METHODS FOR PROTECTING RESOURCES ACCESSIBLE TO A DEVICE CONNECTED VIA AN AUTHORIZED DEVICE OPERATING AS A HOTSPOT

§101 §103 §112

DETAILED ACTION Notice of AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file. Information Disclosure Statement The information disclosure statements (IDS) submitted on 2024-09-24 and 2025-02-07 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea (35 U.S.C. 101 Judicial Exception) without significantly more. The claims recite performing a security action when packets are received at a VPN hotspot when that have a time-to-live less than some threshold, a form of observation, evaluation, and/or judgment, which is a concept performed in the human mind and thus grouped as Mental processes. This judicial exception is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements, when considered separately and in combination, do not add significantly more to the abstract idea, as they are well-understood, routine, conventional computer functions as recognized by the courts. Based upon consideration of all the relevant factors with respect to the claimed invention as a whole, the claims are determined to be directed to an abstract idea without significantly more. The rationale for this determination is explained infra: The following are Principles of Law: A patent may be obtained for “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof”; 35 U.S.C. § 101. The Supreme Court has consistently held that this provision contains an important implicit exception: laws of nature, natural phenomena, and abstract ideas are not patentable; See Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347, 2354 (2014); Gottschalk v. Benson, 409 U.S. 63, 67 (1972) (“Phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work.”). Notwithstanding that a law of nature or an abstract idea, by itself, is not patentable, an application of these concepts may be deserving of patent protection; See Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293–94 (2012). In Mayo, the Court stated that “to transform an unpatentable law of nature into a patent-eligible application of such a law, one must do more than simply state the law of nature while adding the words ‘apply it.’” Mayo, 132 S. Ct. at 1294 (citation omitted). In Alice, the Court reaffirmed the framework set forth previously in Mayo “for distinguishing patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications of these concepts.” Alice, 134 S. Ct. at 2355. The test for determining subject matter eligibility requires a first step of determining whether the claims are directed to a process, machine, manufacture, or composition of matter. If the claims are directed to one of the four patent-eligible subject matter categories, then the Examiner must perform a two-part analysis to determine whether a claim that is directed to a judicial exception recites additional elements that amount to significantly more than the exception. The first part of the second step in the analysis is to “determine whether the claims at issue are directed to one of those patent-ineligible concepts.” Id. If the claims are directed to a patent-ineligible concept, then the second part of the second step in the analysis is to consider the elements of the claims “individually and ‘as an ordered combination”’ to determine whether there are additional elements that “‘transform the nature of the claim’ into a patent-eligible application.” Id. (quoting Mayo, 132 S. Ct. at 1298, 1297). In other words, the second step in the analysis is to “search for an ‘inventive concept’‒ i.e., an element or combination of elements that is ‘sufficient to ensure that the patent in practice amounts to significantly more than a patent on the [ineligible concept] itself.’” Id. (brackets in original) (quoting Mayo, 132 S. Ct. at 1294). The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294). In the “2019 Revised Patent Subject Matter Eligibility Guidance” (2019 PEG), the USPTO has prepared revised guidance for use by USPTO personnel in evaluating subject matter eligibility based upon rulings by the courts. The Examiner is bound by and applies the framework as set forth by the Court in Mayo and reaffirmed by the Court in Alice and follows the 2019 PEG for determining whether the claims are directed to patent-eligible subject matter. Step 1: Are the claims at issue directed to a process, machine, manufacture, or composition of matter? The Examiner finds that the claims are directed to one of the four statutory categories. Step 2A – Prong One: Does the claim recite an abstract idea, law of nature, or natural phenomenon? The Examiner finds that the claims are directed to the abstract idea of performing a security action when packets are received at a VPN hotspot when that have a time-to-live less than some threshold, a form of observation, evaluation, and/or judgment, which is a concept performed in the human mind and thus grouped as Mental processes. Step 2A – Prong Two: Does the claim recite additional elements that integrate the Judicial Exception into a practical application? The abstract idea is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. In determining whether the abstract idea was integrated into a practical application, the Examiner has considered whether there were any limitations indicative of integration into a practical application, such as: (1) Improvements to the functioning of a computer, or to any other technology or technical field; See MPEP § 2106.05(a) (2) Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition; See Vanda Memo (Recent Subject Matter Eligibility Decision: Vanda Pharmaceuticals Inc. v. West-Ward Pharmaceuticals) (3) Applying the judicial exception with, or by use of, a particular machine; See MPEP § 2106.05(b) (4) Effecting a transformation or reduction of a particular article to a different state or thing; See MPEP § 2106.05(c) (5) Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception; See MPEP § 2106.05(e) and Vanda Memo The Examiner notes that clam features of: performing a security action when packets are received at a VPN hotspot when that have a time-to-live less than some threshold do not improve the functioning of a computer or technical field, do not effect a particular treatment or prophylaxis for a disease or medical condition, do not apply or use a particular machine, do not effect a transformation or reduction of a particular article to a different state or thing, and do not apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Instead of a practical application, the claim features of performing a security action when packets are received at a VPN