DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2. This is the initial office action that has been issued in
response to patent application 16/248,389, filed on 01/15/2019
Claims 1-21 as originally filed, are currently pending and have
been considered below. Claim 1, 8 and 15 are independent claims.


Specification
2. Applicant is reminded of the proper content of an abstract of the disclosure.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, 
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.

Claim Objections
3. Claims 8-14 are objected to under 37 CFR 1.75 as being substantial duplicate of claims 1-7. They are both entertainment systems, the inflight or for use in an aircraft does not carry any weight as there is nothing in the claims that relate to that. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording it is proper after 

Claim Rejections - 35 USC § 102
4. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


5. Claims 1-21 are rejected under pre AIA  35 U.S.C 102 as being anticipated by Thompson (US 2017/0366360 A9)

6. Regarding Claim 1, Thompson discloses, an inflight entertainment system for use in an aircraft (Thompson, ¶[0060], entertainment media for display on an embedded inflight entertainment system), the inflight entertainment Thompson, ¶[0060] entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices .); a network interface (Thompson, ¶[0038], entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices [0037], entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices .); a server having a first certificate that is digitally signed (Thompson, ¶[0063], Within cloud servers 104 , the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified administrative server); at least one processor connected to the network interface, the display device, and the server (Thompson, ¶[0036], the present invention includes a method of secure authentication for aircraft data transmissions, the method including : provisioning a hardware - based security engine ( HSE ) located in an aircraft communications system.¶[0047], computing system and aircraft computing system may include other elements , such as data storage elements and processing elements. ¶[0060], entertainment media for display on an embedded inflight entertainment systems); and at least one memory connected to the at least one processor and storing program code that is executed by the at least one processor to perform operations (Thompson, ¶[0047], aircraft computing system may include other elements , such as data storage elements and processing elements. ¶[0030], aircraft communications , as every platform communicating within the network , both on and off - aircraft , must be equipped with specific identification hardware and software.) comprising: receiving a request to pair at least one user device to the network interface, wherein the request to pair is received from the display device (Thompson, ¶[0064], After the UD comes into range of the server within what is essentially a wireless access point ( WAP ) , then the server and UD create a connection at step 202, ¶[0065], using a secure protocol such as Bluetooth Security Mode using a secure protocol such as Bluetooth Security Mode  ); responsive to the request to pair, generating an encrypted code, wherein the encrypted code comprises network credentials for connecting to the network interface and a time-limited authentication application for connecting to the server (Thompson, ¶[0067], the connection process reverts back to step 202 so as to restart the connection process between the aircraft server ¶[0037], a system for secure authentication of aircraft data transmissions , the system including : an aircraft system including a security engine providing keys and passphrases for asynchronous validation and encryption of aircraft data trans missions , one or more trusted processors for processing aircraft data , a communication mechanism for transmission of the aircraft data via the security engine to a user ¶[0071],The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity .); communicating the encrypted code to the at least one user device to decrypt (Thompson, ¶[0068], a secure communications link and subsequent encryption , transfer and decryption of data .); connecting to the at least one user device through the network interface based on the at least one user device presenting the network credentials from the decrypted code; receiving a request to connect to the server from the at least one user device having a second certificate that is digitally signed (Thompson, ¶[0066],the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party. the HSE to verify the public key and certificate and send such key and certificate from the HSE to the UD at step 205 . The UD , at step 206 , then gathers the user data ( i . e . , username , password hash , ACL status ) and encrypts the data using a passphrase randomly generated by the HSE . At step 207 , the passphrase is then encrypted with the HSE public key and signed with the private key of the UD); responsive to the request to connect, generating a connection authentication decision for the at least one user device based on two-factor authentication, wherein the two-factor authentication comprises validating the second certificate and validating the time-limited authentication application(Thompson, ¶[0066], the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party, , if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status ¶[0051], In addition to the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication ) ,¶[0071],a session is provided at step 218 to the user as an access level dictated by the ACL. . The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity); and connecting the at least one user device to the server when the connection authorization decision authorizes the connection based on successful two-factor authentication (Thompson, ¶[0047], a user device ( UD ) to provide authentication for a local user ; and d ) a provisioning function to certify credentials for new hardware that needs to communicate with the system . ¶[0051], multiple user devices can typically exist on board an aircraft . In addition to the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication ) . A user login is not typically required for the aircraft HSE because it is installed and maintained in a controlled environment that is not susceptible to tampering, and the HSE hardware provides physical protection of its security parameters. The system maintains an access control list ( ACL)).

