DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statements filed February 12, 2019, June 26, 2019 and August 25, 2020 have been placed in the application file and the information referred to therein has been considered as to the merits.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –




Claims 1, 4-5, 8 and 11-12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 20060256961 granted to Brainard et al.
Regarding claim 1, Brainard meets the claimed limitations as follows:
“A computer-implemented method for controlling access to a computer system comprising:
generating a secret value at a first computer system;
sharing the secret value with associated computer systems; ” see paragraphs [0034] ( . . . the server generates the master seed  and shares it with the device. . .); [0049] (. . . master seed is unique for a group of devices. . .)
“choosing a time length for validity;” see paragraph [0045]
“computing a derived key based on the secret value;” see paragraphs [0041]-[0042]
 “and controlling remote access to the computer system based on the derived key and a unique identifier associated with the first computer system.” see paragraph [0062] and Figures 2 and 5.
Regarding claim 4, Brainard meets the claimed limitations as follows:
“The computer-implemented method of claim 1 wherein: the associated computer systems include computer systems operated by a common entity.” see paragraphs [0049] and [0066]. The common entity is considered the enterprise that supplies the master seed to each user (group of devices).
Regarding claim 5, Brainard meets the claimed limitations as follows:


Claims 8 and 11-12 are system claims that are substantially equivalent to method claims 1 and 4-5. Therefore, claims 8 and 11-12 are rejected by a similar rationale.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-3 and 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over US 20060256961 granted to Brainard et al and further in view of US 20180114386 granted to Steinmetz.

Regarding claim 3, Brainard discloses everything claimed as applied above (see claim 2), however Brainard fails to specifically teach the unique identifier is a serial number associated with the intermodal shipping container. In an analogous art, Steinmetz discloses the unique identifier is a serial number associated with the intermodal shipping container (see paragraph [0061]). It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Steinmetz’s system for gaining access to shipped cargo by controlling the lock mechanism attached to the shipping container with Brainard’s system for accessing various services. One of ordinary skill would have been motivated to combine the two in order to gain the 

Claims 9-10 are system claims that are substantially equivalent to method claims 2-3. Therefore, claims 9-10 are rejected by a similar rationale.


Claims 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over US 20060256961 granted to Brainard et al and further in view of US 20170289197 granted to Mandyam et al.
Regarding claim 15, Brainard discloses a method for gaining remote access to a first computing system (see paragraph [0015]). Brainard discloses accepting a derived key and a unique identifier as an input at a remote computer system (see paragraphs [0056]-[0057]; computing a passkey based on the derived key and the unique identifier (see paragraph [0062] and Figure 5) and transmitting the passkey to the first computer system (see paragraph [0062]). Brainard fails to specifically teach user/client receiving a session token form a first computer system and establishing a secure session using the received session token. In an analogous art, Mandyam discloses a method for gaining access and establishing a secure session between a client/user and a server using an access token (session token) received from the server (see paragraph [0071] and Figure 5, element 530). It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Mandyam’s system for gaining access to a server by establishing a secure communication session with Brainard’s system for 
Regarding claim 16, Brainard discloses everything claimed as applied above (see claim 15), however Brainard fails to specifically teach transmitting one or more certificates to the first computer system. In an analogous art, Mandyam discloses transmitting one or more certificates to the first computer system (see paragraph [0108] and Figure 9). It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Mandyam’s system for gaining access to a server by establishing a secure communication session with Brainard’s system for accessing various services. One of ordinary skill would have been motivated to combine the two in order to gain the advantage of accessing various providers through an established secure communication that avoids the need for the user to separately sign into each provider system (see Mandyam; paragraphs [0002]-[0003].

Allowable Subject Matter
Claims 6-7, 13-14 and 17-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  

With respect to claim 7, the cited prior art fails to specifically teach the computer-implemented method of claim 6 further comprising: granting access to the remote computer system based on receiving the session token.
With respect to claim 13, the cited prior art fails to specifically teach the system of claim 8 wherein the method further comprises: validating one or more certificates received from a remote computer system; and transmitting a session token to the remote computer system, in the case where the one or more certificates are validated.
With respect to claim 14, the cited prior art fails to specifically teach the system of claim 13 wherein the method further comprises: granting access to the remote computer system based on receiving the session.
With respect to claim 17, the cited prior art fails to specifically teach the computer-implemented method of claim 16 wherein: the one or more certificates include a customer certificate and a mobile certificate.
With respect to claim 18, the cited prior art fails to specifically teach the computer-implemented method of claim 16 wherein: the one or more certificates are received from a certificate-granting authority upon proof of authorization.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437