METHOD FOR DEVICE ACCESS AUTHENTICATION, TERMINAL DEVICE, AND CLOUD PLATFORM

DETAILED ACTION This communication is responsive to the Applicant’s arguments for Application No. 18090611 filed on 01/17/2025. Claim(s) 80, 83-87, 90-91, 96-99 have been currently amended and claims 81-82 have been cancelled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to arguments II. Rejections under 35 U.S.C. §112 Applicant’s arguments, see page 7, filed 01/17/2025, with respect to the rejection of claim(s) 80-99 under 35 U.S.C. §112 have been fully considered and are persuasive. Hence, the claim rejection under 35 U.S.C §112 for claims 80-99 has been withdrawn. III. Rejections under 35 U.S.C. §§102 and 103 Applicant’s arguments, pages 7, filed 01/17/2025, with respect to the rejection(s) of claim(s) 80,81,86,87,89,90,92,93,95,96,99 under 35 U.S.C 102 and claims 82,83,84,85,88,91,94,97,98 have been fully considered and are not persuasive. In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., SSID broadcast) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). An SSID broadcast is reasonably interpreted to be any broadcasting (wireless communication) of an SSID; such as RFID. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 80, 83, 84, 86- 89, 90- 95, 96, 98, 99 are rejected under 35 U.S.C. 103 as being unpatentable over Draznin et al. (US 2021/0092605), hereinafter referred to as Draznin, in view of Bartoszewski et al. (US 20150326610 A1) hereinafter referred to as Bartoszewski. As per claim 80, Draznin discloses a method for access authentication of a target device receiving, by [[a]] the terminal device, device authentication information corresponding the target device ("Once the orgID and token(s) are identified, the token(s) may be sent to network proxy 150 in enterprise network 120 (M515). Network proxy 150 may cache the token(s) and use the token(s) for resource definition and/or authorization." Draznin, para [0060]) from [[a]] the first cloud platform; ("configurable cloud-based wide area network (WAN) services." Draznin, para [0001]. the private network is a WAN or cloud, as indicated in the figures and para [0015]) receiving, by the terminal device, access authentication certificate (see token description in Draznin para [0035]- [0036], for example) from the target device ("Processor 420 may initially receive a join request, e.g., attach request, from UE 110 which includes the enhanced PLMN (Block 710)." Draznin, para [0067]. "a token may be included in an enhanced PLMN for granting UE 110 access to resources in the private network (e.g., enterprise network 120)." Draznin, para [0064]) verifying, by the terminal device, the access authentication certificate using the device authentication information. ("Processor 420 may determine whether UE 110 should be granted access to the private network resource based on the enhanced PLMN (Block 730)" Draznin, para [0067]). sending, by the terminal device, the device information of the target device to a first cloud platform; ("The attach request may be sent through enterprise network 120, via network proxy 150, to MME 250/AMF 320. The attach request M505 may include an IMSI" Draznin, para [0060]) to the first cloud platform ("configurable cloud-based wide area network (WAN) services." Draznin para [0001])]. the However, Draznin does not explicitly disclose the limitations: receiving, by a terminal device, a service set identifier (SSID) broadcast from the target device, and device information in the SSID comprises at least one of manufacturer information and product information; Bartoszewski discloses: receiving, by a terminal device, a service set identifier (SSID) broadcast from the target device, and device information in the SSID comprises at least one of manufacturer information and product information; (System retrieves device information, associated with the wireless connection device 11, comprising a unique identifier, e.g., a service set identifier (SSID) and product information, e.g., a serial number, Bartoszewski, para [0021]. SSID is broadcasted, via RFID). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 83, Draznin discloses the method according to claim [[81]] 80, wherein the terminal device sending the device information of the target device wherein the terminal device receiving device authentication information corresponding the target device (HSS 270 may store administration information for definition and management of enterprise network resources 140, Draznin, para [0031]) from the first cloud platform ("configurable cloud-based wide area network (WAN) services." Draznin, para [0001]. the private network is a WAN or cloud, as indicated in the figures and para [0015]). receiving, by the terminal device, device authentication information corresponding to the product information (HSS 270 may store information associated with UE 110 and/or information associated with users of UE 110. For example, HSS 270 may store user profiles that include registration, authentication, and access authorization information, Draznin, para [0031]) from the first cloud platform. ("configurable cloud-based wide area network (WAN) services." Draznin, para [0001]. the private network is a WAN or cloud, as indicated in the figures and para [0015]). However, Draznin does not explicitly disclose the limitation: sending, by the terminal device, an authentication information obtaining request to the first cloud platform, Bartoszewski discloses: sending, by the terminal device, an authentication information obtaining request to the first cloud platform, (Transmitting, by the computer processor, an authorization request to a wireless router and also transmitting, by the computer processor, the unique data to a wireless router, wherein the wireless router determines that the wireless device is authorized for connection to the wireless router based on the authorization request and the unique data, Bartoszewski, para [0004]) in a case where the terminal device is securely connected to the first cloud