7. Regarding Claim 2, Thompson teaches the inflight entertainment system of Claim 1, wherein the encrypted code is at least one of: a QR code; a bar code; an optical machine-readable code; data communicated through a near field communication; data communicated through RF signaling Thompson, ¶[0064], a User Device ( UD ) will come into contact with the aircraft's on - board server. . This process initializes the connection between the server and a UD. . The user device may be embodied as a Bluetooth dongle, where Bluetooth is the known open standard for short - range radio frequency (RF) communication. ¶[0037], the present invention includes a system for secure authentication of aircraft data transmissions, the system including: an aircraft system including a security engine providing keys and passphrases for asynchronous validation and encryption of aircraft data transmissions.).

8. Regarding Claim 3, Thompson teaches, the inflight entertainment system of Claim 1, wherein the operation for two- factor authentication based on the second certificate comprises: receiving the second certificate from the at least one user device (Thompson, ¶[0063], the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin.  ¶[0066], if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status); validating the Thompson, ¶[0063], the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin istrative server ,¶[0051], the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication). ¶[0071] the session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity.

9. Regarding Claim 4, Thompson teaches, the inflight entertainment system of Claim 1, wherein the operation for two- factor authentication based on the time-limited authentication application, comprises: determining whether the at least one user device connects to the server within a time period specified in the time-limited authentication application from when the request to connect to the server is communicated (Thompson, ¶[0071], If the determination step 220 is successful , then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD during the provisioning process as described previously with regard to FIG . 2A . Thereafter, a session is provided at step 218 to the user as an access level dictated by the ACL ¶[0073], then the security engine would open a port and multicast address for the data to be streamed out of at the rate chosen by the user ); and authenticating the time-limited authentication credential when the at least one user device connects to the server within the time period specified in the time-limited authentication application (Thompson, ¶[0071], the username is checked to determine whether the username is included in the ACL . If this determination step 220 fails, then the user is given the choice at step 215 to either retry their username and password or proceed as a guest. If a guest login is selected the user is granted guest access with related limited access, at step 216 . If the determination step 220 is successful, then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD. A session is provided at step 218 to the user as an access level dictated by the ACL. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity).

10. Regarding Claim 5, Thompson teaches, the inflight entertainment system of Claim 1, wherein the time-limited authentication credential is valid for the connection authentication decision for only a single pairing of the at least one user device to the server ( Thompson, ¶[0047], a user device ( UD ) to provide authentication for a local user ; and d ) a provisioning function to certify credentials for new hardware that needs to communicate with the system . It should be understood that each element that is interfacing to the network system includes hardware security to establish, store, and authenticate credentials.¶[0051], the users may be required to provide a user login ( username / password ) combination ( two factor authentication ), complete with end - to - end verification incorporated within the participating servers

11. Regarding Claim 6, Thompson teaches, the inflight 
entertainment system of Claim 1, wherein the second certificate is valid for only a single user device (Thompson, ¶[0063], within cloud servers 104 , the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin iterative server 101. At this point , the administrative server 101 verifies the certificates ' authenticity . ¶[0066], the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party . If the public key determination fails at step 203 , then the connection is terminated . However , if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status ¶[0084], Once the connection manager replaces the old host public key hash with the new one, the session is ended).