hotspot when that have a time-to-live less than some threshold merely use a general-purpose computer as a tool to perform the abstract idea (See MPEP § 2106.05(f)) and merely generally link the use of the abstract idea to a field of use (See MPEP § 2106.05(h)). Thus, the Examiner finds that the claimed invention does not recite additional elements that integrate the Judicial Exception into a practical application. Step 2B: Is there something else in the claims that ensures that they are directed to significantly more than a patent-ineligible concept? The claims, as a whole, require nothing significantly more than generic computer implementation or can be performed entirely by a human. The additional element(s) or combination of element(s) in the claims other than the abstract idea per se amount to no more than recitation of generic computer structure (e.g. host devices, server devices, network traffic management devices, client devices, memory, and processors) that serves to perform generic computer functions (e.g. establishing a VPN, operating as a hotspot, intercepting packets, determine and validate packet header values, perform security actions, ...) that are well-understood, routine, and conventional activities previously known to the pertinent industry. The claimed data packets, time-to-live (TTL) value, and default value are all numbers, data structures, or datum. Each of these elements are individually dispositive of patent eligibility because of the following legal holdings: “Data in its ethereal, non-physical form is simply information that does not fall under any of the categories of eligible subject matter under section 101.” Digitech Image Techs., LLC v. Electronics for Imaging, Inc., 758 F.3d 1344, 1350 (Fed. Cir. 2014). The Supreme Court has also explained that “[a]bstract software code is an idea without physical embodiment,” i.e., an abstraction. Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 449 (2007). A claim that recites no more than software, logic, or a data structure (i.e., an abstract idea) – with no structural tie or functional interrelationship to an article of manufacture, machine, process or composition of matter does not fall within any statutory category and is not patentable subject matter; data structures in ethereal, non-physical form are non-statutory subject matter. In re Warmerdam, 33 F.3d 1354, 1361 (Fed. Cir. 1994); see Nuijten, 500 F.3d at 1357. Furthermore, the claimed invention does not have a specific asserted improvement in computer capabilities, nor is it a specific implementation of a solution to a problem in the software arts; See Enfish, LLC v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir. 2016). Rather, the claims are merely directed towards performing a security action when packets are received at a VPN hotspot when that have a time-to-live less than some threshold, which is similar to ideas that the courts have found to be abstract, as noted supra, and the claims are without a “practical application” or anything “significantly more”. Considering each of the claim elements in turn, the function performed by the computer system at each step of the process does no more than require a generic computer to perform a well-understood, routine, and conventional activity at a high level of generality. For example, “establishing a connection” and “operating as a hotspot” are merely receiving or transmitting data over a network, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network). Further, “determining that the one or more data packets have a time-to-live (TTL) value that is less than a default value” is merely a form of performing repetitive calculations, which has been found by the courts to be a well-understood, routine, conventional activity in computers; See e.g. Flook, 437 U.S. at 594, 198 USPQ2d at 199 (recomputing or readjusting alarm limit values); Bancorp Services v. Sun Life, 687 F.3d 1266, 1278, 103 USPQ2d 1425, 1433 (Fed. Cir. 2012) (“The computer required by some of Bancorp’s claims is employed only for its most basic function, the performance of repetitive calculations, and as such does not impose meaningful limits on the scope of those claims.”). Further note that the abstract idea of performing a security action when packets are received at a VPN hotspot when that have a time-to-live less than some threshold to which the claimed invention is directed has a prior art basis outside of a computing environment, e.g. USPS discarding or returning mail that has previously-used postage. The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294). Viewed as a whole, the claims simply recite the steps of using generic computer components. The claims do not purport, for example, to improve the functioning of the computer system itself. Nor does it affect an improvement in any other technology or technical field. Instead, the claims amount to nothing significantly more than an instruction to implement the abstract idea using generic computer components. This is insufficient to transform an abstract idea into a patent-eligible invention. The dependent claims likewise incorporate the deficiencies of a claim upon which they ultimately depend and are also directed to non-patent-eligible subject matter. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. Claims 6-10 and 16-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention. Specifically, claim 6 recites the limitation “one or more processors configured to be capable of”, and the phrase “configured to be capable of” is so nebulous as to render unclear the scope and structure of the processor and their ability to execute the stored instructions. Claim 16 is rejected under a similar rationale. The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hodroj (US Pre-Grant Publication No. 20170187688-A1, hereinafter “Hodroj”) in view of Murthy (US Pre-Grant Publication No. 20180097840-A1, hereinafter “Murthy”). With respect to independent claim 1, Hodroj discloses a method implemented by a network traffic management system comprising one or more host devices, server devices, network traffic management devices, or client devices the method comprising: establishing a connection to a protected resource via a virtual private network (VPN) tunnel based on a successful compliance check {paras. 0020 and 0041: “establish a VPN 106 from WAP 104 to cellular network 114”, which requires “exchanging credentials” and may be a “an Internet Protocol Security (IPSec) connection, and a Secure Socket Layer/Transport Layer Security (SSL/TLS) connection”}. operating as a hotspot when the connection to the protected resource is established {paras. 