DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a Non-Final Office Action in response to the communication filed on May 22, 2024.
Claims 1-20 have been examined.
Drawings
The drawings filed on May 22, 2024 are acceptable for examination proceedings.
Allowable Subject Matter
Claims 5-6, 12-13, and 19-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance:
Regarding dependent claims 5-6, 12-13, and 19-20:
The closest prior art Weith et al. (U.S. Patent Application Publication No.: US 2026/0005873 A1) employes asymmetric cryptography to establish a symmetric key between a proxy and a server in virtual private network communication (Weith, Abstract and Para 0057).
The second closest prior art Kristofer Skantze (U.S. 2002/0035687 A1) discloses “…The symmetric key is added to the message after encryption with the symmetric key and the symmetric key is encrypted by a public key belonging to the receiver, whereupon
the already encrypted symmetric key is encrypted by a private key belonging to the sender. In the receiving device, the symmetric key is decrypted by the public key of
the sender in the receiving device and by the private key of the receiver, whereupon the symmetric key is used for decrypting the message. The sender and the receiver identifies
themselves to the sending device and the receiving device by verification means…” (Abstract).
The third closest prior art Levin et al. (U.S. 2021/0344485 A1) discloses “…Double key encryption encrypts sensitive data using a content key, obtains a user public key from a key management service, encrypts the content key using the user public key, and encrypts the result using a cloud service provider key. Data confidentiality is protected efficiently through multilevel encryption and also by utilizing keys that are managed by different entities” (Abstract).
However, the prior arts alone or in combination fails to teach or suggest the claimed limitation of dependent claim 5: “wherein the remote VPN device utilizes a key server to decrypt the temporary symmetric key using the public key of the controller device and a private key of the remote VPN device”; and
claim 6: “wherein the remote VPN device utilizes a key server to encrypt the temporary symmetric key using the public key of the controller device”.
For this reason, the specific claim limitations recited in the dependent claims 5 and 6 taken as whole are allowed.
The dependent claims 12-13, and 19-20 which are similar in scope that of claims 5-6 respectively, are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-4, 7-11, and 14-18 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Weith et al. (U.S. Patent Application Publication No.: US 2026/0005873 A1 / or “Weith” hereinafter).
Regarding claim 1, Weith discloses “A system, comprising” (Para 0005: methods, and systems of handling encrypted traffic):
“a primary virtual private network (VPN) device [i.e., a client device (see applicant provided specification)] configured to perform data plane operations associated with a VPN, the data plane operations comprising” (Fig. 24: User Device 300 i.e., a “primary VPN device”; and Para 0055: the User Device 300 communicates with a cloud system using VPN):
“initiating a request to establish a permanent secure communication channel with a remote VPN device [i.e., a Remote VPN Server (see applicant provided specification)]” (Fig. 24: Server 504 i.e., a “remote VPN device”; and Para 0097: the Server 504 communicates with the User Device 300 and established SSL connection);
“and a controller device [i.e., a secondary VPN device (see applicant provided specification)] in communication with a primary VPN device [i.e., a client device] and configured to perform control plane operations associated with the VPN, the control plane operations comprising” (24: Interception Proxy 530 i.e., a “controller device”; and Para 0101: the Interception Proxy 530 secures communication between the Server 504 and the User Device 300):
“in response to generating a temporary symmetric key, encrypting the temporary symmetric key with a private key of the controller device and a public key of the remote VPN device” (Para 0167: the Interception Proxy 530/Proxy establishes SSL connection with the Server 504 /Web Server and validates the Web Server’s digital certificate; and Para 0168: lines 1-6, a shared symmetric key is established between the Proxy and the Web Server);
“transmitting, via a temporary secure communication channel, the encrypted temporary symmetric key to the remote VPN device” (Para 0168: lines 1-6, a shared symmetric key is established between the Proxy and the Web Server);
“receiving, from the remote VPN device, the temporary symmetric key encrypted with a public key of the controller device” (Para 0168: lines 1-6, a shared symmetric key is established between the Proxy and the Web Server);
“producing a permanent symmetric key by decrypting, using the private key of the controller device, the temporary symmetric key encrypted with the public key of the controller device” (Para 0168: lines 1-6, a shared symmetric key is established between the Proxy and the Web Server);
“and establishing a permanent secure communication channel using the permanent symmetric key by sending the permanent symmetric key to the primary VPN device” (Para 0168: lines 13-16: the shared symmetric key is established between the Proxy and the User Device 300).
