RENDERING ENDPOINT CONNECTION WITHOUT AUTHENTICATION DARK ON NETWORK

§103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). The disclosure of the prior-filed application, Application No. 17/542156, 17/040949, PCT/US2019/041871 and 62/698644 fail to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for one or more claims of this application. The independent claims are not supported in any of the parent applications, and therefore do receive the earlier filing date for any of the claims. Response to Arguments Applicant’s arguments regarding the 103 rejections are moot in view of the new grounds of rejection below. Applicant’s arguments regarding the 112 rejections have been carefully considered and are not deemed persuasive. Applicant argues that page 61 lines 15-18 recite “In the step 1704, if the incoming node is not registered in the authentication server, the network connection is rejected by dropping the packet. Dropping the packet and not responding makes the endpoint “dark” on the network and not vulnerable to low-level network scans”. Applicant says: “Accordingly, from the teachings within the Present Specification, it is clear that a “dark” node, endpoint or device is not registered in the authentication server and not vulnerable to low-level network scans.” The Examiner respectfully disagrees. These lines from the specification do not define the term dark. There is no specific special definition given to the term dark. If Applicant wishes to include these limitations, they need to be recited in the claim. “The endpoint” and “the device” do not necessarily mean the same node. In addition, it is unclear which limitations would be brought into the claim (unregistered, not vulnerable, etc.). Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention. Claims 1, 8, and 15 recite “dropping the packet makes the device dark on a network”. The Applicant’s disclosure does not define the meaning of the term “dark”. This term is sometimes used in a military environment, but is not common in a networking environment. The disclosure states that the endpoint may no longer be vulnerable to a low-level network scan, but does not provide any other information than that. The disclosure does not explain if the device/endpoint is offline, unreachable, powered off, stops communicating, asleep, or some other unrelated definition. The disclosure does not discuss how the device itself could be “dark”. The device is the one who is performing the query to the authentication server about the endpoint. It is unclear how the device could be dark after the packet being dropped. Therefore, the applicant’s disclosure does not enable one skilled in the art to make or use the invention. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 8, and 15 recite “dropping the packet makes the device dark on a network”. The Applicant’s disclosure does not define the meaning of the term “dark”. This term is sometimes used in a military environment, but is not common in a networking environment. The disclosure states that the endpoint dark and the endpoint may no longer be vulnerable to a low-level network scan, but does not provide any other information than that. The disclosure does not discuss the device itself being dark. The disclosure does not explain if the device/endpoint is offline, unreachable, powered off, asleep, stops communicating, or some other unrelated definition. Therefore, it is unclear what is meant by the term “dark”. The disclosure does not discuss how the device itself could be “dark”. The device is the one who is performing the query to the authentication server about the endpoint. It is unclear how the device could be dark after the packet being dropped. The Examiner will use any of these interpretations in her search of the prior art. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kim (KR 20100091590) in view of Aguayo Gonzalez (US 2018/0239906), and further in view of Spiegel et al. (US 2004/0083408). Regarding claims 1, 8, and 15, Kim teaches a method programmed into a non-transitory memory of a device comprising: Querying an authentication server to authorize an incoming connection from an endpoint (As a result of user authentication of the authentication server 150, when the user accessing the world garden service is not a registered user, the controller 170 drops a data packet transmitted by the wireless LAN device 110 of the corresponding user – see page 7 paragraph 6). Rejecting a network connection by dropping a packet when the endpoint is not registered with the authentication server (As a result of user authentication of the authentication server 150, when the user accessing the world garden service is not a registered user, the controller 170 drops a data packet transmitted by the wireless LAN device 110 of the corresponding user – see page 7 paragraph 6) Kim does not teach wherein rejecting the network connection and dropping the packet makes the device dark on the network. Aguayo Gonzalez teaches during an unauthorized access of a device; and the processor configured to select, based on the first signal, a first response from a plurality of responses in response to a detection of the unauthorized access, the plurality of responses including a second response, the processor configured to collect information associated with the device during the unauthorized access in response to the second response being selected, the processor configured to send a second signal to execute the first response; wherein the plurality of responses include at least one of (1) preventing access to the device in response to the detection of the unauthorized access, (2) disabling at least a portion of the device in response to the detection of the unauthorized access, (3) powering down the device in response to the detection of the unauthorized access, (4) resetting the device in response to the detection of the unauthorized access, (5) physically damaging at least a portion of the device in response to the detection of the unauthorized access, (6) setting at least a portion of the device into an irrecoverable logic state in response to the detection of the unauthorized access, (7) permanently erasing a memory of the device in response to the detection of the unauthorized access, or (8) destroying at least a portion of the device in response to the detection of the unauthorized access – see claims 1 and 6. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Kim by making the device “dark” (see 112) when the device is not registered (i.e., dropped packet, unauthorized) in order to protect the network from an insecure device, based upon the beneficial teachings provided by Aguayo Gonzalez. These modifications would result in increased security to the system. Kim and Aguayo Gonzalez do not teach logging a failed connection attempt when the network connection is rejected. Spiegel teaches logging failed connection in order to determine infection of sources – see abstract for example. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Kim and Aguayo Gonzalez by logging failed connection attempts, in order to determine source infections, based upon the beneficial teachings provided by Spiegel. These modifications would result in increased security to the system. Claims 2, 3, 9, 10, 16, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kim (KR 20100091590) in view of Aguayo Gonzalez (US 2018/0239906), and further in view of Spiegel et al. (US 2004/0083408), and further in view of Pathan et al. (US 2005/0143065). The teachings of Kim, Aguayo Gonzalez, and Spiegel are relied upon for the reasons set forth above. Regarding claims 2, 3, 9, 10, 16, and 17, Kim, Aguayo Gonzalez, and Spiegel do not teach that the device contains a stored list of authorized endpoints or that the querying of the authentication server occurs when the incoming connection is from the endpoint not in a local endpoint stored list. Pathan teaches: If valid client authentication information (e.g., a valid base transient key associated with the client) is stored in a local memory of wireless domain service 341 (i.e., authorized endpoint), the mobile node 331 is authenticated and authorized to communicate on network 300. Mobile node 331 is also tracked as registered with wireless domain service 341. If valid client authentication information (e.g., a valid base transient key associated with the client) is not stored in a local memory of wireless domain service 341 the client request for access to communication network 300 from mobile node 331 is forwarded to main authentication and authorization server 301(i.e., sent to authentication server when not on list) for participation in a full authentication process – see [0041]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Kim, Aguayo Gonzalez, and Spiegel by querying the authentication server when endpoint is not on local endpoint stored list, in order to save time and resources by checking authentication locally, based upon the beneficial teachings provided by Pathan. These modifications would result in increased speed to the system. Claims 4, 5, 11, 12, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kim (KR 20100091590) in view of Aguayo Gonzalez (US 2018/0239906), and further in view of Spiegel et al. (US 2004/0083408), and further in view of Pathan et al. (US 2005/0143065), and further in view of Koushik et al. (US 2016/0134616). The teachings of Kim, Aguayo Gonzalez, Spiegel, and Pathan are relied upon for the reasons set forth above. Regarding claims 4, 5, 11, 12, 18, and 19, Kim, Aguayo Gonzalez, Spiegel, and Pathan do not teach that that the list contains a time-to-live value and periodically expires a record, or refreshing authorization based on an expired record. Koushik teaches: In one example, an end-user may launch the desktop application management module, which may display the login page hosted by an external identity service (e.g., a domain controller). The end user may provide their domain credentials to login there. As a result, the desktop application management module may receive an authorization code (e.g., one that conforms to the OAuth open source standard). The desktop application management module may then call the application delivery agent, providing the authorization code, in order to get a security token. The agent may then call the identity broker service of the application fulfillment platform, passing the authorization code, along with user and device information, and may get back the security token and, in some embodiments, multiple refresh tokens. In some embodiments, the security token may be a temporary token that expires after a pre-determined time-to-live of between 1 hour and 36 hours) and the refresh tokens may be valid for a pre-determined period of between 30 days and 365 days). The application delivery agent may store the security token (and the refresh tokens) in protected local storage (e.g., encrypted storage) for further reference, e.g., so that the desktop application management module will be able to get it later without requiring the end user to login each time. All subsequent calls to retrieve the security token may simply return the security token stored by the application delivery agent. After this point the desktop application management module may use the security token to communicate with the proxy service, and the local service (e.g., a thread of the application delivery agent) may be responsible for storing and refreshing the security token – see [0166]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Kim, Aguayo Gonzalez, Spiegel, and Pathan by the local endpoint stored list containing a time-to-live value a periodically expiring a record, as well as refreshing the authorization based on an expired record, in order to keep authorizations fresh and current, based upon the beneficial teachings provided by Koushik. These modifications would result in increased security to the system. Claims 6, 7, 13, 14, 20, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kim (KR 20100091590) in view of Aguayo Gonzalez (US 2018/0239906), and further in view of Pathan et al. (US 2005/0143065), and further in view of Lakshmana et al. (US 2016/0259932). The teachings of Kim, Aguayo Gonzalez, and Spiegel are relied upon for the reasons set forth above. Regarding claims 4, 5, 11, 12, 18, and 19, Kim, Aguayo Gonzalez, and Spiegel do not teach that the device comprises an embedded system which is an IoT device. Lakshmana teaches: the coordinator 210 can send a control signal to the authorized IoT devices 205 instructing them to enter into an authorization mode, where each of the authorized IoT devices can individually, or in combination with other authorized IoT devices 205, be used to authenticate the new IoT device 205 – see [0041]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Kim, Aguayo Gonzalez, and Spiegel by the device having embedded an IoT device, in order that IoT devices may have the ability to securely authenticate one another, based upon the beneficial teachings provided by Lakshmana. These modifications would result in increased functionality across various systems. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /LISA C LEWIS/Primary Examiner, Art Unit 2495