DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/14/2026 has been entered.
Response to Amendment
The Amendment filed on 01/14/2026 has been entered.
The rejection of claims 1-20 under 35 U.S.C 112(b) is withdrawal in view of amendment.
Claims 1, 9 and 16 are amended.
Claims 1-20 are pending of which claims 1, 9 and 16 are independent claims.
Response to Arguments
Applicant's arguments filed on 01/14/2026 have been fully considered but the arguments are essentially directed towards the newly introduced limitations, and they are addressed in this Office Action, below.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Regarding claims 1, 9 and 16:
Applying the subject matter eligibility test, as outlined in MPEP 2106:
Step 1: Statutory Category
The claims fall within a statutory category. Claims 1-8 are considered “processes” and 9-20 are considered “machines” based claims. Processes are members of the statutory categories. Thus, the analysis moves towards step 2A and 2B.
The claim recites the following limitations (paraphrased for analysis):
1. Receiving, by a network device and from a first computing system, and based on a request for communications by a user device, a challenge message.
2. Sending, by the network device and to the first computing system, a response to the challenge message, wherein the response to the challenge message is generated by the network device.
3. Receiving, by the network device, from a second computing device, and based on a validation of the response to the challenge message, non-secure communications addressed to the user device.
Step 2A, Prong One: Judicial Exception
When considered in light of the specification, the following limitations recite an abstract idea:
Limitation 1 (receiving a challenge message based on a request for communications): in abstract form, this is “receiving, from a remote system, a challenge corresponding to an access request for communications.” This is a step of collecting and routing information related to authorization/authentication and access control, which falls within the abstract-idea groupings of organizing human activity (controlling access to resources) and certain methods of organizing and transmitting information.
Limitation 2 (sending a response to the challenge message): in abstract form, this is “generating and sending a response to a challenge to determine whether communication should be permitted.” This is a logical decision/authorization step based on information exchange, which can be characterized as an abstract rule-based decision process and data transmission, i.e., an abstract idea of evaluating a condition and replying, implemented on generic computers.
Limitation 3 (receiving non-secure communications based on validation): in abstract form, this is “receiving and routing communications conditioned on a prior authorization result.” This recites managing the flow of communications based on a validation outcome, i.e., an access-control/business-rule type of logic, which is a form of organizing human (or user–system) activity and processing information according to rules.
Taken together, these limitations describe a scheme for controlling access to communications using a challenge/response and conditional routing of non-secure communications, which is a fundamental access-control and information-processing concept implemented using generic networking components. As such, the claim is directed to an abstract idea under Step 2A Prong One.
Step 2A, Prong Two: Integration into a Practical Application
The claim additionally recites generic computing/network elements, namely: a “network device,” a “first computing system,” a “second computing device,” and a “user device,” and their communication relationships. The specification describes these as typical gateway devices, remote systems, and user devices operating over ordinary packet-switched networks, including proprietary and public networks such as the Internet, without indicating any unconventional hardware, protocol, or data structure.
The additional elements and their use in the claim do not integrate the abstract idea identified in Prong One into a practical application for at least the following reasons:
The network device, first computing system, second computing device, and user device are recited at a high level of generality, performing their ordinary functions of sending, receiving, and routing messages over a network, as described in the specification for conventional gateway devices and remote resources. Merely limiting the abstract concept to implementation on such generic network components does not integrate the abstract idea into a practical application.
The claim does not recite any improvement to the functioning of the computer or network itself (e.g., no new network architecture, protocol, or data structure; no reduction in latency, storage, or processing requirements; and no change to how the network device operates at a technical level), unlike the types of improvements recognized as integrating an abstract idea into a practical application in the USPTO’s subject matter eligibility guidance and recent memoranda.
The conditional use of the validation result (i.e., only receiving non-secure communications after validation) merely reflects the abstract access-control logic itself, and the claim uses generic network operations as a tool to implement that logic, rather than applying the abstract idea in a way that imposes a meaningful technological limit or effects a particular technical transformation.
The claim does not tie the abstract idea to a particular machine in a manner that imposes meaningful limits beyond generic computer implementation, does not effect a transformation or reduction of a particular article to a different state or thing, and does not recite any other consideration recognized in MPEP 2106.04(d) as integrating a judicial exception into a practical application.
Accordingly, the additional elements, both individually and in combination, do no more than generically implement the abstract access-control and information-processing idea on conventional networking components. The claim as a whole therefore does not integrate the abstract idea identified in Prong One into a practical application.
Step 2B: Significantly more
Because the claim is directed to an abstract idea and does not integrate that idea into a practical application, the analysis proceeds to Step 2B. The additional elements beyond the abstract idea are the recitation of generic network components (network device, first computing system, second computing device, user device) performing their conventional functions of sending, receiving, and routing messages, as supported by the description of typical gateway devices and network resources in the specification. There is no indication in the claim or specification of any unconventional arrangement of these elements, any technical improvement in their operation, or any other feature that amounts to an “inventive concept” or “significantly more” than the abstract idea itself.
