DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The amendment filed 2/12/2021 has been placed of record in the file.
Claims 1, 14, 20, and 32-34 have been amended.
Claims 1-5 and 14-34 are pending.
The applicant’s arguments with respect to claims 1-5 and 14-34 have been fully considered but they are not persuasive as discussed below.

Claim Rejections - 35 USC § 103
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

8.	Claims 1-4, 14-18, and 20-34 are rejected under 35 U.S.C. 103 as being unpatentable over Kaliski, Jr. et al. (U.S. Patent Application Publication Number 2008/0313719), hereinafter referred to as Kaliski, in view of Innes et al. (U.S. Patent Number 9,154,488), hereinafter referred to as Innes, further in view of Basalamah (U.S. Patent Application Publication Number 2015/0281175).

Regarding claim 1, Kaliski discloses a method for authentication of a communications connection between a server and a remote terminal using an intermediate device, and for transmitting data over an authenticated communications connection between the server and the remote terminal using the intermediate mobile device, the method comprising: the server generates first and second key codes, the key codes both being derived from a shared secret known to the server and remote terminal but not to the intermediate device (paragraph 26, OTPs generated based on secret shared between token and OTP management service), the server transmits the first and second key codes to the intermediate device (paragraph 44, provides OTPs to relying party), communication is opened between the remote terminal and the intermediate device (paragraph 39, interaction between user device and relying party), the remote terminal uses the shared secret to generate a duplicate of the first key code (paragraph 26, token generates OTP), the remote terminal transmits the duplicate of the first key code to the intermediate device (paragraph 42, presents OTP to relying party), the intermediate device compares the first key code and the duplicate of the first key code to verify the authenticity of the remote terminal (paragraph 50, relying party authenticates user device), the intermediate device transmits the second key code to the remote terminal (paragraph 88, relying party provides value calculated from OTP to client side), the remote terminal uses the shared secret to generate a duplicate of the second key code (paragraph 88, client attempts to validate response), the remote terminal 
Kaliski does not explicitly state the third and fourth recited method steps as occurring in response to previous steps, ie. the communication “then” opened and the remote terminal “then” using the shared secret.  However, separating communications across three devices in such a fashion was well known in the art as evidenced by Innes.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kaliski by adding the ability that communication is then opened between the remote terminal and the intermediate device and that the remote terminal then uses the shared secret as provided by Innes (see column 27, line 66 through column 28, line 8, mutual authentication between first two devices (client and proxy), and column 28, lines 34-48, after authentication between first two devices, then resource is requested from third device, and column 28, line 49 through column 29, line 7, after resource request, then authentication between proxy and third device begins).  One of ordinary skill in the art would have recognized the benefit that completing authentication in such a way would assist in protecting resources and providing greater control to proxy devices (see Innes, column 1, lines 18-23).
The combination of Kaliski and Innes does not explicitly state that the intermediate device is an intermediate mobile device and that after the verification, the intermediate mobile 
Regarding claim 2, the combination of Kaliski, Innes, and Basalamah discloses in which the first and second key codes are generated from the shared secret, and are changed after each use (Kaliski, paragraph 26, OTPs generated based on secret).
Regarding claim 3, the combination of Kaliski, Innes, and Basalamah discloses in which the server generates a plurality of one-use key code pairs and transmits them to the intermediate 
Regarding claim 4, the combination of Kaliski, Innes, and Basalamah discloses in which the first and second key codes are combined with encoded address data of the intermediate mobile device, and the remote terminal uses the shared secret to decode the address data, to verify the identity of the intermediate mobile device (Kaliski, paragraph 61, OTP includes relying party identity, and paragraph 86, client needs additional information Y for mutual authentication).
Regarding claim 14, Kaliski discloses a data communications device configured to operate as an intermediate relay between a server and one or more remote data communications terminals, having one or more communications interfaces for communication with the server and the or each remote data communications terminal (paragraphs 42-44, relying party communicates with OTP management service and user device), a processing system, including at least one hardware processor, at least configured to: receive challenge and response data from the server relating to the or each remote data communications terminal and comprising, for each remote data communications terminal a first challenge, a first response key and a second response key (paragraph 44, provides OTPs to relying party, and paragraph 81, uses challenge-response OTP algorithm), open communication with the remote data communications terminal (paragraph 39, interaction between user device and relying party), transmit the first challenge to the respective remote data communications terminal; receive a version of the first response key from the remote data communications terminal, the version of the first response key having been generated by the remote data communications terminal (paragraph 42, presents OTP to relying party, and paragraph 57, may present MAC as response to challenge), compare 
Kaliski does not explicitly state “then” opening communication and the version of the first response key having been generated after the data communications device has opened communication with the remote data communications terminal.  However, separating communications across three devices in such a fashion was well known in the art as evidenced by Innes.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Kaliski by adding the ability to then open communication with the remote data communications terminal and for the version of the first response key having been generated by the remote data communications terminal after the data communications device has opened communication with the remote data communications terminal as provided by Innes (see column 27, line 66 through column 28, line 8, mutual authentication between first two devices (client and proxy), and column 28, lines 34-48, after authentication between first two devices, then resource is requested from third device, and column 28, line 49 through column 29, line 7, 
The combination of Kaliski and Innes does not explicitly state that the data communications device is a mobile data communications device and after the verification, receiving data from the remote data communications terminal, storing the received data, and subsequently transmitting the data to the server when in communications with the server such that the data is transmitted from the remote data communications terminal to the server over an authenticated communications connection between the remote data communications terminal and the server using the mobile data communications device.  However, using mobile devices for data muling was well known in the art as evidenced by Basalamah.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaliski and Innes by adding the ability that the data communications device is a mobile data communications device and after the verification, receiving data from the remote data communications terminal, storing the received data, and subsequently transmitting the data to the server when in communications with the server such that the data is transmitted from the remote data communications terminal to the server over an authenticated communications connection between the remote data communications terminal and the server using the mobile data communications device as provided by Basalamah (see paragraph 11, smart device, and paragraph 54, mule receives data and later reports it to collector, where the authentication has already been taught by the combination of Kaliski and Innes).  One of ordinary skill in the art 
Regarding claim 15, the combination of Kaliski, Innes, and Basalamah discloses arranged to transmit a signal reporting its location to the server (Basalamah, paragraph 68, mule sends probe requests to announce its presence to collector).
Regarding claim 16, the combination of Kaliski, Innes, and Basalamah discloses wherein the processing system is further configured to detect the or each remote data communications terminal and transmitting the respective challenge and response data in response to such detection (Basalamah, paragraph 56, smart device identifies access points and associates with each).
Regarding claim 17, the combination of Kaliski, Innes, and Basalamah discloses having a memory for storing a sequence of first and second key codes for the or each remote terminal, the processing system being arranged to retrieve each key code in sequence for a plurality of successive connections to the remote data communications terminal (Kaliski, paragraph 43, set of valid OTPs).
Regarding claim 18, the combination of Kaliski, Innes, and Basalamah discloses in which the processing system generates the challenge request by using the key code to encode an identity code associated with the device (Kaliski, paragraph 61, OTP includes relying party identity).
Regarding claim 20, Kaliski discloses a non-transitory machine-readable storage medium storing computer program code to, when loaded into a communications device and executed thereon, configure the communications device to operate as an intermediate relay between a server and one or more remote data communications terminals such that the 

