METHOD AND APPARATUS FOR CLASSIFYING PACKETS BASED ON USER AUTHENTICATION FOR DIFFERENTIAL SECURITY SERVICE IN SHIP NETWORKS

DETAILED ACTION In a communication received on 19 November 2025, the applicants amended claims 1 and 9. Claims 1-16 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claim(s) 1-16 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sondhi et al. (US 2015/0089622 A1) in view of Chen et al. (US 2016/0261642 A1) and Lander et al. (US 2017/0331832 A1), and further in view of Posner et al. (US 2019/0098598 A1). With respect to claim 1, Sondhi discloses: a user authentication-based packet classification method for differentiated security services of a ship network, performed by a service provider including a processor (i.e., an authorization platform that comprises at least one Oauth authorization server in Sondhi, ¶0044), the method comprising: receiving an authorization code request message from a user terminal including a client (i.e., resource server receives user request and provides authorization code in response in Sondhi, ¶0010, , ¶0047); authenticating and authorizing a user of the client based on the authorization code request message (i.e., granting the client access by the user including the client as a trusted partner and has corresponding authorization code in Sondhi, ¶0011, ¶0047); transmitting an authorization code response message to the user terminal in response to the authorization code request message (i.e., sending authorization code to the requesting client in Sondhi, ¶0010); receiving an access token request message from the user terminal based on the authorization code response message (i.e., back channel call to the resource server to request an access token specifying the scope of the access in Sondhi, ¶0011); and transmitting an access token response message including an access token to the user terminal in response to the access token request message (i.e., client receives the access token and receives specified access until the access token expires; the access is revocable in Sondhi, ¶0011). Sondhi discloses policy engine to determine the scope of the access relative to the service; resources and scope registry define different scopes of access for clients (¶0052, ¶0082). Sondhi do(es) not explicitly disclose the following. Chen, in order to improve processing of data packets of tied to specific user identities such that requestor can simply present their identification and their traffic is processed at packet level (¶0088), discloses: a user authentication-based packet classification method for differentiated security services of a ship network (i.e., user identity and other parameters of group identity tied with security actions including bandwidth rate limiting, quality of service, or packet based queueing, priority, or forwarding path in Chen, ¶0081, ¶0084). Based on Sondhi in view of Chen, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Chen to improve upon those of Sondhi in order to improve processing of data packets of tied to specific user identities such that requestor can simply present their identification and their traffic is processed at packet level. Sondhi discloses policy engine to determine the scope of the access relative to the service; resources and scope registry define different scopes of access for clients (¶0052, ¶0082). Sondhi and Chen do(es) not explicitly disclose the following. Lander, in order to secure access to cloud-based application corresponding to device and user type (¶0003), discloses: wherein the access token includes information indicating whether to be provided with differentiated security services (i.e., token includes computed scopes and privileges embedded in access tokens; differentiated authorization in the tokens linked based on both user and application role in Lander, ¶0242, ¶0243, ¶0225), and whether to be allowed to access constrained resources based on a user classification (i.e., scope is allowed actions corresponding to the client access token; access is evaluated and permitted based on allowed scopes in Lander, ¶0220, ¶0242, ¶0304). Based on Sondhi in view of Chen, and further in view of Lander, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Lander to improve upon those of Sondhi in order to secure access to cloud-based application corresponding to device and user type. Sondhi discloses policy engine to determine the scope of the access relative to the service; resources and scope registry define different scopes of access for clients (¶0052, ¶0082). Sondhi, Chen, and Lander do(es) not explicitly disclose the following. Posner, in order to manage satellite bandwidth that is limited and expensive by managing on-ship communication and ship-to-shore communications (¶0011), discloses: in a resource-constrained ship network environment (i.e., differentiated logic in processing on-board/local in a ship; reducing limited satellite connection; sorting ship-to-shore traffic in Posner, ¶0011, ¶0012, ¶0013). Based on Sondhi in view of Chen and Lander, and further in view of Posner, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Posner to improve upon those of Sondhi in order to manage satellite bandwidth that is limited and expensive by managing on-ship communication and ship-to-shore communications. With respect to claim 2, Sondhi discloses: the method of claim 1, further comprising: receiving a resource request message including the access token from the user terminal (i.e., clients present authorization tokens to the servers which can obtain the respective scopes of access for the specific token-client in Sondhi, ¶0083); and transmitting a resource response message including resources or information indicating the resources to the user terminal in response to the resource request message (i.e., client presents access token that can specify the scope of the access that may permit contents to an album for example in Sondhi, ¶0011). With respect to claim 3, Sondhi discloses: the method of claim 2, further comprising: referencing a user class management table for providing the differentiated security services (i.e., token-scope registry maps token to a particular scope for that defines the boundary of access in Sondhi, ¶0045-0046) based on a user class defined by an extended parameter in the resource request message (i.e., attributes of the user and client specified are specified in the request in Sondhi, ¶0082). Sondhi discloses policy engine to determine the scope of the access relative to the service; resources and scope registry define different scopes of