Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is in response to the communication filed on 08/06/2024.
Claims 1-20 are under examination.
The Information Disclosure Statements filed on 03/31/2025 has been entered and considered.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 11 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Abdo et al. (US 2006/0117106 A1) and Alao et al. (US 2002/0147645 A1).
Regarding claim 1, Abdo et al. discloses A method for resuming a connection, comprising: establishing, by a first client device, a first connection with a host [par. 0008, “To initiate a user session, the user establishes a secure connection between a particular client device and the server system”, par. 0022, “An initial action 20 comprises establishing a secure data communications channel between server system 12 and client device 14”]; determining, by the host, first certification information and sending, by the host, the first certification information to the first client device via the first connection [par. 0027, generating and sharing auto-reconnect data with the client device], wherein the first certification information is stored by the host as a first reference information [par. 0028, “An action 27 comprises storing the auto-reconnect data at the server for later use. In conjunction with the auto-reconnect data, the server also stores a reference to the server session for which the auto-reconnect data was generated”]; in response to determining that a first connection resume operation associated with the first connection is triggered in a case where the first connection is disconnected [par. 0033, “The reconnection process can, however, be automated. Specifically, the terminal emulation software of client device 14 can be designed to automatically and repeatedly attempt to reconnect to server system 12 after a communications loss”], at least sending, by the first client device, the first certification information to the host [claim 1, “after losing communications with the client device, receiving from the client device the session ID and a session verifier that is derived at least in part from the auto-reconnect data”]; certifying, by the host, the first client device at least based on the first certification information and the first reference information; and in response to determining that the first client device is certified, resuming, by the host, the first connection with the first client device [claim 1, “ validating the session verifier; upon successfully validating the session verifier, automatically re-authenticating the client device for the particular server session”].
Abdo et al. does not explicitly disclose sending, by the first client device, first identification information associated with the first client device to the host via the first connection; determining, by the host, first certification information based on the first identification information.
However Alao et al. teaches sending, by the first client device, first identification information associated with the first client device to the host via the first connection [claim 28, the client device identifier is inserted by the client device into a message before the message is sent to the service provider]; determining, by the host, first certification information based on the first identification information [claim 27, generating the session identifier based on the client device identifier].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Alao et al. into the teaching of Abdo et al. with the motivation such that the client is identified to a service provider by the session identifier when a client signs on Alao et al. [Alao et al.: par. 0094].
Regarding claim 11, it recites limitations like claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 20, it recites limitations like claim 1. The reason for the rejection of claim 1 is incorporated herein
Claims 2-3 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Abdo et al. (US 2006/0117106 A1) and Alao et al. (US 2002/0147645 A1) as applied to claims 1, 11 and 20 above, and further in view of Yin et al. (US 2017/0171187 A1).
Regarding claim 2, the rejection of claim 1 is incorporated.
Abdo et al. and Alao et al. discloses determining, by the host, the first certification information based on the first identification information and retrieving, by the host, the first certification information.
They do not explicitly disclose retrieving, by the host, a first text segment from the first certification information as the first certification information.
However Yin et al. teaches retrieving, by the host, a first text segment from the first certification information as the first certification information [par. 0075, “The network session record may include, for example, a session identifier (e.g., a string of one or more characters identifying the network session)”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Yin et al. into the teaching of Abdo et al. and Alao et al. with the motivation to identify the network session as taught by Yin et al. [Yin et al.: par. 0075].
Regarding claim 3, the rejection of claim 1 is incorporated
Abdo et al. and Alao et al. discloses determining, by the host, the first certification information based on the first identification information and retrieving, by the host, the first certification information.
They do not explicitly disclose retrieving a first text segment from the first certification information; converting, by the host, the first text segment into the first certification information by using a converting function.
However Yin et al. teaches retrieving a first text segment from the first certification information; converting, by the host, the first text segment into the first certification information by using a converting function [par. 0075, “The network session record may include, for example, a session identifier (e.g., a string of one or more characters identifying the network session)”, par. 0028, “the application device may generate a comparison hash to compare with the received hash in order to validate the UE. As shown, the application device generates the comparison hash based on the application identifier, the session identifier…”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Yin et al. into the teaching of Abdo et al. and Alao et al. with the motivation to identify the network session as taught by Yin et al. [Yin et al.: par. 0075].
Regarding claim 12, it recites limitations like claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 13, it recites limitations like claim 3. The reason for the rejection of claim 3 is incorporated herein.
Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Abdo et al. (US 2006/0117106 A1) and Alao et al. (US 2002/0147645 A1) as applied to claims 1, 11 and 20 above, and further in view of Sheth et al. (US 2023/0276513 A1).
Regarding claim 4, the rejection of claim 1 is incorporated
Abdo et al. and Alao et al. discloses certifying, by the host, the first client device at least based on the first certification information and the first reference information.
