DETAILED ACTION
This Final Office Action is in response to amendment filed on 11/28/2025. Claims 1, 9, 17 have been amended. Claims 4-5, 12-13 and 20-21 have been canceled. Claims 1-3, 6-11, 14-19 and 22-24 remain pending in the application.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 09/21/2023 are accepted.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 06/03/2025, 06/26/2025, 07/04/2025, 08/22/202509/25/2025, 11/12/2025 and 12/05/2025 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 06/03/2025, 06/26/2025, 07/04/2025, 08/22/202509/25/2025, 11/12/2025 and 12/05/2025 are attached to the instant Office action.
Response to Arguments
With respect to the USC 101 rejections, applicant stated in Page 5 “Within the Office Action, Claims 1-24 have been rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter. Although Applicants respectfully disagree, to further prosecution, Claims 1, 9 and 17 have been amended. Specifically, it has been argued that the presently claimed invention is directed to mental steps. However, the claims are directed to an improvement of a network, in particular, improvement of communication via the network. The presently claimed invention cannot be performed via mental steps. Therefore, the rejection should be withdrawn.”
The amendments are fully considered. However, the arguments are not persuasive, because the amended limitations of verifying a randomized and at least 256 bit key, is a process that under the broadest reasonable interpretation, covers performance of the limitations in the mind (or with pencil and paper), but for the recitation of a generic computer component/system/apparatus. The generic computer and the mere recitation of intended use without specific structure, e.g. “to prevent…to provide” does not take the claim out of the mental process, which can be with pencil and paper, See MPEP 2106.04(a)(2) III. As to the mere recitation of the intended use in the amendments, the intended use does not amount to improvements or significantly more to qualify and overcome the USC 101 rejection. See MPEP 2106.05 I A, and 2106.05(a)
With respect to prior arts rejections, applicant argues through Pages 5-8 “Lin does not teach, for example, wherein a secret key within the secret key exchange is randomized and designed to prevent duplicate collisions, wherein the secret key is at least 256 bits to provide quantum resistance. For at least these reasons, the independent Claim 1 is allowable over the teachings of Lin… Within the Office Action, Claims 4, 6, 12, 14, 20 and 22 have been rejected under 35 U.S.C. § 103 as being unpatentable over Lin in view of U.S. Patent Application Publication No. 2022/0094545 by Islamov ("Islamov"). Applicants respectfully disagree with the rejections… Claims 5, 13 and 21 have been canceled by the above amendments. Within the Office Action, Claims 8, 16 and 24 have been rejected under 35 U.S.C. § 103 as being unpatentable over Lin in view of U.S. Patent No. 6,832,319 by Bell ("Bell"). Applicants respectfully disagree with the rejections.”
Examiner submits that the Islamov is relied upon to disclose that a secret key within the secret key exchange is randomized and Kovac is relied upon to disclose that the secret key is at least 256 bits. Therefore the combination of Lin in view of Islamov and Kovac disclose the above argued limitations. Examiner further submits that while Islamov and Kovac disclose the use of the above features to prevent duplicate collisions and provide quantum resistance, however, the above are recited as “intended use”, which does not hold patentable weight in the argued claim limitations. See MPEP 7.37.09 “…a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim.”
Claim Rejections – 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 9 and 17 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite:
verifying the node when the secret key exchange succeeds.
The limitation of verifying the node when the secret key exchange succeeds, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind, or by a human using a pen and paper, but for the recitation of generic computer/memory components. That is, other than reciting memory, computer, device, apparatus, system, node, etc. in claims 1, 9 and 17, nothing in the claim elements precludes the step from practically being performed in the mind.
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind (or with pencil and paper) but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. See MPEP 2106.04(a)(2) III.
This judicial exception is not integrated into a practical application. In particular, the claim only recites multiple additional element(s)–using components to register and perform: exchang(ing). The components in the above steps are recited at a high-level of generality (i.e., as the above elements as generic components performing a generic computer function of “randomizing…verifying…) such that it amounts no more than mere instructions to apply the exception using generic computer components. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using the above components to perform the above mental steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. These claims are not patent eligible.
Claims 2-3, 6-8, 10-11, 14-16 , 18-19 and 22-24 are dependent claims that do not cure the above deficiencies.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) are: “second device…configured for” in claims 17, 19 and 23.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Structures of the aforementioned limitations are disclosed in the following Figures and paragraphs of the specification:
Figures 1 and 9 recite physical devices 160-164, 900 and publication Para. [0104, 0117-0134] recite the steps and functions associated with the second device.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 6-7, 9-11, 14-15, 17-19, 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over Lin (US 20160337321 A1) in view of Islamov (US 20220094545 A1), hereinafter Islamov, and Kovac (US 12174971 B1), hereinafter Kovac.