12. Regarding Claim 7, Thompson teaches, the inflight entertainment system of Claim 1, wherein the operations further comprise: revoking the successful two-factor authentication of the at least one user device by revoking at least one of: the validated second certificate and the validated time-limited authentication application; and responsive to performing revocation, terminating the connection between the at least one user device and the server (Thompson, ¶[0071], If the determination step 220 is successful, then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity.)

13. Regarding Claim 8, Thompson teaches, an entertainment system comprising: (Thompson, ¶[0060], entertainment media for display on an embedded inflight entertainment system) a display device (Thompson, ¶[0060] entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices .); a network interface (Thompson, ¶[0038], entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices [0037], entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices .); a server having a first certificate that is digitally signed (Thompson, ¶[0063], Within cloud servers 104 , the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified administrative server); at least one processor connected to Thompson, ¶[0036], the present invention includes a method of secure authentication for aircraft data transmissions, the method including : provisioning a hardware - based security engine ( HSE ) located in an aircraft communications system.¶[0047], computing system and aircraft computing system may include other elements , such as data storage elements and processing elements. ¶[0060], entertainment media for display on an embedded inflight entertainment systems); and at least one memory connected to the at least one processor and storing program code that is executed by the at least one processor to perform operations (Thompson, ¶[0047], aircraft computing system may include other elements , such as data storage elements and processing elements. ¶[0030], aircraft communications , as every platform communicating within the network , both on and off - aircraft , must be equipped with specific identification hardware and software.) comprising: receiving a request to pair at least one user device to the network interface, wherein the request to pair is received from the display device (Thompson, ¶[0064], After the UD comes into range of the server within what is essentially a wireless access point ( WAP ) , then the server and UD create a connection at step 202, ¶[0065], using a secure protocol such as Bluetooth Security Mode using a secure protocol such as Bluetooth Security Mode  ); responsive to the request to pair, generating an encrypted code, wherein the encrypted code comprises network credentials for connecting to the network interface and a time-limited authentication application for connecting to the server (Thompson, ¶[0067], the connection process reverts back to step 202 so as to restart the connection process between the aircraft server ¶[0037], a system for secure authentication of aircraft data transmissions , the system including : an aircraft system including a security engine providing keys and passphrases for asynchronous validation and encryption of aircraft data trans missions , one or more trusted processors for processing aircraft data , a communication mechanism for transmission of the aircraft data via the security engine to a user ¶[0071],The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity .); communicating the encrypted code to the at least one user device to decrypt (Thompson, ¶[0068], a secure communications link and subsequent encryption , transfer and decryption of data .); connecting to the at least one user device through the network interface based on the at least one user device presenting the network credentials Thompson, ¶[0066],the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party. the HSE to verify the public key and certificate and send such key and certificate from the HSE to the UD at step 205 . The UD , at step 206 , then gathers the user data ( i . e . , username , password hash , ACL status ) and encrypts the data using a passphrase randomly generated by the HSE . At step 207 , the passphrase is then encrypted with the HSE public key and signed with the private key of the UD); responsive to the request to connect, generating a connection authentication decision for the at least one user device based on two-factor authentication, wherein the two-factor authentication comprises validating the second certificate and validating the time-limited authentication application(Thompson, ¶[0066], the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party, , if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status ¶[0051], In addition to the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication ) ,¶[0071],a session is provided at step 218 to the user as an access level dictated by the ACL. . The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity); and connecting the at least one user device to the server when the connection authorization decision authorizes the connection based on successful two-factor authentication (Thompson, ¶[0047], a user device ( UD ) to provide authentication for a local user ; and d ) a provisioning function to certify credentials for new hardware that needs to communicate with the system . ¶[0051], multiple user devices can typically exist on board an aircraft . In addition to the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication ) . A user login is not typically required for the aircraft HSE because it is installed and maintained in a controlled environment that is not susceptible to tampering, and the HSE hardware provides physical protection of its security parameters. The system maintains an access control list ( ACL)).

