METHOD AND APPARATUS FOR AUTHENTICATING ENCRYPTED COMMUNICATION

DETAILED ACTION This office action is in response to the application filed on 12/27/2024. Claims 1-20 are pending and are examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Priority This application is a continuation of U.S patent application No. 17/808,867, filed on 06/24/2022, which claims priority of the provisional application No. 63/215,071, filed on 06/25/2021, which papers have been placed on record in the file. Information Disclosure Statement The information disclosure statements (IDS) submitted 12/27/2024 were filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner. Claim Objections Claim 14 and 16-18 objected to because of the following informalities: Regarding claims 14 and 18, they both recite, “wherein the computing device comprises an IoT device.” Examiner suggest that the limitation should be amended to, “wherein the computing device comprises an IoT (Internet of Things) device.”. Regarding claims 16 and 17, they both depend from claim 1 by reciting the limitation “implement a method according to claim 1.” Examiner suggests that claims 16 and 17 should be in their independent form and should be amended and recite all pertaining limitations from claim 1. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-3 and 5-20 of any patents granted on application No. 17/808,867. Although the claims at issue are not identical, they are not patentably distinct from each other because they are both claiming a common subject matter, “establishing a communication channel with a client device, receiving a command from the device and executing the command based on the device authentication”. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was. Claims 1, 7-8, 12-14, 16-18 and 20, are rejected under AIA 35 U.S.C. 102(a) (1) as being unpatentable over Vedantham et al. (U.S Pub No. 2018/0,255,457 A1, referred to as Vedantham), in view of Chifor et al. (U.S. Pub. No. 2021/0,306,311 A1, referred to as Chifor). Regarding claim 1, Vedantham teaches: A method for execution by a computing device (Vedantham: Fig. 1; Fig. 2, Item 110; ¶ 0020- ¶ 0023; Fig. 6; ¶ 0040- ¶ 0041; Fig. 7; ¶ 0042; Fig. 8; ¶ 0043- ¶ 0044), comprising: establishing a communication channel for communicating with a client device using link-layer encryption (Vedantham: Fig. 6, Step 604; ¶ 0040- ¶ 0041; Fig. 7; ¶ 0042; Fig. 8; ¶ 0043- ¶ 0044); attempting to authenticate the client device using authentication-layer encryption on top of the link-layer encryption (Vedantham: Fig. 6, Step 608; ¶ 0040- ¶ 0041; Fig. 4; ¶ 0031- ¶ 0032). Vedantham does not explicitly disclose, however Chifor teaches: receiving a command from the client device over the communication channel (Chifor: Fig. 4, Steps S10- S30; ¶ 0032- ¶ 0034; (EN: a request to grant access to network initially sent at S10 over communication channel from client 310 to NAS 320 and S30 from NAS to AS 330)); and if the client device has been authenticated, executing the command (Chifor: Fig. 4, Step S60 to S90; ¶ 0034- ¶ 0037. “At S60, the NAS (320) sends a message to the client (310) indicating that network access has been granted in accordance with the link-layer authentication protocol”). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vedantham by Chifor and have an authentication system using a link-layer authentication protocol in order to control access to a secured network system. (Chifor: ¶ 0034). Regarding claim 16, Vedantham teaches: A non-transitory computer readable medium having recorded thereon statements and instructions that, when executed by a processor or an MCU (Microcontroller Unit) of a computing device (Vedantham: Fig. 9; Fig. 10; ¶ 0045- ¶ 0053), implement a method according to claim 1 (EN: Same rejection as claim 1)). Regarding claim 17, Chifor teaches: A computing device, comprising: a communication interface; and control circuitry coupled to the communication interface (Vedantham: Fig. 4; ¶ 003- ¶ 0032; Fig. 9; Fig. 10; ¶ 0045- ¶ 0053) and configured to implement a method according to claim 1 (EN: Same rejection as claim 1). Regarding claim 7, the combination of Vedantham and Chifor teaches all the features of claim 1, as outlined above. Vedantham does not explicitly disclose, however Chifor teaches: upon authenticating the client device, transmitting a response to the client device confirming access to the computing device (Fig. 4, Steps S40 to S60; ¶ 0034). Same motivation as claim 1. Regarding claim 8, the combination of Vedantham and Chifor teaches all the features of claim 1, as outlined above. Vedantham does not explicitly disclose, however Chifor teaches: upon executing the command, transmitting a response to the client device confirming the execution and/or indicating a result of the execution (Fig. 4, Step S70; ¶ 0035). Same motivation as claim 1. Regarding claim 12, the combination of Vedantham and Chifor teaches all the features of claim 1, as outlined above. Chifor does not explicitly disclose, however Vedantham teaches: wherein the communication channel having link-layer encryption comprises a BLE (Bluetooth Low Energy) connection (Vedantham: Fig. 1 - Fig. 4; ¶ 0020- ¶ 0023; ¶ 0028- ¶ 0032, ¶ 0035, “A new BLE device is joined to the WSN gateway using BLE linking and pairing with Just Works authentication, i.e., without Man in the Middle, between the BLE device and the BLE master SoC 204. The end result of the linking and pairing is an encrypted connection between the BLE device and the BLE master SoC 204 that uses a long-term key (LTK) shared by the BLE stack on the BLE master SoC and the BLE stack on the BLE device.”). