, data from the host device 130 to be stored in the electronic device 120 may be encrypted (e.g., using an encryption key) by the security adapter 100 prior to storage at the electronic device 120 to be unrecoverable from the electronic device 120 without the security adapter 100 (or knowledge of the encryption key). The antivirus engine 1150 may be configured to execute an antivirus application on data read from the non-volatile memory 1160, data read from the memory 1128, data to be written to the non-volatile memory 1160, data to be written to the memory 1128, or a combination thereof. ) indicates one or more permitted functions which the communication adaptor is permitted to instruct the apparatus to execute, and save the decrypted function-authentication information in the storage device, (¶0169-0171: The non-volatile memory 1160 may include an access control list 1162, security application executable instructions 1164, and the log 1166. The one or more instructions or rules may be associated with policy (e.g., a security policy) that corresponds to the security adapter 100, to the electronic device 120, or to a combination thereof. The security policy may indicate the one or more functions performed or executed by the controller 1140. The controller 1140 may be configured to update the one or more instructions or rules of the security policy stored at the non-volatile memory 1160. For example, the controller 1140 may update the one or more instructions or rules based on an update received from the host device 130.);
responsive to determining that the decoded data indicates the command, determine whether a function corresponding to the command is included in the decrypted function-authentication information stored in the storage device as indicating that, the function corresponding to the command is permitted for the communication adaptor to instruct the apparatus to execute, (¶0190: As another example, to implement the read/write access control engine 1148, the microprocessor or the microcontroller may be programmed to receive a request for access to a memory at the host device or to a memory at the electronic device. The microprocessor or the microcontroller may be programmed to compare one or more parameters corresponding to the request a security policy corresponding to the requestor. ) and execute processing according to the command only when the function is permitted. (¶0190-0191: The microprocessor or the microcontroller may be programmed to compare a parameter of the request, such as a request type (e.g., to write data to the electronic device) to a corresponding permission indicated in the located security policy (e.g., indicating whether writing data is permitted), and to allow the request to be processed when the permission allows the request parameter(s) or to prohibit the request from being processed when the permission does not allow one or more of the request parameter(s).).
Pomerantz does not disclose:
decode data included in the communication frame using a common key common to the apparatus and the communication adaptor,
wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater, which performs the function corresponding to the command,
However, Jeon teaches decode data included in the communication frame using a common key common to the apparatus and the communication adaptor, and (¶0023: The first device exchanges encoded data with the second device through the second security session based on the master key stored in the secure element (step S400). For example, step S400 may be performed while the first device operates in the normal mode. As described above, the master key is not loaded from the secure element while the second security session is formed. Thus, to exchange the encoded data with the second device, the first device may forward or transfer output data that is to be transmitted to the second device and/or input data that is received from the second device to the secure element. The secure element included in the first device may encode the output data, or may decode the input data.);
wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater, which performs the function corresponding to the command, (¶0040-0041: As seen in Figure 2, when the secure communication system is an IoT system, the first device 200 may be an IoT device, and the second device 300 may be a router. IoT devices may be classified into several groups depending on their characteristics. For example, the IoT devices may be classified into a home gadget group (e.g., group 1010 in Figure 12), a home appliances/furniture group (e.g., group 1020 in Figure 12), an entertainment group (e.g., group 1030 in Figure 12), a vehicle group (e.g., group 1040 in Figure 12), etc. The router may include a hub, a gateway, an access point (AP), etc. The home appliances/furniture group 1020 may include a robot vacuum cleaner, a washing machine, a refrigerator, an air conditioner, a television (TV), a furniture item (e.g., a bed including a sensor), etc.);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of with Jeon regards to a common key and the apparatus to the method of Pomerantz in order to improve the performance of the system while maintaining security (Jeon ¶0024).