Regarding claim 1, Lin teaches a method programmed in a non-transitory memory of a device (Lin Figure 2 security proxy device) comprising:
registering a node comprising a second apparatus (Lin Figure 2 [0139] “[0139] In addition, the client may register with the security proxy device in advance to obtain a client certificate Client-Cert. For example, when the client is used for the first time, it registers with the security proxy device to obtain the Client-Cert.”);
performing a secret key exchange with the node (Lin Figure 2 [0140-0142] “[0140] After the above initial configurations are performed, the flow as shown in FIG. 2 may begin to proceed. The method may comprise the following steps: [0141] In step 201, a first Authenticated Key Exchange (AKE) processing is performed with an identifier AKE-1 in the figure. In AKE-1, the client uses the key agreement protection key C_AKE-Key to encrypt the data containing the Client-ID and then send it to the security proxy device. An encryption algorithm is configured in advance in the client and the security proxy device. Diffe-Hellman key exchange method may be employed in the embodiment of the present invention. The data obtained after encryption may be represented as follows: [0142] E.sub.C.sub._.sub.AKE-Key (Client-ID, (g.sup.x mod p), H(g.sup.x mod p)), wherein x is a generated random number, and H(g.sup.x mod p) represents a Hash value obtained after performing Hash operation for the g.sup.x mod p.”); and
verifying the node when the secret key exchange succeeds (Lin Figure 2 “[0143] In step 202, a second Authenticated Key Exchange processing is performed with an identifier AKE-2 in the figure. In AKE-2, the security proxy device decrypts the data sent by the client to obtain Client-ID, i.e., decrypts E.sub.C.sub._.sub.AKE-Key (Client-ID, (g.sup.x mod p), H(g.sup.x mod p)) to obtain the Client-ID. Authentication is performed for the [0144] Client-ID. The authentication may be based on, but is not limited to a preset blacklist/whitelist. If the Client-ID is in the blacklist, it is confirmed that the client is illegal and it's access is prohibited. If the Client-ID is not in the blacklist, the client passes the authentication. [0145] H(g.sup.x mod p)) may be further used to verify (g.sup.x mod p) to perform validation for data integrity. [0146] If the client passes the authentication and validation of (g.sup.x mod p) using H(g.sup.x mod p)) also succeeds, the security proxy device uses the Client-ID to generate a server validation key C_AKE-Session-Key-2.”, where the key exchange is performed and the client is verified, through authentication and validation, throughout the steps in 201-204 as further disclosed in [0171] “The above steps 201-204 mainly involve the procedure of key agreement and toke assignment. Then the client may begin to communicate with the server by using the agreed key and assigned token.”).
Lind does not explicitly disclose the below limitations.
Islamov discloses wherein a secret key within the secret key exchange is randomized and designed to prevent duplicate collisions (Islamov Figure 2 illustrates the secret key X is randomized by combining X with a random XA at 204 and with XB at 210).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin to incorporate the teaching of Islamov to utilize the above feature, with the motivation of securely communicating the secret key utilizing random variables that add extra layer of security to the agreed upon secret keys between parties, as recognized by (Islamov [0043-0044] and throughout).
Lind in view of Islamov does not explicitly disclose the below limitations.
Kovac discloses wherein the secret key is at least 256 bits to provide quantum resistance (Kovac Col. 5 line 63-67 and Col. 6 line 1-13 “serve as an extension to such PKI systems to make FIPS-compliant quantum-resistant symmetric cryptography systems more robust. For example, a system can exchange two (different) 256-bit PKI keys, and use, for example, a first key with eAES and the second with AES, to encrypt the data to be protected, as described in various embodiments herein. In an embodiment, a system can also use a “hybrid” asymmetric key exchange in a novel way which can strengthen the whole system. For example, with this extension, a system can effect a key exchange for the key meant to be used in the first pass (enhanced symmetric encryption such as eAES) with a quantum-safe mechanism such as PQC (“Post-Quantum Cryptography”) or QKD (“Quantum Key Distribution”). Then, the system can effect a second key exchange for the key meant for the FIPS-compliant pass (such as AES) using FIPS-compliant key exchange mechanisms. In an embodiment, such FIPS-compliant key exchange mechanisms can include PQC mechanisms.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin in view of Islamov to incorporate the teaching of Kovac to utilize the above feature, with the motivation of generating quantum-resistant symmetric cryptography, as recognized by (Kovac Col. 5 line 63-67 and Col. 6 line 1-13 and throughout).