Regarding claim 2, in view of claim 1, Weith discloses “wherein producing the permanent symmetric key further comprises: validating the permanent symmetric key by determining whether a candidate symmetric key matches the temporary symmetric key” (Para 0071-0072, a shared key is established).
Regarding claim 3, in view of claim 1, Weith discloses “wherein the controller device comprises a hardware root of trust configured to: perform attestation operations to validate the integrity of the controller device; and generate the temporary symmetric key in response the attestation operations validating the integrity of the controller device” (Para 0101: Proxy with root CA certificate; and Para 0142: Hardware Secure Module (HSM) for key security).
Regarding claim 4, in view of claim 1, Weith discloses “wherein the controller device is configured to initiate, at periodic intervals, a set of operations to establish a new permanent secure communication channel using a new permanent symmetric key” (Para 0071).
Regarding claim 7, in view of claim 1, Weith discloses “wherein the data plane operations further comprise: establishing a further permanent secure communication channel, for another primary VPN device, using a different permanent symmetric key” (Para 0101: different clients can be managed).
Regarding claim 8, claim 8 is directed to a method corresponding to the system recited in claim 1. Claim 8 is similar in scope to claim 1, and is therefore, rejected under similar rationale.
Regarding claim 9, claim 9 is directed to a method corresponding to the system recited in claim 2. Claim 9 is similar in scope to claim 2, and is therefore, rejected under similar rationale.
Regarding claim 10, claim 10 is directed to a method corresponding to the system recited in claim 3. Claim 10 is similar in scope to claim 3, and is therefore, rejected under similar rationale.
Regarding claim 11, claim 11 is directed to a method corresponding to the system recited in claim 4. Claim 11 is similar in scope to claim 4, and is therefore, rejected under similar rationale.
Regarding claim 14, claim 14 is directed to a method corresponding to the system recited in claim 7. Claim 14 is similar in scope to claim 7, and is therefore, rejected under similar rationale.
Regarding claim 15, claim 15 is directed to a non-transitory computer-readable storage medium corresponding to the system recited in claim 1. Claim 15 is similar in scope to claim 1, and is therefore, rejected under similar rationale.
Regarding claim 16, claim 16 is directed to a non-transitory computer-readable storage medium corresponding to the system recited in claim 2. Claim 16 is similar in scope to claim 2, and is therefore, rejected under similar rationale.
Regarding claim 17, claim 17 is directed to a non-transitory computer-readable storage medium corresponding to the system recited in claim 3. Claim 17 is similar in scope to claim 3, and is therefore, rejected under similar rationale.
Regarding claim 18, claim 18 is directed to a non-transitory computer-readable storage medium corresponding to the system recited in claim 4. Claim 18 is similar in scope to claim 4, and is therefore, rejected under similar rationale.
Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
The second closest prior art Kristofer Skantze (U.S. 2002/0035687 A1) discloses “…The symmetric key is added to the message after encryption with the symmetric key and the symmetric key is encrypted by a public key belonging to the receiver, whereupon
the already encrypted symmetric key is encrypted by a private key belonging to the sender. In the receiving device, the symmetric key is decrypted by the public key of
the sender in the receiving device and by the private key of the receiver, whereupon the symmetric key is used for decrypting the message. The sender and the receiver identifies
themselves to the sending device and the receiving device by verification means…” (Abstract).
The third closest prior art Levin et al. (U.S. 2021/0344485 A1) discloses “…Double key encryption encrypts sensitive data using a content key, obtains a user public key from a key management service, encrypts the content key using the user public key, and encrypts the result using a cloud service provider key. Data confidentiality is protected efficiently through multilevel encryption and also by utilizing keys that are managed by different entities” (Abstract).
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is (571) 270-3392. The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431
/MICHAEL R VAUGHAN/Primary Examiner, Art Unit 2431
Prosecution Insights