platform, wherein the authentication information obtaining request comprises product information of the target device (Data retrieval of a device along with the product information associated with the wireless device is done, Bartoszewski, Fig 3, para [0029]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 84, Draznin discloses the method according to claim [[81]] 80, wherein the terminal device sending the device information of the target device wherein the terminal device receiving device authentication information corresponding the target device (HSS 270 may store administration information for definition and management of enterprise network resources 140, Draznin, para [0031]) from the first cloud platform comprises: ("configurable cloud-based wide area network (WAN) services." Draznin, para [0001]. the private network is a WAN or cloud, as indicated in the figures and para [0015]). receiving, by the terminal device, the device authentication information corresponding the product information (HSS 270 may store information associated with UE 110 and/or information associated with users of UE 110. For example, HSS 270 may store user profiles that include registration, authentication, and access authorization information, Draznin, para [0031]) from the first cloud platform, ("configurable cloud-based wide area network (WAN) services." Draznin, para [0001]. the private network is a WAN or cloud, as indicated in the figures and para [0015]). However, Draznin does not explicitly disclose the limitations: sending, by the terminal device, an authentication information obtaining request to the first cloud platform, in a case where the terminal device is securely connected to the first cloud platform, wherein the authentication information obtaining request comprises manufacturer information and product information of the target device wherein the manufacturer information is corresponded to a second cloud platform, and the product information is corresponded to the device authentication information, and wherein the device authentication information corresponding the product information is obtained by the first cloud platform from the second could platform corresponding to the manufacturer information Bartoszewski discloses: sending, by the terminal device, an authentication information obtaining request to the first cloud platform (Transmitting, by the computer processor, an authorization request to a wireless router and also transmitting, by the computer processor, the unique data to a wireless router, wherein the wireless router determines that the wireless device is authorized for connection to the wireless router based on the authorization request and the unique data, Bartoszewski, para [0004]) in a case where the terminal device is securely connected to the first cloud platform, wherein the authentication information obtaining request comprises manufacturer information and product information of the target device (Data retrieval of a device along with the product information associated with the wireless device is done, Bartoszewski, Fig 3, para [0029]). wherein the manufacturer information is corresponded to a second cloud platform, and the product information is corresponded to the device authentication information, and (Product information like e.g., a serial number, a pre-shared key, firewall rules and other device-specific security configuration data are comprised in device information, Bartoszewski, para [0021]). wherein the device authentication information corresponding the product information is obtained by the first cloud platform from the second could platform corresponding to the manufacturer information (In response to system 100 collecting device information, wireless router 15 generates a new and completely restricted virtual network 19 using the unique identifier as a unique non-broadcasting SSID, thereby allowing access to the restricted virtual network based on collected firewall rules and other device-specific security configuration data, Bartoszewski, para [0022]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). [0015]) As per claim 86, Draznin discloses the method according to claim 80, wherein the terminal device receiving the access authentication certificate from the target device receiving, by the terminal device, an access authentication request from the target device (UE 110 may initially generate a join request message (e.g., an attach request) which may include the token(s) as an enhanced PLMN (Block 506), Draznin, Fig 5B, para [0061]). As per claim 87, Draznin discloses the method according to claim 80, wherein the terminal device verifying access authentication certificate using the device authentication information, comprises: verifying, by the terminal device, the access authentication certificate using the device authentication information, to judge wither the target device (Organization identifiers and tokens associated with IMSI of the UE are determined to verify whether the UE is allowed to the network, Draznin, Fig 6, S630, para [0064]). As per claim 88, Draznin discloses the method according to claim 80, wherein However, Draznin does not explicitly disclose the limitation: the first cloud platform is a cloud platform that integrates device authentication information of multiple manufacturers. Bartoszewski discloses: the first cloud platform is a cloud platform that integrates device authentication information of multiple manufacturers (Scannable tag 25 consists of product information of all devices which can be retrieved by device 11, Bartoszewski, para [0025] and cloud service is tied to the device, Bartoszewski, para [0023]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 89, Draznin discloses the method according to claim 80, wherein the authentication information corresponding to the device comprises an authentication certificate or related vouchers issued after the device passes a unified test authentication (Once the IMSI is received, HSS 270/UDM 352 may determine the orgID and associated