DETAILED ACTION
This Office Action is in response to the Amendment filed on 01/06/2026.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, filed on 01/06/2026, independent claims 1, 12, and 19 have been amended.
Claims 1-20 have been examined and are pending; claims 1, 12 and 19 are independent. This Action is made FINAL.
Response to Arguments/Remarks
As to the claim interpretation to claims 19 and 20, made under 35 U.S.C. § 112(f), the Applicant has mended the claim 19, obviated the claim interpretation.
Applicant’s arguments with respect to prior-art rejections to claims 1-20, filed on 01/06/2026, have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection, where a new ground of rejection is applied with new art that is necessitated based on the amendment.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lakshminarayana et al (“Lakshminarayana,” US 2021/0089634, published on 03/25/2021), in view of Wong et al (“Wong,” US 2015/0339664, published on 11/26/2015), and further in Akkarakaran Jose et al (“Akkarakaran-Jose,” US 2025/0267139, filed on 02/15/2024).
As to claim 1, Lakshminarayana teaches a method (Lakshminarayana: pars 0004-0005, 0016, method and system for authentication in edge devices), comprising:
receiving, by an edge device of an edge cluster, a local edge network authentication request from a principal (Lakshminarayana: pars 0004-0005, 0045; Fig. 5, receives information related to user authentication at an edge device of a plurality of edge devices [i.e., edge cluster] from a user [i.e., principal]); and
verifying a local credential associated with the authentication request (Lakshminarayana: pars 0004,0021-0023, 0045; Fig. 1, 5, matching user's attributes/characteristics, collected at the edge device, with those pre-stored in the database for allowing or denying decision).
Lakshminarayana does not explicitly teach providing an authentication token to a service or a workload associated with the edge cluster based at least in part on verifying the local credential.
However, in an analogous art, Wong teaches providing an authentication token to a service or a workload associated with the edge cluster based at least in part on verifying the local credential (Wong: pars 0078, 0089; Fig 1, a token, that is mapped with user account identifiers and the user access restrictions, is generated and managed for user access authorization. A copy of token is provided to a portable communication device for using account transaction request).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wong with the method/system of Lakshminarayana to include the limitation(s), providing an authentication token to a service or a workload associated with the edge cluster based at least in part on verifying the local credential, where one would have been motivated to generate and provide an authentication token associated with user identity and account for user to use an edge device for an authentication process for an transaction, even for an offline authentication process (Wong: pars 0058, 0078, 0089).
Lakshminarayana or Wong does not explicitly teach the limitations, wherein the local edge network authentication request includes an aliased local edge network identifier that is associated with a true identity profile of the principal and wherein the aliased local edge network identifier and corresponding local credential were preregistered with a cloud identity provider when network connectivity existed and federated to a local edge identity provider; [verifying] by the local edge identity provider executing on the edge device.
However, in an analogous art, Akkarakaran-Jose teaches the limitations, wherein the local edge network authentication request includes an aliased local edge network identifier that is associated with a true identity profile of the principal and wherein the aliased local edge network identifier and corresponding local credential were preregistered with a cloud identity provider when network connectivity existed and federated to a local edge identity provider; [verifying] by the local edge identity provider executing on the edge device (Akkarakaran-Jose: pars 0008, 0018, 0020, an independent authentication source authenticates user information for providing access token, where the user information, which is registered with user personal information and associated with a native account, is transmitted over a second session, from a non-native account [i.e., aliased local edge identifier and local credentials]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Akkarakaran-Jose with the method/system of Lakshminarayana and Wong to include the limitation(s), wherein the local edge network authentication request includes an aliased local edge network identifier that is associated with a true identity profile of the principal and wherein the aliased local edge network identifier and corresponding local credential were preregistered with a cloud identity provider when network connectivity existed and federated to a local edge identity provider; [verifying] by the local edge identity provider executing on the edge device, where one would have been motivated to use an aliased local edge identifier and local credentials for authentication user performing communication and transaction using the information of the original user account and user information to streamline the network access/connectivity, making it quicker and more convenient for the user (Akkarakaran-Jose: pars 0008, 0018, 0020).
As to claim 2, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 1,
Wong further teaches wherein receiving further includes receiving the local edge network authentication request when the edge cluster lacks any external network connectivity (Wong: pars 0008, 0058, offline authentication process (e.g., without network connectivity) by which an access device authenticates a communication device or an application executing for a transaction).
As to claim 3, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 1,
Lakshminarayana further teaches wherein receiving further includes receiving a principal identifier and the local credential with the local edge network authentication request when the principal is a user attempting to initiate a transaction on the edge cluster of the edge network (Lakshminarayana: pars 0004-0005, 0045; Fig. 5, receives information related to user authentication at an edge device of a plurality of edge devices [i.e., edge cluster] from the user [i.e., principal]) for the transaction process).
