Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This communication is in response to Applicant's Amendment filed 12/02/2025. Applicant has amended claim 1-2, 4, 7-9, 11-12 and 15-16, and previously duplicate claim 3 has been renumbered to claim 16. Currently, claims 1-16 are pending in the application.
Response to Amendments
Acknowledgement to applicant’s amendment to claim 3 has been noted. The claims have been reviewed, entered and found obviating to previously raised objections for minor informalities. Objection to claim 3 is hereby withdrawn.
Response to Arguments
Regarding rejection under 35 USC § 103, the arguments filed 12/02/2025 have been considered but are not persuasive to overcome the references on record: Parla et al. (WO 2023/220304 A1) in view of Coffing (US 2022/0224535 A1).
Applicant states that “Parla is mischaracterized as allegedly disclosing the claimed router assigning the unique signed identity in Parla, para. [0039]….“ Examiner notes that Parla teaches, under the broadest reasonable interpretation, a connection between a device 102 (i.e. site/router) to a resource 104 (i.e. device) via a control plane (i.e. communication channel 202). The device 102, after going through an authorization and authentication step, receives resource connection information (i.e. identity) to communicate with the resource 104 (par 39-40), thus providing the basic infrastructure, as recited in the claims. Examiner noted that Coffing teaches similar infrastructure, where the providing of a signed identity to endpoints is provided via the control plane (fig. 3, par 34-36) for verification. Coffing teaches an enriched token that is signed. In the rejection section below, Examiner notes that Parla only teaches on an identity information (i.e. resource connection information between the device 102 and resource 104) yet Coffing teaches on the signed identity (Coffing, par 36). The Applicant has amended the claims to recite “a unique signed identity”. Examiner notes that a signed token is in itself unique since the use of signatures provide uniqueness and integrity. It is known in the art that a signature ensures that even if one character of the token changes, the signature changes, therefore making the token unique. As also prior art of record, Buck (EP 3706022 A2), teaches and support in par 166 "characteristics (e.g., a signing certificate or other signature of an application) associated with the developer of the software may be used to determine the source", thus implying signatures are used to determine the source (e.g., uniqueness and integrity).
Examiner notes that claim language does not clearly identify how the signed token is generated and how the token is made unique, if more than a signature is required to make the token unique. Claims omit steps to include other functionality and entities to wholly encompass novel subject matter. Addtionally, the claim language, when reciting on the “assigning a unique signed identity”, it has been constructed in a manner that is not actively “assigning” but the claims are constructed in an informative way stating the router includes programs that are capable of “assigning” yet, no active assigning is performed. The “verifying” step has been constructed in a similar fashion.
Therefore, rejection is maintained.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-4, 6-9, 11-12, 14-15 rejected under 35 U.S.C. 103 as being unpatentable over Parla et al. (WO 2023/220304 A1, hereinafter “Parla”) in view of Coffing (US 2022/0224535 A1, hereinafter “Coffing”).
Regarding claim 1, Parla teaches:
1. A network for secure communications using micro-tunneling, the network comprising:
a site (fig. 3, device 102) comprising a router (par 67, the device can be a router) in communication with a device (resource 104) over a control plane (fig. 3, device 102 in communication with resource over control plane flow 202) and wherein the router includes program instructions for assigning a [unique signed] identity to the site (par 39, policy engine 110 and authentication proxy 112 authenticate the device for access by determining resource location information, see also par 51, par 40: “the cloud-computing network 106 may provide the resource connection information to the device”); and
a gateway node (fig. 3, proxy 306) in communication with the router (fig. 3, device 102 comprising the router) over the control plane (fig. 3, communication channel 202, device 102, and resource 104) and wherein the gateway node includes program instructions for verifying the [unique signed] identity received from the site (fig. 3, par 51: “ At “4,” the policy engine 110 and the proxy or enforcer 306 may authorize/allow an in-out session to begin between the resource 104 and the device 102”); and
wherein the device [initiating a transport flow] inserts the [unique signed] identity for the site in a metadata field of a packet in the transport flow and the gateway node verifies the [unique signed] identity (Examiner interprets this as a verification utilizing identification information) before allowing (par 44-45: “In some examples, the DNS/Application Metadata Server 116 may verily that the resource 104 is on the correct port. IP address, and/or protocol that was provided to the policy engine 110. After authenticating and/or authorizing the device 102 for connecting to the resource 104, the cloud-computing network 106 may provide the resource connection information to the client 206 of the device 102.”) the transport flow (par 45: “At “2,” the initial connection 118 (e g., an initial networking connection) for the data plane flow 208 is established between the device 102 and the resource 104”).
