Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a Final Office action in response to communications received March 10, 2021.  No Claims and 9 have been amended, added or new.  Therefore, claims 57, 58, 63-65, 70, 71, 78-80, 83-85, and 88-94, are pending and addressed below. 


Allowable Subject Matter
Claims 90, 92, and 94 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 57, 58, 63-65, 70, 71, 78-80, 83-85, 88, 89, 91, and 93, are rejected under 35 U.S.C. 103 as being unpatentable over Naedele (US 2009/0022325 A1, publish date 01/22/2009) (on Applicant’s IDS filed 03/28/2018) in view of Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) further in view of Yu (US2015/0195686 A1, file date 08/19/2013).


Claim 57:
With respect to claim 57, Naedele discloses a method for establishing a secured connection (an embedded device environment with an additional authentication and authorization server, Figure 3), comprising:
receiving, by a first device from a configuration device, a public key for signature of the configuration device (access authority server AA issues then an appropriate capability which is then sent to the client C, The public key pub.sub.C of the client C is included for use in later message exchanges between the client C and the target server S so that the target server S can be sure only the client C (defined by ownership of priv.sub.C) will be able to decrypt messages encrypted with pub.sub.C, 0049, Figure 3, 3);
receiving, by the first device from a second device, a second signature and a role type of the second device, wherein the second signature is generated by the configuration device according to at least the role type of the second device and a private key for signature of the configuration device, and the public key for signature of the configuration device corresponds to the private key for signature of the configuration device (The Client C sends the capability cap.sub.C,S received from the access authority server AA to target server S, 0052) (Role based access control may be used for scalable client rights assignment, 0028) (Role based access control may be used on this central server for scalable client rights assignment, 0068, Figure 3, 4); and

a verification of the second signature is successful (Once the capability has proven to be valid, the target server S generates a random symmetric session key K.sub.sess.  The target server S encrypts the session key K.sub.sess and a nonce N with the public key of the client obtained from the capability signed by the access authority server AA., 0058, Figure 3, 6).

Naedele discloses a role type (Role based access control may be used on this central server for scalable client rights assignment, 0028, 0068, Figure 3, 4) (Role based access control may be used for scalable client rights assignment.  The authentication and authorization server may be managed by the target server owner (owner of the automation system)/ e.g. an automation system vendor, 0028).

Naedele does not disclose wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station:

the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner: or
the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client as claimed.

However, Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) teaches wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station; the role type of the second device is a station, and the role type of the first device is an access point; the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner; or the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client (In the prior art, If the verification succeeds, the first terminal can establish a security connection to the second terminal: in a wireless local area network (WLAN), the first terminal may be an access point (AP), and the second terminal may be a station (STA).  The AP is capable of sending the STA the configuration information sent by the configuration device to the STA, and the STA verifies the configuration information.  If the verification succeeds, the STA can access the AP.  For another example, in a peer-to-peer (P2P) network, the first terminal may be a group owner (GO) device, and the GO device may be used as a central node of the P2P network.  The second terminal may be a P2P device.  The GO device is capable of sending the configuration information sent by the configuration device to the P2P device.  The P2P device verifies the configuration information, and if the verification succeeds, the P2P device can access the GO device, Specifications, Paragraph 0003).

Naedele and Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) are analogous art because they are from the same field of endeavor of roles for secure communications.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Applicant’s Admitted Prior Art in Naedele for wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station; the role type of the second device is a station, and the role type of the first device is an access point; the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner; or the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client as claimed for purpose of enhancing the secured system of Naedele by being capable of verifying the configuration information (see specifications filed 02/11/2018 paragraph 0003).  

Examiner would also like to point out prior art Yu teaches Two new types of roles emerge in the new WI-FI Direct network: Group Owner (GO) and Group Client (GC), wherein, the GO can be used as a STA or AP, can also establish point-to-point secure connections with multiple GCs; while the GC is similar to STA, and can establish a P2P secure connection with the GO (0003).

Naedele, Applicant’s Admitted Prior Art (Specifications filed 02/22/2018), and Yu are analogous art because they are from the same field of endeavor of roles for secure communications.