With respect to claim 6, the combination of Pomerantz in view of Jeon teaches the network apparatus of claim 3 (see rejection of claim 3 above) wherein for the apparatus, in the function-authentication information stored in the storage device, for each of the one or more permitted functions, content, corresponding to the function, (Pomerantz ¶0054: The security policy may be stored at the host device 130 or at a host network system associated with the host device 130, as described with reference to Figure 13, at the security adapter 100, as described with reference to Figures 11 and 12, or at the electronic device 120, as described with reference to Figure 14.);
which the communication adaptor is permitted to instruct the apparatus to execute is described, and the second processing circuitry executes the processing according to the command limited to the content permitted for the function corresponding to the command. (Pomerantz ¶0054: For example, the security policy may indicate a number and/or a type (e.g., such as personal computers) of host devices 130 that the electronic device 120 can communicate with, authorized times for communication between the host device and the electronic device 120, one or more authorized operations (e.g., read file, write file, edit file, etc.), one or more types of data (e.g., secured, protected, read-only) the electronic device 120 is authorized to access, an authorized location of data in a memory (residing on a public partition and/or on a secured partition of the host device 130 or of the host network system), an authorized information transfer rate, one or more other authorized parameters, or a combination thereof. );
With respect to claim 7, Pomerantz teaches a command execution method performed by an apparatus having a serial interface and adapted to connect to a network via a communication adaptor, comprising: (¶0179-0180 : Referring to Figure 15 is a flow chart of a first illustrative embodiment of a method 1500 of using a security apparatus. The method 1500 may be performed by a securing apparatus including a securing structure and a security adapter. The method 1500 includes transitioning a securing structure from an unlocked configuration to a locked configuration to constrain communication of one or more requests for read access or write access to an electronic device to occur via a security adapter, at 1502 );
receiving, from a communication adaptor connected to the apparatus via the serial interface, a communication frame, (¶0056: As seen in Figure 1A, the security adapter 100 may include a controller 1140 (e.g., electronic circuitry), a host device interface 1104, and an electronic device interface 1106. The host device interface 1104 may be coupled to the controller 1140 via a bus 1180 and the electronic device interface 1106 may be coupled to the controller 1140 via a bus 1182. The host device interface 1104 may be physical interface, such as a plug or a socket, or a wireless interface that is configured to enable the security adapter 100 to be communicatively coupled to the host device 130 (serial interface) ¶0061: Further the electronic device 120, such as a data storage device, may include a controller 1126 and a memory 1128, such as a non-volatile memory. );
and responsive to receipt of the communication frame, decoding data included in the communication frame [using a common key common to the apparatus and the communication adaptor, ] (¶0052-0058: The access control application 142 may be configured to authorize and/or control user access operations and data access operations, illustrated as data 1172 in Figure 1A, between the electronic device 120 and the host device 130 via the security adapter 100.).
and determining whether the decoded data indicates a function-authentication information or a command, (¶0160-0162: The security adapter 100 may include the controller 1140 and a non-volatile memory 1160 via a bus 1184. The security adapter 100 may be configured to receive user access operations and data access operations, such as data and/or instructions (indication of function-authentication information or a command), from the host device 130 and/or from the electronic 120, via the controller 1140, for execution by the controller 1140 and/or for storage in the non-volatile memory 1160. Further in ¶0190 lists examples where the decoded data is either indicating a function-authentication information or a command such as identifier may be received from the host device and the microprocessor may search a stored list of identifiers that are related to one or more security policies and may locate a particular security policy corresponding to the received identifier. );
the function-authentication information being information encrypted before being retained by the communication adaptor, (¶0017: The one or more security functions may also including executing an antivirus application on incoming data to be stored at the security adapter or the electronic device or on data to be read from the security adapter or from the electronic device, encrypting data transferred between the electronic device and the host device via the security adapter, initiating the host device to present a prompt for a password to enable data to be transferred from the electronic device to the host device via the security adapter, or updating a security policy stored at the security adapter, as illustrative, non-limiting examples.);
wherein the command commands the apparatus to perform a function, and wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater,
which performs the function corresponding to the command, (¶0162: The controller 1140 may be configured to perform one or more security functions associated with at least one of read access or write access, by the host device 130, to the memory 1128 of the electronic device 120. );
responsive to determining that the decoded data indicates the function-authentication information, decrypting the function-authentication information received from the communication adaptor, (¶0171 & ¶00187: The security application executable instructions 1164 may include one or more instructions 1164 may include one or more instructions or rules to be implemented by the controller 1140. For example, the one or more instructions or rules may be implemented by the encryption engine 1146, by the read/write access control 1148, by the antivirus engine 1150, by a processor of the controller 1140. Figure 11 may represent physical components, such as hardware controllers, state machines, logic circuits, or other structures, to enable controller 1140 to perform decryption/encryption at the encryption engine 1146. );