14. Regarding Claim 9, Thompson teaches, the entertainment system of Claim 8, wherein the encrypted code is at least one of: a QR code; a bar code; an optical machine-readable code; data communicated through a near field communication signal; data communicated through RF signaling (Thompson, ¶[0064], a User Device ( UD ) will come into contact with the aircraft ' s on - board server. . This process initializes the connection between the server and a UD. . The user device may be embodied as a Bluetooth dongle, where Bluetooth is the known open standard for short - range radio frequency (RF) communication. ¶[0037], the present invention includes a system for secure authentication of aircraft data transmissions, the system including: an aircraft system including a security engine providing keys and passphrases for asynchronous validation and encryption of aircraft data transmissions.).

15. Regarding Claim 10, Thompson teaches, the entertainment system of Claim 8, wherein the operation for two- factor authentication based on the second certificate comprises: receiving the second certificate from the at least one user Thompson, ¶[0063], the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin.  ¶[0066], if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status); validating the second certificate using a public key of a root certificate authority that issued the digital signature of the second certificate; and authenticating the at least one user device based upon successful validation of the second certificate (Thompson, ¶[0063], the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin istrative server ,¶[0051], the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication). ¶[0071] the session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity.

16. Regarding Claim 11, Thompson teaches, the entertainment system of Claim 8, wherein the operation for two- factor authentication based on the time-limited authentication application, comprises: determining whether the at least one user device connects to the server within a time period specified in the time-limited authentication application from when the request to connect to the server is communicated (Thompson, ¶[0071], If the determination step 220 is successful , then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD during the provisioning process as described previously with regard to FIG . 2A . Thereafter, a session is provided at step 218 to the user as an access level dictated by the ACL ¶[0073], then the security engine would open a port and multicast address for the data to be streamed out of at the rate chosen by the user ); and authenticating the time-limited authentication credential when the at least one user device connects to the server within the time period specified in the time-limited authentication application (Thompson, ¶[0071], the username is checked to determine whether the username is included in the ACL . If this determination step 220 fails, then the user is given the choice at step 215 to either retry their username and password or proceed as a guest. If a guest login is selected the user is granted guest access with related limited access, at step 216 . If the determination step 220 is successful, then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD. A session is provided at step 218 to the user as an access level dictated by the ACL. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity).

17. Regarding Claim 12, the inflight entertainment system of Claim 8, wherein the time-limited authentication credential is valid for the connection authentication decision for only a single pairing of the at least one user device to the server ( Thompson, ¶[0047], a user device ( UD ) to provide authentication for a local user ; and d ) a provisioning function to certify credentials for new hardware that needs to communicate with the system . It should be understood that each element that is interfacing to the network system includes hardware security to establish, store, and authenticate credentials.¶[0051], the users may be required to provide a user login ( username / password ) combination ( two factor authentication ), complete with end - to - end verification incorporated within the participating servers).

18. Regarding Claim 13, Thompson teaches, the inflight 
entertainment system of Claim 8, wherein the second certificate is valid for only a single user device (Thompson, ¶[0063], within cloud servers 104 , the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin istrative server 101 . At this point , the administrative server 101 verifies the certificates ' authenticity . ¶[0066], the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party . If the public key determination fails at step 203 , then the connection is terminated . However , if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status ¶[0084], Once the connection manager replaces the old host public key hash with the new one, the session is ended.

19. Regarding Claim 14, Thompson teaches, the entertainment system of Claim 8, wherein the operations further comprise: revoking the successful two-factor authentication of the at least one user device by revoking at least one of: the validated second certificate and the validated time-limited authentication application; and responsive to performing revocation, terminating the connection between the at least one user device and the server (Thompson, ¶[0071], If the determination step 220 is successful, then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity.).