Claims 58, 65:
With respect to claims 58, 65, Naedele discloses further comprising:
receiving, by the first device from the configuration device, a first signature, wherein the first signature is generated by the configuration device according to at least the role type of the first device and the private key for signature of the configuration device (The access authority server AA issues then an appropriate capability which is then sent to the client C. The capability is signed with the private key of the access authority server AA, 0049) (Role based access control may be used for scalable client rights assignment, 0028) (Role based access control may be used on this central server for scalable client rights assignment, 0068, Figure 3, 4).

Claims 63, 70:
With respect to claims 63, 70, Naedele discloses further comprising: sending, by the first device, the first signature to the second device (The access authority server AA issues then an appropriate capability which is then sent to the client C. The capability is signed with the private key of the access authority server AA, 0049, Figure 3, 3).

Claim 64:
With respect to claim 64, Naedele discloses a first device, comprising a receiver, a transmitter, and a processor connected to the receiver and the transmitter (an embedded device environment with an additional authentication and authorization server, Figure 3); 
wherein the receiver is configured to:
receive, from a configuration device, a public key for signature of the configuration device (access authority server AA issues then an appropriate capability which is then sent to the client C, The public key pub.sub.C of the client C is included for use in later message exchanges between the client C and the target server S so that the target server S can be sure only the client C (defined by ownership of priv.sub.C) will be able to decrypt messages encrypted with pub.sub.C, 0049, Figure 3, 3); and
receive, from a second device, a second signature and a role type of the second device, wherein the second signature is generated by the configuration device according to at least the role type of the second device and a private key for signature of the configuration device, and the public key for signature of the configuration device corresponds to the private key for signature of the configuration device (The Client C sends the capability cap.sub.C,S received from the access authority server AA to target server S, 0052) (Role based access control may be used for scalable client rights assignment, 0028) (Role based access control may be used on this central server for scalable client rights assignment, 0068, Figure 3, 4);
the processor is configured to:
generate a key for establishing a secured connection between the first device and the second device when conditions are met, wherein the conditions comprise:
a verification of the second signature is successful (Once the capability has proven to be valid, the target server S generates a random symmetric session key K.sub.sess.  The target server S encrypts the session key K.sub.sess and a nonce N with the public key of the client obtained from the capability signed by the access authority server AA., 0058, Figure 3, 6).

Naedele discloses a role type (Role based access control may be used on this central server for scalable client rights assignment, 0028, 0068, Figure 3, 4). 
(Role based access control may be used for scalable client rights assignment.  The authentication and authorization server may be managed by the target server owner (owner of the automation system)/ e.g. an automation system vendor, 0028).

Naedele does not disclose wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station:
the role type of the second device is a station, and the role type of the first device is an access point:
the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner: or
the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client as claimed.

However, Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) teaches wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station; the role type of the second device is a station, and the role type of the first device is an access point; the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner; or the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client (In the prior art, If the verification succeeds, the first terminal can establish a security connection to the second terminal: in a wireless local area network (WLAN), the first terminal may be an access point (AP), and the second terminal may be a station (STA).  The AP is capable of sending the STA the configuration information sent by the configuration device to the STA, and the STA verifies the configuration information.  If the verification succeeds, the STA can access the AP.  For another example, in a peer-to-peer (P2P) network, the first terminal may be a group owner (GO) device, and the GO device may be used as a central node of the P2P network.  The second terminal may be a P2P device.  The GO device is capable of sending the configuration information sent by the configuration device to the P2P device.  The P2P device verifies the configuration information, and if the verification succeeds, the P2P device can access the GO device, Specifications, Paragraph 0003).

Naedele and Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) are analogous art because they are from the same field of endeavor of roles for secure communications.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Applicant’s Admitted Prior Art in Naedele for wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station; the role type of the second device is a station, and the role type of the first device is an access point; the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner; or the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client as claimed for purpose of enhancing the secured system of Naedele by being capable of verifying the configuration information (see specifications filed 02/11/2018 paragraph 0003).  

Examiner would also like to point out prior art Yu teaches Two new types of roles emerge in the new WI-FI Direct network: Group Owner (GO) and Group Client (GC), wherein, the GO can be used as a STA or AP, can also establish point-to-point secure connections with multiple GCs; while the GC is similar to STA, and can establish a P2P secure connection with the GO (0003).