wherein the decrypted function-authentication information (¶0165-0166: The encryption engine 1146 may be configured to encrypt data, such as the data 1172 and/or the data 1174, transferred between the electronic device 120 and the host device 130 via the security adapter 100. For example, data from the host device 130 to be stored in the electronic device 120 may be encrypted (e.g., using an encryption key) by the security adapter 100 prior to storage at the electronic device 120 to be unrecoverable from the electronic device 120 without the security adapter 100 (or knowledge of the encryption key). The antivirus engine 1150 may be configured to execute an antivirus application on data read from the non-volatile memory 1160, data read from the memory 1128, data to be written to the non-volatile memory 1160, data to be written to the memory 1128, or a combination thereof. ) indicates one or more permitted functions which the communication adaptor is permitted to instruct the apparatus to execute, and saving the decrypted function-authentication information in a storage device, (¶0169-0171: The non-volatile memory 1160 may include an access control list 1162, security application executable instructions 1164, and the log 1166. The one or more instructions or rules may be associated with policy (e.g., a security policy) that corresponds to the security adapter 100, to the electronic device 120, or to a combination thereof. The security policy may indicate the one or more functions performed or executed by the controller 1140. The controller 1140 may be configured to update the one or more instructions or rules of the security policy stored at the non-volatile memory 1160. For example, the controller 1140 may update the one or more instructions or rules based on an update received from the host device 130.);
responsive to determining that the decoded data indicates the command, determining whether a function corresponding to the command is included in the decrypted function- authentication information saved in the storage device as indicating that the function corresponding to the command is permitted for the communication adaptor to instruct the apparatus to execute, (¶0190: As another example, to implement the read/write access control engine 1148, the microprocessor or the microcontroller may be programmed to receive a request for access to a memory at the host device or to a memory at the electronic device. The microprocessor or the microcontroller may be programmed to compare one or more parameters corresponding to the request a security policy corresponding to the requestor. )and executing processing according to the command only when the function is permitted. (¶0190-0191: The microprocessor or the microcontroller may be programmed to compare a parameter of the request, such as a request type (e.g., to write data to the electronic device) to a corresponding permission indicated in the located security policy (e.g., indicating whether writing data is permitted), and to allow the request to be processed when the permission allows the request parameter(s) or to prohibit the request from being processed when the permission does not allow one or more of the request parameter(s).).
Pomerantz does not disclose:
decode data included in the communication frame using a common key common to the apparatus and the communication adaptor,
wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater, which performs the function corresponding to the command,
However, Jeon teaches decode data included in the communication frame using a common key common to the apparatus and the communication adaptor, and (¶0023: The first device exchanges encoded data with the second device through the second security session based on the master key stored in the secure element (step S400). For example, step S400 may be performed while the first device operates in the normal mode. As described above, the master key is not loaded from the secure element while the second security session is formed. Thus, to exchange the encoded data with the second device, the first device may forward or transfer output data that is to be transmitted to the second device and/or input data that is received from the second device to the secure element. The secure element included in the first device may encode the output data, or may decode the input data.);
wherein the apparatus is an air conditioner, lighting equipment, a television, a refrigerator, an induction heating cooker, or a water heater, which performs the function corresponding to the command, (¶0040-0041: As seen in Figure 2, when the secure communication system is an IoT system, the first device 200 may be an IoT device, and the second device 300 may be a router. IoT devices may be classified into several groups depending on their characteristics. For example, the IoT devices may be classified into a home gadget group (e.g., group 1010 in Figure 12), a home appliances/furniture group (e.g., group 1020 in Figure 12), an entertainment group (e.g., group 1030 in Figure 12), a vehicle group (e.g., group 1040 in Figure 12), etc. The router may include a hub, a gateway, an access point (AP), etc. The home appliances/furniture group 1020 may include a robot vacuum cleaner, a washing machine, a refrigerator, an air conditioner, a television (TV), a furniture item (e.g., a bed including a sensor), etc.);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of with Jeon regards to a common key and the apparatus to the method of Pomerantz in order to improve the performance of the system while maintaining security (Jeon ¶0024).
Claims 4 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Jeon et al. (US PGPub No. 20180183772-A1) and Choi et al. (US PGPub No. 20070026843-A1).
With respect to claim 4, the combination of Pomerantz in view of Jeon teaches the network apparatus of claim 3 (see rejection of claim 3 above) wherein the communication adaptor further comprises an integrated circuit storing the function-authentication information.