As to claim 4, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 3,
Wong further teaches wherein receiving further includes receiving the principal identifier as encoded information scanned from a barcode or quick response code at a different edge device of the edge cluster (Wong: pars 0083, 0089, user of portable communication device [i.e. principal] present payment information in the form of an image such as a quick response (QR) code, or bar code, etc. to contactless reader of access device [i.e. a different edge device]).
As to claim 5, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 4,
Wong further teaches wherein receiving further includes receiving the local credential as a personal identification number entered at the different edge device by the principal (Wong: pars 0058, 0083, 0089, user of portable communication device [i.e. principal present payment information to the access device [i.e. a different edge device] for authentication process for the transaction).
As to claim 6, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 1,
Wong further teaches wherein receiving further includes receiving the local edge network authentication request from a different service or a different workload identified as the principal, wherein the local edge network authentication request identifies a user associated with an in progress transaction being processed on the edge cluster of the edge network (Wong: pars 0058, 0083, 0089, User of portable communication device [i.e. principal] present payment information to the access device [i.e. a different edge device] for authentication process for the transaction).
As to claim 7, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 1,
Lakshminarayana further teaches wherein verifying further includes hashing the local credential to a hash value and attempting to match the hash value with a principal identifier (Lakshminarayana: pars 0004,0022, matching user's attributes/characteristics in a format of generated hash value with pre-stored hash value).
As to claim 8, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 1,
Wong further teaches wherein providing further includes assigning access rights to the authentication token when the local credential is verified (Wong: pars 0078, 0089; Fig 1, a token, that is mapped with user account identifiers and the user access restrictions, is generated and managed for user access authorization).
As to claim 9, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 1
Wong further teaches further comprising processing a transaction on the edge cluster of the edge network when the edge cluster lacks any external network connectivity (Wong: pars 0008, 0058, 0089, offline authentication process (e.g., without network connectivity) by which an access device authenticates a communication device or an application executing for a transaction. User of portable communication device present payment information to the access device for authentication process for the transaction).
As to claim 10, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 9
Wong further teaches further comprising, synchronizing a transaction state and transaction data with a server or a cloud when the edge cluster of the edge network regains external network connectivity (Wong: pars 0058, 0078, 0089; Fig 1, a copy of the token is provided to a portable communication device for using account transaction request while token information is stored and managed in token vault [i.e. synchronization of transaction data and sate]).
As to claim 11, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 1
Lakshminarayana further teaches further comprising, receiving principal identifiers and corresponding credentials or corresponding hash values for the corresponding credentials from a server or a cloud when the edge cluster has external network connectivity (Lakshminarayana: pars 0004-0005, 0045; Fig. 5, receives information related to user authentication at an edge device of a plurality of edge devices [i.e., edge cluster] from the user [i.e., principal], user's attributes/characteristics in a format of generated hash value).
As to claim 12, Lakshminarayana teaches a method (Lakshminarayana: pars 0004-0005, 0016, method and system for authentication in edge devices), comprising:
configuring an edge cluster at a site to provide local edge network authentication (Lakshminarayana: pars 0004-0005, 0045; Fig. 5, receives information related to user authentication at an edge device of a plurality of edge devices [i.e., edge cluster] from a user [i.e., principal]) and process a transaction when the edge cluster lacks any external network connectivity; authenticating, by the edge cluster, a principal for the transaction when the edge cluster lacks any external network connectivity; processing, by the edge cluster, the transaction when the principal is authenticated (Lakshminarayana: pars 0004,0021-0023, 0045; Fig. 1, 5, matching user's attributes/characteristics, collected at the edge device, with those pre-stored in the database for allowing or denying decision, for a transaction process).
Lakshminarayana does not explicitly teach when the edge cluster lacks any external network connectivity; [authenticating] when the edge cluster lacks any external network connectivity; and synchronizing, by the edge cluster, a transaction state and transaction data associated with the transaction when the edge cluster regains external network connectivity.
However, in an analogous art, Wong teaches when the edge cluster lacks any external network connectivity; [authenticating] when the edge cluster lacks any external network connectivity (Wong: pars 0008, 0058; Fig 1, an offline authentication process (e.g., without network connectivity) by which an access device authenticates a communication device or an application executing for a transaction); and
synchronizing, by the edge cluster, a transaction state and transaction data associated with the transaction when the edge cluster regains external network connectivity (Wong: pars 0058, 0078, 0089; Fig 1, a token, that is mapped with user account identifiers and the user access restrictions, is generated and managed for user access authorization for performing an offline authentication process. A copy of the token is provided to a portable communication device for using account transaction request while token information is stored and managed in token vault [i.e. synchronization of transaction data and sate]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wong with the method/system of Lakshminarayana to include the limitation(s), when the edge cluster lacks any external network connectivity; [authenticating] when the edge cluster lacks any external network connectivity; and synchronizing, by the edge cluster, a transaction state and transaction data associated with the transaction when the edge cluster regains external network connectivity, where one would have been motivated to generate and provide an authentication token associated with user identity and account for user to use an edge device for an authentication process for an transaction, even for an offline authentication process (Wong: pars 0058, 0078, 0089).