Under the Mayo/Alice framework and MPEP 2106, the claim therefore recites an abstract idea and does not include additional elements that amount to significantly more than that abstract idea. Claim is thus rejected under 35 U.S.C. 101.
With respect to dependent claims 2-8 10-15 and 17-20, the additional limitations do not change the characterization of the claims as being directed to an abstract idea and do not amount to significantly more, as explained below.
Regarding Claim 2:
Adds receiving the challenge message via the second computing system. This merely recites iterative refinement of conventional functions of sending, receiving, and routing messages, using generic computing system, and thus does not integrate the exception into a practical application or provide an inventive concept.
Regarding Claim 3:
Specifies that the first computing system comprises an authentication server, and wherein the second computing system comprises a content server. These are types of systems used in the network; narrowing the nature of the computing system does not change the abstract character of the idea or add significantly more.
Regarding Claim 4:
Specifies that the first computing system is associated with the second computing system. This further relationship between two systems is generic computer network connection and does not change the abstract character of the idea or add significantly more.
Regarding Claim 5:
Specifies that receiving, a message indicative of a request to access data associated with the second computing system; and sending, by the network device and to the second computing system, a message indicative of a request for service from the second computing system, wherein the receiving the challenge message is based on the sending the message indicative of the request for service from the second computing system; they are still the abstract idea with the recitation of generic network components performing their conventional functions of sending, receiving, and routing messages.
Regarding Claim 6:
Specifies that receiving, by the network device and from the first computing system, a timeout notice that comprises an indication of a time interval; sending, by the network device and prior to the expiration of the indicated time interval, a keep-alive message; and receiving, by the network device and from the first computing system, information indicating the permission is continued; they are still the abstract idea with the recitation of generic network components performing their conventional functions of sending, receiving, and routing messages and keeping communication alive.
Regarding Claim 7:
Adds the first computing system details include an authentication server, and wherein the second computing system comprises a content server; These are types of systems used in the network; narrowing the nature of the computing system does not change the abstract character of the idea or add significantly more.
Regarding Claim 8:
Adds the user device details include at least one of a wireless consumer device, a computer, a sensor, an effector, a control, an industrial device, or retail equipment. These are types of generic computers and do not change the abstract character of the idea or add significantly more.
Dependent claims 10-15 and 17-20 are analyzed and rejected for the same rational as claims 2-8.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-5, 8-13, 16-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over HOYER et al. (Pub. No.: US 2016/0205549, hereinafter HOYER) in view of Siegel (Pub. No.: US 2005/0102405) and Jerdonek (Pub. No.: US 2002/0095507).
Regarding claim 1: HOYER discloses a method comprising:
sending, by the network device and to the first computing system, a response to the challenge message, wherein the response to the challenge message is generated by the network device (HOYER - [0114]: the mobile device 304 will receive a second response from the smart tag 308 in the form of a second data object (step 732). The second response may contain the response-specific information, such as an TAC, as well as an optional TAGID of the smart tag 308. The second response may also contain tag data, which may be the same or different from the tag data received in the first response. [0115]: The method continues with the mobile device 304 parsing the second data object to separate the URL, TAC, and/or TAGID (step 736). Once separated, the mobile device 304 may provide the TAC and/or TAGID back to the content server 340, perhaps also with the URL again (step 740)); and
receiving, by the network device, from a second computing device, and based on a validation of the response to the challenge message, non-secure communications [addressed to the user device] (HOYER - [0121]: if the TAC and TAGID were both determined to be valid … the content server 340 provides the requested content (e.g., requested web page, HTML document, etc.) back to the mobile device 304 (step 836));
Although HOYER teaches content server provides non-secure communications to the mobile device (mapped to network device), it doesn’t explicitly teach the communication is addressed to Smart Tag (or user device).
However, in an analogies art, Siegel discloses receiving, by the network device, … non-secure communications addressed to the user device (Siegel - [0044]: The server 34-1 transmits to the network device 30 the DATA signal 218, which includes the data requested in the REQUEST1 signal 216 and a sequence number (SEQ 1), indicating a sequence number received by the network device 30 from the server 34-1 that handles the first request (REQUEST1). The DATA signal 218 also includes a checksum value (CHK1) indicating a checksum for the DATA signal 218 that can be used to verify the integrity of the signal 218. The network device 30 transmits to the client 22, the DATA signal 220, which includes the same data provided by the signal 218 from the server 34-1 to the network device 30).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of HOYER with Siegel so that the received communication can be further forwarded to another device. The modification would have allowed the system to be more flexible.
The combination of HOYER and Siegel discloses that the challenge message is received by the network device (a mobile device) from a content server (i.e. a first computing system). However, the combination of HOYER and Siegel doesn’t explicitly teach a challenge message is received by the network device based on a request from a user device. However, in an analogous art, Jerdonek teaches:
receiving, by a network device, from a first computing system, system, and based on a request for communications by a user device, a challenge message (Jerdonek - [0044]: Referring to FIG. 3, the user at client system 300 next wants to access private server 360. [0047]: Authentication server 350 next generates a one-time password (also known as a pre-authorized password) in response to the request, step 510. [0048]: The one-time password is then communicated to external server 310, step 520. See also [0056])
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of HOYER and Siegel with Jerdonek so that the challenge message can be initiated by a request from a user device deliver to an external server. The modification would have allowed the system to communicate between multiple devices.
