Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/16//2025 has been entered.
Claim Objections
Claims 16-23, 25-28, 30-32 and 35-37 are objected to because of the following informalities: claims 16 and 28 recites the limitation "the reference certificate" in line 3. There is insufficient antecedent basis for this limitation in the claim. It suggested to amend to “the appliance reference certificate”. Also, claim 16 recites the limitation "the first LAN" in line 7. There is insufficient antecedent basis for this limitation in the claim. It suggested to amend to “a first LAN”. Furthermore, claims 16 and 28 recites the limitation "the internet" in line 11. There is insufficient antecedent basis for this limitation in the claim. It suggested to amend to “a internet”. Furthermore, claim 16 recites the limitation "a second LAN " in line 20. There is insufficient antecedent basis for this limitation in the claim. It suggested to amend to “the second LAN”.
claim 28 recites the limitation "the remote network unit" in lines 9-10. There is insufficient antecedent basis for this limitation in the claim. Its unlcear if “the remote network unit” is the same as “the network unit” in line 3 or different. Such limitation should be clearly defined. It suggested to amend to “a first LAN”.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 16-23, 25-28, 30-32 and 36 are rejected under 35 U.S.C. 103 as being unpatentable over Dooley et al (2018/0176021) in views of Ringland et al (2019/0335323) and Onno et al (EP 3206423).
For claim 16, Dooley teaches a method for incorporating an device into a second local area network (LAN) (par.14 and 15), the device having a certificate derived from an device reference certificate (par.16) (pre-condition for creating digital certificate chain), the method comprising the steps of: checking whether the certificate of the device matches at least one reference certificate that is available at a first access point to the first LAN (par.17, par.19 and par.20)(the system includes provider list in which user device can store record know or trusted provider certificates, then by certificate acquisition where beacon certificate then certificate validate whereby the beacon certificate is cryptographically validated and may include entity that user device trusts such that there is provider certificate in the beacon certificate chain that also exists in the provider list of the user device); and incorporating the device into the first LAN if it is determined that the certificate of the device matches the at least one reference certificate available at the first access point (par.21 and 22) (the system giving the user device the assurance that communication safe).
Dooley fails to teach the appliance, indicating a network unit to which access rights are granted by the reference certificate, determining, based on the certificate, a network unit on the internet for which an access authorization of the appliance via the first LAN is present, the access of the appliance being restricted to only the network unit, with the appliance having no access to further components of the LAN, and setting up a communication link between the appliance and the network unit on the internet via the first access point, linking the appliance to one or more user accounts of the user on the network unit using the certificate; receiving, on the appliance, access information to at least one second access point of a second LAN from the network unit on the Internet; and connecting the appliance to the second access point.
Ringland teaches, similar network system, the appliance (par.24), setting up a communication link between the appliance and the network unit on the internet via the first access point, linking the appliance to one or more user accounts of the user on the network unit using the certificate (Ringland teaches that The user Y's home LAN 302 is provided by a wireless access point 303 that is connected via an Ethernet cable to a WAN modem, which in the example shown is a VDSL modem 304. The WAN modem 304 is connected to a cable from the local broadband access network of an ISP, that in turn connects to the core routing of the ISP, 305, and thence to the Internet as Ringland discloses in par.32-33 and 45)(abstract). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include a network unit as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
Onno teaches, similar system, indicating a network unit to which access rights are granted by the reference certificate (Onno teaches that the access point 130 is configured to communicate with the loT device 120, in particular to receive the authentication information and to authenticate the loT device 120 based on the authentication information. A preferred authentication way is for the access point 130 to store a number of approved values and determine that the loT device is successfully authenticated if its authentication information matches one of the approved values. For example, in the case the authentication information is a client certificate, the approved values are certificate authentication keys (e.g., public keys corresponding to private keys used for signature of certificates) as Onno teaches in par.34 on machine translation), determining, based on the certificate, a network unit on the internet for which an access authorization of the appliance via the first LAN is present (Onno teaches that once the loT device has been authenticated, the RADIUS server can return a Virtual LAN (VLAN) for use with the authenticated loT device meaning that authenticated using the certificate as Onno teaches in par.36-38 on machine translation), the access of the appliance being restricted to only the network unit, with the appliance having no access to further components of the LAN (Onno teaches that the loT device 120 is connected to the access point 130 through an isolated local network that is separated from other local networks managed by the access point 130. As such, the loT device cannot communicate with devices in these other local networks unless explicitly authorized to do so. Network isolation can thus avoid interferences and security issues as Onno teaches in par.43-45 on machine translation), and receiving, on the appliance, access information to at least one second access point of a second LAN from the network unit on the Internet (Onno teaches that hardware processor (121) of a device (120) selects (S410) an access point to connect to among available access points, authenticates (S420), using stored authentication information, the device to the access point and connects (S430), through an interface (123), to a further network provided by the access point. The hardware processor (121) obtains (S440) from a server, via the interface, the further network and the access point, information about the local network (140) and uses (S450) the information to connect to the local network as Onno teaches in par.54 on machine translation); and connecting the appliance to the second access point (Onno teaches that using location information to determine the access point that is closest, connecting to different access points until an access point whose IP address matches an IP address stored in the memory is found, or selecting the access point whose service set identifier matches a service set identifier stored in the memory as Onno teaches in par.12 and 44 on machine translation). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include access rights are granted by the reference certificate as taught and suggested by Onno for the purpose of performing authorization of the authenticated device in order to provide access to the local network and using the authentication information, the device to the access point, connect to a further network provided by the access point, obtain from a server, via the interface, information about the local network, and use the information to connect to the local network (Onno, par.11 on machine translation).