The combination of Kaliski and Innes does not explicitly state that the communications device is a mobile communications device and after the verification, receive data from the remote data communications terminal, and store the data, and transmit the data to the server when in communication with the server such that the data is transmitted from the remote data communications terminal to the server over an authenticated communications connection between the remote data communications terminal and the server using the mobile data 
Regarding claim 21, the combination of Kaliski, Innes, and Basalamah discloses wherein the intermediate mobile device is a portable smart phone (Basalamah, paragraph 11, smart device).
Regarding claim 22, the combination of Kaliski, Innes, and Basalamah discloses wherein the data communications device is a portable smart phone (Basalamah, paragraph 11, smart device).
Regarding claim 23, the combination of Kaliski, Innes, and Basalamah discloses wherein the mobile communications device operating as the intermediate relay is a portable smart phone (Basalamah, paragraph 11, smart device).
Regarding claim 24, the combination of Kaliski, Innes, and Basalamah discloses wherein the intermediate mobile device is a portable smart phone, and the remote terminal includes a sensor configured to record measurements to external stimuli and memory configured to store data corresponding to the measurements for subsequent download (Basalamah, paragraph 11, smart device, and paragraph 11, sensor).
Regarding claim 25, the combination of Kaliski, Innes, and Basalamah discloses wherein the mobile communications device to operating as an intermediate relay is a portable smart phone, and the remote data communications terminal includes a sensor configured to record measurements to external stimuli and memory configured to store data corresponding to the measurements for subsequent download (Basalamah, paragraph 11, smart device, and paragraph 11, sensor).
Regarding claim 26, the combination of Kaliski, Innes, and Basalamah discloses wherein: the server transmitting the first and second key codes to the intermediate mobile device takes place when the intermediate mobile device is in communication with the server and not with the remote terminal; and after the server transmitting the first and second key codes to the intermediate mobile device takes place, the intermediate mobile device ceases communication with the server and initiates communication with the remote terminal (Basalamah, paragraphs 52 and 53, mule not in contact with sensors and collector at same time, where it would have been clear to one of ordinary skill that the transmission of the key codes as taught by Kaliski would need to occur at the collector side of Basalamah’s communications).
Regarding claim 27, the combination of Kaliski, Innes, and Basalamah discloses wherein: receiving the data from the server by the mobile data communications device takes place when the mobile data communications device is in communication with the server and not 
Regarding claim 28, the combination of Kaliski, Innes, and Basalamah discloses receiving the data from the server by the mobile communications device takes place when the mobile communications device is in communication with the server and not with the remote data communications terminal; and the mobile communications device is configured to, after receiving the data from the server takes place, cease communication with the server and initiates communication with the remote data communications terminal (Basalamah, paragraphs 52 and 53, mule not in contact with sensors and collector at same time, where it would have been clear to one of ordinary skill that the receiving the data as taught by Kaliski would need to occur at the collector side of Basalamah’s communications).
Regarding claim 29, the combination of Kaliski, Innes, and Basalamah discloses wherein the comparison of the first key code and the duplicate of the first key code to verify the authenticity of the remote terminal is performed before the comparison of the second key code and the duplicate of the second key code to verify the authenticity of the intermediate mobile device (Kaliski, paragraph 88, relying party authenticates user device before mutual authentication).
Regarding claim 30, the combination of Kaliski, Innes, and Basalamah discloses wherein verification of authenticity of the remote data communications terminal is performed 
Regarding claim 31, the combination of Kaliski, Innes, and Basalamah discloses wherein verification of authenticity of the remote data communications terminal is performed before verification of authenticity of the mobile communications device (Kaliski, paragraph 88, relying party authenticates user device before mutual authentication).
Regarding claim 32, the combination of Kaliski, Innes, and Basalamah discloses wherein: the remote terminal comprises a sensor and the data that is transmitted from the remote terminal to the server comes from the sensor (Basalamah, paragraph 11, sensor data delivered to collection hub); and the data that is transmitted from the remote data communications terminal to the server and that comes from the sensor is vehicular route data or domestic utility data (Basalamah, paragraph 3, sensor data such as garbage bin data).
Regarding claim 33, the combination of Kaliski, Innes, and Basalamah discloses wherein: the remote data communications terminal comprises a sensor and the data that is transmitted from the remote data communications terminal to the server comes from the sensor (Basalamah, paragraph 11, sensor data delivered to collection hub); and the data that is transmitted from the remote data communications terminal to the server and that comes from the sensor is vehicular route data or domestic utility data (Basalamah, paragraph 3, sensor data such as garbage bin data).
Regarding claim 34, the combination of Kaliski, Innes, and Basalamah discloses wherein: the remote data communications terminal comprises a sensor and the data that is transmitted from the remote data communications terminal to the server comes from the sensor (Basalamah, paragraph 11, sensor data delivered to collection hub); and the data that is .

