Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the Amendment filed on 02/04/2026.
In the instant Amendment, claims 1, 10 and 13 have been amended and claims 1, 10 and 13 are independent claims. Claims 1-5 and 10-13 have been examined and are pending. This Action is made FINAL.
Response to Arguments
The rejections of claim 1 under 35 U.S.C. § 101 are withdrawn as the claims have been amended.
Applicants’ arguments with respect to claims 1-5 and 10-13 have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 2-3 and 11-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Claim limitations “verifying module is configured to…...” has been interpreted under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, because it uses a non-structural term “verifying module” coupled with functional language “configured to…” without reciting sufficient structure to achieve the function. Furthermore, the non-structural term is not preceded by a structural modifier. Applicant’s specification fails to provide a clear definition to the terms.
Since these claim limitations invokes 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, claims 2 and 11 are interpreted to cover the corresponding structure described in the specification that achieves the claimed functions, and equivalents thereof. A review of the specification show that the verifying module (e.g. paragraph [0087]) 14 may combine with a server and be arranged in the server, or may combine with the host 12 and be arranged in the host 12, or the verifying module 14 may also be an independent device, which is not limited in the embodiments of the present disclosure. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. No association between the structure and the function can be found in the specification. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph; or
(b) Amend the written description of the specification such that it clearly links or associates the corresponding structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) State on the record where the corresponding structure, material, or acts are set forth in the written description of the specification and linked or associated to the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action.
If applicant does not wish to have the claim limitation treated under 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, applicant may amend the claim so that it will clearly not invoke 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph, or present a sufficient showing that the claim recites sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).
Regarding claims 3 and 12; Claims 3 and 12 depend from claims 2 and 11 and are analyzed and rejected accordingly.
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
The following is a quotation of pre-AIA 35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA 35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claim 13 is rejected under 35 U.S.C. 112(d) or 35 U.S.C. 112 (pre-AIA ), fourth paragraph, as failing to incorporate by reference all limitations of the claim to which it/they refer(s).
Regarding claim 13; claim 13 is rejected under 35 U.S.C. 112(d) or pre-AIA 35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. “[A] proper dependent claim must be narrower than the claim upon which it depends and must not be broader in any respect.” D. Chisum, Chisum on Patents § 8.06[5] (2011) (citing Pfizer Inc. v. Ranbaxy Laboratories Ltd., 457 F3d 1284 (Fed. Cir. 2006) (claim held invalid for failing to comply with 35 U.S.C. § 112, fourth paragraph)). A computer storage medium claim 13 rely on method claim 1. However, claim 10 fail to specify a further limitation of the subject matter of the claim 1 to which they refer, because is complete outside the scope of claim 1. Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C.
102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-5 and 10-13 are rejected under 35 U.S.C. 103 as being unpatentable over Rajani (US 12,212,636), in view of Shui (US 2016/0073218) and in view of Kuz (US 2005/0111468).
Regarding claim 1, Rajani discloses a device access method, wherein the method is applied to a host and comprises:
acquiring a connection request provided by a terminal, wherein the connection request comprises an identifier of the terminal and a password corresponding to the identifier (Rajani claim 1 and col. 11; lines 42-47; Receiving, at a load balancer of the IoT network, a connection request from the one or more user devices, wherein the IoT network comprises one or more clusters, each of the one or more clusters being associated with a unique cluster identifier, the connection request comprises at least the password and the username comprising a cluster identifier, the password is an encrypted combination of a user device identifier and the username, the connection request is a stateful request, and the one or more user devices are associated with the cluster identifier assigned by an authentication server. Next, the registration cluster [208] assigns the username and the password to the one or more user devices [202]. It is the username and the password to the one or more user devices [202] by the authentication server [214] that is transmitted by the one or more user devices [202] in the connect request. See also abstract and fig 6 );
acquiring a verification result of the password, wherein the password is configured to be verified by a public key in the key pair (Rajani col. 13; lines 61-67; col. 14; lines 11-14 and fig 6; Upon receiving the connection request, the target cluster validates the connection request based on the public key previously shared with the clusters. At 620, the target cluster intimates the one or more user devices of the connection status based on the validation, that whether the connection was successful or failed. The one or more user devices [202] then requests a registration request to the Registry cluster (e.g., stateful connections broker (SCB)) of the M2M framework using the user device identifier and the authentication token as password)
establishing a connection with the terminal in response to a successful verification (Rajani col. 13; lines 61-67 and fig 6; Upon receiving the connection request, the target cluster validates the connection request based on the public key previously shared with the clusters. At 620, the target cluster intimates the one or more user devices of the connection status based on the validation, that whether the connection was successful or failed); and
rejecting the connection request of the terminal in response to a failed verification (Rajani col. 13; lines 61-67 and fig 6; Upon receiving the connection request, the target cluster validates the connection request based on the public key previously shared with the clusters. At 620, the target cluster intimates the one or more user devices of the connection status based on the validation, that whether the connection was successful or failed).
Rajani teaches, assigns a username and a password to the one or more user devices and the password is an encrypted combination of the user device identifier and the username (Rajani col. 9; lines 36-42). However, Rajani does not explicitly disclose wherein the password is generated based on a private key in a key pair and the identifier.
However, in an analogous art, Shui teaches the password is generated based on a private key in a key pair and the identifier (Shui abstract and par. 0009; Generating a password according to the Bluetooth identifier, the private key and a second algorithm; transmitting, by a second electrical device, a Bluetooth pairing request according to the Bluetooth identifier, the private key, the first algorithm, and the second algorithm).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Shui with the method and system of Rajani, wherein the password is generated based on a private key in a key pair and the identifier to provide users with a means for establishing a connection with pairing request (Shui abstract).