20. Regarding Claim 15, Thompson discloses, an electronic device having a first certificate that is digitally signed comprising (Thompson, ¶[0063], Within cloud servers 104 , the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified administrative server): a display device (Thompson, ¶[0060] entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices .); a network interface (Thompson, ¶[0038], entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices [0037], entertainment media for display on an embedded inflight entertainment systems or for distribution to passenger personal entertainment devices .); ¶at least one processor connected to the network interface, the display device, and the server (Thompson, ¶[0036], the present invention includes a method of secure authentication for aircraft data transmissions, the method including : provisioning a hardware - based security engine ( HSE ) located in an aircraft communications system.¶[0047], computing system and aircraft computing system may include other elements , such as data storage elements and processing elements. ¶[0060], entertainment media for display on an embedded inflight entertainment systems); and at least one memory connected to the at least one processor and storing program code that is executed by the at least one processor to perform operations (Thompson, ¶[0047], aircraft computing system may include other elements , such as data storage elements and processing elements. ¶[0030], aircraft communications , as every platform communicating within the network , both on and off - aircraft , must be equipped with specific identification hardware and software.) comprising: receiving a request to pair at least one user device to the network interface, wherein the request to pair is received from the display device (Thompson, ¶[0064], After the UD comes into range of the server within what is essentially a wireless access point ( WAP ) , then the server and UD create a connection at step 202, ¶[0065], using a secure protocol such as Bluetooth Security Mode using a secure protocol such as Bluetooth Security Mode  ); responsive to the request to pair, generating an encrypted code, wherein the encrypted code comprises network credentials for connecting to the network interface and a time-limited authentication application for connecting to the server (Thompson, ¶[0067], the connection process reverts back to step 202 so as to restart the connection process between the aircraft server ¶[0037], a system for secure authentication of aircraft data transmissions , the system including : an aircraft system including a security engine providing keys and passphrases for asynchronous validation and encryption of aircraft data trans missions , one or more trusted processors for processing aircraft data , a communication mechanism for transmission of the aircraft data via the security engine to a user ¶[0071],The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity .); communicating the encrypted code to the at least one user device to decrypt (Thompson, ¶[0068], a secure communications link and subsequent encryption , transfer and decryption of data .); connecting to the at least one user device through the network interface based on the at least one user device presenting the network credentials from the decrypted code; receiving a request to connect to the server from the at least one user device having a second certificate that is digitally signed (Thompson, ¶[0066],the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party. the HSE to verify the public key and certificate and send such key and certificate from the HSE to the UD at step 205 . The UD , at step 206 , then gathers the user data ( i . e . , username , password hash , ACL status ) and encrypts the data using a passphrase randomly generated by the HSE . At step 207 , the passphrase is then encrypted with the HSE public key and signed with the private key of the UD); responsive to the request to connect, generating a connection authentication decision for the at least one user device based on two-factor authentication, wherein the Thompson, ¶[0066], the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party, , if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status ¶[0051], In addition to the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication ) ,¶[0071],a session is provided at step 218 to the user as an access level dictated by the ACL. . The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity); and connecting the at least one user device to the server when the connection authorization decision authorizes the connection based on successful two-factor authentication (Thompson, ¶[0047], a user device ( UD ) to provide authentication for a local user ; and d ) a provisioning function to certify credentials for new hardware that needs to communicate with the system . ¶[0051], multiple user devices can typically exist on board an aircraft . In addition to the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication ) . A user login is not typically required for the aircraft HSE because it is installed and maintained in a controlled environment that is not susceptible to tampering, and the HSE hardware provides physical protection of its security parameters. The system maintains an access control list ( ACL)).

21. Regarding Claim 16, Thompson teaches, the electronic device of Claim 15, wherein the encrypted code is at least one of: a QR code; a bar code; an optical machine-readable code; data communicated through a near field communication signal; data communicated through RF signaling (Thompson, ¶[0064], a User Device ( UD ) will come into contact with the aircraft ' s on - board server. . This process initializes the connection between the server and a UD. . The user device may be embodied as a Bluetooth dongle, where Bluetooth is the known open standard for short - range radio frequency (RF) communication. ¶[0037], the present invention includes a system for secure authentication of aircraft data transmissions, the system including: an aircraft system including a security engine providing keys and passphrases for asynchronous validation and encryption of aircraft data transmissions.).