Naedele, Applicant’s Admitted Prior Art (Specifications filed 02/22/2018), and Yu are analogous art because they are from the same field of endeavor of roles for secure communications.

Claim 71:
With respect to claim 71, Naedele discloses a non-transitory computer-readable medium storing a program, wherein when executed by a first device, the program causes the first device (an embedded device environment with an additional authentication and authorization server, Figure 3) to:
receive, from a configuration device, a public key for signature of the configuration device (access authority server AA issues then an appropriate capability which is then sent to the client C, The public key pub.sub.C of the client C is included for use in later message exchanges between the client C and the target server S so that the target server S can be sure only the client C (defined by ownership of priv.sub.C) will be able to decrypt messages encrypted with pub.sub.C, 0049, Figure 3, 3);
receive, from a second device, a second signature and a role type of the second device, wherein the second signature is generated by the configuration device according to at least the role type of the second device and a private key for signature of the configuration device, and the public key for signature of the configuration device corresponds to the private key for signature of the configuration device (The Client C sends the capability cap.sub.C,S received from the access authority server AA to target server S, 0052) (Role based access control may be used for scalable client rights assignment, 0028) (Role based access control may be used on this central server for scalable client rights assignment, 0068, Figure 3, 4); and
generate a key for establishing a secured connection between the first device and the second device when conditions are met, wherein the conditions comprise:
a verification of the second signature is successful (Once the capability has proven to be valid, the target server S generates a random symmetric session key K.sub.sess.  The target server S encrypts the session key K.sub.sess and a nonce N with the public key of the client obtained from the capability signed by the access authority server AA., 0058, Figure 3, 6).

Naedele discloses a role type (Role based access control may be used on this central server for scalable client rights assignment, 0028, 0068, Figure 3, 4). 
(Role based access control may be used for scalable client rights assignment.  The authentication and authorization server may be managed by the target server owner (owner of the automation system)/ e.g. an automation system vendor, 0028).

Naedele does not disclose wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station:
the role type of the second device is a station, and the role type of the first device is an access point:
the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner: or
the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client as claimed.

However, Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) teaches wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station; the role type of the second device is a station, and the role type of the first device is an access point; the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner; or the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client (In the prior art, If the verification succeeds, the first terminal can establish a security connection to the second terminal: in a wireless local area network (WLAN), the first terminal may be an access point (AP), and the second terminal may be a station (STA).  The AP is capable of sending the STA the configuration information sent by the configuration device to the STA, and the STA verifies the configuration information.  If the verification succeeds, the STA can access the AP.  For another example, in a peer-to-peer (P2P) network, the first terminal may be a group owner (GO) device, and the GO device may be used as a central node of the P2P network.  The second terminal may be a P2P device.  The GO device is capable of sending the configuration information sent by the configuration device to the P2P device.  The P2P device verifies the configuration information, and if the verification succeeds, the P2P device can access the GO device, Specifications, Paragraph 0003).

Naedele and Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) are analogous art because they are from the same field of endeavor of roles for secure communications.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Applicant’s Admitted Prior Art in Naedele for wherein the conditions comprise:
a role type of the first device matches the role type of the second device;
wherein the role type of the first device matches the role type of the second device when any one of the following is met:
the role type of the second device is an access point and the role type of the first device is a station; the role type of the second device is a station, and the role type of the first device is an access point; the role type of the second device is a Peer to Peer (P2P) client and the role type of the first device is a P2P group owner; or the role type of the second device is a P2P group owner, and the role type of the first device is a P2P client as claimed for purpose of enhancing the secured system of Naedele by being capable of verifying the configuration information (see specifications filed 02/11/2018 paragraph 0003).  

Examiner would also like to point out prior art Yu teaches Two new types of roles emerge in the new WI-FI Direct network: Group Owner (GO) and Group Client (GC), wherein, the GO can be used as a STA or AP, can also establish point-to-point secure connections with multiple GCs; while the GC is similar to STA, and can establish a P2P secure connection with the GO (0003).

Naedele, Applicant’s Admitted Prior Art (Specifications filed 02/22/2018), and Yu are analogous art because they are from the same field of endeavor of roles for secure communications.

