DETAILED ACTION
Claims 1-20 are presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dotan et al. (US Patent No. 8955069 ) (Hereinafter Dotan) in view of Nadiminti et al. (US Patent Application No. 20240020130) (Hereinafter Nadiminti).
As per claim 1, Dotan discloses a computer-implemented method, executed on a computing device, comprising:
receiving, at a gateway of a data storage system, an authentication request from a client for establishing a trusted connection between the client and the data storage system (fig 4, 5, col 7, lines 45-48, col 9, lines 24-28, the user 110 starts an authentication process with the security app on the mobile device 112 at time 520, prompting the security app on the mobile device 112 to request authentication with the gateway server);
the gateway transferring the authentication request to a remote management system for processing by the remote management system (col 7, lines10-20, col 9. Lines 27-31, the gateway server 310 requests a token code (e.g., an authentication token) from the token server 330), wherein the remote management system is configured to generate an authentication token (col 8, lines 11-14, authentication server 340 returns an authentication token to gateway server 310 at time 565) and perform subsequent verifications of the authentication token (col 8 lines 10-13, col 9, lines 27-33, authentication server 340 evaluates the collected authentication data and determines whether the user is authenticated);
upon approval of the authentication request, the gateway receiving an authentication token from the remote management system (col 7, lines10-20, The token server 330 generates a token and returns the token code to the gateway server ); and
the gateway transferring the authentication token to the client for use in subsequent access requests to the data storage system (fig 4-5, col 7, lines 18-20, The gateway server 310 then forwards the token code to the security app on the mobile device 112 at time). Dotan does not explicitly discloses data storage system, however the architecture described reads on the claimed invention. However, Nadiminti discloses data storage system (fig 1, para 9, The repository storing the image files may be hosted on a Remote Device Access (RDA) cloud storage ), trusted connection (para 37).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dotan and Nadiminti. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.
As per claim 2, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Nadiminti discloses wherein the remote management system comprises a baseboard management controller (BMC) (fig 1, 118, para 38, BMC).
As per claim 3, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Nadiminti discloses wherein the gateway comprises a dedicated management interface (fig 3-5, Gateway server 310).
As per claim 4, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Nadiminti discloses wherein the dedicated management interface comprises a Redfish interface (para 38, 78).
As per claim 5, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Dotan discloses further comprising; receiving, at the gateway, a query from the client, wherein the query includes the authentication token (fig 4-5, col 7, lines 20-21, The user reads the token code);
the gateway sending a command, including the authentication token, to the remote management system for verification ( fig 4-5, col 8, lines 11-14, The authentication server 340 evaluates the collected authentication data and if the user 110 is authenticated, returns an authentication token to the gateway server);
upon verification of the authentication token, the gateway receiving a success message from the remote management system, indicating that the authentication token included with the query is verified (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time); and
the gateway transmitting the query to access a service of the data storage system (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time).
As per claim 6, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Dotan discloses further comprising the service transmitting a response to the query to the client (fig 4-5, col 7, lines 18-27, Also, although the security program running on the mobile device 112 is specified as being an "app," this is merely an example. The program can be any software construct running on the mobile device 112. Although one or more examples described herein involve the use of VPN to access the remote network 122, this is also merely an example. The techniques described can be used in connection with a wide range of other technologies, such as web technology, remote desktop programs, and others.
Further, although the above-described techniques use the mobile device 112 to extract facial geometry from a picture of the user, this is just an example. Alternatively, a file or data stream representing the picture itself can be sent to the picture match server 118, and the picture match server 118 can extract the user's facial geometry remotely).
As per claim 7, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Dotan discloses wherein the command comprises a status command (fig 4-5, col 7, lines 18-27, Also, although the security program running on the mobile device 112 is specified as being an "app," this is merely an example. The program can be any software construct running on the mobile device 112. Although one or more examples described herein involve the use of VPN to access the remote network 122, this is also merely an example. The techniques described can be used in connection with a wide range of other technologies, such as web technology, remote desktop programs, and others. Further, although the above-described techniques use the mobile device 112 to extract facial geometry from a picture of the user, this is just an example. Alternatively, a file or data stream representing the picture itself can be sent to the picture match server 118, and the picture match server 118 can extract the user's facial geometry remotely).
As per claim 8, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Dotan discloses wherein the remote management system comprises a remote application programming interface (API) (fig 4-5).
As per claim 9, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Nadiminti discloses wherein the remote API comprises a RESTful API (para 38, 78).
As per claim 10, claim is rejected for the same reasons and motivations as claim 1, above.
As per claim 11, claim is rejected for the same reasons and motivations as claim 6, above.
As per claim 12, claim is rejected for the same reasons and motivations as claim 7, above.
As per claim 13, claim is rejected for the same reasons and motivations as claim 8, above.