22. Regarding Claim 17, Thompson teaches, the electronic device of Claim 15,  wherein the operation for two- factor authentication based on the second certificate comprises: receiving the second certificate from the at least one user device (Thompson, ¶[0063], the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin.  ¶[0066], if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL ) status); validating the second certificate using a public key of a root certificate authority that issued the digital signature of the second certificate; and authenticating the at least one user device based upon successful validation of the second certificate (Thompson, ¶[0063], the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin istrative server ,¶[0051], the security credentials within the UD , the users may be required to provide a user login ( username / password ) combination ( two factor authentication). ¶[0071] the session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity).

23. Regarding Claim 18, Thompson teaches, The electronic device of Claim 15, wherein the operation for two- factor authentication based on the time-limited authentication application, comprises: determining whether the at least one user device connects to the server within a time period specified in the time-limited authentication application from when the request to connect to the server is communicated (Thompson, ¶[0071], If the determination step 220 is successful , then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD during the provisioning process as described previously with regard to FIG . 2A . Thereafter, a session is provided at step 218 to the user as an access level dictated by the ACL ¶[0073], then the security engine would open a port and multicast address for the data to be streamed out of at the rate chosen by the user ); and authenticating the time-limited Thompson, ¶[0071], the username is checked to determine whether the username is included in the ACL . If this determination step 220 fails, then the user is given the choice at step 215 to either retry their username and password or proceed as a guest. If a guest login is selected the user is granted guest access with related limited access, at step 216 . If the determination step 220 is successful, then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD. A session is provided at step 218 to the user as an access level dictated by the ACL. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity).

24. Regarding Claim 19, Thompson teaches, the electronic device of Claim 15, wherein the time-limited authentication credential is valid for the connection authentication decision for only a single pairing of the at least one user device to the server (Thompson, [0047], a user device ( UD ) to provide authentication for a local user ; and d ) a provisioning function to certify credentials for new hardware that needs to communicate with the system . It should be understood that each element that is interfacing to the network system includes hardware security to establish, store, and authenticate credentials.[0051], the users may be required to provide a user login ( username / password ) combination ( two factor authentication ), complete with end - to - end verification incorporated within the participating servers).

25. Regarding Claim 20, Thompson teaches, the inflight 
entertainment system of Claim 16, wherein the second certificate is valid for only a single user device (Thompson, [0063], within cloud servers 104 , the public keys are signed by an appropriate certified server and added to a key management system . The process then sends the certificates derived from the manufactured units public keys to the certified admin istrative server 101 . At this point , the administrative server 101 verifies the certificates ' authenticity . [0066], the security engine sends a challenge asking for a public key signed by a trusted party , and the UD responds with a public key and certificate from the trusted party . If the public key determination fails at step 203 , then the connection is terminated . However , if the public key determination is successful , then the connection downloads data tags ( indicative of e . g . , username , password hash , Access Control List ( ACL )) status [0084], Once the connection manager replaces the old host public key hash with the new one, the session is ended).

26. Regarding Claim 21, Thompson teaches, the electronic device of Claim 15, wherein the operations further comprise: revoking the successful two-factor authentication of the at least one user device by revoking at least one of: the validated second certificate and the validated time-limited authentication application; and responsive to performing revocation, terminating the connection between the at least one user device and the server (Thompson, ¶[0071], If the determination step 220 is successful, then the security engine verifies at step 219 the username and password provided with the corresponding information acquired from the UD. The session will terminate at step 217 by either an affirmative logout by the user or by timing out due to inactivity.).




Conclusion
27. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 





/MAYASA SHAAWAT/
Examiner Art Unit 4233

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433