However, Choi teaches the communication adaptor (¶0035: The interface unit 160 may be a wired interface based on, for example, USB or IEEE 1394, or a wireless interface based on, for example, Bluetooth. ) further comprises an integrated circuit storing the function-authentication information. (¶0028: Also, the wireless network apparatus 100 further includes an authentication information extracting unit 150 to extract at a user's request the first authentication information stored in the authentication information storage unit 110, a nonvolatile storage unit 130, and an interface unit 160 to communicate with an external device.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Choi with regards to communication adaptor to the method of Pomerantz in view of Jeon in order to increases efficiency and reduce the power consumption of the apparatus (Choi: ¶0047-0049).
With respect to claim 9, the combination of Pomerantz in view of Jeon, Maki, Chennakeshu, Ando, and Choi teaches the network apparatus of claim 4 (see rejection of claim 4 above) wherein for the apparatus, in the function-authentication information stored in the storage device, (Pomerantz ¶0054: The security policy may be stored at the host device 130 or at a host network system associated with the host device 130, as described with reference to Figure 13, at the security adapter 100, as described with reference to Figures 11 and 12, or at the electronic device 120, as described with reference to Figure 14.);
for each of the one or more permitted functions, content, corresponding to the function, which the communication adaptor is permitted to instruct the apparatus to execute is described, and the second processing circuitry executes the processing according to the command limited to the content permitted for the function corresponding to the command. (Pomerantz ¶0054: For example, the security policy may indicate a number and/or a type (e.g., such as personal computers) of host devices 130 that the electronic device 120 can communicate with, authorized times for communication between the host device and the electronic device 120, one or more authorized operations (e.g., read file, write file, edit file, etc.), one or more types of data (e.g., secured, protected, read-only) the electronic device 120 is authorized to access, an authorized location of data in a memory (residing on a public partition and/or on a secured partition of the host device 130 or of the host network system), an authorized information transfer rate, one or more other authorized parameters, or a combination thereof. );
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Jeon et al. (US PGPub No. 20180183772-A1) and Yamazaki et al. (US PGPub No. 20180068095-A1).
With respect to claim 5, the combination of Pomerantz in view of Jeon, Maki, Chennakeshu, and Ando teaches the network apparatus of claim 3 (see rejection of claim 3 above) but does not disclose wherein the first processing circuitry receives a setting of the function-authentication information from a terminal device.
However, Yamazaki teaches, wherein the first processing circuitry receives a setting of the function-authentication information from a terminal device. (¶0037: As seen in Figure 1: The operation terminal 2 requests, according to necessity, the management equipment 3 (terminal device) to issue a function authentication key, which is a code for setting a specific function among a plurality of functions implemented in the optical transmission equipment 14).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Yamazaki with regards to receiving a setting to the method of Pomerantz in view of Jeon in order to efficiently manage system while handling an increase amount of traffic (Yamazaki: ¶0002 & ¶0012).
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Jeon et al. (US PGPub No. 20180183772-A1), Choi et al. (US PGPub No. 20070026843-A1 ), and Yamazaki et al. (US PGPub No. 20180068095-A1).
With respect to claim 8, the combination of Pomerantz in view of Jeon and Choi teaches the network apparatus of claim 4 (see rejection of claim 4 above) but does not disclose wherein the first processing circuitry receives a setting of the function-authentication information from a terminal device.
However, Yamazaki teaches wherein the first processing circuitry receives a setting of the function-authentication information from a terminal device. (¶0037: As seen in Figure 1: The operation terminal 2 requests, according to necessity, the management equipment 3 (terminal device) to issue a function authentication key, which is a code for setting a specific function among a plurality of functions implemented in the optical transmission equipment 14).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Yamazaki with regards to receiving a setting to the method of Pomerantz in view of Jeon and Choi in order to efficiently manage system while handling an increase amount of traffic (Yamazaki: ¶0002 & ¶0012).
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Jeon et al. (US PGPub No. 20180183772-A1), Yamazaki et al. (US PGPub No. 20180068095-A1), and Schmugar et al. (US PGPub No. 20200314126-A1).