Lakshminarayana or Wong does not explicitly teach the limitations, wherein configuring includes federating aliased local edge network identifiers and corresponding credentials from a cloud identity provider to a local edge identity provider of the edge cluster, and wherein the aliased local edge network identifiers are associated with true identity profiles of principals; [authenticating] using the local edge identity provider with the aliased local edge network identifier and corresponding credential.
However, in an analogous art, Akkarakaran-Jose teaches the limitations, wherein configuring includes federating aliased local edge network identifiers and corresponding credentials from a cloud identity provider to a local edge identity provider of the edge cluster, and wherein the aliased local edge network identifiers are associated with true identity profiles of principals; [authenticating] using the local edge identity provider with the aliased local edge network identifier and corresponding credential (Akkarakaran-Jose: pars 0008, 0018, 0020, an independent authentication source authenticates user information for providing access token, where the user information, which is registered with user personal information and associated with a native account, is transmitted over a second session, from a non-native account [i.e., aliased local edge identifier and local credentials]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Akkarakaran-Jose with the method/system of Lakshminarayana and Wong to include the limitation(s), wherein configuring includes federating aliased local edge network identifiers and corresponding credentials from a cloud identity provider to a local edge identity provider of the edge cluster, and wherein the aliased local edge network identifiers are associated with true identity profiles of principals; [authenticating] using the local edge identity provider with the aliased local edge network identifier and corresponding credential, where one would have been motivated to use an aliased local edge identifier and local credentials for authentication user performing communication and transaction using the information of the original user account and user information to streamline the network access/connectivity, making it quicker and more convenient for the user (Akkarakaran-Jose: pars 0008, 0018, 0020).
As to claim 13, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 12,
Lakshminarayana further teaches wherein configuring further includes receiving, by the edge cluster, a principal identifier and a credential or a hash value associated with the credential from an external server before the edge cluster lacks any external network connectivity (Lakshminarayana: pars 0004,0022, matching user's attributes/characteristics in a format of generated hash value with pre-stored hash value).
As to claim 14, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 12,
Lakshminarayana further teaches wherein authenticating further includes processing the authenticating by an identity provider executed on a first edge device of the edge cluster (Lakshminarayana: pars 0004-0005, 0045; Fig. 5, receives information related to user authentication at an edge device of a plurality of edge devices from the user for the transaction authentication process).
As to claim 15, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 14,
Wong further teaches wherein processing the authenticating further includes assigning, by the identity provider, access rights to the principal when the principal is authenticated (Wong: pars 0078, 0089; Fig 1, a token, that is mapped with user account identifiers and the user access restrictions, is generated and managed for user access authorization).
As to claim 16, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 15,
Wong further teaches wherein processing the transaction further includes processing the transaction, by a transaction service executed on a second edge device of the edge cluster (Wong: pars 0083, 0089, user of portable communication device present payment information in the form of an image such as a quick response (QR) code, or bar code, etc. to contactless reader of access device [i.e. a second edge device]).
As to claim 17, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 12,
Lakshminarayana further teaches wherein processing further includes processing the transaction by a plurality of transactions services executed on a plurality of edge devices that comprise the edge cluster (Lakshminarayana: pars 0045, 0047; Fig 5, 6, plurality of edge devices connected with a plurality of edge server machines).
As to claim 19, Lakshminarayana teaches system (Lakshminarayana: pars 0004-0005, 0016, method and system for authentication in edge devices), comprising:
an edge cluster comprising a plurality of edge devices each comprising at least one processor and memory storing executable instructions, wherein the processors of the edge device are configured to cooperate (Lakshminarayana: pars 0004-0005, 0045; Fig. 5, receives information related to user authentication at an edge device of a plurality of edge devices [i.e., edge cluster] from a user [i.e., principal]) and authenticate a principal for a transaction and process the transaction when the edge cluster lacks any external network connectivity; an identity provider comprising executable instructions stored in memory of a first edge device and executed by a processor of the first edge device, the identity provider configured to authenticate the principal (Lakshminarayana: pars 0004,0021-0023, 0045; Fig. 1, 5, matching user's attributes/characteristics, collected at the edge device, with those pre-stored in the database for allowing or denying decision, for a transaction process).