As per claim 14, claim is rejected for the same reasons and motivations as claim 9, above.
As per claim 15, claim is rejected for the same reasons and motivations as claim 1, above. In addition, Dotan discloses receiving prior to receiving the query, at the gateway of the data storage system, an authentication request from the client for establishing a trusted connection between the client and the data storage system token (fig 4-5, col 7, lines 20-21, The user reads the token code);
the gateway transferring the authentication request to the remote management system for processing by the remote management system ( fig 4-5, col 8, lines 11-14, The authentication server 340 evaluates the collected authentication data and if the user 110 is authenticated, returns an authentication token to the gateway server);
upon approval of the authentication request, the gateway receiving the authentication token from the remote management system (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time); and
the gateway transferring the authentication token to the client for use in subsequent access requests to the data storage system (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time).
As per claim 16, claim is rejected for the same reasons and motivations as claim 2, above.
As per claim 17, claim is rejected for the same reasons and motivations as claim 3, above.
As per claim 18, claim is rejected for the same reasons and motivations as claim 4, above.
As per claim 19, Dotan discloses A computing system comprising:
a memory (fig 2); and
a processor (fig 2)configured to:
receive, at a gateway of a data storage system, an authentication request from a client for establishing a trusted connection between the client and the data storage system (fig 4-5, connection must be established between entities, and also trusted/secure connection known in the art);
transferring the authentication request from the gateway to a remote management system for processing by the remote management system (fig 4-5, col 7, lines 20-21, The user reads the token code);
upon approval of the authentication request, the gateway receiving an authentication token from the remote management system the gateway transferring the authentication token to the client for use in subsequent access requests to the data storage system (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time), wherein the remote management system is configured to generate an authentication token (col 8, lines 11-14, authentication server 340 returns an authentication token to gateway server 310 at time 565) and perform subsequent verifications of the authentication token (col 8 lines 10-13, col 9, lines 27-33, authentication server 340 evaluates the collected authentication data and determines whether the user is authenticated);
receiving, at the gateway of the data storage system, a query from the client, wherein the query includes the authentication token (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time);
the gateway sending a command, including the authentication token, to the remote management system for verification ( fig 4-5, col 8, lines 11-14, The authentication server 340 evaluates the collected authentication data and if the user 110 is authenticated, returns an authentication token to the gateway server);
upon verification of the authentication token, the gateway receiving a success message from the remote management system, indicating that the authentication token included with the query is verified (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time); and
the gateway transmitting the query to access a service of the data storage system (fig 4-5, col 7, lines 18-27, The authentication request is provided to the authentication manager 120 at time 480, in a known manner, and the VPN agent is allowed access at time 485. A VPN session is opened, and the user receives a welcome message at time). Dotan does not explicitly discloses data storage system, however the architecture described reads on the claimed invention. However, Nadiminti discloses data storage system (fig 1, para 9, The repository storing the image files may be hosted on a Remote Device Access (RDA) cloud storage ), trusted connection (para 37).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dotan and Nadiminti. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.
As per claim 20, claim is rejected for the same reasons and motivations as claim 2, above.
Response to Arguments
Applicant's arguments filed 02/04/2026 have been fully considered but they are not persuasive, therefore rejections to claims 1-20 is maintained.
In response to Applicant’s arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references. In this case Dotan discloses a computer-implemented method, executed on a computing device, comprising:
receiving, at a gateway of a data storage system, an authentication request from a client for establishing a trusted connection between the client and the data storage system (fig 4, 5, col 7, lines 45-48, col 9, lines 24-28, the user 110 starts an authentication process with the security app on the mobile device 112 at time 520, prompting the security app on the mobile device 112 to request authentication with the gateway server);
the gateway transferring the authentication request to a remote management system for processing by the remote management system (col 7, lines10-20, col 9. Lines 27-31, the gateway server 310 requests a token code (e.g., an authentication token) from the token server 330), wherein the remote management system is configured to generate an authentication token (col 8, lines 11-14, authentication server 340 returns an authentication token to gateway server 310 at time 565) and perform subsequent verifications of the authentication token (col 8 lines 10-13, col 9, lines 27-33, authentication server 340 evaluates the collected authentication data and determines whether the user is authenticated);
upon approval of the authentication request, the gateway receiving an authentication token from the remote management system (col 7, lines10-20, The token server 330 generates a token and returns the token code to the gateway server ); and
the gateway transferring the authentication token to the client for use in subsequent access requests to the data storage system (fig 4-5, col 7, lines 18-20, The gateway server 310 then forwards the token code to the security app on the mobile device 112 at time). Nadiminti discloses data storage system (fig 1, para 9, The repository storing the image files may be hosted on a Remote Device Access (RDA) cloud storage ), trusted connection (para 37). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dotan and Nadiminti. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493