With respect to claim 10, the combination of Pomerantz in view of Jeon and Yamazaki teaches the network apparatus of claim 5 (see rejection of claim 5 above) but does not disclose wherein for the apparatus, in the function-authentication information stored in the storage device, for each of one or more permitted functions, content permitted for the function is described, and the second processing circuitry executes the processing according to the command based on the content permitted for the function corresponding to the command.
However, Schmugar teaches, wherein for the apparatus, in the function-authentication information stored in the storage device, for each of one or more permitted functions, content permitted for the function is described, (¶0114: As seen in Figure 6, the storage 650 may be or may include therein, a database or databases or data stored in other configurations, and may include a stored copy of operational software such as operating system 622 and software portions, if any, of operational agents 624, accelerators 630, or other engines. Many other configurations are also possible, and are intended to be encompassed within broad scope of this specification.).
the second processing circuitry executes the processing according to the command based on the content permitted for the function corresponding to the command. (¶0117: Operational agents 624 are one or more computing engines that may include one or more transitory computer-readable mediums having stored thereon executable instruction operable to instruct a processor to provide operational functions. At an appropriate time, such as upon hardware platform 600 or upon a command from operating system 622 or a user or security administrator, processor 610 may retrieve a copy of operational agent 624 (or software portions thereof from storage 650 and load into memory 620. Processor 610 may then iteratively execute the instructions of operational agents 624 to provide the desired methods or functions).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Schmugar with regards to function-authentication information in to the method of Pomerantz in view of Jeon and Yamazaki in order to limit access to resources thus preventing abuse from a malicious attack or other harmful processes (Schmugar: ¶0098).
Claims 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Jeon et al. (US PGPub No. 20180183772-A1) and Dobbins et al. (US PGPub No. 20200396211-A1).
With respect to claim 17 , the combination of Pomerantz in view of Jeon teaches the apparatus of claim 1 (see rejection of claim 1 above), but does not disclose wherein the processing circuitry is configured to decrypt the function-authentication information using a decrypting key which is pre-stored at the apparatus.
However, Dobbins teaches wherein the processing circuitry is configured to decrypt the function-authentication information (¶00110: Upon receipt of the transmission, the authentication software of the network controller applies the registry of operating devices, extracts the public key of the operating device, e.g., based on said software ID, from its internally created index and decrypts said transmission with either the symmetric key or the retrieved public key as the case may be. ) using a decrypting key which is pre-stored at the apparatus. ( ¶0090-0091: Only the specific instance of the authentication software installed on a particular electronic is capable reassembling the encrypted parts of the private key in the correct order and decrypting said parts with the decryption key corresponding to the device metrics of the electronic device in order to arrive at the private key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Dobbins of decrypting the function-authentication information in to the method of Pomerantz in view of Jeon in order to protect the system from eavesdropping, replay, and tampering (Dobbins: ¶0111).
With respect to claim 18 , the combination of Pomerantz in view of Jeon teaches the network apparatus of claim 3 (see rejection of claim 3 above), wherein the second processing circuitry is configured to decrypt the function-authentication information using a decrypting key which is pre-stored at the apparatus.
However, Dobbins teaches wherein the second processing circuitry is configured to decrypt the function-authentication information (¶00110: Upon receipt of the transmission, the authentication software of the network controller applies the registry of operating devices, extracts the public key of the operating device, e.g., based on said software ID, from its internally created index and decrypts said transmission with either the symmetric key or the retrieved public key as the case may be. ) using a decrypting key which is pre-stored at the apparatus. ( ¶0090-0091: Only the specific instance of the authentication software installed on a particular electronic is capable reassembling the encrypted parts of the private key in the correct order and decrypting said parts with the decryption key corresponding to the device metrics of the electronic device in order to arrive at the private key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Dobbins of decrypting the function-authentication information in to the method of Pomerantz in view of Jeon in order to protect the system from eavesdropping, replay, and tampering (Dobbins: ¶0111).
With respect to claim 19 , the combination of Pomerantz in view of Jeon teaches the method of claim 7 (see rejection of claim 7 above), but does not disclose wherein the decrypting of the function-authentication information is performed using a decrypting key which is pre-stored at the apparatus.