For claim 17, Dooley in view of Ringland, and Onno method of claim 1. Dooley in view of Ringland and Onno further teaches wherein a list containing at least the at least one reference certificate is available at the first access point, the method further comprises: determining whether or not the at least one device reference certificate is included in the list containing at least the at least one reference certificate (Dooley, par.20); and incorporating the appliance into the first LAN if it is determined that the device reference certificate is included in the list containing at least the at least one reference certificate (Dooley, par.20, par.21 and par.22).
Dooley fails to teach at least one appliance and the appliance.
Ringland further teaches at least one appliance and the appliance (par.24). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include the appliance as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 18, Dooley in view of Ringland, and Onno method of claim 1. Dooley in view of Ringland and Onno further teaches wherein the list containing at least the at least one reference certificate is stored on a storage unit of the first access point (Dooley, par.17).
For claim 19, Dooley in view of Ringland, and Onno method of claim 1. Dooley in view of Ringland and Onno further teaches wherein: during the checking step checking, on a basis of the certificate of the device, whether the device reference certificate is available at the first access point; and incorporating the device into the first LAN via the first access point if it is determined that the device reference certificate is available at the first access point (Dooley, par.17, par.18, par,18, par.20 and 21).
Dooley fails to teach the appliance.
Ringland further teaches the appliance (par.24). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include the appliance as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 20, Dooley in view of Ringland, and Onno method of claim 1. Dooley fails to teach which further comprises: determining at least one network unit for which an access authorization of the appliance via the first LAN is present; and restricting an incorporation of the appliance into the first LAN to access to the at least one network unit.
Ringland further teaches determining at least one network unit for which an access authorization of the appliance via the first LAN is present; and restricting an incorporation of the appliance into the first LAN to access to the at least one network unit (abstract) (par.45). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include at least one network unit as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 21, Dooley in view of Ringland, and Onno method of claim 1. Dooley fails to teach wherein the at least one network unit is disposed in a wide area network outside the first LAN and the method further comprises providing a communication link between the appliance and the at least one network unit via the first access point.
Ringland further teaches wherein the at least one network unit is disposed in a wide area network outside the first LAN and the method further comprises providing a communication link between the appliance and the at least one network unit via the first access point (abstract) (par.27 and 45). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include at least one network unit as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 22, Dooley in view of Ringland, and Onno method of claim 1. Dooley in view of Ringland and Onno further teaches wherein: the list containing at least the at least one reference certificate is available at the first access point (par.16, par.17 and 20); and the list indicates for each said reference certificate in each case the at least one communication unit for which device that have the certificate matching the reference certificate have an access authorization (par.16, par.17 and 20).
Dooley fails to teach the at least one network unit for which appliances.
Ringland further teaches the at least one network unit for which appliances (par.24 and 45). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include at least one network unit as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 23, Dooley in view of Ringland, and Onno method of claim 1. Dooley in view of Ringland and Onno further teaches determining an device certificate chain between the certificate of the device and the device reference certificate, wherein the device certificate chain indicates at least one intermediate certificate between the certificate of the device and the device reference certificate (par.17, par.18, par,18, par.20 and 21); and checking, on a basis of the device certificate chain, whether the certificate of the device matches the at least one reference certificate that is available at the first access point to the first LAN (par.17, par.18, par,18, par.20 and 21-22).
Dooley fails to teach the appliance.
Ringland teaches, similar system, the appliance (par.24). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include the appliance as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 25, Dooley in view of Ringland, and Onno method of claim 1. Dooley in view of Ringland and Onno further teaches wherein the storage unit is a trusted platform module of the first access point (par.16 and 17).