access for clients (¶0052, ¶0082). Sondhi do(es) not explicitly disclose the following. Chen, in order to improve processing of data packets of tied to specific user identities such that requestor can simply present their identification and their traffic is processed at packet level (¶0088), discloses: ; and applying a differentiated security service to a packet of the user terminal based on an action corresponding to the user class defined in the user class management table (i.e., user identity parameters trigger security gateway to process traffic for packets accordingly to policy corresponding to user identity in Chen, ¶0081, ¶0082, ¶0084). Based on Sondhi in view of Chen, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Chen to improve upon those of Sondhi in order to improve processing of data packets of tied to specific user identities such that requestor can simply present their identification and their traffic is processed at packet level. With respect to claim 4, Sondhi discloses policy engine to determine the scope of the access relative to the service; resources and scope registry define different scopes of access for clients (¶0052, ¶0082). Sondhi do(es) not explicitly disclose the following. Chen, in order to improve processing of data packets of tied to specific user identities such that requestor can simply present their identification and their traffic is processed at packet level (¶0088), discloses: the method of claim 3, further comprising changing a processing order of packet data based on a priority queue corresponding to the user class (i.e., user identity and other parameters of group identity tied with security actions including bandwidth rate limiting, quality of service, or packet based queueing, priority, or forwarding path in Chen, ¶0081, ¶0084). Based on Sondhi in view of Chen, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Chen to improve upon those of Sondhi in order to improve processing of data packets of tied to specific user identities such that requestor can simply present their identification and their traffic is processed at packet level. With respect to claim 5, Sondhi discloses: the method of claim 3, wherein the user class management table comprises a class field, a priority field, and an action field (i.e., registered policies that can indicate different quota limits for different types of subscribers, gold/platinum level in Sondhi, ¶0062), the class field representing a class tag defined by the service provider (i.e., indicate which user roles are permitted access to various services indicated service's administrator in Sondhi, ¶0062), the action field defining a security service type to be executed on the corresponding traffic or a predetermined class-specific action (i.e., authorizes decisions to access by supplied token based on supplied token including user specific attributes like security level suggesting a security action for the user/group attributes in Sondhi, ¶0096). With respect to claim 6, Sondhi discloses: the method of claim 3, wherein the extended parameter (i.e., user attributes can be inserted into token when submitting token with request in Sondhi, ¶0095) comprises a user class field defining the user class and priority (i.e., registered policies that can indicate different quota limits for different types of subscribers, gold/platinum level in Sondhi, ¶0062), class information field indicating version information of the user class management table (i.e., indicate which user roles are permitted access to various services indicated service's administrator in Sondhi, ¶0062), and a constraint field (i.e., inserting within the authorization token values for user attributes and scope of the access in Sondhi, ¶0096). With respect to claim 7, Sondhi discloses: the method of claim 1, further comprising defining an extended parameter designating a user class in a hypertext transfer protocol (HTTP) response corresponding to the access token response message of an authorization server of the service provider (i.e., extending the Oauth specification with user attribute values, browser-based HTTP interfacing with the authorization framework; attributes can specify a user role or department in Sondhi, ¶0062, ¶0093-0094, ¶0096, ¶0121). With respect to claim 8, Sondhi discloses: the method of claim 1, further comprising receiving client service pre-registration from the client (i.e., registering the native applications with the server; trusted partner for resource server suggests pre-registered applications in Sondhi, ¶0126, ¶0130). With respect to claim 9, the limitation(s) of claim 9 are similar to those of claim(s) 1. Therefore, claim 9 is rejected with the same reasoning as claim(s) 1. Sondhi further discloses: a user authentication-based packet classification apparatus comprising: a memory storing at least one instruction for classifying packets based on user authentication for differentiated security services in a ship network (i.e., storage medium for instructions of the embodied invention in Sondhi, ¶0193); and a processor connected to the memory and executing the at least one instruction, (i.e., processor for executing instructions on storage medium in Sondhi, ¶0193). With respect to claim 10, the limitation(s) of claim 10 are similar to those of claim(s) 2. Therefore, claim 10 is rejected with the same reasoning as claim(s) 2. With respect to claim 11, the limitation(s) of claim 11 are similar to those of claim(s) 3. Therefore, claim 11 is rejected with the same reasoning as claim(s) 3. With respect to claim 12, the limitation(s) of claim 12 are similar to those of claim(s) 4. Therefore, claim 12 is rejected with the same reasoning as claim(s) 4. With respect to claim 13, the limitation(s) of claim 13 are similar to those of claim(s) 5. Therefore, claim 13 is rejected with the same reasoning as claim(s) 5. With respect to claim 14, the limitation(s) of claim 14 are similar to those of claim(s) 6. Therefore, claim 14 is rejected with the same reasoning as claim(s) 6. With respect to claim 15, the limitation(s) of claim 15 are similar to those of claim(s) 8. Therefore, claim 15 is rejected with the same reasoning as claim(s) 8. With respect to claim 16, the limitation(s) of claim 16 are similar to those of claim(s) 7. Therefore, claim 16 is rejected with the same reasoning as claim(s) 7. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached at 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Sherman Lin 3/15/2026 /S. L./Examiner, Art Unit 2447 /JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447