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Chifor by Vedantham to rely on BLE linking and pairing with Just Works authentication technology by automatically linking, paring and establishing encrypted connections between BLE devices and BLE master in order to authenticate BLE devices without using a middle man. (Vedantham: ¶ 0031). Regarding claim 13, the combination of Vedantham and Chifor teaches all the features of claim 12, as outlined above. Vedantham teaches: wherein establishing the BLE connection comprises pairing with Just Works (Vedantham: Fig. 4; ¶ 0031). Regarding claims 14 and 18, the combination of Vedantham and Chifor teaches all the features of claims 1 and 17, as outlined above. Vedantham does not explicitly disclose, however Chifor teaches: wherein the computing device comprises an loT device (¶ 0025, “Still another example implementation of the NAS (320) is an NAS for a network of Internet-of-Things (IoT) devices, where the NAS coordinates access among IoT devices to a communications network, where each IoT is authenticated by an authentication authority using, for example, a media access control (MAC) address and a pre-shared key (PSK).”). Same motivation as claim 1. Regarding claim 20, the combination of Vedantham and Chifor teaches all the features of claim 17, as outlined above. Vedantham teaches: wherein the communication interface comprises a BLE (Bluetooth Low Energy) radio, and the circuitry comprises an MCU (Microcontroller Unit) (Vedantham: Fig. 1 - Fig. 4; ¶ 0020- ¶ 0023; ¶ 0028- ¶ 0032, ¶ 0035, “A new BLE device is joined to the WSN gateway using BLE linking and pairing with Just Works authentication, i.e., without Man in the Middle, between the BLE device and the BLE master SoC 204. The end result of the linking and pairing is an encrypted connection between the BLE device and the BLE master SoC 204 that uses a long-term key (LTK) shared by the BLE stack on the BLE master SoC and the BLE stack on the BLE device.”). Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Vedantham in view of Chifor, and further in view of Changwichukarn (WO 2017/003379 A1, referred to as Chang). Regarding claim 2, the combination of Vedantham and Chifor teaches all the features of claim 1, as outlined above. Vedantham in view Chifor does not explicitly disclose, however Chang teaches: wherein attempting to authenticate the client device using authentication-layer encryption comprises: transmitting random data over the communication channel to the client device (Chang: Fig. 6 Step: M5; pages: 11-12); receiving encrypted data over the communication channel from the client device (Chang: Fig. 6 Step: Input<OTP>; pages: 11-12); decrypting the encrypted data using an encryption key to produce raw data; and verifying that the raw data includes the random data that was sent to the client device in which case the client device is authenticated (Chang: Fig. 6 Step: M6; pages: 11-12). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vedantham in view Chifor by Chang and use multifactor authentication system relying on random strings or one time password generation and transmission in order to verify or confirm a client device authentication. Regarding claim 3, the combination of Vedantham and Chifor teaches all the features of claim 2, as outlined above. Vedantham in view Chifor does not explicitly disclose, however Chang teaches: receiving an authentication request from the client device over the communication channel; wherein the random data is transmitted in response to the authentication request (Chang: Fig. 6 Steps: M4- M5; pages: 11-12). Same motivation as claim 2. Claims 9 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Vedantham in view of Chifor, and further in view of Madour (U.S Pub No. 2006/0,104,282 A1, referred to as Madour). Regarding claim 9, the combination of Vedantham and Chifor teaches all the features of claim 1, as outlined above. Vedantham in view Chifor does not explicitly disclose, however Madour teaches: upon attempting to authenticate the client device, if the client device could not be authenticated, disconnecting the communication channel (Madour: ¶ 0019, “A PANA session begins with the initial handshake between the PANA Client (PaC) and the PANA Authentication Agent (PAA), and terminates by an authentication failure, a timeout, or an explicit termination message.”). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vedantham in view Chifor by Madour and have a security system configured to terminate a communication session in case of an authentication failure in order to maintain network security. (Madour: ¶ 0019). Regarding claim 11, the combination of Vedantham and Chifor teaches all the features of claim 1, as outlined above. Vedantham in view Chifor does not explicitly disclose, however Madour teaches: upon expiry of a timeout period in which no command is received from the client device, disconnecting the communication channel (Madour: ¶ 0019, “A PANA session begins with the initial handshake between the PANA Client (PaC) and the PANA Authentication Agent (PAA), and terminates by an authentication failure, a timeout, or an explicit termination message.”). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vedantham in view Chifor by Madour and have a security system configured to terminate a communication session in case of a timeout in order to maintain network security. (Madour: ¶ 0019). Claims 15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Chifor, and further in view of Vossoughi et al. (U.S Pub No. 2020/0,250,896 A1, referred to as Vossoughi). Regarding claims 15 and 19, the combination of Vedantham and Chifor teaches all the features of claims 14 and 18, as outlined above. Vedantham in view Chifor does not explicitly disclose, however Vossoughi teaches: wherein the IoT device comprises a parking sensor device (Vossoughi: Fig. 1A; 1B; 1C; 2A; 2B, Item 10; Abstract; ¶ 0003, “A preferred parking and mass transport beacon system configured for use in vehicle parking or mass transit system travel includes a source beacon and a customer or user beacon,”; ¶ 0020- ¶ 0023). It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vedantham in view Chifor by Vossoughi to use a vehicle parking and mass transport beacon system implemented with a beacon device configured as a wireless identifier and authentication mechanism in order to facilitate for a user a capability of bypassing infrastructures of commercial parking lots and facilities, mass transit systems, and taxi services when using them (Vossoughi: Abstract). Allowable Subject Matter Claims 4-6 and 10 would be allowable if they were rewritten in independent form including all of the limitations of the base claim and any intervening claims, also should applicant overcome the claim objections and the Non-Statutory Double Patenting rejection, set forth in this office action. The following is an examiner’s statement of reasons for identifying allowable subject matter. The closest prior arts made of records are, Vedantham et al. (U.S Pub No. 2018/0,255,457 A1, referred to as Vedantham), Chifor et al. (U.S. Pub. No. 2021/0,306,311 A1, referred to as Chifor), Changwichukarn (WO 2017/003379 A1, referred to as Chang) and Madour (U.S Pub No. 2006/0,104,282 A1, referred to as Madour). Vedantham discloses a method for network authentication of wireless devices at a gateway is provided that includes scanning a wireless network by the gateway to discover unjoined wireless devices, joining a discovered wireless device to the gateway using a non-internet protocol implemented by the wireless device, wherein the joining results in an encrypted connection between the gateway and the wireless device, and authenticating the discovered wireless device to the gateway via the encrypted connection, wherein authentication is performed according to an authentication protocol of a network protocol management layer of the gateway. Chifor discloses a method for connection parameter awareness in an authenticated link-layer network session are disclosed. A client sends, to a network access server (NAS), an initiation packet announcing the initiation of an authentication session. The client establishes an authenticated link-layer session with the NAS. The client receives, from the NAS, a network policy packet including a network policy defined by one or more connection parameters for the link-layer session. The client then enforces the network policy. Chang discloses a method performed by at least one server configured to authenticate a user for a web service login, by generating a first one-time password (OTP) and a first identification number associated with the first OTP, based on a first request received from a first computing device, the first request related to the login and includes a user identification of the user; transmitting (404) a notification to a second computing device, the notification includes the user identification, the first identification number, and a second identification number associated with the first request, the second computing device configured to establish a trust relationship with the server by authenticating digital credentials of the user which are associated with the user identification. Madour discloses methods and corresponding telecommunications nodes for exchanging PANA Authentication Agent (PAA) information during the phase of the link layer establishment between a packet data switching node (e.g. a CDMA2000 Packet Data Serving Node—PDSN) and a Mobile Node (MN). An Air Interface Origination message is sent from the MN to a Base Station (BS) with a request for a PAA address. The BS sends to the switching node a Registration Request message that also includes the request. The switching node replies with a Registration Reply message with a PAA address. The BS receives the message, and sends an Air Interface Origination Completion message with the PAA address to the MN. The MN can then contact the appropriate PAA using the received PAA address and start a PANA session through which the MN is authenticated and authorized before establishing a packet data session with the switching node. However, regarding claim 4, the prior art of Vedantham, Chifor and Chang, when taken in the context of the claim as a whole do not disclose nor suggest, “determining a security level being requested out of a plurality of possible security levels based on the authentication request; wherein the plurality of possible security levels comprises a first security level for routine commands and a second security level for restricted commands.”. Regarding claim 10, the prior art of Vedantham, Chifor and Madour, when taken in the context of the claim as a whole do not disclose nor suggest, “disabling the communication channel for a defined time period if there is a defined number of unsuccessful sequential attempts to authenticate the client device.”. Claims 5-6 depend on claim 4 and are of consequence identified as allowable. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: See PTO-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mehrmanesh Amir can be reached at 571-2703351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HASSAN SAADOUN/Examiner, Art Unit 2435 /AMIR MEHRMANESH/Supervisory Patent Examiner, Art Unit 2435