Claims 78, 79, 80, 83, 84, 85, 88:
With respect to claims 78, 79, 80, 83, 84, 85, 88, Naedele discloses wherein the conditions further comprise: a net-id received from the second device is the same as a net-id of the first device (The unique identifier Id.sub.C of client C is included, 0049the capability contains a client identifier Id.sub.C, 0072).

Claims 89, 91, 93:
With respect to claims 89, 91, 93, Naedele discloses wherein the verification of the second signature is successful comprises: 
the second signature matches the role type of the second device (Role based access control may be used on this central server for scalable client rights assignment, 0028, 0068, Figure 3, 4) (Role based access control may be used for scalable client rights assignment.  The authentication and authorization server may be managed by the target server owner (owner of the automation system)/ e.g. an automation system vendor, 0028).



Response to Remarks/Arguments
Applicant's arguments filed on March 10, 2021have been fully considered but they are not persuasive.  In the remarks, Applicant argues that: 

Claims 57, 64, and 71:
(1) Paragraph [0003] does not particularly disclose how the second terminal verifies the configuration information. Therefore, in AAPA, one can learn that the verification is performed based on the configuration information of the first terminal that is sent to the second terminal.  The claimed invention, on the other hand, requires that a secure connection between the first device and the second device be established when two conditions are met: (1) a role type of the first device matches the role type of the second device (e.g. STA vs. AP, or P2P device vs. GO), and (2) a verification of the second signature is successful. The second signature, according to the claim, is “generated by the configuration device according to at least the role type of the second device and a private key for signature of the configuration device.” The second signature is different from the “configuration information” in the AAPA because it is specifically generated for the second device to which the first device wants to establish a secure connection with. 

(2) The “role-based” access control as disclosed by Naedele is different from the present invention because it only involves access control of one terminal device.
Naedele, possible implementations of role-based access control are: (1) a device of a first role has a valid access time duration which is different from that of the device of a second role, and (2) a terminal with a first role can access the target server, but the terminal with a second role cannot access the target server.


In response to remark/argument (1) and (2), Examiner respectfully disagrees.  Naedele discloses access control of devices (Role based access control may be used for scalable client rights assignment, 0028) (Role based access control may be used on this central server for scalable client rights assignment, 0068, Figure 3, 4).  Naedele discloses how the second terminal verifies the configuration information, claimed limitation “receiving, by the first device from a second device, a second signature and a role type of the second device, wherein the second signature is generated by the configuration device according to at least the role type of the second device and a private key for signature of the configuration device, and the public key for signature of the configuration device corresponds to the private key for signature of the configuration device”  (The Client C sends the capability cap.sub.C,S received from the access authority server AA to target server S, 0052) (Role based access control may be used for scalable client rights assignment, 0028) (Role based access control may be used on this central server for scalable client rights assignment, 0068, Figure 3, 4), “a verification of the second signature is successful” (Once the capability has proven to be valid, the target server S generates a random symmetric session key K.sub.sess.  The target server S encrypts the session key K.sub.sess and a nonce N with the public key of the client obtained from the capability signed by the access authority server AA., 0058, Figure 3, 6).
Applicant’s Admitted Prior Art (Specifications filed 02/22/2018) teaches “the conditions” 
(In the prior art, If the verification succeeds, the first terminal can establish a security connection to the second terminal: in a wireless local area network (WLAN), the first terminal may be an access point (AP), and the second terminal may be a station (STA).  The AP is capable of sending the STA the configuration information sent by the configuration device to the STA, and the STA verifies the configuration information.  If the verification succeeds, the STA can access the AP.  For another example, in a peer-to-peer (P2P) network, the first terminal may be a group owner (GO) device, and the GO device may be used as a central node of the P2P network.  The second terminal may be a P2P device.  The GO device is capable of sending the configuration information sent by the configuration device to the P2P device.  The P2P device verifies the configuration information, and if the verification succeeds, the P2P device can access the GO device, Specifications, Paragraph 0003).  Therefore, Examiner maintains that combination of Naedele, Applicant’s Admitted Prior Art (Specifications filed 02/22/2018), and Yu does teach and suggest this limitation. 


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433