Regarding claim 9, claim 9 recites similar limitations to claim 1, therefore, rejected with the same rationale applied to claim 1.
Regarding claim 17, claim 17 recites similar limitations to claim 1, therefore, rejected with the same rationale applied to claim 1.
Regarding claim 2, Lin in view of Islamov and Kovac teaches the method of claim 1 wherein the device comprises a switch, a router or a gateway (Lin Figure 2 proxy device is interpreted as a gateway, where a proxy server acts as an intermediary, or gateway, between a client and a server in Figure 2).
Regarding claim 10, claim 10 recites similar limitations to claim 2, therefore, rejected with the same rationale applied to claim 2.
Regarding claim 18, claim 18 recites similar limitations to claim 2, therefore, rejected with the same rationale applied to claim 2.
Regarding claim 3, Lin in view of Islamov and Kovac teaches the method of claim 1 further comprising blocking a communication when the secret key exchange fails (Lin Figure 2 [0146] “If the client passes the authentication and validation of (g.sup.x mod p) using H(g.sup.x mod p)) also succeeds, the security proxy device uses the Client-ID to generate a server validation key C_AKE-Session-Key-2. The manner for generating the server validation key may employ, but is not limited to a manner of calculating a Hash value”, [0171] “The above steps 201-204 mainly involve the procedure of key agreement and toke assignment. Then the client may begin to communicate with the server by using the agreed key and assigned token.”, where if the secret key exchange process does not succeed, there will not be key agreement and token for communication, further in [0176]).
Regarding claim 11, claim 11 recites similar limitations to claim 3, therefore, rejected with the same rationale applied to claim 3.
Regarding claim 19, claim 19 recites similar limitations to claim 3, therefore, rejected with the same rationale applied to claim 3.
Regarding claim 6, Lin in view of Islamov and Kovac teaches the method of claim 4, wherein the secret key is stored in hardware on the device (Lin discloses the agreed key and token is required throughout the session for subsequent communication until the token expires, indicating the agreed key and token to be stored for use through the session communication, as disclosed in [0184] “ When the client communicates with server subsequently, it may, after performing Session-ID+1, repeatedly execute the procedure as shown in step 205-step 208. After the token expires, the client needs to agree about the key and obtain the token again from step 201.”, Islamov further discloses the retrieved secret key from 218 at Bob’s side is used for subsequently secure communicating with Alice, indicating storing the secret key).
Regarding claim 14, claim 14 recites similar limitations to claim 6, therefore, rejected with the same rationale applied to claim 6.
Regarding claim 22, claim 22 recites similar limitations to claim 6, therefore, rejected with the same rationale applied to claim 6.
Regarding claim 7, Lin in view of Islamov and Kovac teaches the method of claim 1 further comprising storing a cached list of registered nodes (Lin “[0024] judging whether the Client-ID is in a preset blacklist: if no, the client passes the identity authentication; if yes, the client fails to pass the validation; or [0025] judging whether the Client-ID is in a preset whitelist: if yes, the client passes the identity authentication; if no, the client fails to pass the identity authentication.” And further in [0144]).
Regarding claim 15, claim 15 recites similar limitations to claim 7, therefore, rejected with the same rationale applied to claim 7.
Regarding claim 23, claim 23 recites similar limitations to claim 7, therefore, rejected with the same rationale applied to claim 7.
Claims 8, 16 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Lin (US 20160337321 A1) in view of Islamov, Kovac and Bell (US 6832319 B1), hereinafter Bacca.
Regarding claim 8, Lin in view of Islamov and Kovac teaches the method of claim 1.
Lin in view of Islamov and Kovac does not disclose XOR.
Bell discloses wherein the secret key exchange utilizes XOR encryption (Bell Col. 7 line 59-63 “block 62, the logic moves to block 64, wherein the modified exchange key is encrypted with the content key. Preferably, the modified exchange key and content key have the same length, so that an exclusive-or determination can be made to encrypt the exchange key with the content key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Lin in view of Islamov and Kovac to incorporate the teaching of Bell,, where using exclusive for encryption is one of finite well know methods that is obvious to try.
Regarding claim 16, claim 16 recites similar limitations to claim 8, therefore, rejected with the same rationale applied to claim 8.
Regarding claim 24, claim 24 recites similar limitations to claim 8, therefore, rejected with the same rationale applied to claim 8.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BASSAM A NOAMAN/ Primary Examiner, Art Unit 2497