For claim 26, Dooley in view of Ringland, and Onno method of claim 1. Dooley in view of Ringland and Onno further teaches wherein during the checking step checking, on a basis of the certificate of the device, whether the device reference certificate is stored on a storage unit of the first access point (par.16, par.17, par.18 and 20).
Dooley fails to teach the appliance.
Ringland teaches, similar system, the appliance (par.24). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include the appliance as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 27, Dooley in view of Ringland, and Onno method of claim 1. Dooley fails to teach wherein the communication link between the appliance and the at least one network unit via the first access point is performed via a router of the first access point.
Ringland further teaches wherein the communication link between the appliance and the at least one network unit via the first access point is performed via a router of the first access point (abstract) (par.23, par.24 and 45). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include a network unit as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 28, Dooley teaches method for incorporating an device into a first local area network (LAN) (par.14 and 15), the device having a certificate derived from an appliance reference certificate (par.16) (pre-condition for creating digital certificate chain), which comprises the steps of: identifying a first access point the first LAN at which a reference certificate is available that matches the certificate of the device (par.17, par.19 and par.20)(the system includes provider list in which user device can store record know or trusted provider certificates, then by certificate acquisition where beacon certificate then certificate validate whereby the beacon certificate is cryptographically validated and may include entity that user device trusts such that there is provider certificate in the beacon certificate chain that also exists in the provider list of the user device); and incorporating the device into the first LAN via the first access point (par.21 and 22) (the system giving the user device the assurance that communication safe).
Dooley fails to teach the appliance, indicating a network unit to which access rights are granted by the reference certificate, identifying a first access point of the first LAN , accessing, with the appliance, based on the certificate, the remote network unit on the internet via the first access point, the access of the appliance being restricted to only the network unit, with the appliance having no access to further components of the LAN, linking the appliance to one or more user accounts of the user on the network unit using the certificate; obtaining, with the appliance, access data to the least one second access point of a second LAN from the remote network unit on the internet.
Ringland further teaches the appliance (par.24), linking the appliance to one or more user accounts of the user on the network unit using the certificate; (Ringland teaches of stablishing automatically a connection between the device and a wireless LAN provided by an available access point using security credentials where there are two access points, each providing two wireless LANs—so that the device 301 “sees” four WLANs while seeking to pair with the private home network as Ringland teaches in par.32-34, and 38) (abstract). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include a network unit as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
Onno teaches, similar system, indicating a network unit to which access rights are granted by the reference certificate (Onno teaches that the access point 130 is configured to communicate with the loT device 120, in particular to receive the authentication information and to authenticate the loT device 120 based on the authentication information. A preferred authentication way is for the access point 130 to store a number of approved values and determine that the loT device is successfully authenticated if its authentication information matches one of the approved values. For example, in the case the authentication information is a client certificate, the approved values are certificate authentication keys (e.g., public keys corresponding to private keys used for signature of certificates) as Onno teaches in par.34 on machine translation), identifying a first access point of the first LAN (Onno teaches in par.11 on machine translation), accessing, with the appliance, based on the certificate, the remote network unit on the internet via the first access point (Onno teaches that once the loT device has been authenticated, the RADIUS server can return a Virtual LAN (VLAN) for use with the authenticated loT device meaning that authenticated using the certificate as Onno teaches in par.36-38 on machine translation), the access of the appliance being restricted to only the network unit, with the appliance having no access to further components of the LAN (Onno teaches that the loT device 120 is connected to the access point 130 through an isolated local network that is separated from other local networks managed by the access point 130. As such, the loT device cannot communicate with devices in these other local networks unless explicitly authorized to do so. Network isolation can thus avoid interferences and security issues as Onno teaches in par.43-45 on machine translation), and obtaining, with the appliance, access data to the least one second access point of a second LAN from the remote network unit on the internet (Onno teaches that hardware processor (121) of a device (120) selects (S410) an access point to connect to among available access points, authenticates (S420), using stored authentication information, the device to the access point and connects (S430), through an interface (123), to a further network provided by the access point. The hardware processor (121) obtains (S440) from a server, via the interface, the further network and the access point, information about the local network (140) and uses (S450) the information to connect to the local network as Onno teaches in par.54 on machine translation). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include access rights are granted by the reference certificate as taught and suggested by Onno for the purpose of performing authorization of the authenticated device in order to provide access to the local network and using the authentication information, the device to the access point, connect to a further network provided by the access point, obtain from a server, via the interface, information about the local network, and use the information to connect to the local network (Onno, par.11 on machine translation).
For claim 30, Dooley in view of Ringland, and Onno method of claim 28. Dooley fails to teach incorporating the appliance into the second LAN via the second access point using the access data to the second access point; and/or logging off the appliance from the first access point.