9.	Claims 5 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kaliski in view of Innes, in view of Basalamah, further in view of Ahmed et al. (U.S. Patent Number 7,649,884), hereinafter referred to as Ahmed.
The combination of Kaliski, Innes, and Basalamah disclosed techniques for delegated authentication among networked devices.  In an analogous art, Ahmed disclosed techniques for routing packets among networked devices.  Both systems are directed toward establishing and maintaining connections among networked devices.
Regarding claim 5, the combination of Kaliski, Innes, and Basalamah discloses wherein the intermediate mobile device is responsive to route the data received from the remote terminal either to a data store in the intermediate mobile device for later transmission to the server, or to open a connection to the server for relaying the data to the server (Basalamah, paragraph 54, mule receives data and later reports it to collector).
The combination of Kaliski, Innes, and Basalamah does not explicitly state that the intermediate mobile device is responsive to a flag signal generated by the remote terminal to route the data received from the remote terminal to the data store in response to a first setting of the flag signal, or to open the connection in response to a second setting of the flag signal.  However, utilizing a forwarding flag in such a fashion was well known in the art as evidenced by Ahmed.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to 
Regarding claim 19, the combination of Kaliski, Innes, and Basalamah discloses wherein the communications interface comprises a data store for the data received from the remote data communications terminal, and a detection device to route the received data to the data store or to the server (Basalamah, paragraph 54, mule receives data and later reports it to collector).
The combination of Kaliski, Innes, and Basalamah does not explicitly state the detection device responsive to a flag signal carried in data received from the remote data communications terminal to route the received data to the data store in response to a first setting of the flag signal or to the server in response to a second setting of the flag signal.  However, utilizing a forwarding flag in such a fashion was well known in the art as evidenced by Ahmed.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaliski, Innes, and Basalamah by adding the ability for the detection device responsive to a flag signal carried in data received from the remote data communications terminal to route the received data to the data store in response to a first setting of the flag signal or to the server in response to a second setting of the flag signal as provided by Ahmed (see column 25, lines 56-.