Parla teaches the claimed invention except for “the device” that initiates a transport flow is not the same device utilizing the identification information for verification to later authorize the transport flow. It would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have used another device to perform the verification utilizing identification information, as taught by Parla, since it has been held that rearranging of parts in an invention involves only routine skill in the art.
Parla does not teach yet Coffing suggests:
unique signed identity (Coffing: par 36; i.e. signed token used for identification and authentication, see also claim 6).
Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have signed identity information used for verification, as taught by Coffing, to Parla’s invention. The motivation to do so would have been in order to dynamically authorize and/or manage access to endpoint(s) (Coffing: Abstract).
Regarding claim 2, same rationale for combination of Parla and Coffing, which combined in claim 1, applies here as it encompasses same subject matter. Therefore, the combination of Parla and Coffing teaches:
2. The network for secure communications of claim 1 wherein the unique signed identity comprises a token (Coffing: par 36; i.e. signed token, see also claim 6).
Regarding claim 3, same rationale for combination of Parla and Coffing, which combined in claim 1, applies here as it encompasses same subject matter. Therefore, the combination of Parla and Coffing teaches:
3. The network for secure communications of claim 2 wherein the token comprises a JavaScript Object Notation (JSON) web token (Coffing: par 22; i.e. JSON web token).
Regarding claim 4, same rationale for combination of Parla and Coffing, which combined in claim 1, applies here as it encompasses same subject matter. Therefore, the combination of Parla and Coffing teaches:
4. The network for secure communications of claim 1 wherein the gateway node verifies the unique signed identity using a key (Coffing: par 36, i.e. signed token using a private key).
Regarding claim 6, the combination of Parla and Coffing teaches:
6. The network for secure communications of claim 1 wherein the metadata field of the packet in the transport flow is encrypted (Parla: par 14, end-to-end encryption).
Regarding claim 7, the combination of Parla and Coffing teaches:
7. The network for secure communications of claim 1 wherein the unique signed identity can be revoked by a network administrator (Parla: par 18; an enforcement node placed between device and resource has the ability to add or remove any encapsulation protocol).
Regarding claim 8, all claim limitations are set forth and rejected as it has been discussed in claim 1.
Regarding claim 9, all claim limitations are set forth and rejected as it has been discussed in claim 2.
Regarding claim 11, all claim limitations are set forth and rejected as it has been discussed in claim 3.
Regarding claim 12, all claim limitations are set forth and rejected as it has been discussed in claim 4.
Regarding claim 14, all claim limitations are set forth and rejected as it has been discussed in claim 6.
Regarding claim 15, all claim limitations are set forth and rejected as it has been discussed in claim 7.
Claims 16, 10 rejected under 35 U.S.C. 103 as being unpatentable over Parla et al. (WO 2023/220304 A1, hereinafter “Parla”) in view of Coffing (US 2022/0224535 A1, hereinafter “Coffing”) in further view of Buck et al. (EP 3706022 B1, hereinafter “Buck”).
Regarding claim 16 the combination of Parla and Coffing do not teach yet Buck suggests:
3. The network for secure communications of claim 1 wherein the unique signed identity is assigned using security assertion markup language (SAML) (Buck: par 81-82; i.e. aggregated information may be passed with the access request as SAML security assertion).
Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a SAMl security assertion, as taught by Buck, to the combination of Parla and Coffing’s invention. The motivation to do so would have been in order for configuring permissions for computing devices associated with a change of context for a computing device and/or a permission request for software on a computing device (Buck: par 1).
Regarding claim 10, all claim limitations are set forth and rejected as it has been discussed in claim 16 in this section.
Claims 5, 13 rejected under 35 U.S.C. 103 as being unpatentable over Parla et al. (WO 2023/220304 A1, hereinafter “Parla”) in view of Coffing (US 2022/0224535 A1, hereinafter “Coffing”) in view of Official Notice.
Regarding claim 5, the combination of Parla and Coffing teaches:
5. The network for secure communications of claim 4 wherein the key comprises a [public] key (Coffing: par 36, i.e. signed token using a private key).
The combination of Parla and Coffing teaches the claimed invention except for the key is a public key. It would have been an obvious matter of design choice to have used a private key instead of a public key, as it provides farther more security, since the applicant has not disclosed that a public key solves any stated problem or is for any particular purpose and it appears that the invention would perform equally well with the key being a private key.
Regarding claim 13, all claim limitations are set forth and rejected as it has been discussed in claim 5.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is 571-272-1787. The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on 571-270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LIZBETH TORRES-DIAZ/ Primary Examiner, Art Unit 2408
March 21, 2026