token(s) based upon the IMSI provided in message M510 (Block 504), Draznin, para [0060]). As per claim 90, Draznin discloses A first cloud platform, comprising a processor and a memory storing computer readable instructions, wherein the processor is configured to execute the computer readable instructions, to cause the first cloud platform to: receive device information of a target device device, (MME 250 may interface with other MMEs in ePC 210 and may send and receive information associated with UEs 110, Draznin, para [0026]). obtain device authentication information corresponding the device information; and ("Once the orgID and token(s) are identified, the token(s) may be sent to network proxy 150 in enterprise network 120 (M515). Network proxy 150 may cache the token(s) and use the token(s) for resource definition and/or authorization." Draznin, para [0060]). send the device authentication information to the terminal device, wherein the device authentication information is used to verify access authentication certificate from the target device ("Processor 420 may determine whether UE 110 should be granted access to the private network resource based on the enhanced PLMN (Block 730)" Draznin, para [0067]). However, Draznin does not explicitly disclose the limitation: wherein the device information is obtained by the terminal device by receiving a service set identifier (SSID) broadcast from the target device, and the device information in the SSID comprises at least one of manufacturer information and product information; Bartoszewski discloses: wherein the device information is obtained by the terminal device by receiving a service set identifier (SSID) broadcast from the target device, and the device information in the SSID comprises at least one of manufacturer information and product information; (System retrieves device information, associated with the wireless connection device 11, comprising a unique identifier, e.g., a service set identifier (SSID) and product information, e.g., a serial number, Bartoszewski, para [0021]. SSID is broadcasted, via RFID). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 91, Draznin discloses the first cloud platform according to claim 90, wherein the first cloud platform is further caused to: However, Draznin does not explicitly disclose: receive an authentication information obtaining request from the terminal device, in a case where the terminal device is securely connected to the first cloud platform, wherein the authentication information obtaining request comprises product information of the target device the device to be connected to network. Bartoszewski discloses: receive an authentication information obtaining request from the terminal device, in a case where the terminal device is securely connected to the first cloud platform, wherein the authentication information obtaining request comprises product information of the target device the device to be connected to network (Transmitting, by the computer processor, an authorization request to a wireless router and also transmitting, by the computer processor, the unique data to a wireless router, wherein the wireless router determines that the wireless device is authorized for connection to the wireless router based on the authorization request and the unique data, Bartoszewski, para [0004]) wherein the authentication information obtaining request comprises product information of the device to be connected to network. (Data retrieval of a device along with the product information associated with the wireless device is done, Bartoszewski, Fig 3, para [0029]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 92, Draznin discloses he first cloud platform according to claim 91, wherein the first cloud platform is further caused to: send the device authentication information corresponding to the product information to the terminal device. (HSS 270 may store information associated with UE 110 and/or information associated with users of UE 110. For example, HSS 270 may store user profiles that include registration, authentication, and access authorization information, Draznin, para [0031]). As per claim 93, Draznin discloses the first cloud platform according to claim 91, wherein the first cloud platform is further caused to: send platform certificate of the first cloud platform to the terminal device. (Unique enterprise networks 120-1 to 120-N are connected to the provider network, Draznin, Fig 1 and "configurable cloud-based wide area network (WAN) services." Draznin, para [0001]. the private network is a WAN or cloud, as indicated in the figures and para [0015]). As per claim 94, Draznin discloses the first cloud platform according to claim 90, wherein the However, Draznin does not explicitly disclose the limitation: first cloud platform is a cloud platform that integrates device authentication information of multiple manufacturers. Bartoszewski discloses: first cloud platform is a cloud platform that integrates device authentication information of multiple manufacturers (Scannable tag 25 consists of product information of all devices which can be retrieved by device 11, Bartoszewski, para [0025] and cloud service is tied to the device, Bartoszewski, para [0023]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 95, Draznin discloses the first cloud platform according to claim 90, wherein the authentication information corresponding to the device comprises an authentication certificate or related vouchers issued after the device passes a unified test authentication (Once the IMSI is received, HSS 270/UDM 352 may determine the orgID and associated token(s) based upon the IMSI provided in message M510 (Block 504), Draznin, para [0060]). As per claim 96, Draznin discloses a target device the processor is configured to execute the computer readable instructions, to cause the target device (Network device 400 may include a bus 410, a processor 420, a memory 430, storage device 440, a network interface 450, input device 460, and an output device 