DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 21, 22, 25-34 and 37-40 have been examined. Claims 1-20 are cancelled by Preliminary Amendment filed on 10/26/23.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/21/26 is being considered by the examiner.
Response to Arguments
Applicant’s arguments with respect to claims 21-40 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Specifically, Wang discloses the limitations challenged by the applicant.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 21, 22, 28, 33, 34 and 40 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Wang U.S. 2022/0045901 (hereinafter Wang).
As per claim 21, 33 and 40, Wang discloses a router/method/medium (Wang: Fig. 2: electronic device 200; [0041]: electronic device 200 is a router) comprising:
at least one processor (Wang: Fig. 2);
memory (Wang: Fig. 2) storing at least one of a secured anti-theft password or a configuration file (Wang: Fig. 2; [0047]: information regarding primary user device/authorized device may be stored in memory of electronic device 200; [0043]: processor 26 of electronic device authenticates user using the first user device by comparing account and/or password); and
computer-readable medium storing instructions that, when executed by the at least one processor, cause the router to determine whether a first input password is authenticated (Wang: [0043]), and
control at least one of accessing or modifying of the configuration file and configuration of the router based on whether the first input password is authenticated (Wang: [0049]-[0051]: when user is authenticated by account/password and the user device is authorized device, allow network configuration information processing request), wherein controlling the at least one of accessing or modifying of the configuration file includes preventing accessing the configuration of the router, preventing modifying the configuration of the router, and preventing deleting the configuration from the router unless the first input password matches the second anti-theft password (Wang: [0052]: if user device is not authorized, deny performance of the requested operation including accessing, modifying, and restoring (i.e. delete and create) configuration information).
As per claim 22 and 34, Wang discloses the limitations of claims 21 and 33 respectively. Wang further discloses wherein the instructions, when executed by the at least one processor, further cause the router to permit the at least one of accessing or modifying of the configuration of the router and to permit the at least one of access or modifying of the configuration file in response to determining that the first input password matches the anti-theft password (Wang: [0051]).
As per claim 28, Wang discloses the limitations of claim 21. Wang further discloses wherein the configuration file, when loaded on the router, configures the router to comply with standards and protocols for a network (Wang: [0042]).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 25, 29, 30, 32 and 37-39 are rejected under 35 U.S.C. 103 as being unpatentable over Wang U.S. Pub. No. 2022/0045901 (hereinafter Wang) in view of Tomasso et al. U.S. Pub. No. 2019/0354685 (hereinafter Tomasso).
As per claim 25, Wang discloses the limitations of claim 21. Wang does not explicitly disclose discloses wherein the configuration file is an encrypted configuration file, and the instructions, when executed by the at least one processor, further cause the router to obtain the encrypted configuration file from a secure area of the memory, decrypt the encrypted configuration file to obtain a decrypted configuration file, and configure the router based on the decrypted configuration file, and the control the at least one of accessing or modifying of the configuration file further includes preventing replacement of the encrypted configuration file with another configuration file. However, Tomasso discloses encrypting and decrypting configuration file associated with router when the user is successfully authenticated (Tomasso: [0046]: decrypt firmware with the passphrase provided by user and load configuration file if authentication is successful; [0049]: prevent access or changes if authentication is not successful). It would have been obvious to one having ordinary skill in the art to encrypt configuration file because Wang and Tomasso are analogous art involving accessing router configuration information. The motivation to combine would be to provide additional security to the configuration.
As per claim 29 and 38, Wang discloses the limitations of claims 21 and 33 respectively. Wang does not explicitly disclose wherein the instructions, when executed by the at least one processor, further cause the router to prevent entry of a second input password for a time interval in response to determining that the first input password does not match the secured anti-theft password. However, Tomasso discloses disabling password entry after incorrect entry or too many failed attempts (Tomasso: [0046]). Prevent entry of password for specified time period upon failed login attempt is well-known in the art.
As per claim 30 and 39, Wang as modified discloses the limitations of claims 29 and 38 respectively. Wang as modified further discloses wherein the instructions, when executed by the at least one processor, further cause the router to prompt for input of the second input password after expiration of the time interval, determine whether the second input password matches the secured anti-theft password, and control the at least one of accessing or modifying of the configuration file and the configuration of the router based on whether the second input password matches the secured anti-theft password (Tomasso: [0046]: re-attempt password entry to determine whether access is allowed). Same rationale applies here as in claim 29 regarding well known practice of setting password re-attempt interval.
As per claim 32, Wang discloses the limitations of claim 21. Wang does not explicitly disclose wherein the configuration file is an encrypted configuration file encrypted using an encryption key, wherein the encryption key is based on the secured anti-theft password, and the instructions, when executed by the at least one processor, further cause the router to decrypt at least a portion of the encrypted configuration file, and determine whether a result of the decryption is valid. However, Tomasso discloses decrypting configuration file using password to verify authorized access (Tomasso: [0046]: passphrase is used to decrypt configuration file). It would have been obvious to one having ordinary skill in the art to protect configuration file with encryption key associated with authorized user because Wang and Tomasso both disclose provide secure access to configuration file stored in a router. The motivation to combine would be increase security of configuration file by cryptographic measures.
As per claim 37, Wang discloses the limitations of claim 33. Wang does not explicitly disclose transferring the configuration file from a secure storage to an operational memory of the router in response to the router booting-up, and decrypting the configuration file in the operational memory using a key in response to the router booting-up, wherein the key is based on at least one of the anti-theft password or a hash version of the anti-theft password. However Tomasso discloses the limitations (Tomasso: [0046]: provided passphrase is used to decrypt firmware during boot-loading process). It would have been obvious to one having ordinary skill in the art to protect configuration file with encryption key associated with authorized user because Wang and Tomasso both disclose provide secure access to configuration file stored in a router. The motivation to combine would be to ensure secure boot-up and verification process using cryptographic measures.
Claims 26 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Wang in view of Kanakarajan et al. U.S. 2017/0200026 (hereinafter Kanakarajan).
As per claim 26, Wang discloses the limitations of claim 21. Wang does not explicitly disclose wherein the secured anti-theft password is encrypted and stored in a secure area of the memory. However, Kanakarajan discloses a router including TPM to secure store password to regulate access to information stored in the router (Kanakarajan: [0005]-[0006]: Router with TPM; [0022]-[0023]: store password/cryptographic key ). It would have been obvious to one having ordinary skill in the art to encrypt authentication data in memory as well-known in the art.
As per claim 27, Wang discloses the limitations of claim 26. Wang further discloses wherein the secure area of the memory includes at least one of a boot-Read Only Memory (boot-ROM), a boot-loader memory, or a trusted platform module (TPM) (Wang: [0022]-[0023]). It would have been obvious to one having ordinary skill in the art to include TPM in the router to securely process data because Wang and Kanakarajan are analogous art involving access control of routers. The motivation to combine would be to ensure secure boot-up and verification process using cryptographic measures.
Claims 31 are rejected under 35 U.S.C. 103 as being unpatentable over Wang.
As per claim 31, Wang discloses the limitations of claim 21. Wang does not explicitly disclose wherein the instructions, when executed by the at least one processor, further cause the router to generate a first hash using the first input password, and determine whether the first input password matches the secured anti-theft password by comparing the first hash with a second hash generated using the secured anti-theft password. However, generating password hash for authentication is well known in the art.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Lee et al. U.S. 2008/0120727 discloses method of protecting files from unauthorized modification or deletion by using password.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789. The examiner can normally be reached Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431