Lakshminarayana does not explicitly teach when the edge cluster lacks any external network connectivity; [authenticate] when the edge cluster lacks any external network connectivity, assign access rights to the principal, and provide an authentication token to a transaction service; and the transaction service comprising executable instructions stored in memory of at least a second edge device and executed by a processor of the first edge device, the identity provider configured to rely on the authentication token provided by the identity provider and use the access rights to process the transaction when the edge cluster lacks any external network connectivity.
However, in an analogous art, Wong teaches when the edge cluster lacks any external network connectivity; [authenticate] when the edge cluster lacks any external network connectivity, assign access rights to the principal (Wong: pars 0008, 0058; Fig 1, an offline authentication process (e.g., without network connectivity) by which an access device authenticates a communication device or an application executing for a transaction), and
provide an authentication token to a transaction service; and the transaction service comprising executable instructions stored in memory of at least a second edge device and executed by a processor of the first edge device, the identity provider configured to rely on the authentication token provided by the identity provider and use the access rights to process the transaction when the edge cluster lacks any external network connectivity (Wong: pars 0058, 0078, 0089; Fig 1, a token, that is mapped with user account identifiers and the user access restrictions, is generated and managed for user access authorization. A copy of the token is provided to a portable communication device for using account transaction request for an offline authentication process. An access device [i.e., a second edge device] provide the token information to system for the authentication of transaction using the token).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wong with the method/system of Lakshminarayana to include the limitation(s), when the edge cluster lacks any external network connectivity; [authenticate] when the edge cluster lacks any external network connectivity, assign access rights to the principal, and provide an authentication token to a transaction service; and the transaction service comprising executable instructions stored in memory of at least a second edge device and executed by a processor of the first edge device, the identity provider configured to rely on the authentication token provided by the identity provider and use the access rights to process the transaction when the edge cluster lacks any external network connectivity, where one would have been motivated to generate and provide an authentication token associated with user identity and account for user to use an edge device for an authentication process for an transaction, even for an offline authentication process (Wong: pars 0058, 0078, 0089).
Lakshminarayana or Wong does not explicitly teach the limitations, using an aliased local edge network identifier and corresponding credential that were preregistered and federated from a cloud identity provider.
However, in an analogous art, Akkarakaran-Jose teaches the limitations, using an aliased local edge network identifier and corresponding credential that were preregistered and federated from a cloud identity provider (Akkarakaran-Jose: pars 0008, 0018, 0020, an independent authentication source authenticates user information for providing access token, where the user information, which is registered with user personal information and associated with a native account, is transmitted over a second session, from a non-native account [i.e., aliased local edge identifier and local credentials]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Akkarakaran-Jose with the method/system of Lakshminarayana and Wong to include the limitation(s), using an aliased local edge network identifier and corresponding credential that were preregistered and federated from a cloud identity provider (Akkarakaran-Jose: pars 0008, 0018, 0020).
As to claim 20, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the system of claim 19,
Wong further teaches wherein the edge devices comprise one or more of transaction terminals and touchpoint devices capable of initiating and performing transactions (Wong: pars 0083, 0089; Fig 1 the portable communication device includes a contactless interface for displaying payment information in the form of a quick response (QR) code, or bar code, for scanning by contactless reader of access device for initiating transaction authentication process).
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Lakshminarayana et al (“Lakshminarayana,” US 2021/0089634, published on 03/25/2021), in view of Wong et al (“Wong,” US 2015/0339664, published on 11/26/2015), and further in Akkarakaran Jose et al (“Akkarakaran-Jose,” US 2025/0267139, filed on 02/15/2024), and Sardesai et al (“Sardesai,” US 2022/0173886, published on 06/02/2022).
As to claim 18, the combination of Lakshminarayana, Wong, and Akkarakaran-Jose teaches the method of claim 17,
Lakshminarayana or Wong des not explicitly teach the limitation, wherein processing further include cooperating by the edge devices to process the transaction services for the transaction via hypertext transfer protocol (HTTP) messages within the edge cluster.
However, in an analogous art, Sardesai teaches wherein processing further include cooperating by the edge devices to process the transaction services for the transaction via hypertext transfer protocol (HTTP) messages within the edge cluster (Sardesai: pars 0036, 0044, 0100; in a cloud based network edge node and client device establish a secure communications tunnel (e.g., a secure HTTP, HTTPS, connection). Where a request issued by a client device to an edge node, comprise an HTTPS request such as an HTTPS POST message).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sardesai with the method/system of Lakshminarayana, Wong, and Akkarakaran-Jose to include the limitation(s), wherein processing further include cooperating by the edge devices to process the transaction services for the transaction via hypertext transfer protocol (HTTP) messages within the edge cluster, where one would have been motivated to create a secure communications tunnel (e.g., a secure HTTP, HTTPS, connection) as an choice of protocol, request transaction process as an HTTPS message (Sardesai: pars 0036, 0044, 0100).
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355. The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/JAHANGIR KABIR/ Primary Examiner, Art Unit 2439