470, Draznin, para [0052]) send access authentication certificate of the target device the terminal device, ("Processor 420 may initially receive a join request, e.g., attach request, from UE 110 which includes the enhanced PLMN (Block 710)." Draznin, para [0067]. "a token may be included in an enhanced PLMN for granting UE 110 access to resources in the private network (e.g., enterprise network 120)." Draznin, para [0064]) to verify the access authentication certificate on the terminal device using device authentication information of the target device ("Processor 420 may determine whether UE 110 should be granted access to the private network resource based on the enhanced PLMN (Block 730)" Draznin, para [0067]) from a cloud platform ("configurable cloud-based wide area network (WAN) services." Draznin, para [0001]. the private network is a WAN or cloud, as indicated in the figures and para [0015]). However, Draznin does not explicitly disclose the limitation: broadcast a service set identifier (SSID), to allow a terminal device to obtain device information of the target device, wherein the device information of the target device in the SSID comprises at least one of manufacturer information and product information; and Bartoszewski discloses: broadcast a service set identifier (SSID), to allow a terminal device to obtain device information of the target device, wherein the device information of the target device in the SSID comprises at least one of manufacturer information and product information; and (System retrieves device information, associated with the wireless connection device 11, comprising a unique identifier, e.g., a service set identifier (SSID) and product information, e.g., a serial number, Bartoszewski, para [0021]. SSID is broadcasted, via RFID). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 98, Draznin discloses the target device However, Draznin does not explicitly disclose the limitation: wherein the cloud platform is a cloud platform that integrates device authentication information of multiple manufacturers. Bartoszewski discloses: wherein the cloud platform is a cloud platform that integrates device authentication information of multiple manufacturers. (Scannable tag 25 consists of product information of all devices which can be retrieved by device 11, Bartoszewski, para [0025] and cloud service is tied to the device, Bartoszewski, para [0023]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Bartoszewski’s approach of receiving a service set identifier (SSID) broadcast from the device to be connected to network as the motivation would be to ensure communication is secure for change in configuration between the wireless communication device and the system (See Bartoszewski, para [0021]). As per claim 99, Draznin discloses the target device the authentication information corresponding to the device comprises an authentication certificate or related vouchers issued after the device passes a unified test authentication (Once the IMSI is received, HSS 270/UDM 352 may determine the orgID and associated token(s) based upon the IMSI provided in message M510 (Block 504), Draznin, para [0060]). Claims 85, 97 are rejected under 35 U.S.C. 103 as being unpatentable over Draznin et al. (US 20210092605), hereinafter referred to as Draznin in view of Bartoszewski et al. (US 20150326610 A1) hereinafter referred to as Bartoszewski in further view of Casebolt et al. (US 20170325102 A1) hereinafter referred to as Casebolt. As per claim 85, Draznin discloses the method according to claim 81, wherein after the terminal device sending the device information of the target device However, Draznin does not explicitly disclose the limitation: joining, by the terminal device, soft access point (SoftAP) of the target device Casebolt discloses: joining, by the terminal device, soft access point (SoftAP) of the target device (Computing device 150 may be known as the ‘soft access point’ or ‘soft-AP’ for the network computing device 150 provides to client device 130 via wireless link 142, Casebolt, para [0052]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Casebolt’s approach of utilizing SoftAP of a device to connect to the network as the motivation would be to provide client devices to the network via a wireless channel (See Casebolt, para [0052]). As per claim 97, Draznin discloses the target devicethe target device verify whether the cloud platform is a legal platform, (Organization identifiers and tokens associated with IMSI of the UE are determined to verify whether the UE is allowed to the network, Draznin, Fig 6, S630, para [0064]). wherein before the target device the target device (see token description in Draznin para [0035]- [0036], for example) the target device However, Draznin does not explicitly disclose the limitation: confirm that the terminal device has joined soft access point (SoftAP) of the target device the target device Casebolt discloses: confirm that the terminal device has joined soft access point (SoftAP) of the target device the target device (Computing device 150 may be known as the ‘soft access point’ or ‘soft-AP’ for the network computing device 150 provides to client device 130 via wireless link 142, Casebolt, para [0052]). One in ordinary skill in the art would have been motivated, before the effective filing date of the claimed invention to modify Draznin’s approach by utilizing Casebolt’s approach of utilizing SoftAP of a device to connect to the network as the motivation would be to provide client devices to the network via a wireless channel (See Casebolt, para [0052]). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAGHAVENDER CHOLLETI whose telephone number is (703) 756-1065. The examiner can normally be reached M-Th 7:30AM -4:30PM EST and variable Fridays. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patentcenter for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Respectfully Submitted, /RAGHAVENDER NMN CHOLLETI/Examiner, Art Unit 2492 /MICHAEL W CHAO/Primary Examiner, Art Unit 2492