Response to Arguments
10.	In the remarks, the applicant has argued:
<Argument 1>
The combination of Kaliski, Innes, and Basalamah does not disclose the features of independent claim 1 because it does not disclose “the intermediate mobile device transmits the second key code to the remote terminal” as recited in claim 1.
11.	In response to argument 1, the combination of Kaliski, Innes, and Basalamah does disclose the features as recited in claim 1.  The rejection cites Kaliski, paragraph 88, which shows that, during the authentication process, the relying party provides the value calculated from the OTP to the client side.  This is seen to meet the limitation at hand as mutual authentication is performed between the relying party and the client side, where the relying party meets the limitations of the intermediate device and the client side meets that of the remote terminal.  Other embodiments of Kaliski explicitly show that the OTP itself may be validated in lieu of the POTP, etc.  For example, see Kaliski, paragraph 44 (as cited in the rejection), which shows that the relying party utilizes the OTPs themselves, and paragraphs 79-81 (as discussed in the response to arguments in the final rejection dated 10/28/2019), which show that the relying party has knowledge of a future OTP value.  In the applicant’s discussion of transmitting “two key codes”, there is no discussion of the cited paragraph 44.
In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
13.	The applicant’s only mention of Innes is to state that the combination of Kaliski and Innes “is entirely and improperly based on hindsight reasoning based on Applicant’s own application”.  However, such an argument is unfounded.  Innes clearly states that an authentication between a proxy and a third device begins in response to a resource request.  See the citations to Innes in the above rejection.  Further, Innes utilizes authentication via a Kerberos protocol, just as Kaliski.  Clearly one of ordinary skill in the art would have been motivated to combine teachings in the prior art that utilize the same type of authentication processes.  Innes explicitly teaches that the timing of the authentications on each side of the proxy can simply be shifted, as opposed to Kaliski’s setup, and, as such, the rejection relies on teachings only from the prior art.  Here, the applicant is reminded that it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).
14.	The applicant concludes by detailing a scenario in Kaliski in which keys are utilized as part of the authentication.  However, this scenario fails to take into account the full use of multiple OTPs as explicitly stated by Kaliski and discussed in detail herein above.

Conclusion
15.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
16.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812.  The examiner can normally be reached on Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Victor Lesniewski/Primary Examiner, Art Unit 2493