They do not explicitly disclose in response to determining that the first certification information received from the first client device matches the first reference information, determining, by the host, that the first client device is certified; and in response to determining that the first certification information received from the first client device fails to match the first reference information, determining, by the host, that the first client device is not certified.
However Sheth et al. teaches in response to determining that the first certification information received from the first client device matches the first reference information, determining, by the host, that the first client device is certified [pars. 0079-0080, “the host device 104 compares the embedded device information from the reconnect request to the stored device information of the most recent paired device. If the embedded device information matches the stored device information, that is, the device requesting reconnection is the same device that was most recently paired to the host device 104, then the host device 104 proceeds to block 915. At block 915, the host device 104 approves the pairing and re-pairs the requesting device”]; and in response to determining that the first certification information received from the first client device fails to match the first reference information, determining, by the host, that the first client device is not certified [pars. 0081-0082, “If, at block 910, the embedded device information does not match the stored device information… If, at block 920, no affirmative input was received from the user (e.g., by negative input, or by a time out on the approval request), then the host device proceeds to block 925. At block 925, the host device 104 rejects the reconnection to the requesting device”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Sheth et al. into the teaching of Abdo et al. and Alao et al. with the motivation to make sure the device requesting reconnection is the same device that was most recently paired to the host device as taught by Sheth et al. [Sheth et al.: par. 0079].
Regarding claim 14, it recites limitations like claim 4. The reason for the rejection of claim 4 is incorporated herein.
Claims 5-7 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Abdo et al. (US 2006/0117106 A1) and Alao et al. (US 2002/0147645 A1) as applied to claims 1, 11 and 20 above, and further in view of Mendelowitz et al. (US 2022/0038909 A1).
Regarding claim 5, the rejection of claim 1 is incorporated
Abdo et al. and Alao et al. discloses certifying, by the host, the first client device at least based on the first certification information and the first reference information.
They do not explicitly disclose sending, by the first client device, a first scenario state associated with the first client device to the host via the first connection.
However, Mendelowitz et al. teaches sending, by the first client device, a first scenario state associated with the first client device to the host via the first connection [pars. 0060, “during an initial connection with a client device, a host device may generate a fingerprint of the client device, the fingerprint based on response characteristics of the client device. For example, the response characteristics of the client device may be a function of physical characteristics of the client device and a system architecture of the client device”, par. 0053, “storing the fingerprint of the client device in memory”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Mendelowitz et al. into the teaching of Abdo et al. and Alao et al. with the motivation such that a client device may be verified in order to decrease an incidence of cloned devices establishing a connection with a host device, which may increase system security as taught by Mendelowitz et al. [Mendelowitz et al.: par. 0060].
Regarding claim 6, the rejection of claim 5 is incorporated
Mendelowitz et al. further teaches in response to determining that the first connection resume operation associated with the first connection is triggered, sending, by the first client device, a current scenario state of the first client device to the host [pars. 0060, during a subsequent reconnection with the client device, the host device may compare response characteristics to the fingerprint of the client device in order to verify that the client device is authentic, and the host device may prevent inauthentic devices from connecting”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Mendelowitz et al. into the teaching of Abdo et al. and Alao et al. with the motivation such that a client device may be verified in order to decrease an incidence of cloned devices establishing a connection with a host device, which may increase system security as taught by Mendelowitz et al. [Mendelowitz et al.: par. 0060].
Regarding claim 7, the rejection of claim 6 is incorporated
Abdo et al. and Alao et al. discloses certifying, by the host, the first client device at least based on the first certification information and the first reference information.
Mendelowitz et al. further teaches in response to determining that the first certification information received from the first client device matches the first reference information and the current scenario state matches the first scenario state, determining, by the host, that the first client device is certified [par. 0049, “the host device may determine whether the client device has previously been fingerprinted by the host device. For example, the host device may have a list of devices with fingerprints stored in controller memory, and may compare an identifier of the client device to the list of previously fingerprinted devices. If the client device is included in the list of previously fingerprinted devices, the controller may determine that the host device has previously been paired to the client”, par. 0060, “during a subsequent reconnection with the client device, the host device may compare response characteristics to the fingerprint of the client device in order to verify that the client device is authentic, and the host device may prevent inauthentic devices from connecting”]; and in response to determining that the first certification information received from the first client device fails to match the first reference information or the current scenario state fails to match the first scenario state, determining, by the host, that the first client device is not certified [pars. 0058, “if the controller determines that the message characteristics of the client device to not match with the stored fingerprint of the client device, the controller may not verify the client device”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Mendelowitz et al. into the teaching of Abdo et al. and Alao et al. with the motivation such that a client device may be verified in order to decrease an incidence of cloned devices establishing a connection with a host device, which may increase system security as taught by Mendelowitz et al. [Mendelowitz et al.: par. 0060].
Regarding claim 15, it recites limitations like claim 5. The reason for the rejection of claim 5 is incorporated herein.
Regarding claim 16, it recites limitations like claim 6. The reason for the rejection of claim 6 is incorporated herein.
