Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is a reply to the application filed on 5/18/2023, in which, claims 22-28, 33-38, and 43-50 are pending. Claims 22, 33, 43, and 50 are independent.
Applicant has elected (see Response filed 7/25/25) to prosecute Group I, claims 22-28, 33-38, and newly added claims 43, 48, and 50. Claims 44-47, 49 are withdrawn from further consideration.
When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.
Information Disclosure Statement
The information disclosure statement (IDS) submitted is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings filed on 5/18/2023 are accepted.
Specification
The disclosure filed on 5/18/2023 is accepted.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 22, 26, 33, 37, 43, 50 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 20220070151 A1 (hereinafter ‘Chauhan’).
As claim 22, Chauhan (US 20220070151 A1) discloses: A method, applied to a terminal, (Chauhan, ¶4-¶5, i.e., system/method of user and device authentication) the method comprising: sending an authentication request to a policy control apparatus, wherein the authentication request carries authentication information, and the authentication information is usable by the policy control apparatus to perform authentication on the terminal based on the authentication information; (Chauhan: Fig. 2, ¶53-¶55, i.e., the management of access/permission policies; Figs. 8-12, ¶168, i.e., interaction of user with an application for authentication with an application server wherein the request includes user’s credential)
receiving a trust identifier from the policy control apparatus, and saving the trust identifier, wherein the trust identifier is sent by the policy control apparatus after the terminal is authenticated; and (Chauhan: Fig. 12, ¶168, i.e., receiving a token from the application server upon authentication)
sending a first access request when the terminal accesses an application server, wherein the first access request carries the trust identifier, causing the policy control apparatus to determine that the terminal is a trusted terminal. (Chauhan: ¶170, i.e., accessing request to an application when the client accesses an application wherein the request includes the token)
Claims 33, 43, 50 recite substantially the same features recited in claim 22 above and are rejected based on the rationale discussed in the rejection.
As regards claim 26, Chauhan discloses the method according to claim 22, wherein the first access request further carries a user token, and the token is allocated by the policy control apparatus to the terminal after the terminal is authenticated. (Chauhan: Fig. 12, ¶168, i.e., receiving a token from the application server upon authentication)
Claim 37 recites substantially the same features recited in claim 26 above and is rejected based on the rationale discussed in the rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 23-25, 28, 34-36, 48 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chauhan in view of US 20140207566 A1 (hereinafter ‘Kamran’).
As regards claim 23, Chauhan discloses the method according to claim 22. However, Chauhan does not but in analogous art, Kamran (US 20140207566 A1) teaches: wherein the trust identifier is generated based on dynamic information related to the terminal. (Kamran, Figs. 1, 6, ¶10, ¶30-¶31, ¶38, i.e., the token is based on the network address of the user device)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chauhan to include generating a token based on the IP address of the user device as taught by Kamran with the motivation to identify devices in a communication session (Kamran, ¶3)
Claim 34 recites substantially the same features recited in claim 23 above and is rejected based on the rationale discussed in the rejection.
As regards claim 24, Chauhan et al combination teaches the method according to claim 23, wherein the dynamic information related to the terminal comprises an internet protocol (IP) address or a session identifier of the terminal, and the session identifier identifies a session established between the policy control apparatus and the terminal according to hypertext transfer protocol (H'ITP) after the terminal is authenticated. (Kamran, Figs. 1, 6, ¶10, ¶30-¶31, ¶38, i.e., the token is based on the network address (IP address) of the user device)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chauhan to include generating a token based on the IP address of the user device as taught by Kamran with the motivation to identify devices in a communication session (Kamran, ¶3)
Claim 35 recites substantially the same features recited in claim 24 above and is rejected based on the rationale discussed in the rejection.
As regards claim 25, Chauhan discloses the method according to claim 22. However, Chauhan does not but in analogous art, Kamran (US 20140207566 A1) teaches: wherein the trust identifier is saved by the terminal in a cookie of a browser of the terminal, and the method further comprises: when the terminal accesses the application server, obtaining the trust identifier from the cookie of the browser, and adding the trust identifier to the first access request. (Kamran, Figs. 1, 6, ¶10, ¶30-¶31, ¶38, i.e., the token is based on the network address (IP address) of the user device wherein the token is obtained via browser cookie)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chauhan to include generating a token based on the IP address of the user device as taught by Kamran with the motivation to identify devices in a communication session (Kamran, ¶3)
Claim 36 recites substantially the same features recited in claim 25 above and is rejected based on the rationale discussed in the rejection.
As regards claim 28, Chauhan discloses the method according to claim 22. However, Chauhan does not but in analogous art, Kamran (US 20140207566 A1) teaches: wherein the first access request further comprises an identifier of the terminal, the identifier is used by a policy detection apparatus to compare the identifier with a registration identifier of the terminal, and when the identifier is the same as the registration identifier of the terminal, the policy detection apparatus sends the trust identifier carried in the first access request to the policy control apparatus. (Kamran, Figs. 1, 6, ¶10, ¶30-¶31, ¶38, i.e., the token is based on the network address (IP address) of the user device)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chauhan to include generating a token based on the IP address of the user device as taught by Kamran with the motivation to identify devices in a communication session (Kamran, ¶3)
Claim 48 recites substantially the same features recited in claim 28 above and is rejected based on the rationale discussed in the rejection.
Claim(s) 27, 38 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chauhan in view of US 20230196357 A9 (hereinafter ‘Gallagher’).
As regards claim 27, Chauhan discloses the method according to claim 26. However, Chauhan does not but in analogous art, Gallagher (US 20230196357 A9) teaches: wherein before sending the authentication request to the policy control apparatus, the method further comprises: (Gallagher: Fig. 2, ¶101-102) sending a second access request, wherein the second access request does not carry the token, the policy control apparatus is triggered to send an authentication page to the terminal after the second access request is redirected by a policy execution apparatus to the policy control apparatus, and (Gallagher: Fig. 2, ¶101-102, i.e., the login request is redirected to an authentication server wherein the auth server writes a cookie to the browser and then the browser is redirected to the login page for authentication) the authentication request is sent after the terminal receives the authentication page. (Gallagher: Fig. 2, ¶101-102, i.e., the login request is redirected to an authentication server wherein the auth server writes a cookie to the browser and then the browser is redirected to the login page for authentication)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Chauhan to include an authentication redirection mechanism wherein request is redirected to an authentication server wherein the auth server writes a cookie to the browser and then the browser is redirected to the login page for authentication as taught by Gallagher with the motivation to provide a secure authentication and transaction process (Gallagher, ¶35-¶36)
Claim 38 recites substantially the same features recited in claim 27 above and is rejected based on the rationale discussed in the rejection.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED A ZAIDI/Primary Examiner, Art Unit 2432