Rajani and Shui teach, assigns a username and a password to the one or more user devices and the password is an encrypted combination of the user device identifier and the username (Rajani col. 9; lines 36-42) and password is generated based on a private key in a key pair and the identifier (Shui abstract and par. 0009). However, Rajani and Shui do not explicitly disclose wherein each terminal has an independent password, and the identifier and the password of each terminal are different.
However, in an analogous art, Kuz teaches wherein each terminal has an independent password, and the identifier and the password of each terminal are different (Kuz par. 0030 and 0045; Different identification numbers for multiple terminals may be stored with their respective passwords on the server 10. To prevent this scenario from occurring, the operator of the portal may store the access rights of the different terminals associated with the identification numbers of the different terminals and the respective passwords).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Kuz with the method and system of Rajani and Shui, wherein each terminal has an independent password, and the identifier and the password of each terminal are different to provide users with a means for controlling the access of services from a service provider to a client terminal provides capabilities for the user to change and modify the desired services and have the modified access information communicated to the client terminal or navigation device (Kuz abstract).
Regarding claim 2, Rajani, Shui and Kuz disclose the method according to claim 1,
Rajani further discloses wherein said acquiring the verification result of the password comprises
PNG
media_image1.png
10
6
media_image1.png
Greyscale
: sending the identifier of the terminal and the password corresponding to the identifier to a verifying module, wherein the verifying module is configured to verify the password through the public key in the key pair; and receiving a verification result fed back by the verifying module ((Rajani col. 13; lines 61-67; col. 14; lines 11-14 and fig 6; Upon receiving the connection request, the target cluster validates the connection request based on the public key previously shared with the clusters. At 620, the target cluster intimates the one or more user devices of the connection status based on the validation, that whether the connection was successful or failed. The one or more user devices [202] then requests a registration request to the Registry cluster (e.g., stateful connections broker (SCB)) of the M2M framework using the user device identifier and the authentication token as password).
Regarding claim 3, Rajani, Shui and Kuz disclose the method according to claim 2,
Rajani further discloses wherein the connection request further comprises a user name corresponding to the identifier, and the password is generated based on the private key in the key pair, the identifier and the user name; and said sending the identifier of the terminal and the password corresponding to the identifier to the verifying module comprises: sending the identifier of the terminal, the user name corresponding to the identifier and the password corresponding to the identifier to the verifying module (Rajani col. 9; lines 36-51; The load balancer [204] is further configured to receive a first registration request from the one or more user devices [202] prior to receiving the connection request. The present invention encompasses that the first registration request comprises at least a user device identifier. The load balancer [204] then routes the first registration request to a registration cluster [208] based on the user device identifier. The registration cluster [208] is configured to receive the first registration request from the load balancer [204]. The load balancer [204] assigns a username and a password to the one or more user devices. The present invention encompasses that the username is a combination of at least a cluster identifier and the user device identifier, and the password is an encrypted combination of the user device identifier and the username. The registration cluster [208] is further configured to transmit the password and the username to the one or more user devices [202]. In an instance of the present invention, the first registration request received at the load balancer [204] further comprises of the token assigned to the one or more user devices [202] by the IDAM [210]. Accordingly, the registration cluster [208] is further configured to validate the first registration request based on the token, wherein the username and the password is assigned to the one or more user devices [202] based on the validation).
Regarding claim 4, Rajani, Shui and Kuz disclose the method according to claim 1,
Rajani further discloses wherein said acquiring the verification result of the password comprises: decrypting the password through the public key in the key pair to acquire decrypted data; generating digest data of the identifier of the terminal; verifying whether the decrypted data is the same as the digest data; determining that the verification is successful in response to the decrypted data being the same as the digest data; and determining that the verification fails in response to the decrypted data differing from the digest data (Rajani col. 13; lines 61-67 and col. 9; lines 9-20; Upon receiving the connection request, the target cluster validates the connection request based on the public key previously shared with the clusters. At 620, the target cluster intimates the one or more user devices of the connection status based on the validation, that whether the connection was successful or failed. At 906, the load balancer [204] processes the username in the connection request and sends the connection request to the cluster associated with the cluster identifier in the username of the connection request. At 908, once the connection request is received by said cluster, it decrypts the password with the shared public key, verifies the claims of the one or more user devices [202], and authenticates the connection request. At 910, the one or more user devices [202] start sending/publishing the data once the connection request is successful and starts availing one or more services from the cluster of the IoT network).
Regarding claim 5, Rajani, Shui and Kuz disclose the method according to claim 1,
Shui further discloses wherein before the connection request provided by the terminal is acquired, the method further comprises: acquiring the identifier of the terminal; generating the password based on the private key in the key pair and the identifier; and configuring the password into the terminal (Shui abstract and par. 0009; Generating a password according to the Bluetooth identifier, the private key and a second algorithm; transmitting, by a second electrical device, a Bluetooth pairing request according to the Bluetooth identifier, the private key, the first algorithm, and the second algorithm).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Shui with the method and system of Rajani and Kuz, wherein the password is generated based on a private key in a key pair and the identifier to provide users with a means for establishing a connection with pairing request (Shui abstract).
Regarding claims 10-12; claims 10-12 are directed to a device access system associated with the method claimed in claims 1-2 and 4 respectively. Claims 10-12 are similar in scope to claims 1-2 and 4 respectively, and are therefore rejected under similar rationale respectively.
Regarding claim 13; claim 13 is directed to a computer storage medium associated with the method claimed in claim 1. Claim 13 is similar in scope to claim 1, and is therefore rejected under similar rationale respectively.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SANCHIT K SARKER/Primary Examiner, Art Unit 2495