Regarding claim 17, it recites limitations like claim 7. The reason for the rejection of claim 7 is incorporated herein.
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Abdo et al. (US 2006/0117106 A1) and Alao et al. (US 2002/0147645 A1) as applied to claims 1, 11 and 20 above, and further in view of Brown et al. (US 2020/0112555 A1).
Regarding claim 8, the rejection of claim 1 is incorporated
Abdo et al. and Alao et al. discloses sending, by the host, the first certification information to the first client device via the first connection.
They do not explicitly disclose updating, by the host, the first certification information based on the first identification information; and sending, by the host, the updated first certification information to the first client device via the first connection, wherein the first reference information is updated based on the updated first certification information.
However, Brown et al. teaches updating, by the host, the first certification information based on the first identification information; and sending, by the host, the updated first certification information to the first client device via the first connection, wherein the first reference information is updated based on the updated first certification information [pars. 0218, “the authentication information data object includes the identified device identification information corresponding to the client device. The authentication information data object may be configured to cause the client device to utilize the access credentials and/or other information within the authentication information data object to initiate an authenticated connection with the external system. Additionally or alternatively, the authentication information data object may be transmitted to the client device for storage, for example to utilize in re-establishing an authenticated connection with the external system”, par. 0057, “detecting interruption of the authenticated connection with the external system; and retransmitting, in an alternating pattern, one or more of the access credentials and the updated access credentials to receive an authentication response from the external system, the authentication response indicating the access credentials or the updated access credentials were successfully authenticated by the external system to re-establish the authenticated connection with the external system”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Brown et al. into the teaching of Abdo et al. and Alao et al. with the motivation to enable access credentials to be readily updated to increase security without inconveniencing users as taught by Brown et al. [Brown et al.: par. 0097].
Regarding claim 18, it recites limitations like claim 8. The reason for the rejection of claim 8 is incorporated herein.
Claims 9-10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Abdo et al. (US 2006/0117106 A1) and Alao et al. (US 2002/0147645 A1) as applied to claims 1, 11 and 20 above, and further in view of Behunin (US 2017/0289268 A1).
Regarding claim 9, the rejection of claim 1 is incorporated
Abdo et al. further discloses certifying the first client device at least based on the first certification information and the first reference information comprises: certifying the first client device at least based on the first certification information and the first reference information [par. 0033, “The reconnection process can, however, be automated. Specifically, the terminal emulation software of client device 14 can be designed to automatically and repeatedly attempt to reconnect to server system 12 after a communications loss”, claim 1, “after losing communications with the client device, receiving from the client device the session ID and a session verifier that is derived at least in part from the auto-reconnect data, validating the session verifier; upon successfully validating the session verifier, automatically re-authenticating the client device for the particular server session”].
They do not explicitly disclose certifying the first client device without performing at least a part of a standard connection resume protocol.
However, Behunin teaches certifying the first client device without performing at least a part of a standard connection resume protocol [abs., “the automated reconnect agent executable can use automatic reconnect parameters to automatically re-instantiate a pre-existing communication session without or absent requiring a human operator to reenter login or other authentication credentials or engage in some other form of authorization or authentication in order to reestablish the communication session”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Behunin into the teaching of Abdo et al. and Alao et al. with the motivation to automatic re-instantiation of a communication session as taught by Behunin [Behunin: abs.].
Regarding claim 10, the rejection of claim 1 is incorporated
Behunin further teaches the part of the standard connection resume protocol comprises at least one of a standard authentication, a standard encryption request, and providing a supported profile [abs., “the automated reconnect agent executable can use automatic reconnect parameters to automatically re-instantiate a pre-existing communication session without or absent requiring a human operator to reenter login or other authentication credentials or engage in some other form of authorization or authentication in order to reestablish the communication session”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Behunin into the teaching of Abdo et al. and Alao et al. with the motivation to automatic re-instantiation of a communication session as taught by Behunin [Behunin: abs.].
Regarding claim 19, it recites limitations like claim 10. The reason for the rejection of claim 10 is incorporated herein.
Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20250056641 A1 FORCING MOBILE DEVICE WIRELESS NETWORK RECONNECTION
US 20240172315 A1 AUTOMATIC PAIRING RECOVERY BETWEEN ZIGBEE DEVICES
US 9942937 B1 System And Method For Reattachment To A Network
US 20170221055 A1 VALIDATING ONLINE ACCESS TO SECURE DEVICE FUNCTIONALITY
US 20170085381 A1 PERSISTENT AUTHENTICATION SYSTEM INCORPORATING ONE TIME PASS CODES
US 20150365272 A1 Control System, Control Method Of A Control System, And Control Device
US 8649768 B1 Method Of Device Authentication And Application Registration In A Push Communication Framework
US 20100146275 A1 AUTHENTICATING A DEVICE WITH A SERVER OVER A NETWORK
US 20010052075 A1 Device Authentication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393. The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JASON CHIANG/Primary Examiner, Art Unit 2431