Regarding claims 2: HOYER as modified discloses wherein the receiving, from the first computing system, a challenge message comprises receiving the challenge message via the second computing system (Jerdonek - [0046]: communications between external server 310 and authentication server 350 may be direct, or indirect, for example via firewall server 340).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of HOYER and Siegel with Jerdonek so that challenge message is sent via a firewall device. The modification would have allowed the system to use flexible components in the system.
Regarding claim 3: HOYER as modified discloses wherein the first computing system comprises an authentication server, and wherein the second computing system comprises a content server (HOYER - Fig. 3, content server and authentication service).
Regarding claim 4: HOYER as modified discloses wherein the first computing system is associated with the second computing system (HOYER - [0119]: the authentication service 344 analyzing the TAC and optionally the TAGID received from the content server 340 (step 816)).
Regarding claim 5: HOYER as modified discloses further comprising:
sending, by the network device and to the second computing system, a message indicative of a request for service from the second computing system (HOYER - [0118]: the method continues with the content server providing the TAC to the authentication service 344 for analysis (step 812)),
receiving, by the network device and from the user device, a message indicative of a request to access data associated with the second computing system (Siegel - [0043]: the network device 30. The network device 30-1 transmits to the server 34-1 the REQUEST1 signal 216, which includes the same request as the one provided in the REQUEST1 signal 208 from the client 22 to the network device 30).
wherein the receiving the challenge message is based on the sending the message indicative of the request for service from the second computing system (Jerdonek - [0044]: Referring to FIG. 3, the user at client system 300 next wants to access private server 360. [0047]: Authentication server 350 next generates a one-time password (also known as a pre-authorized password) in response to the request, step 510. [0048]: The one-time password is then communicated to external server 310, step 520. See also [0056]).
The reason to combine is in the same rational as claim 1.
Regarding claim 8: HOYER as modified discloses wherein the user device comprises at least one of a wireless consumer device, a computer, a sensor, an effector, a control, an industrial device, or retail equipment (Jerdonek - [0045]: The connection between client system 300 and external server 310 may be via the Internet, via a direct dial-up connection, or any other means including wireless).
The reason to combine is in the same rational as claim 1.
Regarding claims 9-13: Claims are directed to apparatus/device claims and do not teach or further define over the limitations recited in claims 1-4. Therefore, claims 9 and 11-13 are also rejected for similar reasons set forth in claims 1-4.
Regarding claims 16-18 and 20: Claims are directed to method/computer readable medium claims and do not teach or further define over the limitations recited in claims 1-3 and 5. Therefore, claims 16- 18 and 20 are also rejected for similar reasons set forth in claims 1-3 and 5.
Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over HOYER et al. (Pub. No.: US 2016/0205549, hereinafter HOYER) in view of Siegel (Pub. No.: US 2005/0102405), Jerdonek (Pub. No.: US 2002/0095507) and Rosati et al. (US 2013/0046976, hereinafter Rosati).
Regarding claims 7 and 15: HOYER as modified doesn’t explicitly teach but Rosati discloses wherein the network device comprises at least one of a gateway, a DOCSIS device, or a remote customer premises equipment (rCPE) (Rosati - [0024]: Fig. 2).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of HOYER and Siegel, Jerdonek with Rosati so that network device can be a gateway or remote customer device.
Claims 6, 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over HOYER et al. (Pub. No.: US 2016/0205549, hereinafter HOYER) in view of Siegel (Pub. No.: US 2005/0102405), Jerdonek (Pub. No.: US 2002/0095507) and Townsley et al. (Pub. No.: US 2007/0203990, hereinafter Townsley).
Regarding claims 6, 14 and 19: HOYER as modified doesn’t explicitly teach but Townsley discloses:
further comprising:
receiving, by the network device and from the first computing system, a timeout notice that comprises an indication of a time interval (Townsley - [0032]: a DHCP client operating on a device communicates with one or more DHCP servers to obtain configuration information, including an IP address for the client's host device. The configuration data is valid for a limited time interval, called a lease time);
sending, by the network device and prior to the expiration of the indicated time interval, a keep-alive message (Townsley - [0032]: Before the lease expires at the end of the lease time interval, the DHCP client may send a renew request message to extend the lease for some period of time); and
receiving, by the network device and from the first computing system, information indicating the permission is continued (Townsley - [0068-0070]: If in step 640 it is determined that a DHCP lease for communications between the customer node and nodes on the IP network does not expire, … determined whether a DHCP echo request is received among the unicast IP data packets … determined whether the echo request is valid).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of HOYER and Siegel, Jerdonek with Townsley so that a time interval configuration is received from the server and a renew message is sent before time out for continuing the service. The modification would have allowed the system to extent service.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
VAS et al. (Pub. No.: US 2011/0314346) - Identifying a slice name information error in a dispersed storage network
Uefuji et al. (Pub. No.: US 2015/0156058) - Management server
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729. The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MENG LI/
Primary Examiner, Art Unit 2437