Ringland further teaches incorporating the appliance into the second LAN via the second access point using the access data to the second access point; and/or logging off the appliance from the first access point (abstract) (par.23, par.24, par.33 and 45). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include the second access point as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 31, Dooley in view of Ringland, and Onno method of claim 28. Dooley fails to teach setting up a communication link to the remote network unit via the first access point; and carrying out maintenance work on the appliance by access of the remote network unit to the appliance via the first access point.
Ringland further teaches setting up a communication link to the remote network unit via the first access point; and carrying out maintenance work on the appliance by access of the remote network unit to the appliance via the first access point (abstract) (par.23, par.24, par.33 and 45). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include a network unit as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 32, Dooley in view of Ringland, and Onno method of claim 28. Dooley in view of Ringland and Onno further teaches wherein the reference certificate corresponds to the device reference certificate (par.16 and 17).
Dooley fails to teach the appliance.
Ringland teaches, similar system, the appliance (par.24). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include the appliance as taught and suggested by Ringland for the purpose of providing a secure channel over which the security credentials needed to join the secure home network can be passed, the newly supplied security credentials then being used to pair the device with the secure home network (Ringland, par.31).
For claim 36, Dooley in view of Ringland, and Onno, fails to teach that wherein at least one access point of the user is registered in the one or more user accounts of the user on the network unit and access information to the at least one registered access point of the user is stored in the one or more user accounts.
Onno further teaches that wherein at least one access point of the user is registered in the one or more user accounts of the user on the network unit and access information to the at least one registered access point of the user is stored in the one or more user accounts (Onno teaches that Access component can utilize certificates as a means of identifying a user or entity and associating rules of use. For example, a user or entity can be allowed to monitor control logic and not edit or download a new program. Alternatively, a user or entity may only be allowed to view certain portions of a program or create input rungs and not output rungs in a ladder logic program as Onno teaches in par.44). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley to include and access information as taught and suggested by Onno for the purpose of performing authorization of the authenticated device in order to provide access to the local network and using the authentication information, the device to the access point, connect to a further network provided by the access point, obtain from a server, via the interface, information about the local network, and use the information to connect to the local network (Onno, par.11 on machine translation).
Claim(s) 35 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dooley et al (2018/0176021) in views of Ringland et al (2019/0335323), and Onno et al (EP 3206423) as applied to claims above, and further in view of Lee et al (2012/0227089).
Dooley, as modified by Rinland, and Onno, teaches all the limitation as previously set forth except for wherein the linking of the appliance to one or more user accounts of the user on the network unit uses an Open Authorization (OAUTH) Device Grant in addition to the certificate.
Lee teaches, similar system, wherein the linking of the appliance to one or more user accounts of the user on the network unit uses an Open Authorization (OAUTH) Device Grant in addition to the certificate (abstract). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley, as modified by Rinland, and Onno, to include and access information as taught and suggested by Callaghan for the purpose of providing the SNS and generates an authorization key and an authorization token according to an open authorization protocol (Lee, abstract).
Claim(s) 37 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dooley et al (2018/0176021) in views of Ringland et al (2019/0335323), and Onno et al (EP 3206423) as applied to claims above, and further in view of Mason et al (2017/0374548).
Dooley, as modified by Rinland, and Onno, teaches all the limitation as previously set forth except for wherein the access information includes a pre-shared key.
Mason teaches, similar system, wherein the access information includes a pre-shared key (Mason teaches that the unique pre-shared key assignment system 108 can be implemented as an application at a wireless device and use an API to access device information to determine a MAC address of the wireless device as Mason teaches in par.50). It would be have obvious to one ordinary skill in the art before the effective filling date to modify Dooley, as modified by Rinland, and Onno, to include pre-shared key as taught and suggested by Mason for the purpose of determining identities for purposes of binding the identities to unique pre-shared keys and identify identities based on authentication data received from a device during network authentication using a common key (Mason, par.50).
Response to Amendments/Arguments
Applicant’s arguments with respect to claim(s) 16-23, 25-28, 30-32 and 35-37 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
The applicant’s arguments regarding new in claims 16, and 28 have been considered but is moot, because the examiner applied new art, Onno et al (EP 3206423), that covers newly claimed limitation.
Regarding dependent claims arguments, said arguments are moot because the applied references are not considered to have alleged differences, and therefore are considered to properly show that for which they were cited.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYUB A MAYE whose telephone number is (571)270-5037. The examiner can normally be reached Monday-Friday 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AYUB A MAYE/Examiner, Art Unit 2436 /AMIE C. LIN/Primary Examiner, Art Unit 2436