However, Dobbins teaches wherein the decrypting of the function-authentication information (¶00110: Upon receipt of the transmission, the authentication software of the network controller applies the registry of operating devices, extracts the public key of the operating device, e.g., based on said software ID, from its internally created index and decrypts said transmission with either the symmetric key or the retrieved public key as the case may be. ) is performed using a decrypting key which is pre-stored at the apparatus. ( ¶0090-0091: Only the specific instance of the authentication software installed on a particular electronic is capable reassembling the encrypted parts of the private key in the correct order and decrypting said parts with the decryption key corresponding to the device metrics of the electronic device in order to arrive at the private key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Dobbins of decrypting the function-authentication information to the method of Pomerantz in view of Jeon in order to protect the system from eavesdropping, replay, and tampering (Dobbins: ¶0111).
Claims 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Pomerantz et al. (US PGPub No. 20140109240-A1) in view of Jeon et al. (US PGPub No. 20180183772-A1) and Egner et al. (US PGPub No.20180367314-A1).
With respect to claim 20, the combination of Pomerantz in view of Jeon teaches the apparatus of claim 1 (see rejection of claim 1 above), but does not disclose wherein the processing circuitry is configured to, in response to a failure to decrypt the function-authentication information, deem the communication adaptor to be unauthorized and stop communication with the communication adaptor.
However, Egner teaches wherein the processing circuitry is configured to, in response to a failure to decrypt the function-authentication information, deem the communication adaptor to be unauthorized and stop communication with the communication adaptor. (¶0076: If the decryption key provided by the requesting subscriber is forged or incorrect, the authentication server in an embodiment may fail to decrypt the block chain and may deny the requesting user access to the subscriber's nomadic computing services. In other embodiments in which the location fingerprint security system is executed within the mobile edge computing gateway device, the mobile edge computing gateway device, rather than the authentication server may store the subscriber block chains, and may perform this step.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Egner of failure to decrypt function authentication information to the method of Pomerantz in view of Jeon in order to prevent unauthorized access (Egner: ¶0015).
With respect to claim 21, the combination of Pomerantz in view of Jeon teaches the network apparatus of claim 3 (see rejection of claim 3 above), wherein the second processing circuitry is configured to, in response to a failure to decrypt the function-authentication information, deem the communication adaptor to be unauthorized and stop communication with the communication adaptor.
However, Egner teaches wherein the second processing circuitry is configured to, in response to a failure to decrypt the function-authentication information, deem the communication adaptor to be unauthorized and stop communication with the communication adaptor. (¶0076: If the decryption key provided by the requesting subscriber is forged or incorrect, the authentication server in an embodiment may fail to decrypt the block chain and may deny the requesting user access to the subscriber's nomadic computing services. In other embodiments in which the location fingerprint security system is executed within the mobile edge computing gateway device, the mobile edge computing gateway device, rather than the authentication server may store the subscriber block chains, and may perform this step.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Egner of failure to decrypt function authentication information to the method of Pomerantz in view of Jeon in order to prevent unauthorized access (Egner: ¶0015).
With respect to claim 22, the combination of Pomerantz in view of Jeon teaches the method of claim 7 (see rejection of claim 7 above), but does not disclose further comprising, in response to a failure to decrypt the function-authentication information, deeming the communication adaptor to be unauthorized and stopping communication with the communication adaptor.
However, Egner teaches further comprising, in response to a failure to decrypt the function-authentication information, deeming the communication adaptor to be unauthorized and stopping communication with the communication adaptor. (¶0076: If the decryption key provided by the requesting subscriber is forged or incorrect, the authentication server in an embodiment may fail to decrypt the block chain and may deny the requesting user access to the subscriber's nomadic computing services. In other embodiments in which the location fingerprint security system is executed within the mobile edge computing gateway device, the mobile edge computing gateway device, rather than the authentication server may store the subscriber block chains, and may perform this step.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Egner of failure to decrypt function authentication information to the method of Pomerantz in view of Jeon in order to prevent unauthorized access (Egner: ¶0015).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Maki et al. (US PGPub No. 20190296911-A1) teaches a secure-network-communication method capable of encrypting communications from a data-generation source to the entrance of a database regardless of the means of communication. Maki further teaches a initialization of an endpoint, whereby the application gateway generates asymmetric authenticators and storing one of the authenticators in a whitelist and stores the other authenticator in the endpoint.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAYLOR P VU whose telephone number is (703)756-1218. The examiner can normally be reached MON - FRI (7:30 - 5:00).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/T.P.V./ Examiner, Art Unit 2437
/ALEXANDER LAGOR/ Supervisory Patent Examiner, Art Unit 2437