0023 and 0042: “the WAP broadcasting the SSID for the guest WAN after establishing the VPN between the WAP and the computing device of the cellular network”}. intercepting one or more data packets from a secondary device that is connected to the hotspot {para. 0046: “the WAP routing communications from the user device via the VPN”}. …, executing a security action {para. 0029: “security module 204 may implement the operating procedures”}. Although Hodroj teaches a WAP that operates as a hotspot after establishing a VPN and processing packets for external devices, Hodroj does not explicitly disclose performing a security action based on a TTL of a packet; however, Murthy discloses: responsive to determining that the one or more data packets have a time-to-live (TTL) value that is less than a default value, executing a security action {para. 0230: “the firewall determines whether the timestamp for the authentication factor is expired” and “the firewall can enforce a security policy that can prevent the user from accessing the resource or block/drop the session”}. Hodroj and Murthy are analogous art because they are from the same field of endeavor or problem-solving area of network security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Hodroj and Murthy before him or her, to modify/develop the security module of Hodroj’s system to utilize security policy for expired packets. The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, e.g., enables protection against unauthorized use of an expired authentication. Therefore, it would have been obvious to combine the security module in Hodroj’s system with security policy for expired packets to obtain the invention as specified in the instant claim(s). The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims. With respect to dependent claim 2, Murthy renders obvious wherein the default value is sixty-four {para. 0052: “the authentication profile may permit the user to access the resource for a grace period of time”; the Examiner respectfully submits that the specific selection of the default value as “sixty-four” merely amounts to overlapping, approaching, and similar ranges, amounts, and proportions; See MPEP § 2144.05(I)}. With respect to dependent claim 3, Murthy discloses wherein the security action comprises: dropping the one or more data packets to prevent the one or more data packets from entering the VPN tunnel; or disconnecting from the VPN tunnel {para. 0042: “If one or more of the authentication factors are not successfully satisfied or time-out, then the firewall can block access to the resource or drop the session”}. With respect to dependent claim 4, Murthy discloses: providing the secondary device with access to a compliance check software download {para. 0120: “a GlobalProtect™ agent that is commercially available from Palo Alto Networks”}. analyzing a header of each of the one or more data packets to determine whether the header includes a compliance check flag {para. 0091: “User ID component 304 determines an IP address and port number for a monitored traffic flow (e.g., a session) based on packet analysis. In one embodiment, the User ID component also performs a user identification (User ID) look-up based on the IP address and port number”}. for each of the one or more data packets, responsive to determining that the header includes the compliance check flag, overriding an examination of the TTL value of the data packet and allowing the data packet to proceed to the VPN tunnel {para. 0094: “the disclosed techniques allow for the User ID (e.g., IP address, user name, and/or other information associated with the user/session) and timestamp to be used in rules of the auth policy based on access zone, destination zone, APP ID, and/or other parameters or components to require MFA configurable access requirements”}. With respect to dependent claim 5, Murthy discloses wherein the providing the secondary device with access to the compliance check software download, further comprises providing compliance check software to be downloaded by the secondary device and which is configured to: determine whether the secondary device passes a compliance check, wherein the compliance check includes determining whether the secondary device includes specified security features comprising at least one of an anti-virus software program and a data loss prevention program {para. 0158: “an authentication policy hit/match can be based on one or more of the following match criteria (e.g., and/or additional match criteria): source zone, source address, source user and source Host Information Profile (HIP) (e.g., using GlobalProtect™ from Palo Alto Networks”}. responsive to determining that the secondary device does pass the compliance check, append headers of outgoing data packets to include the compliance check flag {para. 0158: “GlobalProtect™ from Palo Alto Networks, Inc. or other commercially available solutions that similarly provide such HIP data for client/endpoint devices and/or API-based third-party integrations”; although Murthy does not explicitly disclose providing the HIP data via appended headers, the Examiner notes that inclusion of this data in the header is “obvious to try”, as there are finite amount of locations/means with which to provide the HIP in a packet (header and body), both of which are predictable solutions, with a reasonable expectation of success; See MPEP § 2143(I)(E)}. With respect to claims 6-10, a corresponding reasoning as given earlier in this section with respect to claims 1-5 applies, mutatis mutandis, to the subject matter of claims 6-10; therefore, claims 6-10 are rejected, for similar reasons, under the grounds as set forth for claims 1-5. With respect to claims 11-15, a corresponding reasoning as given earlier in this section with respect to claims 1-5 applies, mutatis mutandis, to the subject matter of claims 11-15; therefore, claims 11-15 are rejected, for similar reasons, under the grounds as set forth for claims 1-5. With respect to claims 16-20, a corresponding reasoning as given earlier in this section with respect to claims 1-5 applies, mutatis mutandis, to the subject matter of claims 16-20; therefore, claims 16-20 are rejected, for similar reasons, under the grounds as set forth for claims 1-5. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is 571-270-5436. The examiner can normally be reached Monday - Friday, 09:00 - 17:00 ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William (“Bill”) Korzuch can be reached at 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Kevin Bechtel/ Primary Examiner, Art Unit 2491